npm - opencode-api-security-testing - Versions diffs - 3.0.5 → 3.0.6 - Mend

opencode-api-security-testing 3.0.5 → 3.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json +1 -1
package/src/hooks/directory-agents-injector.ts +102 -0
package/src/index.ts +103 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-api-security-testing",
-  "version": "3.0.5",
+  "version": "3.0.6",
   "description": "API Security Testing Plugin for OpenCode - Automated vulnerability scanning and penetration testing",
   "type": "module",
   "main": "src/index.ts",

package/src/hooks/directory-agents-injector.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import type { PluginInput } from "@opencode-ai/plugin";
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+const AGENTS_FILENAME = "AGENTS.md";
+const AGENTS_DIR = ".config/opencode/agents";
+export function createDirectoryAgentsInjectorHook(ctx: PluginInput) {
+  function resolveAgentsDir(): string | null {
+    const home = process.env.HOME || process.env.USERPROFILE;
+    if (!home) return null;
+    return join(home, AGENTS_DIR);
+  }
+  function findAgentsMdUp(startDir: string, agentsDir: string): string | null {
+    let current = startDir;
+    while (true) {
+      const agentsPath = join(current, AGENTS_FILENAME);
+      if (existsSync(agentsPath)) {
+        return agentsPath;
+      }
+      if (current === agentsDir) break;
+      const parent = dirname(current);
+      if (parent === current) break;
+      if (parent === "/" || parent === home) break;
+      current = parent;
+    }
+    return null;
+  }
+  function getSessionKey(sessionID: string): string {
+    return `api-sec-inject-${sessionID}`;
+  }
+  const injectedPaths = new Set<string>();
+  const toolExecuteAfter = async (
+    input: { tool: string; sessionID: string; callID: string },
+    output: { title: string; output: string; metadata: unknown }
+  ) => {
+    const toolName = input.tool.toLowerCase();
+    const agentsDir = resolveAgentsDir();
+    if (!agentsDir || !existsSync(agentsDir)) return;
+    if (toolName === "read") {
+      const filePath = output.title;
+      if (!filePath) return;
+      const resolved = resolve(filePath);
+      const dir = dirname(resolved);
+      if (!dir.includes(agentsDir)) return;
+      const cacheKey = getSessionKey(input.sessionID);
+      if (injectedPaths.has(cacheKey + resolved)) return;
+      const agentsPath = findAgentsMdUp(dir, agentsDir);
+      if (!agentsPath) return;
+      try {
+        const content = readFileSync(agentsPath, "utf-8");
+        output.output += `\n\n[Auto-injected from ${AGENTS_FILENAME}]\n${content}`;
+        injectedPaths.add(cacheKey + resolved);
+      } catch (err) {
+        console.error("[api-security-testing] Failed to inject agents:", err);
+      }
+    }
+  };
+  const eventHandler = async (input: { event: { type: string; properties?: unknown } }) => {
+    const { event } = input;
+    if (event.type === "session.deleted" || event.type === "session.compacted") {
+      const props = event.properties as Record<string, unknown> | undefined;
+      let sessionID: string | undefined;
+      if (event.type === "session.deleted") {
+        sessionID = (props?.info as { id?: string })?.id;
+      } else {
+        sessionID = (props?.sessionID ?? (props?.info as { id?: string })?.id) as string | undefined;
+      }
+      if (sessionID) {
+        const cacheKey = getSessionKey(sessionID);
+        for (const key of injectedPaths.keys()) {
+          if (key.startsWith(cacheKey)) {
+            injectedPaths.delete(key);
+          }
+        }
+      }
+    }
+  };
+  return {
+    "tool.execute.after": toolExecuteAfter,
+    event: eventHandler,
+  };
+}

package/src/index.ts CHANGED Viewed

@@ -1,10 +1,12 @@
 import type { Plugin } from "@opencode-ai/plugin";
 import { tool } from "@opencode-ai/plugin";
 import { join } from "path";
-import { existsSync } from "fs";
+import { existsSync, readFileSync } from "fs";
 const SKILL_DIR = "skills/api-security-testing";
 const CORE_DIR = `${SKILL_DIR}/core`;
+const AGENTS_DIR = ".config/opencode/agents";
+const AGENTS_FILENAME = "AGENTS.md";
 function getSkillPath(ctx: { directory: string }): string {
   return join(ctx.directory, SKILL_DIR);
@@ -23,9 +25,40 @@ function checkDeps(ctx: { directory: string }): string {
   return "";
 }
+function getAgentsDir(): string {
+  const home = process.env.HOME || process.env.USERPROFILE || "/root";
+  return join(home, AGENTS_DIR);
+}
+function getInjectedAgentsPrompt(): string {
+  const agentsDir = getAgentsDir();
+  const agentsPath = join(agentsDir, "api-cyber-supervisor.md");
+  if (!existsSync(agentsPath)) {
+    return "";
+  }
+  try {
+    const content = readFileSync(agentsPath, "utf-8");
+    return `
+[API Security Testing Agents Available]
+When performing security testing tasks, you can use the following specialized agents:
+${content}
+To activate these agents, simply mention their name in your response (e.g., "@api-cyber-supervisor" to coordinate security testing).
+`;
+  } catch {
+    return "";
+  }
+}
 const ApiSecurityTestingPlugin: Plugin = async (ctx) => {
   console.log("[api-security-testing] Plugin loaded");
+  const injectedSessions = new Set<string>();
   return {
     tool: {
       api_security_scan: tool({
@@ -245,7 +278,75 @@ print(result)
         },
       }),
     },
+    "chat.message": async (input, output) => {
+      const sessionID = input.sessionID;
+      if (!injectedSessions.has(sessionID)) {
+        injectedSessions.add(sessionID);
+        const agentsPrompt = getInjectedAgentsPrompt();
+        if (agentsPrompt) {
+          const parts = output.parts as Array<{ type: string; text?: string }>;
+          const textPart = parts.find(p => p.type === "text");
+          if (textPart && textPart.text) {
+            textPart.text += agentsPrompt;
+          }
+        }
+      }
+    },
+    "tool.execute.after": async (input, output) => {
+      const toolName = input.tool.toLowerCase();
+      const agentsDir = getAgentsDir();
+      if (!existsSync(agentsDir)) return;
+      if (toolName === "read") {
+        const filePath = output.title;
+        if (!filePath) return;
+        const resolved = resolve(filePath);
+        const dir = dirname(resolved);
+        if (!dir.includes(agentsDir)) return;
+        const agentsPath = join(agentsDir, AGENTS_FILENAME);
+        if (!existsSync(agentsPath)) return;
+        try {
+          const content = readFileSync(agentsPath, "utf-8");
+          output.output += `\n\n[Agents Definition]\n${content}`;
+        } catch (err) {
+          console.error("[api-security-testing] Failed to inject agents:", err);
+        }
+      }
+    },
+    event: async (input) => {
+      const { event } = input;
+      if (event.type === "session.deleted" || event.type === "session.compacted") {
+        const props = event.properties as Record<string, unknown> | undefined;
+        let sessionID: string | undefined;
+        if (event.type === "session.deleted") {
+          sessionID = (props?.info as { id?: string })?.id;
+        } else {
+          sessionID = (props?.sessionID ?? (props?.info as { id?: string })?.id) as string | undefined;
+        }
+        if (sessionID) {
+          injectedSessions.delete(sessionID);
+        }
+      }
+    },
   };
 };
-export default ApiSecurityTestingPlugin;
+function resolve(filePath: string): string {
+  if (filePath.startsWith("/")) return filePath;
+  return join(process.cwd(), filePath);
+}
+export default ApiSecurityTestingPlugin;