revxl-devtools 1.0.0

package/src/tools/json-query.ts

@@ -0,0 +1,126 @@
+import { registerTool } from "../registry.js";
+
+// ---------------------------------------------------------------------------
+// Simple JSON path query — supports dot notation, [N] indexing, * wildcard
+// ---------------------------------------------------------------------------
+
+function queryPath(data: unknown, segments: string[]): unknown[] {
+  if (segments.length === 0) return [data];
+
+  const [head, ...rest] = segments;
+
+  if (data === null || data === undefined || typeof data !== "object") {
+    return [];
+  }
+
+  // Wildcard: expand all array items or object values
+  if (head === "*") {
+    const values = Array.isArray(data) ? data : Object.values(data);
+    const results: unknown[] = [];
+    for (const val of values) {
+      results.push(...queryPath(val, rest));
+    }
+    return results;
+  }
+
+  // Array index: [N]
+  const indexMatch = head.match(/^\[(\d+)]$/);
+  if (indexMatch) {
+    const idx = parseInt(indexMatch[1], 10);
+    if (Array.isArray(data) && idx < data.length) {
+      return queryPath(data[idx], rest);
+    }
+    return [];
+  }
+
+  // Object key
+  const obj = data as Record<string, unknown>;
+  if (head in obj) {
+    return queryPath(obj[head], rest);
+  }
+
+  return [];
+}
+
+function parseQuery(query: string): string[] {
+  const segments: string[] = [];
+  let current = "";
+
+  for (let i = 0; i < query.length; i++) {
+    const ch = query[i];
+    if (ch === ".") {
+      if (current) segments.push(current);
+      current = "";
+    } else if (ch === "[") {
+      if (current) segments.push(current);
+      current = "";
+      const end = query.indexOf("]", i);
+      if (end === -1) throw new Error(`Unmatched '[' at position ${i}`);
+      segments.push(query.slice(i, end + 1));
+      i = end;
+    } else {
+      current += ch;
+    }
+  }
+  if (current) segments.push(current);
+
+  return segments;
+}
+
+// ---------------------------------------------------------------------------
+// Tool registration
+// ---------------------------------------------------------------------------
+
+registerTool({
+  name: "json_query",
+  description:
+    "Query JSON data with dot-path expressions — supports nested keys, array indices [N], and wildcard * expansion",
+  pro: true,
+  inputSchema: {
+    type: "object",
+    properties: {
+      json: {
+        type: "string",
+        description: "JSON string to query",
+      },
+      query: {
+        type: "string",
+        description:
+          'Dot-path query like "data.users[0].name" or "items.*.id" — use * for wildcard, [N] for array index',
+      },
+    },
+    required: ["json", "query"],
+  },
+  handler: async (args) => {
+    const jsonStr = args.json as string;
+    const query = args.query as string;
+
+    let data: unknown;
+    try {
+      data = JSON.parse(jsonStr);
+    } catch {
+      throw new Error("Invalid JSON input");
+    }
+
+    const segments = parseQuery(query);
+    const results = queryPath(data, segments);
+
+    if (results.length === 0) {
+      return `No results for query: ${query}`;
+    }
+
+    const sections: string[] = [
+      `=== Query: ${query} ===`,
+      `${results.length} result${results.length === 1 ? "" : "s"}`,
+      "",
+    ];
+
+    if (results.length === 1) {
+      sections.push(JSON.stringify(results[0], null, 2));
+    } else {
+      sections.push(JSON.stringify(results, null, 2));
+    }
+
+    return sections.join("\n");
+  },
+});

package/src/tools/jwt.ts

@@ -0,0 +1,193 @@
+import { createHmac } from "node:crypto";
+import { registerTool } from "../registry.js";
+
+// ---------------------------------------------------------------------------
+// Base64url helpers
+// ---------------------------------------------------------------------------
+
+function base64urlDecode(input: string): string {
+  let base64 = input.replace(/-/g, "+").replace(/_/g, "/");
+  const pad = base64.length % 4;
+  if (pad === 2) base64 += "==";
+  else if (pad === 3) base64 += "=";
+  return Buffer.from(base64, "base64").toString("utf-8");
+}
+
+function base64urlEncode(input: string | Buffer): string {
+  const buf = typeof input === "string" ? Buffer.from(input, "utf-8") : input;
+  return buf.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+
+// ---------------------------------------------------------------------------
+// Known JWT claims
+// ---------------------------------------------------------------------------
+
+const CLAIM_NAMES: Record<string, string> = {
+  iss: "Issuer",
+  sub: "Subject",
+  aud: "Audience",
+  exp: "Expiration Time",
+  nbf: "Not Before",
+  iat: "Issued At",
+  jti: "JWT ID",
+};
+
+function describeClaims(payload: Record<string, unknown>): string[] {
+  const lines: string[] = [];
+  for (const [key, label] of Object.entries(CLAIM_NAMES)) {
+    if (key in payload) {
+      const val = payload[key];
+      if (["exp", "nbf", "iat"].includes(key) && typeof val === "number") {
+        const date = new Date(val * 1000);
+        lines.push(`  ${key} (${label}): ${val} — ${date.toISOString()}`);
+      } else {
+        lines.push(`  ${key} (${label}): ${JSON.stringify(val)}`);
+      }
+    }
+  }
+  return lines;
+}
+
+function expiryStatus(payload: Record<string, unknown>): string {
+  if (typeof payload.exp !== "number") return "No expiration set";
+  const now = Math.floor(Date.now() / 1000);
+  const diff = payload.exp - now;
+  if (diff <= 0) {
+    const mins = Math.abs(Math.round(diff / 60));
+    return `EXPIRED ${mins} minute${mins === 1 ? "" : "s"} ago`;
+  }
+  const mins = Math.round(diff / 60);
+  return `Valid for ${mins} minute${mins === 1 ? "" : "s"}`;
+}
+
+// ---------------------------------------------------------------------------
+// HMAC signing
+// ---------------------------------------------------------------------------
+
+function sign(header: string, payload: string, secret: string, algorithm: string): string {
+  const algoMap: Record<string, string> = {
+    HS256: "sha256",
+    HS384: "sha384",
+    HS512: "sha512",
+  };
+  const hashAlgo = algoMap[algorithm];
+  if (!hashAlgo) throw new Error(`Unsupported algorithm: ${algorithm}`);
+  const data = `${header}.${payload}`;
+  const hmac = createHmac(hashAlgo, secret).update(data).digest();
+  return base64urlEncode(hmac);
+}
+
+// ---------------------------------------------------------------------------
+// Tool registration
+// ---------------------------------------------------------------------------
+
+registerTool({
+  name: "jwt",
+  description:
+    "Decode a JWT to inspect header/payload/expiry, or create a new HMAC-signed JWT",
+  pro: true,
+  inputSchema: {
+    type: "object",
+    properties: {
+      action: {
+        type: "string",
+        enum: ["decode", "create"],
+        description: "decode: inspect a JWT | create: generate a new JWT",
+      },
+      token: {
+        type: "string",
+        description: "(decode) The JWT string to decode",
+      },
+      payload: {
+        type: "object",
+        description: "(create) Claims object for the JWT payload",
+      },
+      secret: {
+        type: "string",
+        description: "(create) HMAC secret for signing",
+      },
+      algorithm: {
+        type: "string",
+        enum: ["HS256", "HS384", "HS512"],
+        description: "(create) Signing algorithm, default HS256",
+      },
+      expires_in: {
+        type: "number",
+        description: "(create) Seconds until expiration",
+      },
+    },
+    required: ["action"],
+  },
+  handler: async (args) => {
+    const action = args.action as string;
+
+    if (action === "decode") {
+      const token = args.token as string | undefined;
+      if (!token) throw new Error("token is required for decode action");
+
+      const parts = token.split(".");
+      if (parts.length !== 3)
+        throw new Error("Invalid JWT: expected 3 dot-separated parts");
+
+      const header = JSON.parse(base64urlDecode(parts[0])) as Record<string, unknown>;
+      const payload = JSON.parse(base64urlDecode(parts[1])) as Record<string, unknown>;
+
+      const lines: string[] = [
+        "=== JWT Decoded ===",
+        "",
+        "--- Header ---",
+        JSON.stringify(header, null, 2),
+        "",
+        "--- Payload ---",
+        JSON.stringify(payload, null, 2),
+        "",
+        "--- Known Claims ---",
+        ...describeClaims(payload),
+        "",
+        `--- Expiry: ${expiryStatus(payload)} ---`,
+        "",
+        "(Signature not verified — provide secret separately if needed)",
+      ];
+      return lines.join("\n");
+    }
+
+    if (action === "create") {
+      const payloadObj = (args.payload as Record<string, unknown>) || {};
+      const secret = args.secret as string | undefined;
+      if (!secret) throw new Error("secret is required for create action");
+      const algorithm = (args.algorithm as string) || "HS256";
+      const expiresIn = args.expires_in as number | undefined;
+
+      const now = Math.floor(Date.now() / 1000);
+      const claims: Record<string, unknown> = { ...payloadObj, iat: now };
+      if (expiresIn) claims.exp = now + expiresIn;
+
+      const headerB64 = base64urlEncode(
+        JSON.stringify({ alg: algorithm, typ: "JWT" }),
+      );
+      const payloadB64 = base64urlEncode(JSON.stringify(claims));
+      const signature = sign(headerB64, payloadB64, secret, algorithm);
+
+      const token = `${headerB64}.${payloadB64}.${signature}`;
+
+      const lines: string[] = [
+        "=== JWT Created ===",
+        "",
+        token,
+        "",
+        "--- Header ---",
+        JSON.stringify({ alg: algorithm, typ: "JWT" }, null, 2),
+        "",
+        "--- Payload ---",
+        JSON.stringify(claims, null, 2),
+        "",
+        `Algorithm: ${algorithm}`,
+      ];
+      if (expiresIn) lines.push(`Expires in: ${expiresIn} seconds`);
+
+      return lines.join("\n");
+    }
+
+    throw new Error(`Unknown action: ${action}. Use "decode" or "create".`);
+  },
+});

package/src/tools/regex.ts

@@ -0,0 +1,131 @@
+import { registerTool } from "../registry.js";
+import { generateRegexCode } from "../codegen/regex-codegen.js";
+
+// ---------------------------------------------------------------------------
+// Regex tester + multi-language code generator
+// ---------------------------------------------------------------------------
+
+interface MatchResult {
+  match: string;
+  index: number;
+  groups: Record<string, string> | null;
+}
+
+registerTool({
+  name: "regex",
+  description:
+    "Test a regex pattern against a string (with match details, groups, indices) and generate working code in JS/Python/Go/Rust/Java",
+  pro: true,
+  inputSchema: {
+    type: "object",
+    properties: {
+      pattern: {
+        type: "string",
+        description: "Regular expression pattern (without delimiters)",
+      },
+      test_string: {
+        type: "string",
+        description: "String to test against (omit to just validate the pattern)",
+      },
+      flags: {
+        type: "string",
+        description: "Regex flags, e.g. 'gi' for global+case-insensitive (default: 'g')",
+      },
+      generate_code: {
+        type: "boolean",
+        description: "Generate code snippets in multiple languages (default: false)",
+      },
+      languages: {
+        type: "array",
+        items: { type: "string" },
+        description:
+          "Languages for code generation: javascript, python, go, rust, java (default: all)",
+      },
+    },
+    required: ["pattern"],
+  },
+  handler: async (args) => {
+    const pattern = args.pattern as string;
+    const testString = args.test_string as string | undefined;
+    const flags = (args.flags as string) || "g";
+    const generateCode = (args.generate_code as boolean) || false;
+    const languages = args.languages as string[] | undefined;
+
+    // Validate the pattern first
+    let regex: RegExp;
+    try {
+      regex = new RegExp(pattern, flags);
+    } catch (err: unknown) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return `Invalid regex pattern: ${msg}`;
+    }
+
+    const sections: string[] = [
+      `=== Regex: /${pattern}/${flags} ===`,
+    ];
+
+    if (testString !== undefined) {
+      const matches: MatchResult[] = [];
+
+      if (flags.includes("g")) {
+        // Global: iterate all matches
+        let m: RegExpExecArray | null;
+        while ((m = regex.exec(testString)) !== null) {
+          matches.push({
+            match: m[0],
+            index: m.index,
+            groups: m.groups ? { ...m.groups } : null,
+          });
+          // Safety: avoid infinite loop on zero-length matches
+          if (m[0].length === 0) regex.lastIndex++;
+        }
+      } else {
+        // Non-global: single match with capture groups
+        const m = regex.exec(testString);
+        if (m) {
+          matches.push({
+            match: m[0],
+            index: m.index,
+            groups: m.groups ? { ...m.groups } : null,
+          });
+          // Show capture groups
+          if (m.length > 1) {
+            sections.push("");
+            sections.push("--- Capture Groups ---");
+            for (let i = 1; i < m.length; i++) {
+              sections.push(`  Group ${i}: ${JSON.stringify(m[i])}`);
+            }
+          }
+        }
+      }
+
+      sections.push("");
+      if (matches.length === 0) {
+        sections.push("No matches found.");
+      } else {
+        sections.push(`${matches.length} match${matches.length === 1 ? "" : "es"} found:`);
+        sections.push("");
+        for (const match of matches) {
+          sections.push(`  [${match.index}] "${match.match}"`);
+          if (match.groups) {
+            for (const [name, value] of Object.entries(match.groups)) {
+              sections.push(`        ${name}: "${value}"`);
+            }
+          }
+        }
+      }
+    } else {
+      sections.push("");
+      sections.push("Pattern is valid. Provide test_string to see matches.");
+    }
+
+    if (generateCode) {
+      sections.push("");
+      sections.push("=== Code Snippets ===");
+      sections.push("");
+      sections.push(generateRegexCode(pattern, flags, languages));
+    }
+
+    return sections.join("\n");
+  },
+});

package/src/tools/secrets-scan.ts

@@ -0,0 +1,212 @@
+import { registerTool } from "../registry.js";
+
+// ---------------------------------------------------------------------------
+// Secrets scanner — detect leaked credentials in text
+// ---------------------------------------------------------------------------
+
+interface SecretPattern {
+  type: string;
+  pattern: RegExp;
+  severity: "critical" | "high" | "medium";
+  recommendation: string;
+}
+
+const PATTERNS: SecretPattern[] = [
+  {
+    type: "AWS Access Key",
+    pattern: /AKIA[0-9A-Z]{16}/g,
+    severity: "critical",
+    recommendation: "Rotate this AWS access key immediately in IAM console",
+  },
+  {
+    type: "AWS Secret Key",
+    pattern: /(?:aws_secret_access_key|secret_access_key|aws_secret)\s*[=:]\s*["']?([A-Za-z0-9/+=]{40})["']?/gi,
+    severity: "critical",
+    recommendation: "Rotate AWS credentials and revoke the exposed secret key",
+  },
+  {
+    type: "GitHub Token",
+    pattern: /gh[pors]_[A-Za-z0-9_]{36,255}/g,
+    severity: "critical",
+    recommendation: "Revoke this GitHub token at github.com/settings/tokens",
+  },
+  {
+    type: "Stripe Secret Key",
+    pattern: /sk_live_[A-Za-z0-9]{24,}/g,
+    severity: "critical",
+    recommendation: "Roll this Stripe key in the Dashboard immediately",
+  },
+  {
+    type: "Stripe Publishable Key",
+    pattern: /pk_live_[A-Za-z0-9]{24,}/g,
+    severity: "high",
+    recommendation: "While publishable, review if this key should be public",
+  },
+  {
+    type: "Slack Token",
+    pattern: /xox[bpors]-[A-Za-z0-9-]{10,}/g,
+    severity: "critical",
+    recommendation: "Revoke this Slack token in your workspace admin settings",
+  },
+  {
+    type: "Private Key",
+    pattern: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
+    severity: "critical",
+    recommendation: "Remove this private key and generate a new key pair",
+  },
+  {
+    type: "JWT Token",
+    pattern: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}/g,
+    severity: "high",
+    recommendation: "Revoke this JWT and rotate the signing secret",
+  },
+  {
+    type: "Anthropic API Key",
+    pattern: /sk-ant-[A-Za-z0-9_-]{20,}/g,
+    severity: "critical",
+    recommendation: "Rotate this Anthropic API key in your account settings",
+  },
+  {
+    type: "OpenAI API Key",
+    pattern: /sk-[A-Za-z0-9]{20,}/g,
+    severity: "critical",
+    recommendation: "Rotate this OpenAI API key at platform.openai.com",
+  },
+  {
+    type: "Generic API Key/Token",
+    pattern: /(?:api[_-]?key|api[_-]?token|access[_-]?token|auth[_-]?token)\s*[=:]\s*["']?([A-Za-z0-9_\-/.+=]{16,})["']?/gi,
+    severity: "medium",
+    recommendation: "Review if this API key/token should be in source code",
+  },
+  {
+    type: "Generic Password",
+    pattern: /(?:password|passwd|pwd)\s*[=:]\s*["']([^"'\s]{8,})["']/gi,
+    severity: "high",
+    recommendation: "Move this password to a secrets manager or environment variable",
+  },
+  {
+    type: "Generic Secret",
+    pattern: /(?:secret|secret_key)\s*[=:]\s*["']([^"'\s]{8,})["']/gi,
+    severity: "high",
+    recommendation: "Move this secret to a secrets manager or environment variable",
+  },
+  {
+    type: "Connection String",
+    pattern: /(?:postgres|postgresql|mysql|mongodb|redis):\/\/[^\s"']{10,}/gi,
+    severity: "critical",
+    recommendation: "Move this connection string to an environment variable. It may contain credentials.",
+  },
+];
+
+interface Finding {
+  type: string;
+  masked: string;
+  line: number;
+  severity: "critical" | "high" | "medium";
+  recommendation: string;
+}
+
+function maskSecret(secret: string): string {
+  if (secret.length <= 12) return secret.slice(0, 4) + "****";
+  return secret.slice(0, 8) + "..." + secret.slice(-4);
+}
+
+function scanText(text: string): Finding[] {
+  const lines = text.split("\n");
+  const findings: Finding[] = [];
+  const seen = new Set<string>();
+
+  for (const patternDef of PATTERNS) {
+    // Reset regex lastIndex for global patterns
+    patternDef.pattern.lastIndex = 0;
+
+    let match: RegExpExecArray | null;
+    while ((match = patternDef.pattern.exec(text)) !== null) {
+      const fullMatch = match[0];
+      const secret = match[1] || fullMatch;
+
+      // Deduplicate
+      const key = `${patternDef.type}:${fullMatch}`;
+      if (seen.has(key)) continue;
+      seen.add(key);
+
+      // Find line number
+      const offset = match.index;
+      let lineNum = 1;
+      for (let i = 0; i < offset && i < text.length; i++) {
+        if (text[i] === "\n") lineNum++;
+      }
+
+      findings.push({
+        type: patternDef.type,
+        masked: maskSecret(secret),
+        line: lineNum,
+        severity: patternDef.severity,
+        recommendation: patternDef.recommendation,
+      });
+    }
+  }
+
+  // Sort by severity then line number
+  const severityOrder = { critical: 0, high: 1, medium: 2 };
+  findings.sort(
+    (a, b) =>
+      severityOrder[a.severity] - severityOrder[b.severity] || a.line - b.line,
+  );
+
+  return findings;
+}
+
+registerTool({
+  name: "secrets_scan",
+  description:
+    "Scan text for leaked secrets, API keys, tokens, passwords, and connection strings",
+  pro: true,
+  inputSchema: {
+    type: "object",
+    properties: {
+      text: {
+        type: "string",
+        description: "Text content to scan for secrets",
+      },
+    },
+    required: ["text"],
+  },
+  handler: async (args) => {
+    const text = args.text as string;
+
+    if (!text.trim()) throw new Error("Text is empty");
+
+    const findings = scanText(text);
+
+    if (findings.length === 0) {
+      return "No secrets detected. The text appears clean.";
+    }
+
+    const critical = findings.filter((f) => f.severity === "critical").length;
+    const high = findings.filter((f) => f.severity === "high").length;
+    const medium = findings.filter((f) => f.severity === "medium").length;
+
+    const lines: string[] = [
+      `=== Secrets Scan: Found ${findings.length} secret${findings.length === 1 ? "" : "s"}: ${critical} critical, ${high} high, ${medium} medium ===`,
+      "",
+    ];
+
+    for (const finding of findings) {
+      const severityLabel =
+        finding.severity === "critical"
+          ? "CRITICAL"
+          : finding.severity === "high"
+            ? "HIGH"
+            : "MEDIUM";
+
+      lines.push(`[${severityLabel}] ${finding.type}`);
+      lines.push(`  Line: ${finding.line}`);
+      lines.push(`  Preview: ${finding.masked}`);
+      lines.push(`  Action: ${finding.recommendation}`);
+      lines.push("");
+    }
+
+    return lines.join("\n").trimEnd();
+  },
+});