sentinelayer-cli 0.1.2 → 0.3.0

package/src/audit/replay.js

@@ -1,103 +1,103 @@
-import fsp from "node:fs/promises";
-import path from "node:path";
-
-function normalizeString(value) {
-  return String(value || "").trim();
-}
-
-function toPosixPath(value) {
-  return String(value || "").replace(/\\/g, "/");
-}
-
-function fingerprintFinding(finding = {}) {
-  return [
-    normalizeString(finding.severity).toUpperCase(),
-    toPosixPath(finding.file),
-    String(Number(finding.line || 0)),
-    normalizeString(finding.message).toLowerCase(),
-  ].join("|");
-}
-
-function collectFindings(report = {}) {
-  const flattened = [];
-  for (const agent of report.agentResults || []) {
-    for (const finding of agent.findings || []) {
-      flattened.push({
-        severity: normalizeString(finding.severity).toUpperCase(),
-        file: toPosixPath(finding.file),
-        line: Number(finding.line || 0),
-        message: normalizeString(finding.message),
-        ruleId: normalizeString(finding.ruleId),
-        ownerAgentId: agent.agentId,
-      });
-    }
-  }
-  return flattened;
-}
-
-function summaryDelta(base = {}, candidate = {}) {
-  const keys = ["P0", "P1", "P2", "P3"];
-  const delta = {};
-  for (const key of keys) {
-    delta[key] = Number(candidate[key] || 0) - Number(base[key] || 0);
-  }
-  delta.blockingChanged = Boolean(base.blocking) !== Boolean(candidate.blocking);
-  return delta;
-}
-
-export function compareAuditReports(baseReport = {}, candidateReport = {}) {
-  const baseFindings = collectFindings(baseReport);
-  const candidateFindings = collectFindings(candidateReport);
-  const baseByFingerprint = new Map(baseFindings.map((finding) => [fingerprintFinding(finding), finding]));
-  const candidateByFingerprint = new Map(
-    candidateFindings.map((finding) => [fingerprintFinding(finding), finding])
-  );
-
-  const added = [];
-  const removed = [];
-
-  for (const [fingerprint, finding] of candidateByFingerprint.entries()) {
-    if (!baseByFingerprint.has(fingerprint)) {
-      added.push(finding);
-    }
-  }
-  for (const [fingerprint, finding] of baseByFingerprint.entries()) {
-    if (!candidateByFingerprint.has(fingerprint)) {
-      removed.push(finding);
-    }
-  }
-
-  const deterministicEquivalent = added.length === 0 && removed.length === 0;
-  return {
-    schemaVersion: "1.0.0",
-    generatedAt: new Date().toISOString(),
-    baseRunId: normalizeString(baseReport.runId),
-    candidateRunId: normalizeString(candidateReport.runId),
-    baseSummary: baseReport.summary || { P0: 0, P1: 0, P2: 0, P3: 0, blocking: false },
-    candidateSummary: candidateReport.summary || { P0: 0, P1: 0, P2: 0, P3: 0, blocking: false },
-    summaryDelta: summaryDelta(baseReport.summary || {}, candidateReport.summary || {}),
-    baseFindingCount: baseFindings.length,
-    candidateFindingCount: candidateFindings.length,
-    addedCount: added.length,
-    removedCount: removed.length,
-    deterministicEquivalent,
-    added: added.slice(0, 500),
-    removed: removed.slice(0, 500),
-  };
-}
-
-export async function writeAuditComparisonArtifact({
-  baseReport = {},
-  candidateReport = {},
-  outputDirectory = "",
-} = {}) {
-  const resolvedOutputDirectory = path.resolve(String(outputDirectory || "."));
-  const comparison = compareAuditReports(baseReport, candidateReport);
-  const fileName = `AUDIT_COMPARISON_${comparison.baseRunId}_vs_${comparison.candidateRunId}.json`;
-  const outputPath = path.join(resolvedOutputDirectory, fileName);
-  await fsp.writeFile(outputPath, `${JSON.stringify(comparison, null, 2)}\n`, "utf-8");
-  return {
-    comparison,
-    outputPath,
-  };
-}
+import fsp from "node:fs/promises";
+import path from "node:path";
+
+function normalizeString(value) {
+  return String(value || "").trim();
+}
+
+function toPosixPath(value) {
+  return String(value || "").replace(/\\/g, "/");
+}
+
+function fingerprintFinding(finding = {}) {
+  return [
+    normalizeString(finding.severity).toUpperCase(),
+    toPosixPath(finding.file),
+    String(Number(finding.line || 0)),
+    normalizeString(finding.message).toLowerCase(),
+  ].join("|");
+}
+
+function collectFindings(report = {}) {
+  const flattened = [];
+  for (const agent of report.agentResults || []) {
+    for (const finding of agent.findings || []) {
+      flattened.push({
+        severity: normalizeString(finding.severity).toUpperCase(),
+        file: toPosixPath(finding.file),
+        line: Number(finding.line || 0),
+        message: normalizeString(finding.message),
+        ruleId: normalizeString(finding.ruleId),
+        ownerAgentId: agent.agentId,
+      });
+    }
+  }
+  return flattened;
+}
+
+function summaryDelta(base = {}, candidate = {}) {
+  const keys = ["P0", "P1", "P2", "P3"];
+  const delta = {};
+  for (const key of keys) {
+    delta[key] = Number(candidate[key] || 0) - Number(base[key] || 0);
+  }
+  delta.blockingChanged = Boolean(base.blocking) !== Boolean(candidate.blocking);
+  return delta;
+}
+
+export function compareAuditReports(baseReport = {}, candidateReport = {}) {
+  const baseFindings = collectFindings(baseReport);
+  const candidateFindings = collectFindings(candidateReport);
+  const baseByFingerprint = new Map(baseFindings.map((finding) => [fingerprintFinding(finding), finding]));
+  const candidateByFingerprint = new Map(
+    candidateFindings.map((finding) => [fingerprintFinding(finding), finding])
+  );
+
+  const added = [];
+  const removed = [];
+
+  for (const [fingerprint, finding] of candidateByFingerprint.entries()) {
+    if (!baseByFingerprint.has(fingerprint)) {
+      added.push(finding);
+    }
+  }
+  for (const [fingerprint, finding] of baseByFingerprint.entries()) {
+    if (!candidateByFingerprint.has(fingerprint)) {
+      removed.push(finding);
+    }
+  }
+
+  const deterministicEquivalent = added.length === 0 && removed.length === 0;
+  return {
+    schemaVersion: "1.0.0",
+    generatedAt: new Date().toISOString(),
+    baseRunId: normalizeString(baseReport.runId),
+    candidateRunId: normalizeString(candidateReport.runId),
+    baseSummary: baseReport.summary || { P0: 0, P1: 0, P2: 0, P3: 0, blocking: false },
+    candidateSummary: candidateReport.summary || { P0: 0, P1: 0, P2: 0, P3: 0, blocking: false },
+    summaryDelta: summaryDelta(baseReport.summary || {}, candidateReport.summary || {}),
+    baseFindingCount: baseFindings.length,
+    candidateFindingCount: candidateFindings.length,
+    addedCount: added.length,
+    removedCount: removed.length,
+    deterministicEquivalent,
+    added: added.slice(0, 500),
+    removed: removed.slice(0, 500),
+  };
+}
+
+export async function writeAuditComparisonArtifact({
+  baseReport = {},
+  candidateReport = {},
+  outputDirectory = "",
+} = {}) {
+  const resolvedOutputDirectory = path.resolve(String(outputDirectory || "."));
+  const comparison = compareAuditReports(baseReport, candidateReport);
+  const fileName = `AUDIT_COMPARISON_${comparison.baseRunId}_vs_${comparison.candidateRunId}.json`;
+  const outputPath = path.join(resolvedOutputDirectory, fileName);
+  await fsp.writeFile(outputPath, `${JSON.stringify(comparison, null, 2)}\n`, "utf-8");
+  return {
+    comparison,
+    outputPath,
+  };
+}

package/src/auth/http.js

@@ -1,113 +1,113 @@
-import { setTimeout as sleep } from "node:timers/promises";
-
-/**
- * Default timeout applied to Sentinelayer API requests when no override is provided.
- * @type {number}
- */
-export const DEFAULT_REQUEST_TIMEOUT_MS = 20_000;
-
-function normalizeApiError(errorPayload = {}) {
-  if (!errorPayload || typeof errorPayload !== "object" || Array.isArray(errorPayload)) {
-    return {
-      code: "UNKNOWN",
-      message: "Unknown API error",
-      requestId: null,
-    };
-  }
-  return {
-    code: String(errorPayload.code || "UNKNOWN"),
-    message: String(errorPayload.message || "Unknown API error"),
-    requestId: errorPayload.request_id ? String(errorPayload.request_id) : null,
-  };
-}
-
-export class SentinelayerApiError extends Error {
-  /**
-   * @param {string} message
-   * @param {{ status?: number, code?: string, requestId?: string | null }} [options]
-   */
-  constructor(message, { status = 500, code = "UNKNOWN", requestId = null } = {}) {
-    super(String(message || "Sentinelayer API error"));
-    this.name = "SentinelayerApiError";
-    this.status = Number(status || 500);
-    this.code = String(code || "UNKNOWN");
-    this.requestId = requestId ? String(requestId) : null;
-  }
-}
-
-/**
- * Execute an HTTP request against the Sentinelayer API and parse a JSON response.
- * Throws `SentinelayerApiError` for transport errors, timeouts, API failures, and invalid JSON.
- *
- * @param {string} url
- * @param {{
- *   method?: "GET" | "POST" | "PUT" | "PATCH" | "DELETE",
- *   headers?: Record<string, string>,
- *   body?: unknown,
- *   timeoutMs?: number
- * }} [options]
- * @returns {Promise<any>}
- */
-export async function requestJson(
-  url,
-  { method = "GET", headers = {}, body, timeoutMs = DEFAULT_REQUEST_TIMEOUT_MS } = {}
-) {
-  const controller = new AbortController();
-  const timeout = setTimeout(() => controller.abort(), Number(timeoutMs || DEFAULT_REQUEST_TIMEOUT_MS));
-
-  try {
-    const response = await fetch(String(url), {
-      method,
-      headers: {
-        "Content-Type": "application/json",
-        ...headers,
-      },
-      body: body === undefined ? undefined : JSON.stringify(body),
-      signal: controller.signal,
-    });
-
-    const rawBody = await response.text();
-    let json = {};
-    if (rawBody.trim()) {
-      try {
-        json = JSON.parse(rawBody);
-      } catch {
-        throw new SentinelayerApiError("Invalid JSON returned by API.", {
-          status: response.status,
-          code: "INVALID_JSON",
-        });
-      }
-    }
-
-    if (!response.ok) {
-      const apiError = normalizeApiError(json && typeof json === "object" ? json.error : {});
-      throw new SentinelayerApiError(apiError.message, {
-        status: response.status,
-        code: apiError.code,
-        requestId: apiError.requestId,
-      });
-    }
-
-    return json;
-  } catch (error) {
-    if (error instanceof SentinelayerApiError) {
-      throw error;
-    }
-    if (error && typeof error === "object" && error.name === "AbortError") {
-      throw new SentinelayerApiError("Request timed out.", {
-        status: 408,
-        code: "TIMEOUT",
-      });
-    }
-    throw new SentinelayerApiError(
-      error instanceof Error ? error.message : String(error || "Request failed"),
-      {
-        status: 503,
-        code: "NETWORK_ERROR",
-      }
-    );
-  } finally {
-    clearTimeout(timeout);
-    await sleep(0);
-  }
-}
+import { setTimeout as sleep } from "node:timers/promises";
+
+/**
+ * Default timeout applied to Sentinelayer API requests when no override is provided.
+ * @type {number}
+ */
+export const DEFAULT_REQUEST_TIMEOUT_MS = 20_000;
+
+function normalizeApiError(errorPayload = {}) {
+  if (!errorPayload || typeof errorPayload !== "object" || Array.isArray(errorPayload)) {
+    return {
+      code: "UNKNOWN",
+      message: "Unknown API error",
+      requestId: null,
+    };
+  }
+  return {
+    code: String(errorPayload.code || "UNKNOWN"),
+    message: String(errorPayload.message || "Unknown API error"),
+    requestId: errorPayload.request_id ? String(errorPayload.request_id) : null,
+  };
+}
+
+export class SentinelayerApiError extends Error {
+  /**
+   * @param {string} message
+   * @param {{ status?: number, code?: string, requestId?: string | null }} [options]
+   */
+  constructor(message, { status = 500, code = "UNKNOWN", requestId = null } = {}) {
+    super(String(message || "Sentinelayer API error"));
+    this.name = "SentinelayerApiError";
+    this.status = Number(status || 500);
+    this.code = String(code || "UNKNOWN");
+    this.requestId = requestId ? String(requestId) : null;
+  }
+}
+
+/**
+ * Execute an HTTP request against the Sentinelayer API and parse a JSON response.
+ * Throws `SentinelayerApiError` for transport errors, timeouts, API failures, and invalid JSON.
+ *
+ * @param {string} url
+ * @param {{
+ *   method?: "GET" | "POST" | "PUT" | "PATCH" | "DELETE",
+ *   headers?: Record<string, string>,
+ *   body?: unknown,
+ *   timeoutMs?: number
+ * }} [options]
+ * @returns {Promise<any>}
+ */
+export async function requestJson(
+  url,
+  { method = "GET", headers = {}, body, timeoutMs = DEFAULT_REQUEST_TIMEOUT_MS } = {}
+) {
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), Number(timeoutMs || DEFAULT_REQUEST_TIMEOUT_MS));
+
+  try {
+    const response = await fetch(String(url), {
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        ...headers,
+      },
+      body: body === undefined ? undefined : JSON.stringify(body),
+      signal: controller.signal,
+    });
+
+    const rawBody = await response.text();
+    let json = {};
+    if (rawBody.trim()) {
+      try {
+        json = JSON.parse(rawBody);
+      } catch {
+        throw new SentinelayerApiError("Invalid JSON returned by API.", {
+          status: response.status,
+          code: "INVALID_JSON",
+        });
+      }
+    }
+
+    if (!response.ok) {
+      const apiError = normalizeApiError(json && typeof json === "object" ? json.error : {});
+      throw new SentinelayerApiError(apiError.message, {
+        status: response.status,
+        code: apiError.code,
+        requestId: apiError.requestId,
+      });
+    }
+
+    return json;
+  } catch (error) {
+    if (error instanceof SentinelayerApiError) {
+      throw error;
+    }
+    if (error && typeof error === "object" && error.name === "AbortError") {
+      throw new SentinelayerApiError("Request timed out.", {
+        status: 408,
+        code: "TIMEOUT",
+      });
+    }
+    throw new SentinelayerApiError(
+      error instanceof Error ? error.message : String(error || "Request failed"),
+      {
+        status: 503,
+        code: "NETWORK_ERROR",
+      }
+    );
+  } finally {
+    clearTimeout(timeout);
+    await sleep(0);
+  }
+}