npm - tlc-claude-code - Versions diffs - 1.2.29 → 1.4.0 - Mend

tlc-claude-code 1.2.29 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (182) hide show

package/dashboard/dist/components/AuditPane.d.ts +30 -0
package/dashboard/dist/components/AuditPane.js +127 -0
package/dashboard/dist/components/AuditPane.test.d.ts +1 -0
package/dashboard/dist/components/AuditPane.test.js +339 -0
package/dashboard/dist/components/CompliancePane.d.ts +39 -0
package/dashboard/dist/components/CompliancePane.js +96 -0
package/dashboard/dist/components/CompliancePane.test.d.ts +1 -0
package/dashboard/dist/components/CompliancePane.test.js +183 -0
package/dashboard/dist/components/SSOPane.d.ts +36 -0
package/dashboard/dist/components/SSOPane.js +71 -0
package/dashboard/dist/components/SSOPane.test.d.ts +1 -0
package/dashboard/dist/components/SSOPane.test.js +155 -0
package/dashboard/dist/components/UsagePane.d.ts +13 -0
package/dashboard/dist/components/UsagePane.js +51 -0
package/dashboard/dist/components/UsagePane.test.d.ts +1 -0
package/dashboard/dist/components/UsagePane.test.js +142 -0
package/dashboard/dist/components/WorkspaceDocsPane.d.ts +19 -0
package/dashboard/dist/components/WorkspaceDocsPane.js +130 -0
package/dashboard/dist/components/WorkspaceDocsPane.test.d.ts +1 -0
package/dashboard/dist/components/WorkspaceDocsPane.test.js +242 -0
package/dashboard/dist/components/WorkspacePane.d.ts +18 -0
package/dashboard/dist/components/WorkspacePane.js +17 -0
package/dashboard/dist/components/WorkspacePane.test.d.ts +1 -0
package/dashboard/dist/components/WorkspacePane.test.js +84 -0
package/dashboard/dist/components/ZeroRetentionPane.d.ts +44 -0
package/dashboard/dist/components/ZeroRetentionPane.js +83 -0
package/dashboard/dist/components/ZeroRetentionPane.test.d.ts +1 -0
package/dashboard/dist/components/ZeroRetentionPane.test.js +160 -0
package/package.json +1 -1
package/server/lib/access-control-doc.js +541 -0
package/server/lib/access-control-doc.test.js +672 -0
package/server/lib/adr-generator.js +423 -0
package/server/lib/adr-generator.test.js +586 -0
package/server/lib/agent-progress-monitor.js +223 -0
package/server/lib/agent-progress-monitor.test.js +202 -0
package/server/lib/architecture-command.js +450 -0
package/server/lib/architecture-command.test.js +754 -0
package/server/lib/ast-analyzer.js +324 -0
package/server/lib/ast-analyzer.test.js +437 -0
package/server/lib/audit-attribution.js +191 -0
package/server/lib/audit-attribution.test.js +359 -0
package/server/lib/audit-classifier.js +202 -0
package/server/lib/audit-classifier.test.js +209 -0
package/server/lib/audit-command.js +275 -0
package/server/lib/audit-command.test.js +325 -0
package/server/lib/audit-exporter.js +380 -0
package/server/lib/audit-exporter.test.js +464 -0
package/server/lib/audit-logger.js +236 -0
package/server/lib/audit-logger.test.js +364 -0
package/server/lib/audit-query.js +257 -0
package/server/lib/audit-query.test.js +352 -0
package/server/lib/audit-storage.js +269 -0
package/server/lib/audit-storage.test.js +272 -0
package/server/lib/auth-system.test.js +4 -1
package/server/lib/boundary-detector.js +427 -0
package/server/lib/boundary-detector.test.js +320 -0
package/server/lib/budget-alerts.js +138 -0
package/server/lib/budget-alerts.test.js +235 -0
package/server/lib/bulk-repo-init.js +342 -0
package/server/lib/bulk-repo-init.test.js +388 -0
package/server/lib/candidates-tracker.js +210 -0
package/server/lib/candidates-tracker.test.js +300 -0
package/server/lib/checkpoint-manager.js +251 -0
package/server/lib/checkpoint-manager.test.js +474 -0
package/server/lib/circular-detector.js +337 -0
package/server/lib/circular-detector.test.js +353 -0
package/server/lib/cohesion-analyzer.js +310 -0
package/server/lib/cohesion-analyzer.test.js +447 -0
package/server/lib/compliance-checklist.js +866 -0
package/server/lib/compliance-checklist.test.js +476 -0
package/server/lib/compliance-command.js +616 -0
package/server/lib/compliance-command.test.js +551 -0
package/server/lib/compliance-reporter.js +692 -0
package/server/lib/compliance-reporter.test.js +707 -0
package/server/lib/contract-testing.js +625 -0
package/server/lib/contract-testing.test.js +342 -0
package/server/lib/conversion-planner.js +469 -0
package/server/lib/conversion-planner.test.js +361 -0
package/server/lib/convert-command.js +351 -0
package/server/lib/convert-command.test.js +608 -0
package/server/lib/coupling-calculator.js +189 -0
package/server/lib/coupling-calculator.test.js +509 -0
package/server/lib/data-flow-doc.js +665 -0
package/server/lib/data-flow-doc.test.js +659 -0
package/server/lib/dependency-graph.js +367 -0
package/server/lib/dependency-graph.test.js +516 -0
package/server/lib/duplication-detector.js +349 -0
package/server/lib/duplication-detector.test.js +401 -0
package/server/lib/ephemeral-storage.js +249 -0
package/server/lib/ephemeral-storage.test.js +254 -0
package/server/lib/evidence-collector.js +627 -0
package/server/lib/evidence-collector.test.js +901 -0
package/server/lib/example-service.js +616 -0
package/server/lib/example-service.test.js +397 -0
package/server/lib/flow-diagram-generator.js +474 -0
package/server/lib/flow-diagram-generator.test.js +446 -0
package/server/lib/idp-manager.js +626 -0
package/server/lib/idp-manager.test.js +587 -0
package/server/lib/impact-scorer.js +184 -0
package/server/lib/impact-scorer.test.js +211 -0
package/server/lib/memory-exclusion.js +326 -0
package/server/lib/memory-exclusion.test.js +241 -0
package/server/lib/mermaid-generator.js +358 -0
package/server/lib/mermaid-generator.test.js +301 -0
package/server/lib/messaging-patterns.js +750 -0
package/server/lib/messaging-patterns.test.js +213 -0
package/server/lib/mfa-handler.js +452 -0
package/server/lib/mfa-handler.test.js +490 -0
package/server/lib/microservice-template.js +386 -0
package/server/lib/microservice-template.test.js +325 -0
package/server/lib/new-project-microservice.js +450 -0
package/server/lib/new-project-microservice.test.js +600 -0
package/server/lib/oauth-flow.js +375 -0
package/server/lib/oauth-flow.test.js +487 -0
package/server/lib/oauth-registry.js +190 -0
package/server/lib/oauth-registry.test.js +306 -0
package/server/lib/readme-generator.js +490 -0
package/server/lib/readme-generator.test.js +493 -0
package/server/lib/refactor-command.js +326 -0
package/server/lib/refactor-command.test.js +528 -0
package/server/lib/refactor-executor.js +254 -0
package/server/lib/refactor-executor.test.js +305 -0
package/server/lib/refactor-observer.js +292 -0
package/server/lib/refactor-observer.test.js +422 -0
package/server/lib/refactor-progress.js +193 -0
package/server/lib/refactor-progress.test.js +251 -0
package/server/lib/refactor-reporter.js +237 -0
package/server/lib/refactor-reporter.test.js +247 -0
package/server/lib/repo-dependency-tracker.js +261 -0
package/server/lib/repo-dependency-tracker.test.js +350 -0
package/server/lib/retention-policy.js +281 -0
package/server/lib/retention-policy.test.js +486 -0
package/server/lib/role-mapper.js +236 -0
package/server/lib/role-mapper.test.js +395 -0
package/server/lib/saml-provider.js +765 -0
package/server/lib/saml-provider.test.js +643 -0
package/server/lib/security-policy-generator.js +682 -0
package/server/lib/security-policy-generator.test.js +544 -0
package/server/lib/semantic-analyzer.js +198 -0
package/server/lib/semantic-analyzer.test.js +474 -0
package/server/lib/sensitive-detector.js +112 -0
package/server/lib/sensitive-detector.test.js +209 -0
package/server/lib/service-interaction-diagram.js +700 -0
package/server/lib/service-interaction-diagram.test.js +638 -0
package/server/lib/service-scaffold.js +486 -0
package/server/lib/service-scaffold.test.js +373 -0
package/server/lib/service-summary.js +553 -0
package/server/lib/service-summary.test.js +619 -0
package/server/lib/session-purge.js +460 -0
package/server/lib/session-purge.test.js +312 -0
package/server/lib/shared-kernel.js +578 -0
package/server/lib/shared-kernel.test.js +255 -0
package/server/lib/sso-command.js +544 -0
package/server/lib/sso-command.test.js +552 -0
package/server/lib/sso-session.js +492 -0
package/server/lib/sso-session.test.js +670 -0
package/server/lib/traefik-config.js +282 -0
package/server/lib/traefik-config.test.js +312 -0
package/server/lib/usage-command.js +218 -0
package/server/lib/usage-command.test.js +391 -0
package/server/lib/usage-formatter.js +192 -0
package/server/lib/usage-formatter.test.js +267 -0
package/server/lib/usage-history.js +122 -0
package/server/lib/usage-history.test.js +206 -0
package/server/lib/workspace-command.js +249 -0
package/server/lib/workspace-command.test.js +264 -0
package/server/lib/workspace-config.js +270 -0
package/server/lib/workspace-config.test.js +312 -0
package/server/lib/workspace-docs-command.js +547 -0
package/server/lib/workspace-docs-command.test.js +692 -0
package/server/lib/workspace-memory.js +451 -0
package/server/lib/workspace-memory.test.js +403 -0
package/server/lib/workspace-scanner.js +452 -0
package/server/lib/workspace-scanner.test.js +677 -0
package/server/lib/workspace-test-runner.js +315 -0
package/server/lib/workspace-test-runner.test.js +294 -0
package/server/lib/zero-retention-command.js +439 -0
package/server/lib/zero-retention-command.test.js +448 -0
package/server/lib/zero-retention.js +322 -0
package/server/lib/zero-retention.test.js +258 -0
package/server/package-lock.json +14 -0
package/server/package.json +1 -0

package/server/lib/oauth-flow.js ADDED Viewed

@@ -0,0 +1,375 @@
+/**
+ * OAuth 2.0 Flow Handler
+ *
+ * Handles OAuth 2.0 authorization code flow with PKCE support.
+ * Uses oauth-registry for provider configuration.
+ */
+const crypto = require('crypto');
+/**
+ * Default state expiry time (10 minutes).
+ */
+const DEFAULT_STATE_EXPIRY_MS = 10 * 60 * 1000;
+/**
+ * Generates PKCE code verifier and challenge.
+ *
+ * @returns {object} PKCE parameters
+ * @returns {string} returns.codeVerifier - Random 43-128 character string
+ * @returns {string} returns.codeChallenge - base64url(sha256(codeVerifier))
+ * @returns {string} returns.codeChallengeMethod - Always 'S256'
+ */
+function generatePKCE() {
+  // Generate random bytes and encode as base64url (43-128 chars)
+  // 32 bytes = 43 base64 chars, 96 bytes = 128 base64 chars
+  const verifierBytes = crypto.randomBytes(32);
+  const codeVerifier = verifierBytes
+    .toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+  // SHA256 hash of verifier, then base64url encode
+  const hash = crypto.createHash('sha256').update(codeVerifier).digest();
+  const codeChallenge = hash
+    .toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+  return {
+    codeVerifier,
+    codeChallenge,
+    codeChallengeMethod: 'S256',
+  };
+}
+/**
+ * Generates an OAuth state parameter with CSRF protection.
+ *
+ * State format (base64 encoded JSON):
+ * {
+ *   nonce: 32-char hex string,
+ *   provider: provider name,
+ *   timestamp: epoch ms,
+ *   codeVerifier: PKCE verifier (if usePKCE)
+ * }
+ *
+ * @param {string} provider - Provider name
+ * @param {object} [options] - Options
+ * @param {boolean} [options.usePKCE] - Include PKCE code verifier
+ * @returns {string} Base64 encoded state
+ */
+function generateState(provider, options = {}) {
+  const stateData = {
+    nonce: crypto.randomBytes(16).toString('hex'),
+    provider,
+    timestamp: Date.now(),
+  };
+  if (options.usePKCE) {
+    const pkce = generatePKCE();
+    stateData.codeVerifier = pkce.codeVerifier;
+  }
+  return Buffer.from(JSON.stringify(stateData)).toString('base64');
+}
+/**
+ * Validates an OAuth state parameter.
+ *
+ * @param {string} state - Base64 encoded state from callback
+ * @param {string} expectedProvider - Expected provider name
+ * @param {object} [options] - Options
+ * @param {number} [options.maxAgeMs] - Maximum state age in ms (default 10 min)
+ * @returns {object} Validation result
+ * @returns {boolean} returns.valid - Whether state is valid
+ * @returns {string} [returns.error] - Error message if invalid
+ * @returns {string} [returns.provider] - Provider from state
+ * @returns {string} [returns.codeVerifier] - PKCE code verifier if present
+ */
+function validateState(state, expectedProvider, options = {}) {
+  const maxAgeMs = options.maxAgeMs || DEFAULT_STATE_EXPIRY_MS;
+  try {
+    const decoded = JSON.parse(Buffer.from(state, 'base64').toString('utf-8'));
+    // Check provider matches
+    if (decoded.provider !== expectedProvider) {
+      return {
+        valid: false,
+        error: 'State provider mismatch - possible CSRF attack',
+      };
+    }
+    // Check expiry
+    const age = Date.now() - decoded.timestamp;
+    if (age > maxAgeMs) {
+      return {
+        valid: false,
+        error: 'State expired',
+      };
+    }
+    return {
+      valid: true,
+      provider: decoded.provider,
+      codeVerifier: decoded.codeVerifier,
+    };
+  } catch (err) {
+    return {
+      valid: false,
+      error: 'Invalid state format',
+    };
+  }
+}
+/**
+ * Creates an OAuth flow handler.
+ *
+ * @param {object} registry - OAuth registry instance from createOAuthRegistry()
+ * @returns {object} OAuth flow handler
+ */
+function createOAuthFlow(registry) {
+  /**
+   * Generates an authorization URL for the OAuth flow.
+   *
+   * @param {string} providerName - Provider name
+   * @param {object} options - Options
+   * @param {string} options.redirectUri - Callback URL
+   * @param {string[]} [options.scopes] - Override default scopes
+   * @param {boolean} [options.usePKCE] - Use PKCE extension
+   * @returns {object} Authorization data
+   * @returns {string} returns.url - Authorization URL
+   * @returns {string} returns.state - State parameter for validation
+   * @returns {string} [returns.codeVerifier] - PKCE code verifier (if usePKCE)
+   */
+  function getAuthorizationUrl(providerName, options = {}) {
+    const provider = registry.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`Provider not found: ${providerName}`);
+    }
+    if (!options.redirectUri) {
+      throw new Error('redirectUri is required');
+    }
+    // Generate state (with PKCE if requested)
+    const state = generateState(providerName, { usePKCE: options.usePKCE });
+    // Build URL params
+    const params = new URLSearchParams({
+      client_id: provider.clientId,
+      redirect_uri: options.redirectUri,
+      response_type: 'code',
+      state,
+    });
+    // Add scopes
+    const scopes = options.scopes || provider.scopes || [];
+    if (scopes.length > 0) {
+      params.set('scope', scopes.join(' '));
+    }
+    // Add PKCE if requested
+    let codeVerifier;
+    if (options.usePKCE) {
+      const stateData = JSON.parse(Buffer.from(state, 'base64').toString('utf-8'));
+      codeVerifier = stateData.codeVerifier;
+      // Generate challenge from verifier
+      const hash = crypto.createHash('sha256').update(codeVerifier).digest();
+      const codeChallenge = hash
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=/g, '');
+      params.set('code_challenge', codeChallenge);
+      params.set('code_challenge_method', 'S256');
+    }
+    const url = `${provider.authUrl}?${params.toString()}`;
+    const result = { url, state };
+    if (codeVerifier) {
+      result.codeVerifier = codeVerifier;
+    }
+    return result;
+  }
+  /**
+   * Exchanges an authorization code for tokens.
+   *
+   * @param {string} providerName - Provider name
+   * @param {object} options - Options
+   * @param {string} options.code - Authorization code
+   * @param {string} options.redirectUri - Redirect URI (must match authorize request)
+   * @param {string} [options.codeVerifier] - PKCE code verifier
+   * @returns {Promise<object>} Token response
+   */
+  async function exchangeCode(providerName, options) {
+    const provider = registry.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`Provider not found: ${providerName}`);
+    }
+    const body = new URLSearchParams({
+      grant_type: 'authorization_code',
+      code: options.code,
+      client_id: provider.clientId,
+      client_secret: provider.clientSecret,
+      redirect_uri: options.redirectUri,
+    });
+    if (options.codeVerifier) {
+      body.set('code_verifier', options.codeVerifier);
+    }
+    let response;
+    try {
+      response = await fetch(provider.tokenUrl, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+          Accept: 'application/json',
+        },
+        body: body.toString(),
+      });
+    } catch (err) {
+      throw new Error(`Network error: ${err.message}`);
+    }
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(`${data.error}: ${data.error_description || 'Token exchange failed'}`);
+    }
+    return {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token,
+      tokenType: data.token_type,
+      expiresIn: data.expires_in,
+      scope: data.scope,
+    };
+  }
+  /**
+   * Refreshes an access token using a refresh token.
+   *
+   * @param {string} providerName - Provider name
+   * @param {object} options - Options
+   * @param {string} options.refreshToken - Refresh token
+   * @returns {Promise<object>} New token response
+   */
+  async function refreshToken(providerName, options) {
+    const provider = registry.getProvider(providerName);
+    if (!provider) {
+      throw new Error(`Provider not found: ${providerName}`);
+    }
+    const body = new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: options.refreshToken,
+      client_id: provider.clientId,
+      client_secret: provider.clientSecret,
+    });
+    let response;
+    try {
+      response = await fetch(provider.tokenUrl, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+          Accept: 'application/json',
+        },
+        body: body.toString(),
+      });
+    } catch (err) {
+      throw new Error(`Network error: ${err.message}`);
+    }
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(`${data.error}: ${data.error_description || 'Token refresh failed'}`);
+    }
+    return {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token,
+      tokenType: data.token_type,
+      expiresIn: data.expires_in,
+      scope: data.scope,
+    };
+  }
+  /**
+   * Handles an OAuth callback request.
+   *
+   * @param {string} providerName - Expected provider name
+   * @param {object} params - Callback parameters
+   * @param {string} [params.code] - Authorization code (if successful)
+   * @param {string} params.state - State parameter
+   * @param {string} params.redirectUri - Redirect URI for token exchange
+   * @param {string} [params.error] - Error code (if failed)
+   * @param {string} [params.error_description] - Error description
+   * @returns {Promise<object>} Callback result
+   */
+  async function handleCallback(providerName, params) {
+    // Check for OAuth error in callback
+    if (params.error) {
+      return {
+        success: false,
+        error: params.error,
+        errorDescription: params.error_description,
+      };
+    }
+    // Validate state
+    const stateResult = validateState(params.state, providerName);
+    if (!stateResult.valid) {
+      return {
+        success: false,
+        error: stateResult.error,
+      };
+    }
+    // Exchange code for tokens
+    try {
+      const tokens = await exchangeCode(providerName, {
+        code: params.code,
+        redirectUri: params.redirectUri,
+        codeVerifier: stateResult.codeVerifier,
+      });
+      return {
+        success: true,
+        provider: providerName,
+        tokens,
+      };
+    } catch (err) {
+      return {
+        success: false,
+        error: err.message,
+      };
+    }
+  }
+  return {
+    getAuthorizationUrl,
+    exchangeCode,
+    refreshToken,
+    handleCallback,
+  };
+}
+module.exports = {
+  createOAuthFlow,
+  generateState,
+  validateState,
+  generatePKCE,
+};