sinapse-ai 1.12.2 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (244) hide show
  1. package/.claude/CLAUDE.md +2 -2
  2. package/.claude/rules/agent-memory-imports.md +4 -0
  3. package/.sinapse-ai/cli/commands/pro/index.js +8 -48
  4. package/.sinapse-ai/constitution.md +6 -2
  5. package/.sinapse-ai/data/entity-registry.yaml +63 -429
  6. package/.sinapse-ai/development/agents/analyst/MEMORY.md +19 -0
  7. package/.sinapse-ai/development/agents/architect/MEMORY.md +52 -0
  8. package/.sinapse-ai/development/agents/data-engineer/MEMORY.md +55 -0
  9. package/.sinapse-ai/development/agents/developer/MEMORY.md +53 -0
  10. package/.sinapse-ai/development/agents/devops/MEMORY.md +56 -0
  11. package/.sinapse-ai/development/agents/product-lead/MEMORY.md +53 -0
  12. package/.sinapse-ai/development/agents/project-lead/MEMORY.md +53 -0
  13. package/.sinapse-ai/development/agents/quality-gate/MEMORY.md +52 -0
  14. package/.sinapse-ai/development/agents/snps-orqx.md +15 -0
  15. package/.sinapse-ai/development/agents/sprint-lead/MEMORY.md +53 -0
  16. package/.sinapse-ai/development/agents/squad-creator.md +15 -0
  17. package/.sinapse-ai/development/agents/ux/MEMORY.md +21 -0
  18. package/.sinapse-ai/development/templates/chrome-brain/knowledge-base/chrome-brain.md +2 -2
  19. package/.sinapse-ai/infrastructure/scripts/ide-sync/index.js +15 -0
  20. package/.sinapse-ai/infrastructure/scripts/validate-agents.js +159 -8
  21. package/.sinapse-ai/install-manifest.yaml +16 -152
  22. package/AGENTS.md +13 -2
  23. package/CHANGELOG.md +135 -3
  24. package/README.en.md +1 -1
  25. package/README.md +6 -26
  26. package/bin/cli.js +2 -7
  27. package/bin/commands/install.js +19 -257
  28. package/bin/commands/update.js +18 -78
  29. package/bin/lib/command-generator.js +261 -0
  30. package/bin/lib/prompts.js +2 -65
  31. package/bin/modules/chrome-brain-installer.js +2 -1
  32. package/bin/postinstall.js +6 -6
  33. package/docs/getting-started.md +0 -1
  34. package/docs/pt/getting-started.md +1 -1
  35. package/docs/security/dependabot-triage.md +17 -17
  36. package/package.json +6 -3
  37. package/packages/installer/src/wizard/i18n.js +3 -204
  38. package/packages/installer/src/wizard/index.js +1 -1
  39. package/packages/installer/src/wizard/questions.js +5 -368
  40. package/packages/installer/src/wizard/wizard.js +0 -9
  41. package/scripts/generate-install-manifest.js +6 -0
  42. package/scripts/validate-changelog-tags.js +97 -0
  43. package/scripts/validate-no-personal-leaks.js +184 -28
  44. package/scripts/validate-schemas.js +55 -10
  45. package/scripts/validate-story-meta.js +25 -12
  46. package/squads/claude-code-mastery/agents/claude-mastery-chief.md +15 -1
  47. package/squads/claude-code-mastery/agents/config-engineer.md +15 -0
  48. package/squads/claude-code-mastery/agents/hooks-architect.md +27 -20
  49. package/squads/claude-code-mastery/agents/mcp-integrator.md +15 -0
  50. package/squads/claude-code-mastery/agents/project-integrator.md +15 -0
  51. package/squads/claude-code-mastery/agents/roadmap-sentinel.md +15 -0
  52. package/squads/claude-code-mastery/agents/skill-craftsman.md +15 -0
  53. package/squads/claude-code-mastery/agents/swarm-orqx.md +15 -0
  54. package/squads/claude-code-mastery/tasks/audit-setup.md +1 -1
  55. package/squads/squad-animations/agents/animation-interpreter.md +15 -0
  56. package/squads/squad-animations/agents/animation-performance-engineer.md +15 -0
  57. package/squads/squad-animations/agents/animations-orqx.md +13 -0
  58. package/squads/squad-animations/agents/css-motion-artist.md +15 -0
  59. package/squads/squad-animations/agents/generative-particle-engineer.md +15 -0
  60. package/squads/squad-animations/agents/motion-choreographer.md +15 -0
  61. package/squads/squad-animations/agents/scroll-narrative-engineer.md +15 -0
  62. package/squads/squad-animations/agents/shader-artist.md +15 -0
  63. package/squads/squad-animations/agents/threejs-architect.md +15 -0
  64. package/squads/squad-brand/agents/brand-archetype-strategist.md +13 -0
  65. package/squads/squad-brand/agents/brand-auditor.md +15 -0
  66. package/squads/squad-brand/agents/brand-collateral-designer.md +15 -0
  67. package/squads/squad-brand/agents/brand-compiler.md +13 -0
  68. package/squads/squad-brand/agents/brand-creative-engineer.md +15 -0
  69. package/squads/squad-brand/agents/brand-culture-architect.md +15 -0
  70. package/squads/squad-brand/agents/brand-growth-strategist.md +15 -0
  71. package/squads/squad-brand/agents/brand-identity-designer.md +15 -0
  72. package/squads/squad-brand/agents/brand-motion-vfx.md +15 -0
  73. package/squads/squad-brand/agents/brand-naming-specialist.md +15 -0
  74. package/squads/squad-brand/agents/brand-orqx.md +13 -0
  75. package/squads/squad-brand/agents/brand-positioning-strategist.md +15 -0
  76. package/squads/squad-brand/agents/brand-sonic-designer.md +15 -0
  77. package/squads/squad-brand/agents/brand-strategist.md +15 -0
  78. package/squads/squad-brand/agents/brand-system-architect.md +15 -0
  79. package/squads/squad-cloning/agents/agent-forger.md +15 -0
  80. package/squads/squad-cloning/agents/cloning-orqx.md +15 -0
  81. package/squads/squad-cloning/agents/cognitive-extractor.md +15 -0
  82. package/squads/squad-cloning/agents/content-capturer.md +15 -0
  83. package/squads/squad-cloning/agents/kb-architect.md +15 -0
  84. package/squads/squad-cloning/agents/mind-synthesizer.md +15 -0
  85. package/squads/squad-cloning/agents/sop-extractor.md +15 -0
  86. package/squads/squad-cloning/agents/source-hunter.md +13 -0
  87. package/squads/squad-cloning/agents/squad-assembler.md +15 -0
  88. package/squads/squad-commercial/agents/commercial-orqx.md +13 -0
  89. package/squads/squad-commercial/agents/cs-business-auditor.md +15 -0
  90. package/squads/squad-commercial/agents/cs-client-success.md +15 -0
  91. package/squads/squad-commercial/agents/cs-crm-specialist.md +15 -0
  92. package/squads/squad-commercial/agents/cs-funnel-architect.md +15 -0
  93. package/squads/squad-commercial/agents/cs-lead-generation-strategist.md +15 -0
  94. package/squads/squad-commercial/agents/cs-offer-designer.md +15 -0
  95. package/squads/squad-commercial/agents/cs-revops-analyst.md +15 -0
  96. package/squads/squad-commercial/agents/cs-sales-closer.md +13 -0
  97. package/squads/squad-commercial/agents/cs-sales-enablement.md +15 -0
  98. package/squads/squad-content/agents/content-analyst.md +13 -0
  99. package/squads/squad-content/agents/content-engineer.md +15 -0
  100. package/squads/squad-content/agents/content-governor.md +13 -0
  101. package/squads/squad-content/agents/content-orqx.md +13 -0
  102. package/squads/squad-content/agents/editorial-strategist.md +15 -0
  103. package/squads/squad-content/agents/platform-specialist.md +15 -0
  104. package/squads/squad-content/agents/signal-intelligence.md +13 -0
  105. package/squads/squad-copy/agents/ad-copywriter.md +13 -0
  106. package/squads/squad-copy/agents/brand-voice-writer.md +15 -0
  107. package/squads/squad-copy/agents/conversion-writer.md +13 -0
  108. package/squads/squad-copy/agents/copy-editor.md +15 -0
  109. package/squads/squad-copy/agents/copy-orqx.md +13 -0
  110. package/squads/squad-copy/agents/copy-strategist.md +15 -0
  111. package/squads/squad-copy/agents/direct-response-writer.md +15 -0
  112. package/squads/squad-copy/agents/email-sequence-strategist.md +15 -0
  113. package/squads/squad-copy/agents/funnel-copywriter.md +15 -0
  114. package/squads/squad-copy/agents/headline-specialist.md +13 -0
  115. package/squads/squad-copy/agents/long-form-writer.md +15 -0
  116. package/squads/squad-copy/agents/persuasion-psychologist.md +15 -0
  117. package/squads/squad-copy/agents/proof-architect.md +15 -0
  118. package/squads/squad-council/agents/brene-brown.md +13 -0
  119. package/squads/squad-council/agents/charlie-munger.md +13 -0
  120. package/squads/squad-council/agents/council-orqx.md +13 -0
  121. package/squads/squad-council/agents/derek-sivers.md +13 -0
  122. package/squads/squad-council/agents/naval-ravikant.md +13 -0
  123. package/squads/squad-council/agents/patrick-lencioni.md +15 -0
  124. package/squads/squad-council/agents/peter-thiel.md +13 -0
  125. package/squads/squad-council/agents/ray-dalio.md +13 -0
  126. package/squads/squad-council/agents/reid-hoffman.md +13 -0
  127. package/squads/squad-council/agents/simon-sinek.md +15 -0
  128. package/squads/squad-council/agents/yvon-chouinard.md +13 -0
  129. package/squads/squad-courses/agents/assessment-creator.md +15 -0
  130. package/squads/squad-courses/agents/content-writer.md +15 -0
  131. package/squads/squad-courses/agents/courses-orqx.md +15 -0
  132. package/squads/squad-courses/agents/curriculum-designer.md +15 -0
  133. package/squads/squad-courses/agents/launch-strategist.md +15 -0
  134. package/squads/squad-courses/agents/lesson-architect.md +15 -0
  135. package/squads/squad-courses/agents/production-director.md +13 -0
  136. package/squads/squad-courses/agents/slide-designer.md +15 -0
  137. package/squads/squad-cybersecurity/agents/cloud-security-engineer.md +15 -0
  138. package/squads/squad-cybersecurity/agents/compliance-officer.md +15 -0
  139. package/squads/squad-cybersecurity/agents/cyber-orqx.md +15 -0
  140. package/squads/squad-cybersecurity/agents/incident-responder.md +15 -0
  141. package/squads/squad-cybersecurity/agents/network-security-engineer.md +15 -0
  142. package/squads/squad-cybersecurity/agents/penetration-tester.md +15 -0
  143. package/squads/squad-cybersecurity/agents/soc-analyst.md +15 -0
  144. package/squads/squad-cybersecurity/agents/threat-analyst.md +15 -0
  145. package/squads/squad-design/agents/cro-persuasion.md +15 -0
  146. package/squads/squad-design/agents/design-orqx.md +13 -0
  147. package/squads/squad-design/agents/design-system.md +15 -0
  148. package/squads/squad-design/agents/dx-accessibility-specialist.md +15 -0
  149. package/squads/squad-design/agents/dx-design-system-architect.md +15 -0
  150. package/squads/squad-design/agents/dx-frontend-engineer.md +15 -0
  151. package/squads/squad-design/agents/dx-interaction-designer.md +15 -0
  152. package/squads/squad-design/agents/dx-performance-engineer.md +15 -0
  153. package/squads/squad-design/agents/dx-ui-designer.md +15 -0
  154. package/squads/squad-design/agents/dx-ux-strategist.md +15 -0
  155. package/squads/squad-design/agents/platform-aesthetic-director.md +15 -0
  156. package/squads/squad-design/agents/premium-packaging-strategist.md +15 -0
  157. package/squads/squad-design/agents/product-surface-director.md +15 -0
  158. package/squads/squad-design/agents/ux-designer.md +15 -0
  159. package/squads/squad-finance/agents/budget-controller.md +15 -0
  160. package/squads/squad-finance/agents/cost-optimizer.md +15 -0
  161. package/squads/squad-finance/agents/finance-orqx.md +15 -0
  162. package/squads/squad-finance/agents/fiscal-compliance-br.md +15 -0
  163. package/squads/squad-finance/agents/forecast-strategist.md +15 -0
  164. package/squads/squad-finance/agents/pricing-strategist.md +15 -0
  165. package/squads/squad-finance/agents/profitability-analyst.md +15 -0
  166. package/squads/squad-finance/agents/revenue-analyst.md +15 -0
  167. package/squads/squad-growth/agents/ga-analytics-engineer.md +15 -0
  168. package/squads/squad-growth/agents/ga-campaign-analyst.md +15 -0
  169. package/squads/squad-growth/agents/ga-cro-specialist.md +15 -0
  170. package/squads/squad-growth/agents/ga-data-analyst.md +13 -0
  171. package/squads/squad-growth/agents/ga-growth-hacker.md +15 -0
  172. package/squads/squad-growth/agents/ga-seo-strategist.md +15 -0
  173. package/squads/squad-growth/agents/growth-orqx.md +15 -0
  174. package/squads/squad-paidmedia/agents/campaign-analyst.md +15 -0
  175. package/squads/squad-paidmedia/agents/creative-strategist.md +15 -0
  176. package/squads/squad-paidmedia/agents/cro-specialist.md +15 -0
  177. package/squads/squad-paidmedia/agents/google-ads-specialist.md +15 -0
  178. package/squads/squad-paidmedia/agents/meta-ads-specialist.md +15 -0
  179. package/squads/squad-paidmedia/agents/paidmedia-orqx.md +15 -0
  180. package/squads/squad-paidmedia/agents/performance-engineer.md +15 -0
  181. package/squads/squad-paidmedia/agents/pm-creative-performance-analyst.md +15 -0
  182. package/squads/squad-paidmedia/agents/pm-youtube-ads-specialist.md +15 -0
  183. package/squads/squad-product/agents/product-orqx.md +13 -1
  184. package/squads/squad-product/agents/ps-client-product-manager.md +13 -1
  185. package/squads/squad-product/agents/ps-delivery-manager.md +13 -1
  186. package/squads/squad-product/agents/ps-discovery-lead.md +15 -1
  187. package/squads/squad-product/agents/ps-product-analyst.md +15 -1
  188. package/squads/squad-product/agents/ps-product-ops-specialist.md +15 -1
  189. package/squads/squad-product/agents/ps-product-strategist.md +15 -1
  190. package/squads/squad-research/agents/audience-intelligence.md +15 -0
  191. package/squads/squad-research/agents/competitive-intelligence.md +15 -0
  192. package/squads/squad-research/agents/data-synthesizer.md +15 -0
  193. package/squads/squad-research/agents/deep-researcher.md +15 -0
  194. package/squads/squad-research/agents/market-analyst.md +15 -0
  195. package/squads/squad-research/agents/research-orqx.md +15 -0
  196. package/squads/squad-research/agents/trend-forecaster.md +15 -0
  197. package/squads/squad-storytelling/agents/blake-snyder.md +13 -0
  198. package/squads/squad-storytelling/agents/dan-harmon.md +13 -0
  199. package/squads/squad-storytelling/agents/joseph-campbell.md +13 -0
  200. package/squads/squad-storytelling/agents/keith-johnstone.md +13 -0
  201. package/squads/squad-storytelling/agents/kindra-hall.md +15 -0
  202. package/squads/squad-storytelling/agents/marshall-ganz.md +15 -0
  203. package/squads/squad-storytelling/agents/nancy-duarte.md +15 -0
  204. package/squads/squad-storytelling/agents/oren-klaff.md +15 -0
  205. package/squads/squad-storytelling/agents/park-howell.md +13 -0
  206. package/squads/squad-storytelling/agents/storytelling-orqx.md +13 -0
  207. package/.sinapse-ai/core/grounding/README.md +0 -83
  208. package/.sinapse-ai/core/grounding/brand.cjs +0 -29
  209. package/.sinapse-ai/core/grounding/config-loader.cjs +0 -52
  210. package/.sinapse-ai/core/grounding/design-system.cjs +0 -29
  211. package/.sinapse-ai/core/grounding/vault.cjs +0 -36
  212. package/.sinapse-ai/development/scripts/approval-workflow.js +0 -643
  213. package/.sinapse-ai/development/scripts/backup-manager.js +0 -607
  214. package/.sinapse-ai/development/scripts/branch-manager.js +0 -390
  215. package/.sinapse-ai/development/scripts/code-quality-improver.js +0 -1329
  216. package/.sinapse-ai/development/scripts/commit-message-generator.js +0 -850
  217. package/.sinapse-ai/development/scripts/conflict-resolver.js +0 -675
  218. package/.sinapse-ai/development/scripts/dependency-analyzer.js +0 -638
  219. package/.sinapse-ai/development/scripts/diff-generator.js +0 -352
  220. package/.sinapse-ai/development/scripts/git-wrapper.js +0 -462
  221. package/.sinapse-ai/development/scripts/modification-validator.js +0 -555
  222. package/.sinapse-ai/development/scripts/performance-analyzer.js +0 -758
  223. package/.sinapse-ai/development/scripts/refactoring-suggester.js +0 -1148
  224. package/.sinapse-ai/development/scripts/rollback-handler.js +0 -531
  225. package/.sinapse-ai/development/scripts/security-checker.js +0 -359
  226. package/.sinapse-ai/development/scripts/template-engine.js +0 -240
  227. package/.sinapse-ai/development/scripts/template-validator.js +0 -279
  228. package/.sinapse-ai/development/scripts/test-generator.js +0 -844
  229. package/.sinapse-ai/development/scripts/transaction-manager.js +0 -590
  230. package/.sinapse-ai/development/scripts/yaml-validator.js +0 -397
  231. package/.sinapse-ai/hooks/sinapse-brand-grounding.cjs +0 -162
  232. package/.sinapse-ai/hooks/sinapse-ds-grounding.cjs +0 -211
  233. package/.sinapse-ai/hooks/sinapse-vault-grounding.cjs +0 -194
  234. package/bin/lib/register-grounding-hooks.js +0 -145
  235. package/docs/guides/agents/traces/execution-traces.zip +0 -0
  236. package/docs/guides/grounding-setup.md +0 -154
  237. package/docs/guides/workflows/SINAPSE-WORKFLOWS.zip +0 -0
  238. package/packages/installer/src/pro/pro-scaffolder.js +0 -449
  239. package/packages/installer/src/wizard/grounding-config.js +0 -131
  240. package/packages/installer/src/wizard/pro-setup.js +0 -1439
  241. package/packages/installer/templates/README.md +0 -16
  242. package/packages/installer/templates/brand-routing.example.json +0 -12
  243. package/packages/installer/templates/ds-routing.example.json +0 -12
  244. package/packages/installer/templates/vault-routing.example.json +0 -12
@@ -1,359 +0,0 @@
1
- /**
2
- * Security Checker for SINAPSE Developer Meta-Agent
3
- * Validates generated code and configurations for security vulnerabilities
4
- */
5
-
6
- const path = require('path');
7
- const yaml = require('js-yaml');
8
-
9
- class SecurityChecker {
10
- constructor() {
11
- // Patterns that indicate potential security issues
12
- this.dangerousPatterns = [
13
- /eval\s*\(/gi,
14
- /Function\s*\(/gi,
15
- /new\s+Function/gi,
16
- /setTimeout\s*\([^,]+,/gi,
17
- /setInterval\s*\([^,]+,/gi,
18
- /require\s*\([^'"]/gi, // Dynamic require
19
- /import\s*\(/gi, // Dynamic import
20
- /child_process/gi,
21
- /exec\s*\(/gi,
22
- /spawn\s*\(/gi,
23
- /\.\.\/\.\.\//g, // Path traversal
24
- /process\.env/gi,
25
- /__dirname/gi,
26
- /__filename/gi,
27
- ];
28
-
29
- // SQL injection patterns
30
- this.sqlInjectionPatterns = [
31
- /;\s*DROP\s+TABLE/gi,
32
- /;\s*DELETE\s+FROM/gi,
33
- /UNION\s+SELECT/gi,
34
- /OR\s+1\s*=\s*1/gi,
35
- /'\s+OR\s+'/gi,
36
- ];
37
-
38
- // Command injection patterns
39
- this.commandInjectionPatterns = [
40
- /[;&|`$()]/g,
41
- /\$\{.*\}/g,
42
- />|</g,
43
- ];
44
-
45
- // Safe patterns that should be allowed
46
- this.safePatterns = {
47
- 'eval': [
48
- /\/\*.*eval.*\*\//gs, // eval in comments
49
- /\/\/.*eval/g, // eval in single-line comments
50
- /".*eval.*"/g, // eval in strings
51
- /'.*eval.*'/g,
52
- ]
53
- };
54
- }
55
-
56
- /**
57
- * Validate generated code for security vulnerabilities
58
- * @param {string} code - The code to validate
59
- * @param {string} [language='javascript'] - The programming language
60
- * @returns {Object} Validation results with valid flag, errors, warnings, and suggestions
61
- */
62
- validateCode(code, language = 'javascript') {
63
- const results = {
64
- valid: true,
65
- errors: [],
66
- warnings: [],
67
- suggestions: []
68
- };
69
-
70
- // Validate input
71
- if (!code || typeof code !== 'string') {
72
- results.valid = false;
73
- results.errors.push({
74
- type: 'invalid_input',
75
- message: 'Code must be a non-empty string'
76
- });
77
- return results;
78
- }
79
-
80
- // Check for dangerous patterns
81
- for (const pattern of this.dangerousPatterns) {
82
- const matches = code.match(pattern);
83
- if (matches) {
84
- // Check if it's in a safe context
85
- let isSafe = false;
86
- const patternName = pattern.source.split('\\')[0];
87
-
88
- if (this.safePatterns[patternName]) {
89
- for (const safePattern of this.safePatterns[patternName]) {
90
- if (code.match(safePattern)) {
91
- isSafe = true;
92
- break;
93
- }
94
- }
95
- }
96
-
97
- if (!isSafe) {
98
- results.valid = false;
99
- results.errors.push({
100
- type: 'dangerous_pattern',
101
- pattern: pattern.source,
102
- matches: matches,
103
- message: `Dangerous pattern detected: ${matches[0]}`,
104
- line: this._getLineNumber(code, matches.index)
105
- });
106
- }
107
- }
108
- }
109
-
110
- // Check for SQL injection (if applicable)
111
- if (code.includes('SELECT') || code.includes('INSERT') || code.includes('UPDATE')) {
112
- for (const pattern of this.sqlInjectionPatterns) {
113
- if (pattern.test(code)) {
114
- results.valid = false;
115
- results.errors.push({
116
- type: 'sql_injection',
117
- pattern: pattern.source,
118
- message: 'Potential SQL injection vulnerability detected'
119
- });
120
- }
121
- }
122
- }
123
-
124
- // Validate input sanitization
125
- if (code.includes('req.body') || code.includes('req.query') || code.includes('req.params')) {
126
- if (!code.includes('sanitize') && !code.includes('validate') && !code.includes('escape')) {
127
- results.warnings.push({
128
- type: 'input_validation',
129
- message: 'User input detected without explicit sanitization'
130
- });
131
- }
132
- }
133
-
134
- return results;
135
- }
136
-
137
- /**
138
- * Validate YAML configuration for security issues
139
- */
140
- validateYAML(yamlContent) {
141
- const results = {
142
- valid: true,
143
- errors: [],
144
- warnings: []
145
- };
146
-
147
- try {
148
- const parsed = yaml.load(yamlContent);
149
-
150
- // Check for dangerous YAML features
151
- if (yamlContent.includes('!!') && !yamlContent.includes('!!str')) {
152
- results.warnings.push({
153
- type: 'yaml_tags',
154
- message: 'YAML tags detected - ensure they are safe'
155
- });
156
- }
157
-
158
- // Validate structure
159
- this.validateYAMLStructure(parsed, results);
160
-
161
- } catch (error) {
162
- results.valid = false;
163
- results.errors.push({
164
- type: 'yaml_parse',
165
- message: `YAML parsing error: ${error.message}`
166
- });
167
- }
168
-
169
- return results;
170
- }
171
-
172
- /**
173
- * Validate YAML structure recursively
174
- */
175
- validateYAMLStructure(obj, results, path = '') {
176
- if (typeof obj === 'object' && obj !== null) {
177
- for (const [key, value] of Object.entries(obj)) {
178
- const currentPath = path ? `${path}.${key}` : key;
179
-
180
- // Check for command injection in string values
181
- if (typeof value === 'string') {
182
- for (const pattern of this.commandInjectionPatterns) {
183
- if (pattern.test(_value) && !this.isSafeCommandContext(key, value)) {
184
- results.warnings.push({
185
- type: 'command_injection',
186
- path: currentPath,
187
- message: `Potential command injection in ${currentPath}`
188
- });
189
- }
190
- }
191
- }
192
-
193
- // Recurse for nested objects
194
- if (typeof value === 'object') {
195
- this.validateYAMLStructure(_value, results, currentPath);
196
- }
197
- }
198
- }
199
- }
200
-
201
- /**
202
- * Check if command-like string is in safe context
203
- */
204
- isSafeCommandContext(key, value) {
205
- const safeKeys = ['description', 'comment', 'note', 'help', 'usage'];
206
- return safeKeys.some(safe => key.toLowerCase().includes(safe));
207
- }
208
-
209
- /**
210
- * Validate file paths for security issues
211
- */
212
- validatePath(filePath) {
213
- const results = {
214
- valid: true,
215
- errors: []
216
- };
217
-
218
- // Normalize the path
219
- const normalized = path.normalize(filePath);
220
-
221
- // Check for path traversal
222
- if (normalized.includes('..')) {
223
- results.valid = false;
224
- results.errors.push({
225
- type: 'path_traversal',
226
- message: 'Path traversal detected'
227
- });
228
- }
229
-
230
- // Check for absolute paths (unless allowed)
231
- if (path.isAbsolute(normalized)) {
232
- results.errors.push({
233
- type: 'absolute_path',
234
- message: 'Absolute path detected - use relative paths'
235
- });
236
- }
237
-
238
- // Check for sensitive directories
239
- const sensitivePatterns = [
240
- /node_modules/i,
241
- /\.git/i,
242
- /\.env/i,
243
- /private/i,
244
- /secret/i,
245
- /config/i,
246
- ];
247
-
248
- for (const pattern of sensitivePatterns) {
249
- if (pattern.test(normalized)) {
250
- results.warnings = results.warnings || [];
251
- results.warnings.push({
252
- type: 'sensitive_path',
253
- message: `Path contains potentially sensitive directory: ${pattern.source}`
254
- });
255
- }
256
- }
257
-
258
- return results;
259
- }
260
-
261
- /**
262
- * Validate user input for common security issues
263
- */
264
- sanitizeInput(input, type = 'general') {
265
- if (typeof input !== 'string') {
266
- return input;
267
- }
268
-
269
- let sanitized = input;
270
-
271
- // Remove null bytes
272
- sanitized = sanitized.replace(/\0/g, '');
273
-
274
- // Type-specific sanitization
275
- switch (type) {
276
- case 'filename':
277
- // Allow only alphanumeric, dash, underscore, and dot
278
- sanitized = sanitized.replace(/[^a-zA-Z0-9\-_\.]/g, '');
279
- break;
280
-
281
- case 'identifier':
282
- // Allow only alphanumeric, dash, and underscore
283
- sanitized = sanitized.replace(/[^a-zA-Z0-9\-_]/g, '');
284
- break;
285
-
286
- case 'yaml':
287
- // Escape special YAML characters
288
- sanitized = sanitized
289
- .replace(/:/g, '\\:')
290
- .replace(/\|/g, '\\|')
291
- .replace(/>/g, '\\>')
292
- .replace(/</g, '\\<');
293
- break;
294
-
295
- case 'general':
296
- default:
297
- // Basic HTML/script escaping
298
- sanitized = sanitized
299
- .replace(/&/g, '&amp;')
300
- .replace(/</g, '&lt;')
301
- .replace(/>/g, '&gt;')
302
- .replace(/"/g, '&quot;')
303
- .replace(/'/g, '&#x27;')
304
- .replace(/\//g, '&#x2F;');
305
- }
306
-
307
- return sanitized;
308
- }
309
-
310
- /**
311
- * Generate security report
312
- * @param {Array} validations - Array of validation results
313
- * @returns {Object} Comprehensive security report
314
- */
315
- generateReport(validations) {
316
- const report = {
317
- timestamp: new Date().toISOString(),
318
- summary: {
319
- totalChecks: 0,
320
- passed: 0,
321
- failed: 0,
322
- warnings: 0
323
- },
324
- details: validations
325
- };
326
-
327
- // Calculate summary
328
- for (const validation of validations) {
329
- report.summary.totalChecks++;
330
- if (validation.valid) {
331
- report.summary.passed++;
332
- } else {
333
- report.summary.failed++;
334
- }
335
- report.summary.warnings += (validation.warnings || []).length;
336
- }
337
-
338
- report.summary.securityScore = Math.round(
339
- (report.summary.passed / report.summary.totalChecks) * 100
340
- );
341
-
342
- return report;
343
- }
344
-
345
- /**
346
- * Get line number from string index
347
- * @private
348
- * @param {string} text - The text to search
349
- * @param {number} index - Character index
350
- * @returns {number} Line number (1-based)
351
- */
352
- _getLineNumber(text, index) {
353
- if (!text || index === undefined) return null;
354
- const lines = text.substring(0, index).split('\n');
355
- return lines.length;
356
- }
357
- }
358
-
359
- module.exports = SecurityChecker;
@@ -1,240 +0,0 @@
1
- /**
2
- * Template Engine for SINAPSE-FULLSTACK
3
- * Handles variable substitution, conditionals, and loops for component generation
4
- * @module template-engine
5
- */
6
-
7
- const fs = require('fs-extra');
8
- const _path = require('path');
9
-
10
- class TemplateEngine {
11
- constructor() {
12
- this.variablePattern = /\{\{([^}]+)\}\}/g;
13
- this.conditionalPattern = /\{\{#IF_([^}]+)\}\}([\s\S]*?)\{\{\/IF_\1\}\}/g;
14
- this.loopPattern = /\{\{#EACH_([^}]+)\}\}([\s\S]*?)\{\{\/EACH_\1\}\}/g;
15
- this.escapePattern = /\\\{\{([^}]+)\}\}/g;
16
- }
17
-
18
- /**
19
- * Process a template string with given variables
20
- * @param {string} template - The template string
21
- * @param {Object} variables - Variables to substitute
22
- * @returns {string} Processed template
23
- */
24
- process(template, variables = {}) {
25
- // First, handle escaped braces
26
- let processed = template.replace(this.escapePattern, '{{$1}}');
27
-
28
- // Process loops
29
- processed = this.processLoops(processed, variables);
30
-
31
- // Process conditionals
32
- processed = this.processConditionals(processed, variables);
33
-
34
- // Process simple variables
35
- processed = this.processVariables(processed, variables);
36
-
37
- // Restore escaped braces
38
- processed = processed.replace(/\{\{ESCAPED_BRACE_(LEFT|RIGHT)\}\}/g, (match, side) =>
39
- side === 'LEFT' ? '{{' : '}}'
40
- );
41
-
42
- return processed;
43
- }
44
-
45
- /**
46
- * Process loop constructs in template
47
- * @private
48
- * @param {string} template - Template string
49
- * @param {Object} variables - Variables object
50
- * @returns {string} Processed template
51
- */
52
- processLoops(template, variables) {
53
- return template.replace(this.loopPattern, (match, loopVar, content) => {
54
- const items = this.resolveVariable(loopVar, variables);
55
-
56
- // Handle non-array values gracefully
57
- if (!Array.isArray(items)) {
58
- console.warn(`[TemplateEngine] Expected array for loop variable '${loopVar}', got ${typeof items}`);
59
- return '';
60
- }
61
-
62
- return items.map((item, index) => {
63
- // Create proper loop context with item and metadata
64
- const loopVars = {
65
- ...variables,
66
- ITEM: item,
67
- INDEX: index,
68
- FIRST: index === 0,
69
- LAST: index === items.length - 1,
70
- [loopVar.replace('_', '')]: item
71
- };
72
-
73
- // Process nested loops and conditionals
74
- let processedContent = this.processLoops(content, loopVars);
75
- processedContent = this.processConditionals(processedContent, loopVars);
76
- processedContent = this.processVariables(processedContent, loopVars);
77
-
78
- return processedContent;
79
- }).join('');
80
- });
81
- }
82
-
83
- /**
84
- * Process conditional constructs in template
85
- * @private
86
- */
87
- processConditionals(template, variables) {
88
- return template.replace(this.conditionalPattern, (match, condition, content) => {
89
- const value = this.resolveVariable(condition, variables);
90
-
91
- // Check for truthy value
92
- if (value && (Array.isArray(value) ? value.length > 0 : true)) {
93
- return content;
94
- }
95
- return '';
96
- });
97
- }
98
-
99
- /**
100
- * Process simple variable substitutions
101
- * @private
102
- */
103
- processVariables(template, variables) {
104
- return template.replace(this.variablePattern, (match, varName) => {
105
- const value = this.resolveVariable(varName.trim(), variables);
106
- return value !== undefined ? String(value) : match;
107
- });
108
- }
109
-
110
- /**
111
- * Resolve a variable name to its value
112
- * @private
113
- */
114
- resolveVariable(varName, variables) {
115
- // Handle nested paths like "user.name"
116
- const parts = varName.split('.');
117
- let value = variables;
118
-
119
- for (const part of parts) {
120
- if (value && typeof value === 'object') {
121
- value = value[part];
122
- } else {
123
- return undefined;
124
- }
125
- }
126
-
127
- return value;
128
- }
129
-
130
- /**
131
- * Validate that a template has all required placeholders
132
- * @param {string} template - Template to validate
133
- * @param {string[]} requiredVars - List of required variable names
134
- * @returns {Object} Validation result with {valid: boolean, missing: string[]}
135
- */
136
- validateTemplate(template, requiredVars = []) {
137
- const foundVars = new Set();
138
- const missing = [];
139
-
140
- // Extract all variable names from template
141
- let match;
142
- const allPatterns = [
143
- this.variablePattern,
144
- /\{\{#IF_([^}]+)\}\}/g,
145
- /\{\{#EACH_([^}]+)\}\}/g
146
- ];
147
-
148
- for (const pattern of allPatterns) {
149
- pattern.lastIndex = 0; // Reset regex
150
- while ((match = pattern.exec(template)) !== null) {
151
- foundVars.add(match[1].trim());
152
- }
153
- }
154
-
155
- // Check for missing required variables
156
- for (const reqVar of requiredVars) {
157
- if (!foundVars.has(reqVar)) {
158
- missing.push(reqVar);
159
- }
160
- }
161
-
162
- return {
163
- valid: missing.length === 0,
164
- missing,
165
- found: Array.from(foundVars)
166
- };
167
- }
168
-
169
- /**
170
- * Load and process a template file
171
- * @param {string} templatePath - Path to template file
172
- * @param {Object} variables - Variables to substitute
173
- * @returns {Promise<string>} Processed template
174
- */
175
- async loadAndProcess(templatePath, variables = {}) {
176
- const template = await fs.readFile(templatePath, 'utf8');
177
- return this.process(template, variables);
178
- }
179
-
180
- /**
181
- * Escape special characters in user input to prevent injection
182
- * @param {string} input - User input to escape
183
- * @returns {string} Escaped input
184
- */
185
- escapeInput(input) {
186
- if (typeof input !== 'string') return input;
187
-
188
- // Escape template syntax
189
- return input
190
- .replace(/\{\{/g, '\\{{')
191
- .replace(/\}\}/g, '\\}}')
192
- .replace(/</g, '&lt;')
193
- .replace(/>/g, '&gt;')
194
- .replace(/"/g, '&quot;')
195
- .replace(/'/g, '&#39;');
196
- }
197
-
198
- /**
199
- * Get all available variables from a template
200
- * @param {string} template - Template to analyze
201
- * @returns {Object} Object with variables categorized by type
202
- */
203
- getTemplateVariables(template) {
204
- const variables = {
205
- simple: [],
206
- conditionals: [],
207
- loops: []
208
- };
209
-
210
- // Extract simple variables
211
- let match;
212
- this.variablePattern.lastIndex = 0;
213
- while ((match = this.variablePattern.exec(template)) !== null) {
214
- if (!match[1].startsWith('#') && !match[1].startsWith('/')) {
215
- variables.simple.push(match[1].trim());
216
- }
217
- }
218
-
219
- // Extract conditionals
220
- const conditionalStartPattern = /\{\{#IF_([^}]+)\}\}/g;
221
- while ((match = conditionalStartPattern.exec(template)) !== null) {
222
- variables.conditionals.push(match[1].trim());
223
- }
224
-
225
- // Extract loops
226
- const loopStartPattern = /\{\{#EACH_([^}]+)\}\}/g;
227
- while ((match = loopStartPattern.exec(template)) !== null) {
228
- variables.loops.push(match[1].trim());
229
- }
230
-
231
- // Remove duplicates
232
- for (const key in variables) {
233
- variables[key] = [...new Set(variables[key])];
234
- }
235
-
236
- return variables;
237
- }
238
- }
239
-
240
- module.exports = TemplateEngine;