sinapse-ai 1.12.2 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/CLAUDE.md +2 -2
- package/.claude/rules/agent-memory-imports.md +4 -0
- package/.sinapse-ai/cli/commands/pro/index.js +8 -48
- package/.sinapse-ai/constitution.md +6 -2
- package/.sinapse-ai/data/entity-registry.yaml +63 -429
- package/.sinapse-ai/development/agents/analyst/MEMORY.md +19 -0
- package/.sinapse-ai/development/agents/architect/MEMORY.md +52 -0
- package/.sinapse-ai/development/agents/data-engineer/MEMORY.md +55 -0
- package/.sinapse-ai/development/agents/developer/MEMORY.md +53 -0
- package/.sinapse-ai/development/agents/devops/MEMORY.md +56 -0
- package/.sinapse-ai/development/agents/product-lead/MEMORY.md +53 -0
- package/.sinapse-ai/development/agents/project-lead/MEMORY.md +53 -0
- package/.sinapse-ai/development/agents/quality-gate/MEMORY.md +52 -0
- package/.sinapse-ai/development/agents/snps-orqx.md +15 -0
- package/.sinapse-ai/development/agents/sprint-lead/MEMORY.md +53 -0
- package/.sinapse-ai/development/agents/squad-creator.md +15 -0
- package/.sinapse-ai/development/agents/ux/MEMORY.md +21 -0
- package/.sinapse-ai/development/templates/chrome-brain/knowledge-base/chrome-brain.md +2 -2
- package/.sinapse-ai/infrastructure/scripts/ide-sync/index.js +15 -0
- package/.sinapse-ai/infrastructure/scripts/validate-agents.js +159 -8
- package/.sinapse-ai/install-manifest.yaml +16 -152
- package/AGENTS.md +13 -2
- package/CHANGELOG.md +135 -3
- package/README.en.md +1 -1
- package/README.md +6 -26
- package/bin/cli.js +2 -7
- package/bin/commands/install.js +19 -257
- package/bin/commands/update.js +18 -78
- package/bin/lib/command-generator.js +261 -0
- package/bin/lib/prompts.js +2 -65
- package/bin/modules/chrome-brain-installer.js +2 -1
- package/bin/postinstall.js +6 -6
- package/docs/getting-started.md +0 -1
- package/docs/pt/getting-started.md +1 -1
- package/docs/security/dependabot-triage.md +17 -17
- package/package.json +6 -3
- package/packages/installer/src/wizard/i18n.js +3 -204
- package/packages/installer/src/wizard/index.js +1 -1
- package/packages/installer/src/wizard/questions.js +5 -368
- package/packages/installer/src/wizard/wizard.js +0 -9
- package/scripts/generate-install-manifest.js +6 -0
- package/scripts/validate-changelog-tags.js +97 -0
- package/scripts/validate-no-personal-leaks.js +184 -28
- package/scripts/validate-schemas.js +55 -10
- package/scripts/validate-story-meta.js +25 -12
- package/squads/claude-code-mastery/agents/claude-mastery-chief.md +15 -1
- package/squads/claude-code-mastery/agents/config-engineer.md +15 -0
- package/squads/claude-code-mastery/agents/hooks-architect.md +27 -20
- package/squads/claude-code-mastery/agents/mcp-integrator.md +15 -0
- package/squads/claude-code-mastery/agents/project-integrator.md +15 -0
- package/squads/claude-code-mastery/agents/roadmap-sentinel.md +15 -0
- package/squads/claude-code-mastery/agents/skill-craftsman.md +15 -0
- package/squads/claude-code-mastery/agents/swarm-orqx.md +15 -0
- package/squads/claude-code-mastery/tasks/audit-setup.md +1 -1
- package/squads/squad-animations/agents/animation-interpreter.md +15 -0
- package/squads/squad-animations/agents/animation-performance-engineer.md +15 -0
- package/squads/squad-animations/agents/animations-orqx.md +13 -0
- package/squads/squad-animations/agents/css-motion-artist.md +15 -0
- package/squads/squad-animations/agents/generative-particle-engineer.md +15 -0
- package/squads/squad-animations/agents/motion-choreographer.md +15 -0
- package/squads/squad-animations/agents/scroll-narrative-engineer.md +15 -0
- package/squads/squad-animations/agents/shader-artist.md +15 -0
- package/squads/squad-animations/agents/threejs-architect.md +15 -0
- package/squads/squad-brand/agents/brand-archetype-strategist.md +13 -0
- package/squads/squad-brand/agents/brand-auditor.md +15 -0
- package/squads/squad-brand/agents/brand-collateral-designer.md +15 -0
- package/squads/squad-brand/agents/brand-compiler.md +13 -0
- package/squads/squad-brand/agents/brand-creative-engineer.md +15 -0
- package/squads/squad-brand/agents/brand-culture-architect.md +15 -0
- package/squads/squad-brand/agents/brand-growth-strategist.md +15 -0
- package/squads/squad-brand/agents/brand-identity-designer.md +15 -0
- package/squads/squad-brand/agents/brand-motion-vfx.md +15 -0
- package/squads/squad-brand/agents/brand-naming-specialist.md +15 -0
- package/squads/squad-brand/agents/brand-orqx.md +13 -0
- package/squads/squad-brand/agents/brand-positioning-strategist.md +15 -0
- package/squads/squad-brand/agents/brand-sonic-designer.md +15 -0
- package/squads/squad-brand/agents/brand-strategist.md +15 -0
- package/squads/squad-brand/agents/brand-system-architect.md +15 -0
- package/squads/squad-cloning/agents/agent-forger.md +15 -0
- package/squads/squad-cloning/agents/cloning-orqx.md +15 -0
- package/squads/squad-cloning/agents/cognitive-extractor.md +15 -0
- package/squads/squad-cloning/agents/content-capturer.md +15 -0
- package/squads/squad-cloning/agents/kb-architect.md +15 -0
- package/squads/squad-cloning/agents/mind-synthesizer.md +15 -0
- package/squads/squad-cloning/agents/sop-extractor.md +15 -0
- package/squads/squad-cloning/agents/source-hunter.md +13 -0
- package/squads/squad-cloning/agents/squad-assembler.md +15 -0
- package/squads/squad-commercial/agents/commercial-orqx.md +13 -0
- package/squads/squad-commercial/agents/cs-business-auditor.md +15 -0
- package/squads/squad-commercial/agents/cs-client-success.md +15 -0
- package/squads/squad-commercial/agents/cs-crm-specialist.md +15 -0
- package/squads/squad-commercial/agents/cs-funnel-architect.md +15 -0
- package/squads/squad-commercial/agents/cs-lead-generation-strategist.md +15 -0
- package/squads/squad-commercial/agents/cs-offer-designer.md +15 -0
- package/squads/squad-commercial/agents/cs-revops-analyst.md +15 -0
- package/squads/squad-commercial/agents/cs-sales-closer.md +13 -0
- package/squads/squad-commercial/agents/cs-sales-enablement.md +15 -0
- package/squads/squad-content/agents/content-analyst.md +13 -0
- package/squads/squad-content/agents/content-engineer.md +15 -0
- package/squads/squad-content/agents/content-governor.md +13 -0
- package/squads/squad-content/agents/content-orqx.md +13 -0
- package/squads/squad-content/agents/editorial-strategist.md +15 -0
- package/squads/squad-content/agents/platform-specialist.md +15 -0
- package/squads/squad-content/agents/signal-intelligence.md +13 -0
- package/squads/squad-copy/agents/ad-copywriter.md +13 -0
- package/squads/squad-copy/agents/brand-voice-writer.md +15 -0
- package/squads/squad-copy/agents/conversion-writer.md +13 -0
- package/squads/squad-copy/agents/copy-editor.md +15 -0
- package/squads/squad-copy/agents/copy-orqx.md +13 -0
- package/squads/squad-copy/agents/copy-strategist.md +15 -0
- package/squads/squad-copy/agents/direct-response-writer.md +15 -0
- package/squads/squad-copy/agents/email-sequence-strategist.md +15 -0
- package/squads/squad-copy/agents/funnel-copywriter.md +15 -0
- package/squads/squad-copy/agents/headline-specialist.md +13 -0
- package/squads/squad-copy/agents/long-form-writer.md +15 -0
- package/squads/squad-copy/agents/persuasion-psychologist.md +15 -0
- package/squads/squad-copy/agents/proof-architect.md +15 -0
- package/squads/squad-council/agents/brene-brown.md +13 -0
- package/squads/squad-council/agents/charlie-munger.md +13 -0
- package/squads/squad-council/agents/council-orqx.md +13 -0
- package/squads/squad-council/agents/derek-sivers.md +13 -0
- package/squads/squad-council/agents/naval-ravikant.md +13 -0
- package/squads/squad-council/agents/patrick-lencioni.md +15 -0
- package/squads/squad-council/agents/peter-thiel.md +13 -0
- package/squads/squad-council/agents/ray-dalio.md +13 -0
- package/squads/squad-council/agents/reid-hoffman.md +13 -0
- package/squads/squad-council/agents/simon-sinek.md +15 -0
- package/squads/squad-council/agents/yvon-chouinard.md +13 -0
- package/squads/squad-courses/agents/assessment-creator.md +15 -0
- package/squads/squad-courses/agents/content-writer.md +15 -0
- package/squads/squad-courses/agents/courses-orqx.md +15 -0
- package/squads/squad-courses/agents/curriculum-designer.md +15 -0
- package/squads/squad-courses/agents/launch-strategist.md +15 -0
- package/squads/squad-courses/agents/lesson-architect.md +15 -0
- package/squads/squad-courses/agents/production-director.md +13 -0
- package/squads/squad-courses/agents/slide-designer.md +15 -0
- package/squads/squad-cybersecurity/agents/cloud-security-engineer.md +15 -0
- package/squads/squad-cybersecurity/agents/compliance-officer.md +15 -0
- package/squads/squad-cybersecurity/agents/cyber-orqx.md +15 -0
- package/squads/squad-cybersecurity/agents/incident-responder.md +15 -0
- package/squads/squad-cybersecurity/agents/network-security-engineer.md +15 -0
- package/squads/squad-cybersecurity/agents/penetration-tester.md +15 -0
- package/squads/squad-cybersecurity/agents/soc-analyst.md +15 -0
- package/squads/squad-cybersecurity/agents/threat-analyst.md +15 -0
- package/squads/squad-design/agents/cro-persuasion.md +15 -0
- package/squads/squad-design/agents/design-orqx.md +13 -0
- package/squads/squad-design/agents/design-system.md +15 -0
- package/squads/squad-design/agents/dx-accessibility-specialist.md +15 -0
- package/squads/squad-design/agents/dx-design-system-architect.md +15 -0
- package/squads/squad-design/agents/dx-frontend-engineer.md +15 -0
- package/squads/squad-design/agents/dx-interaction-designer.md +15 -0
- package/squads/squad-design/agents/dx-performance-engineer.md +15 -0
- package/squads/squad-design/agents/dx-ui-designer.md +15 -0
- package/squads/squad-design/agents/dx-ux-strategist.md +15 -0
- package/squads/squad-design/agents/platform-aesthetic-director.md +15 -0
- package/squads/squad-design/agents/premium-packaging-strategist.md +15 -0
- package/squads/squad-design/agents/product-surface-director.md +15 -0
- package/squads/squad-design/agents/ux-designer.md +15 -0
- package/squads/squad-finance/agents/budget-controller.md +15 -0
- package/squads/squad-finance/agents/cost-optimizer.md +15 -0
- package/squads/squad-finance/agents/finance-orqx.md +15 -0
- package/squads/squad-finance/agents/fiscal-compliance-br.md +15 -0
- package/squads/squad-finance/agents/forecast-strategist.md +15 -0
- package/squads/squad-finance/agents/pricing-strategist.md +15 -0
- package/squads/squad-finance/agents/profitability-analyst.md +15 -0
- package/squads/squad-finance/agents/revenue-analyst.md +15 -0
- package/squads/squad-growth/agents/ga-analytics-engineer.md +15 -0
- package/squads/squad-growth/agents/ga-campaign-analyst.md +15 -0
- package/squads/squad-growth/agents/ga-cro-specialist.md +15 -0
- package/squads/squad-growth/agents/ga-data-analyst.md +13 -0
- package/squads/squad-growth/agents/ga-growth-hacker.md +15 -0
- package/squads/squad-growth/agents/ga-seo-strategist.md +15 -0
- package/squads/squad-growth/agents/growth-orqx.md +15 -0
- package/squads/squad-paidmedia/agents/campaign-analyst.md +15 -0
- package/squads/squad-paidmedia/agents/creative-strategist.md +15 -0
- package/squads/squad-paidmedia/agents/cro-specialist.md +15 -0
- package/squads/squad-paidmedia/agents/google-ads-specialist.md +15 -0
- package/squads/squad-paidmedia/agents/meta-ads-specialist.md +15 -0
- package/squads/squad-paidmedia/agents/paidmedia-orqx.md +15 -0
- package/squads/squad-paidmedia/agents/performance-engineer.md +15 -0
- package/squads/squad-paidmedia/agents/pm-creative-performance-analyst.md +15 -0
- package/squads/squad-paidmedia/agents/pm-youtube-ads-specialist.md +15 -0
- package/squads/squad-product/agents/product-orqx.md +13 -1
- package/squads/squad-product/agents/ps-client-product-manager.md +13 -1
- package/squads/squad-product/agents/ps-delivery-manager.md +13 -1
- package/squads/squad-product/agents/ps-discovery-lead.md +15 -1
- package/squads/squad-product/agents/ps-product-analyst.md +15 -1
- package/squads/squad-product/agents/ps-product-ops-specialist.md +15 -1
- package/squads/squad-product/agents/ps-product-strategist.md +15 -1
- package/squads/squad-research/agents/audience-intelligence.md +15 -0
- package/squads/squad-research/agents/competitive-intelligence.md +15 -0
- package/squads/squad-research/agents/data-synthesizer.md +15 -0
- package/squads/squad-research/agents/deep-researcher.md +15 -0
- package/squads/squad-research/agents/market-analyst.md +15 -0
- package/squads/squad-research/agents/research-orqx.md +15 -0
- package/squads/squad-research/agents/trend-forecaster.md +15 -0
- package/squads/squad-storytelling/agents/blake-snyder.md +13 -0
- package/squads/squad-storytelling/agents/dan-harmon.md +13 -0
- package/squads/squad-storytelling/agents/joseph-campbell.md +13 -0
- package/squads/squad-storytelling/agents/keith-johnstone.md +13 -0
- package/squads/squad-storytelling/agents/kindra-hall.md +15 -0
- package/squads/squad-storytelling/agents/marshall-ganz.md +15 -0
- package/squads/squad-storytelling/agents/nancy-duarte.md +15 -0
- package/squads/squad-storytelling/agents/oren-klaff.md +15 -0
- package/squads/squad-storytelling/agents/park-howell.md +13 -0
- package/squads/squad-storytelling/agents/storytelling-orqx.md +13 -0
- package/.sinapse-ai/core/grounding/README.md +0 -83
- package/.sinapse-ai/core/grounding/brand.cjs +0 -29
- package/.sinapse-ai/core/grounding/config-loader.cjs +0 -52
- package/.sinapse-ai/core/grounding/design-system.cjs +0 -29
- package/.sinapse-ai/core/grounding/vault.cjs +0 -36
- package/.sinapse-ai/development/scripts/approval-workflow.js +0 -643
- package/.sinapse-ai/development/scripts/backup-manager.js +0 -607
- package/.sinapse-ai/development/scripts/branch-manager.js +0 -390
- package/.sinapse-ai/development/scripts/code-quality-improver.js +0 -1329
- package/.sinapse-ai/development/scripts/commit-message-generator.js +0 -850
- package/.sinapse-ai/development/scripts/conflict-resolver.js +0 -675
- package/.sinapse-ai/development/scripts/dependency-analyzer.js +0 -638
- package/.sinapse-ai/development/scripts/diff-generator.js +0 -352
- package/.sinapse-ai/development/scripts/git-wrapper.js +0 -462
- package/.sinapse-ai/development/scripts/modification-validator.js +0 -555
- package/.sinapse-ai/development/scripts/performance-analyzer.js +0 -758
- package/.sinapse-ai/development/scripts/refactoring-suggester.js +0 -1148
- package/.sinapse-ai/development/scripts/rollback-handler.js +0 -531
- package/.sinapse-ai/development/scripts/security-checker.js +0 -359
- package/.sinapse-ai/development/scripts/template-engine.js +0 -240
- package/.sinapse-ai/development/scripts/template-validator.js +0 -279
- package/.sinapse-ai/development/scripts/test-generator.js +0 -844
- package/.sinapse-ai/development/scripts/transaction-manager.js +0 -590
- package/.sinapse-ai/development/scripts/yaml-validator.js +0 -397
- package/.sinapse-ai/hooks/sinapse-brand-grounding.cjs +0 -162
- package/.sinapse-ai/hooks/sinapse-ds-grounding.cjs +0 -211
- package/.sinapse-ai/hooks/sinapse-vault-grounding.cjs +0 -194
- package/bin/lib/register-grounding-hooks.js +0 -145
- package/docs/guides/agents/traces/execution-traces.zip +0 -0
- package/docs/guides/grounding-setup.md +0 -154
- package/docs/guides/workflows/SINAPSE-WORKFLOWS.zip +0 -0
- package/packages/installer/src/pro/pro-scaffolder.js +0 -449
- package/packages/installer/src/wizard/grounding-config.js +0 -131
- package/packages/installer/src/wizard/pro-setup.js +0 -1439
- package/packages/installer/templates/README.md +0 -16
- package/packages/installer/templates/brand-routing.example.json +0 -12
- package/packages/installer/templates/ds-routing.example.json +0 -12
- package/packages/installer/templates/vault-routing.example.json +0 -12
|
@@ -1,359 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Security Checker for SINAPSE Developer Meta-Agent
|
|
3
|
-
* Validates generated code and configurations for security vulnerabilities
|
|
4
|
-
*/
|
|
5
|
-
|
|
6
|
-
const path = require('path');
|
|
7
|
-
const yaml = require('js-yaml');
|
|
8
|
-
|
|
9
|
-
class SecurityChecker {
|
|
10
|
-
constructor() {
|
|
11
|
-
// Patterns that indicate potential security issues
|
|
12
|
-
this.dangerousPatterns = [
|
|
13
|
-
/eval\s*\(/gi,
|
|
14
|
-
/Function\s*\(/gi,
|
|
15
|
-
/new\s+Function/gi,
|
|
16
|
-
/setTimeout\s*\([^,]+,/gi,
|
|
17
|
-
/setInterval\s*\([^,]+,/gi,
|
|
18
|
-
/require\s*\([^'"]/gi, // Dynamic require
|
|
19
|
-
/import\s*\(/gi, // Dynamic import
|
|
20
|
-
/child_process/gi,
|
|
21
|
-
/exec\s*\(/gi,
|
|
22
|
-
/spawn\s*\(/gi,
|
|
23
|
-
/\.\.\/\.\.\//g, // Path traversal
|
|
24
|
-
/process\.env/gi,
|
|
25
|
-
/__dirname/gi,
|
|
26
|
-
/__filename/gi,
|
|
27
|
-
];
|
|
28
|
-
|
|
29
|
-
// SQL injection patterns
|
|
30
|
-
this.sqlInjectionPatterns = [
|
|
31
|
-
/;\s*DROP\s+TABLE/gi,
|
|
32
|
-
/;\s*DELETE\s+FROM/gi,
|
|
33
|
-
/UNION\s+SELECT/gi,
|
|
34
|
-
/OR\s+1\s*=\s*1/gi,
|
|
35
|
-
/'\s+OR\s+'/gi,
|
|
36
|
-
];
|
|
37
|
-
|
|
38
|
-
// Command injection patterns
|
|
39
|
-
this.commandInjectionPatterns = [
|
|
40
|
-
/[;&|`$()]/g,
|
|
41
|
-
/\$\{.*\}/g,
|
|
42
|
-
/>|</g,
|
|
43
|
-
];
|
|
44
|
-
|
|
45
|
-
// Safe patterns that should be allowed
|
|
46
|
-
this.safePatterns = {
|
|
47
|
-
'eval': [
|
|
48
|
-
/\/\*.*eval.*\*\//gs, // eval in comments
|
|
49
|
-
/\/\/.*eval/g, // eval in single-line comments
|
|
50
|
-
/".*eval.*"/g, // eval in strings
|
|
51
|
-
/'.*eval.*'/g,
|
|
52
|
-
]
|
|
53
|
-
};
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
/**
|
|
57
|
-
* Validate generated code for security vulnerabilities
|
|
58
|
-
* @param {string} code - The code to validate
|
|
59
|
-
* @param {string} [language='javascript'] - The programming language
|
|
60
|
-
* @returns {Object} Validation results with valid flag, errors, warnings, and suggestions
|
|
61
|
-
*/
|
|
62
|
-
validateCode(code, language = 'javascript') {
|
|
63
|
-
const results = {
|
|
64
|
-
valid: true,
|
|
65
|
-
errors: [],
|
|
66
|
-
warnings: [],
|
|
67
|
-
suggestions: []
|
|
68
|
-
};
|
|
69
|
-
|
|
70
|
-
// Validate input
|
|
71
|
-
if (!code || typeof code !== 'string') {
|
|
72
|
-
results.valid = false;
|
|
73
|
-
results.errors.push({
|
|
74
|
-
type: 'invalid_input',
|
|
75
|
-
message: 'Code must be a non-empty string'
|
|
76
|
-
});
|
|
77
|
-
return results;
|
|
78
|
-
}
|
|
79
|
-
|
|
80
|
-
// Check for dangerous patterns
|
|
81
|
-
for (const pattern of this.dangerousPatterns) {
|
|
82
|
-
const matches = code.match(pattern);
|
|
83
|
-
if (matches) {
|
|
84
|
-
// Check if it's in a safe context
|
|
85
|
-
let isSafe = false;
|
|
86
|
-
const patternName = pattern.source.split('\\')[0];
|
|
87
|
-
|
|
88
|
-
if (this.safePatterns[patternName]) {
|
|
89
|
-
for (const safePattern of this.safePatterns[patternName]) {
|
|
90
|
-
if (code.match(safePattern)) {
|
|
91
|
-
isSafe = true;
|
|
92
|
-
break;
|
|
93
|
-
}
|
|
94
|
-
}
|
|
95
|
-
}
|
|
96
|
-
|
|
97
|
-
if (!isSafe) {
|
|
98
|
-
results.valid = false;
|
|
99
|
-
results.errors.push({
|
|
100
|
-
type: 'dangerous_pattern',
|
|
101
|
-
pattern: pattern.source,
|
|
102
|
-
matches: matches,
|
|
103
|
-
message: `Dangerous pattern detected: ${matches[0]}`,
|
|
104
|
-
line: this._getLineNumber(code, matches.index)
|
|
105
|
-
});
|
|
106
|
-
}
|
|
107
|
-
}
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
// Check for SQL injection (if applicable)
|
|
111
|
-
if (code.includes('SELECT') || code.includes('INSERT') || code.includes('UPDATE')) {
|
|
112
|
-
for (const pattern of this.sqlInjectionPatterns) {
|
|
113
|
-
if (pattern.test(code)) {
|
|
114
|
-
results.valid = false;
|
|
115
|
-
results.errors.push({
|
|
116
|
-
type: 'sql_injection',
|
|
117
|
-
pattern: pattern.source,
|
|
118
|
-
message: 'Potential SQL injection vulnerability detected'
|
|
119
|
-
});
|
|
120
|
-
}
|
|
121
|
-
}
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
// Validate input sanitization
|
|
125
|
-
if (code.includes('req.body') || code.includes('req.query') || code.includes('req.params')) {
|
|
126
|
-
if (!code.includes('sanitize') && !code.includes('validate') && !code.includes('escape')) {
|
|
127
|
-
results.warnings.push({
|
|
128
|
-
type: 'input_validation',
|
|
129
|
-
message: 'User input detected without explicit sanitization'
|
|
130
|
-
});
|
|
131
|
-
}
|
|
132
|
-
}
|
|
133
|
-
|
|
134
|
-
return results;
|
|
135
|
-
}
|
|
136
|
-
|
|
137
|
-
/**
|
|
138
|
-
* Validate YAML configuration for security issues
|
|
139
|
-
*/
|
|
140
|
-
validateYAML(yamlContent) {
|
|
141
|
-
const results = {
|
|
142
|
-
valid: true,
|
|
143
|
-
errors: [],
|
|
144
|
-
warnings: []
|
|
145
|
-
};
|
|
146
|
-
|
|
147
|
-
try {
|
|
148
|
-
const parsed = yaml.load(yamlContent);
|
|
149
|
-
|
|
150
|
-
// Check for dangerous YAML features
|
|
151
|
-
if (yamlContent.includes('!!') && !yamlContent.includes('!!str')) {
|
|
152
|
-
results.warnings.push({
|
|
153
|
-
type: 'yaml_tags',
|
|
154
|
-
message: 'YAML tags detected - ensure they are safe'
|
|
155
|
-
});
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
// Validate structure
|
|
159
|
-
this.validateYAMLStructure(parsed, results);
|
|
160
|
-
|
|
161
|
-
} catch (error) {
|
|
162
|
-
results.valid = false;
|
|
163
|
-
results.errors.push({
|
|
164
|
-
type: 'yaml_parse',
|
|
165
|
-
message: `YAML parsing error: ${error.message}`
|
|
166
|
-
});
|
|
167
|
-
}
|
|
168
|
-
|
|
169
|
-
return results;
|
|
170
|
-
}
|
|
171
|
-
|
|
172
|
-
/**
|
|
173
|
-
* Validate YAML structure recursively
|
|
174
|
-
*/
|
|
175
|
-
validateYAMLStructure(obj, results, path = '') {
|
|
176
|
-
if (typeof obj === 'object' && obj !== null) {
|
|
177
|
-
for (const [key, value] of Object.entries(obj)) {
|
|
178
|
-
const currentPath = path ? `${path}.${key}` : key;
|
|
179
|
-
|
|
180
|
-
// Check for command injection in string values
|
|
181
|
-
if (typeof value === 'string') {
|
|
182
|
-
for (const pattern of this.commandInjectionPatterns) {
|
|
183
|
-
if (pattern.test(_value) && !this.isSafeCommandContext(key, value)) {
|
|
184
|
-
results.warnings.push({
|
|
185
|
-
type: 'command_injection',
|
|
186
|
-
path: currentPath,
|
|
187
|
-
message: `Potential command injection in ${currentPath}`
|
|
188
|
-
});
|
|
189
|
-
}
|
|
190
|
-
}
|
|
191
|
-
}
|
|
192
|
-
|
|
193
|
-
// Recurse for nested objects
|
|
194
|
-
if (typeof value === 'object') {
|
|
195
|
-
this.validateYAMLStructure(_value, results, currentPath);
|
|
196
|
-
}
|
|
197
|
-
}
|
|
198
|
-
}
|
|
199
|
-
}
|
|
200
|
-
|
|
201
|
-
/**
|
|
202
|
-
* Check if command-like string is in safe context
|
|
203
|
-
*/
|
|
204
|
-
isSafeCommandContext(key, value) {
|
|
205
|
-
const safeKeys = ['description', 'comment', 'note', 'help', 'usage'];
|
|
206
|
-
return safeKeys.some(safe => key.toLowerCase().includes(safe));
|
|
207
|
-
}
|
|
208
|
-
|
|
209
|
-
/**
|
|
210
|
-
* Validate file paths for security issues
|
|
211
|
-
*/
|
|
212
|
-
validatePath(filePath) {
|
|
213
|
-
const results = {
|
|
214
|
-
valid: true,
|
|
215
|
-
errors: []
|
|
216
|
-
};
|
|
217
|
-
|
|
218
|
-
// Normalize the path
|
|
219
|
-
const normalized = path.normalize(filePath);
|
|
220
|
-
|
|
221
|
-
// Check for path traversal
|
|
222
|
-
if (normalized.includes('..')) {
|
|
223
|
-
results.valid = false;
|
|
224
|
-
results.errors.push({
|
|
225
|
-
type: 'path_traversal',
|
|
226
|
-
message: 'Path traversal detected'
|
|
227
|
-
});
|
|
228
|
-
}
|
|
229
|
-
|
|
230
|
-
// Check for absolute paths (unless allowed)
|
|
231
|
-
if (path.isAbsolute(normalized)) {
|
|
232
|
-
results.errors.push({
|
|
233
|
-
type: 'absolute_path',
|
|
234
|
-
message: 'Absolute path detected - use relative paths'
|
|
235
|
-
});
|
|
236
|
-
}
|
|
237
|
-
|
|
238
|
-
// Check for sensitive directories
|
|
239
|
-
const sensitivePatterns = [
|
|
240
|
-
/node_modules/i,
|
|
241
|
-
/\.git/i,
|
|
242
|
-
/\.env/i,
|
|
243
|
-
/private/i,
|
|
244
|
-
/secret/i,
|
|
245
|
-
/config/i,
|
|
246
|
-
];
|
|
247
|
-
|
|
248
|
-
for (const pattern of sensitivePatterns) {
|
|
249
|
-
if (pattern.test(normalized)) {
|
|
250
|
-
results.warnings = results.warnings || [];
|
|
251
|
-
results.warnings.push({
|
|
252
|
-
type: 'sensitive_path',
|
|
253
|
-
message: `Path contains potentially sensitive directory: ${pattern.source}`
|
|
254
|
-
});
|
|
255
|
-
}
|
|
256
|
-
}
|
|
257
|
-
|
|
258
|
-
return results;
|
|
259
|
-
}
|
|
260
|
-
|
|
261
|
-
/**
|
|
262
|
-
* Validate user input for common security issues
|
|
263
|
-
*/
|
|
264
|
-
sanitizeInput(input, type = 'general') {
|
|
265
|
-
if (typeof input !== 'string') {
|
|
266
|
-
return input;
|
|
267
|
-
}
|
|
268
|
-
|
|
269
|
-
let sanitized = input;
|
|
270
|
-
|
|
271
|
-
// Remove null bytes
|
|
272
|
-
sanitized = sanitized.replace(/\0/g, '');
|
|
273
|
-
|
|
274
|
-
// Type-specific sanitization
|
|
275
|
-
switch (type) {
|
|
276
|
-
case 'filename':
|
|
277
|
-
// Allow only alphanumeric, dash, underscore, and dot
|
|
278
|
-
sanitized = sanitized.replace(/[^a-zA-Z0-9\-_\.]/g, '');
|
|
279
|
-
break;
|
|
280
|
-
|
|
281
|
-
case 'identifier':
|
|
282
|
-
// Allow only alphanumeric, dash, and underscore
|
|
283
|
-
sanitized = sanitized.replace(/[^a-zA-Z0-9\-_]/g, '');
|
|
284
|
-
break;
|
|
285
|
-
|
|
286
|
-
case 'yaml':
|
|
287
|
-
// Escape special YAML characters
|
|
288
|
-
sanitized = sanitized
|
|
289
|
-
.replace(/:/g, '\\:')
|
|
290
|
-
.replace(/\|/g, '\\|')
|
|
291
|
-
.replace(/>/g, '\\>')
|
|
292
|
-
.replace(/</g, '\\<');
|
|
293
|
-
break;
|
|
294
|
-
|
|
295
|
-
case 'general':
|
|
296
|
-
default:
|
|
297
|
-
// Basic HTML/script escaping
|
|
298
|
-
sanitized = sanitized
|
|
299
|
-
.replace(/&/g, '&')
|
|
300
|
-
.replace(/</g, '<')
|
|
301
|
-
.replace(/>/g, '>')
|
|
302
|
-
.replace(/"/g, '"')
|
|
303
|
-
.replace(/'/g, ''')
|
|
304
|
-
.replace(/\//g, '/');
|
|
305
|
-
}
|
|
306
|
-
|
|
307
|
-
return sanitized;
|
|
308
|
-
}
|
|
309
|
-
|
|
310
|
-
/**
|
|
311
|
-
* Generate security report
|
|
312
|
-
* @param {Array} validations - Array of validation results
|
|
313
|
-
* @returns {Object} Comprehensive security report
|
|
314
|
-
*/
|
|
315
|
-
generateReport(validations) {
|
|
316
|
-
const report = {
|
|
317
|
-
timestamp: new Date().toISOString(),
|
|
318
|
-
summary: {
|
|
319
|
-
totalChecks: 0,
|
|
320
|
-
passed: 0,
|
|
321
|
-
failed: 0,
|
|
322
|
-
warnings: 0
|
|
323
|
-
},
|
|
324
|
-
details: validations
|
|
325
|
-
};
|
|
326
|
-
|
|
327
|
-
// Calculate summary
|
|
328
|
-
for (const validation of validations) {
|
|
329
|
-
report.summary.totalChecks++;
|
|
330
|
-
if (validation.valid) {
|
|
331
|
-
report.summary.passed++;
|
|
332
|
-
} else {
|
|
333
|
-
report.summary.failed++;
|
|
334
|
-
}
|
|
335
|
-
report.summary.warnings += (validation.warnings || []).length;
|
|
336
|
-
}
|
|
337
|
-
|
|
338
|
-
report.summary.securityScore = Math.round(
|
|
339
|
-
(report.summary.passed / report.summary.totalChecks) * 100
|
|
340
|
-
);
|
|
341
|
-
|
|
342
|
-
return report;
|
|
343
|
-
}
|
|
344
|
-
|
|
345
|
-
/**
|
|
346
|
-
* Get line number from string index
|
|
347
|
-
* @private
|
|
348
|
-
* @param {string} text - The text to search
|
|
349
|
-
* @param {number} index - Character index
|
|
350
|
-
* @returns {number} Line number (1-based)
|
|
351
|
-
*/
|
|
352
|
-
_getLineNumber(text, index) {
|
|
353
|
-
if (!text || index === undefined) return null;
|
|
354
|
-
const lines = text.substring(0, index).split('\n');
|
|
355
|
-
return lines.length;
|
|
356
|
-
}
|
|
357
|
-
}
|
|
358
|
-
|
|
359
|
-
module.exports = SecurityChecker;
|
|
@@ -1,240 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Template Engine for SINAPSE-FULLSTACK
|
|
3
|
-
* Handles variable substitution, conditionals, and loops for component generation
|
|
4
|
-
* @module template-engine
|
|
5
|
-
*/
|
|
6
|
-
|
|
7
|
-
const fs = require('fs-extra');
|
|
8
|
-
const _path = require('path');
|
|
9
|
-
|
|
10
|
-
class TemplateEngine {
|
|
11
|
-
constructor() {
|
|
12
|
-
this.variablePattern = /\{\{([^}]+)\}\}/g;
|
|
13
|
-
this.conditionalPattern = /\{\{#IF_([^}]+)\}\}([\s\S]*?)\{\{\/IF_\1\}\}/g;
|
|
14
|
-
this.loopPattern = /\{\{#EACH_([^}]+)\}\}([\s\S]*?)\{\{\/EACH_\1\}\}/g;
|
|
15
|
-
this.escapePattern = /\\\{\{([^}]+)\}\}/g;
|
|
16
|
-
}
|
|
17
|
-
|
|
18
|
-
/**
|
|
19
|
-
* Process a template string with given variables
|
|
20
|
-
* @param {string} template - The template string
|
|
21
|
-
* @param {Object} variables - Variables to substitute
|
|
22
|
-
* @returns {string} Processed template
|
|
23
|
-
*/
|
|
24
|
-
process(template, variables = {}) {
|
|
25
|
-
// First, handle escaped braces
|
|
26
|
-
let processed = template.replace(this.escapePattern, '{{$1}}');
|
|
27
|
-
|
|
28
|
-
// Process loops
|
|
29
|
-
processed = this.processLoops(processed, variables);
|
|
30
|
-
|
|
31
|
-
// Process conditionals
|
|
32
|
-
processed = this.processConditionals(processed, variables);
|
|
33
|
-
|
|
34
|
-
// Process simple variables
|
|
35
|
-
processed = this.processVariables(processed, variables);
|
|
36
|
-
|
|
37
|
-
// Restore escaped braces
|
|
38
|
-
processed = processed.replace(/\{\{ESCAPED_BRACE_(LEFT|RIGHT)\}\}/g, (match, side) =>
|
|
39
|
-
side === 'LEFT' ? '{{' : '}}'
|
|
40
|
-
);
|
|
41
|
-
|
|
42
|
-
return processed;
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
/**
|
|
46
|
-
* Process loop constructs in template
|
|
47
|
-
* @private
|
|
48
|
-
* @param {string} template - Template string
|
|
49
|
-
* @param {Object} variables - Variables object
|
|
50
|
-
* @returns {string} Processed template
|
|
51
|
-
*/
|
|
52
|
-
processLoops(template, variables) {
|
|
53
|
-
return template.replace(this.loopPattern, (match, loopVar, content) => {
|
|
54
|
-
const items = this.resolveVariable(loopVar, variables);
|
|
55
|
-
|
|
56
|
-
// Handle non-array values gracefully
|
|
57
|
-
if (!Array.isArray(items)) {
|
|
58
|
-
console.warn(`[TemplateEngine] Expected array for loop variable '${loopVar}', got ${typeof items}`);
|
|
59
|
-
return '';
|
|
60
|
-
}
|
|
61
|
-
|
|
62
|
-
return items.map((item, index) => {
|
|
63
|
-
// Create proper loop context with item and metadata
|
|
64
|
-
const loopVars = {
|
|
65
|
-
...variables,
|
|
66
|
-
ITEM: item,
|
|
67
|
-
INDEX: index,
|
|
68
|
-
FIRST: index === 0,
|
|
69
|
-
LAST: index === items.length - 1,
|
|
70
|
-
[loopVar.replace('_', '')]: item
|
|
71
|
-
};
|
|
72
|
-
|
|
73
|
-
// Process nested loops and conditionals
|
|
74
|
-
let processedContent = this.processLoops(content, loopVars);
|
|
75
|
-
processedContent = this.processConditionals(processedContent, loopVars);
|
|
76
|
-
processedContent = this.processVariables(processedContent, loopVars);
|
|
77
|
-
|
|
78
|
-
return processedContent;
|
|
79
|
-
}).join('');
|
|
80
|
-
});
|
|
81
|
-
}
|
|
82
|
-
|
|
83
|
-
/**
|
|
84
|
-
* Process conditional constructs in template
|
|
85
|
-
* @private
|
|
86
|
-
*/
|
|
87
|
-
processConditionals(template, variables) {
|
|
88
|
-
return template.replace(this.conditionalPattern, (match, condition, content) => {
|
|
89
|
-
const value = this.resolveVariable(condition, variables);
|
|
90
|
-
|
|
91
|
-
// Check for truthy value
|
|
92
|
-
if (value && (Array.isArray(value) ? value.length > 0 : true)) {
|
|
93
|
-
return content;
|
|
94
|
-
}
|
|
95
|
-
return '';
|
|
96
|
-
});
|
|
97
|
-
}
|
|
98
|
-
|
|
99
|
-
/**
|
|
100
|
-
* Process simple variable substitutions
|
|
101
|
-
* @private
|
|
102
|
-
*/
|
|
103
|
-
processVariables(template, variables) {
|
|
104
|
-
return template.replace(this.variablePattern, (match, varName) => {
|
|
105
|
-
const value = this.resolveVariable(varName.trim(), variables);
|
|
106
|
-
return value !== undefined ? String(value) : match;
|
|
107
|
-
});
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
/**
|
|
111
|
-
* Resolve a variable name to its value
|
|
112
|
-
* @private
|
|
113
|
-
*/
|
|
114
|
-
resolveVariable(varName, variables) {
|
|
115
|
-
// Handle nested paths like "user.name"
|
|
116
|
-
const parts = varName.split('.');
|
|
117
|
-
let value = variables;
|
|
118
|
-
|
|
119
|
-
for (const part of parts) {
|
|
120
|
-
if (value && typeof value === 'object') {
|
|
121
|
-
value = value[part];
|
|
122
|
-
} else {
|
|
123
|
-
return undefined;
|
|
124
|
-
}
|
|
125
|
-
}
|
|
126
|
-
|
|
127
|
-
return value;
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
/**
|
|
131
|
-
* Validate that a template has all required placeholders
|
|
132
|
-
* @param {string} template - Template to validate
|
|
133
|
-
* @param {string[]} requiredVars - List of required variable names
|
|
134
|
-
* @returns {Object} Validation result with {valid: boolean, missing: string[]}
|
|
135
|
-
*/
|
|
136
|
-
validateTemplate(template, requiredVars = []) {
|
|
137
|
-
const foundVars = new Set();
|
|
138
|
-
const missing = [];
|
|
139
|
-
|
|
140
|
-
// Extract all variable names from template
|
|
141
|
-
let match;
|
|
142
|
-
const allPatterns = [
|
|
143
|
-
this.variablePattern,
|
|
144
|
-
/\{\{#IF_([^}]+)\}\}/g,
|
|
145
|
-
/\{\{#EACH_([^}]+)\}\}/g
|
|
146
|
-
];
|
|
147
|
-
|
|
148
|
-
for (const pattern of allPatterns) {
|
|
149
|
-
pattern.lastIndex = 0; // Reset regex
|
|
150
|
-
while ((match = pattern.exec(template)) !== null) {
|
|
151
|
-
foundVars.add(match[1].trim());
|
|
152
|
-
}
|
|
153
|
-
}
|
|
154
|
-
|
|
155
|
-
// Check for missing required variables
|
|
156
|
-
for (const reqVar of requiredVars) {
|
|
157
|
-
if (!foundVars.has(reqVar)) {
|
|
158
|
-
missing.push(reqVar);
|
|
159
|
-
}
|
|
160
|
-
}
|
|
161
|
-
|
|
162
|
-
return {
|
|
163
|
-
valid: missing.length === 0,
|
|
164
|
-
missing,
|
|
165
|
-
found: Array.from(foundVars)
|
|
166
|
-
};
|
|
167
|
-
}
|
|
168
|
-
|
|
169
|
-
/**
|
|
170
|
-
* Load and process a template file
|
|
171
|
-
* @param {string} templatePath - Path to template file
|
|
172
|
-
* @param {Object} variables - Variables to substitute
|
|
173
|
-
* @returns {Promise<string>} Processed template
|
|
174
|
-
*/
|
|
175
|
-
async loadAndProcess(templatePath, variables = {}) {
|
|
176
|
-
const template = await fs.readFile(templatePath, 'utf8');
|
|
177
|
-
return this.process(template, variables);
|
|
178
|
-
}
|
|
179
|
-
|
|
180
|
-
/**
|
|
181
|
-
* Escape special characters in user input to prevent injection
|
|
182
|
-
* @param {string} input - User input to escape
|
|
183
|
-
* @returns {string} Escaped input
|
|
184
|
-
*/
|
|
185
|
-
escapeInput(input) {
|
|
186
|
-
if (typeof input !== 'string') return input;
|
|
187
|
-
|
|
188
|
-
// Escape template syntax
|
|
189
|
-
return input
|
|
190
|
-
.replace(/\{\{/g, '\\{{')
|
|
191
|
-
.replace(/\}\}/g, '\\}}')
|
|
192
|
-
.replace(/</g, '<')
|
|
193
|
-
.replace(/>/g, '>')
|
|
194
|
-
.replace(/"/g, '"')
|
|
195
|
-
.replace(/'/g, ''');
|
|
196
|
-
}
|
|
197
|
-
|
|
198
|
-
/**
|
|
199
|
-
* Get all available variables from a template
|
|
200
|
-
* @param {string} template - Template to analyze
|
|
201
|
-
* @returns {Object} Object with variables categorized by type
|
|
202
|
-
*/
|
|
203
|
-
getTemplateVariables(template) {
|
|
204
|
-
const variables = {
|
|
205
|
-
simple: [],
|
|
206
|
-
conditionals: [],
|
|
207
|
-
loops: []
|
|
208
|
-
};
|
|
209
|
-
|
|
210
|
-
// Extract simple variables
|
|
211
|
-
let match;
|
|
212
|
-
this.variablePattern.lastIndex = 0;
|
|
213
|
-
while ((match = this.variablePattern.exec(template)) !== null) {
|
|
214
|
-
if (!match[1].startsWith('#') && !match[1].startsWith('/')) {
|
|
215
|
-
variables.simple.push(match[1].trim());
|
|
216
|
-
}
|
|
217
|
-
}
|
|
218
|
-
|
|
219
|
-
// Extract conditionals
|
|
220
|
-
const conditionalStartPattern = /\{\{#IF_([^}]+)\}\}/g;
|
|
221
|
-
while ((match = conditionalStartPattern.exec(template)) !== null) {
|
|
222
|
-
variables.conditionals.push(match[1].trim());
|
|
223
|
-
}
|
|
224
|
-
|
|
225
|
-
// Extract loops
|
|
226
|
-
const loopStartPattern = /\{\{#EACH_([^}]+)\}\}/g;
|
|
227
|
-
while ((match = loopStartPattern.exec(template)) !== null) {
|
|
228
|
-
variables.loops.push(match[1].trim());
|
|
229
|
-
}
|
|
230
|
-
|
|
231
|
-
// Remove duplicates
|
|
232
|
-
for (const key in variables) {
|
|
233
|
-
variables[key] = [...new Set(variables[key])];
|
|
234
|
-
}
|
|
235
|
-
|
|
236
|
-
return variables;
|
|
237
|
-
}
|
|
238
|
-
}
|
|
239
|
-
|
|
240
|
-
module.exports = TemplateEngine;
|