npm - tryassay - Versions diffs - 0.33.1 → 0.34.0 - Mend

tryassay 0.33.1 → 0.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/dist/cli.js +20 -0
package/dist/cli.js.map +1 -1
package/dist/commands/hunt.d.ts +2 -0
package/dist/commands/hunt.js +58 -7
package/dist/commands/hunt.js.map +1 -1
package/dist/commands/mcp.d.ts +14 -0
package/dist/commands/mcp.js +18 -0
package/dist/commands/mcp.js.map +1 -0
package/dist/commands/watch.d.ts +19 -0
package/dist/commands/watch.js +158 -0
package/dist/commands/watch.js.map +1 -0
package/dist/hunt/__tests__/finding-to-template.test.d.ts +1 -0
package/dist/hunt/__tests__/finding-to-template.test.js +213 -0
package/dist/hunt/__tests__/finding-to-template.test.js.map +1 -0
package/dist/hunt/__tests__/parse-utils.test.js +28 -1
package/dist/hunt/__tests__/parse-utils.test.js.map +1 -1
package/dist/hunt/__tests__/taint-analysis.test.d.ts +1 -0
package/dist/hunt/__tests__/taint-analysis.test.js +556 -0
package/dist/hunt/__tests__/taint-analysis.test.js.map +1 -0
package/dist/hunt/__tests__/templates.test.js +2 -2
package/dist/hunt/__tests__/templates.test.js.map +1 -1
package/dist/hunt/deep-dive.d.ts +2 -2
package/dist/hunt/deep-dive.js +4 -4
package/dist/hunt/deep-dive.js.map +1 -1
package/dist/hunt/discovery.js +2 -2
package/dist/hunt/discovery.js.map +1 -1
package/dist/hunt/finding-to-template.d.ts +47 -0
package/dist/hunt/finding-to-template.js +288 -0
package/dist/hunt/finding-to-template.js.map +1 -0
package/dist/hunt/orchestrator.d.ts +3 -0
package/dist/hunt/orchestrator.js +20 -5
package/dist/hunt/orchestrator.js.map +1 -1
package/dist/hunt/taint-analysis.d.ts +49 -0
package/dist/hunt/taint-analysis.js +429 -0
package/dist/hunt/taint-analysis.js.map +1 -0
package/dist/hunt/templates/csv-injection.d.ts +2 -0
package/dist/hunt/templates/csv-injection.js +148 -0
package/dist/hunt/templates/csv-injection.js.map +1 -0
package/dist/hunt/templates/django-misconfig.d.ts +2 -0
package/dist/hunt/templates/django-misconfig.js +172 -0
package/dist/hunt/templates/django-misconfig.js.map +1 -0
package/dist/hunt/templates/express-misconfig.d.ts +2 -0
package/dist/hunt/templates/express-misconfig.js +156 -0
package/dist/hunt/templates/express-misconfig.js.map +1 -0
package/dist/hunt/templates/file-upload.d.ts +2 -0
package/dist/hunt/templates/file-upload.js +131 -0
package/dist/hunt/templates/file-upload.js.map +1 -0
package/dist/hunt/templates/graphql-abuse.d.ts +2 -0
package/dist/hunt/templates/graphql-abuse.js +161 -0
package/dist/hunt/templates/graphql-abuse.js.map +1 -0
package/dist/hunt/templates/hardcoded-credentials.d.ts +2 -0
package/dist/hunt/templates/hardcoded-credentials.js +109 -0
package/dist/hunt/templates/hardcoded-credentials.js.map +1 -0
package/dist/hunt/templates/idor.d.ts +2 -0
package/dist/hunt/templates/idor.js +102 -0
package/dist/hunt/templates/idor.js.map +1 -0
package/dist/hunt/templates/index.d.ts +2 -2
package/dist/hunt/templates/index.js +38 -5
package/dist/hunt/templates/index.js.map +1 -1
package/dist/hunt/templates/insecure-deserialization.d.ts +2 -0
package/dist/hunt/templates/insecure-deserialization.js +131 -0
package/dist/hunt/templates/insecure-deserialization.js.map +1 -0
package/dist/hunt/templates/mass-assignment.d.ts +2 -0
package/dist/hunt/templates/mass-assignment.js +101 -0
package/dist/hunt/templates/mass-assignment.js.map +1 -0
package/dist/hunt/templates/nextjs-misconfig.d.ts +2 -0
package/dist/hunt/templates/nextjs-misconfig.js +127 -0
package/dist/hunt/templates/nextjs-misconfig.js.map +1 -0
package/dist/hunt/templates/postmessage.d.ts +2 -0
package/dist/hunt/templates/postmessage.js +180 -0
package/dist/hunt/templates/postmessage.js.map +1 -0
package/dist/hunt/templates/race-condition.d.ts +2 -0
package/dist/hunt/templates/race-condition.js +138 -0
package/dist/hunt/templates/race-condition.js.map +1 -0
package/dist/hunt/templates/spring-misconfig.d.ts +2 -0
package/dist/hunt/templates/spring-misconfig.js +177 -0
package/dist/hunt/templates/spring-misconfig.js.map +1 -0
package/dist/hunt/templates/xxe.d.ts +2 -0
package/dist/hunt/templates/xxe.js +187 -0
package/dist/hunt/templates/xxe.js.map +1 -0
package/dist/hunt/triage.d.ts +2 -2
package/dist/hunt/triage.js +4 -4
package/dist/hunt/triage.js.map +1 -1
package/dist/realtime/__tests__/catch-real-bugs.test.d.ts +9 -0
package/dist/realtime/__tests__/catch-real-bugs.test.js +205 -0
package/dist/realtime/__tests__/catch-real-bugs.test.js.map +1 -0
package/dist/realtime/__tests__/code-buffer.test.d.ts +1 -0
package/dist/realtime/__tests__/code-buffer.test.js +202 -0
package/dist/realtime/__tests__/code-buffer.test.js.map +1 -0
package/dist/realtime/__tests__/correction-injector.test.d.ts +1 -0
package/dist/realtime/__tests__/correction-injector.test.js +168 -0
package/dist/realtime/__tests__/correction-injector.test.js.map +1 -0
package/dist/realtime/__tests__/stream-interceptor.test.d.ts +1 -0
package/dist/realtime/__tests__/stream-interceptor.test.js +193 -0
package/dist/realtime/__tests__/stream-interceptor.test.js.map +1 -0
package/dist/realtime/__tests__/streaming-checks.test.d.ts +1 -0
package/dist/realtime/__tests__/streaming-checks.test.js +479 -0
package/dist/realtime/__tests__/streaming-checks.test.js.map +1 -0
package/dist/realtime/__tests__/streaming-verifier.test.d.ts +1 -0
package/dist/realtime/__tests__/streaming-verifier.test.js +157 -0
package/dist/realtime/__tests__/streaming-verifier.test.js.map +1 -0
package/dist/realtime/code-buffer.d.ts +52 -0
package/dist/realtime/code-buffer.js +276 -0
package/dist/realtime/code-buffer.js.map +1 -0
package/dist/realtime/correction-injector.d.ts +56 -0
package/dist/realtime/correction-injector.js +96 -0
package/dist/realtime/correction-injector.js.map +1 -0
package/dist/realtime/index.d.ts +14 -0
package/dist/realtime/index.js +11 -0
package/dist/realtime/index.js.map +1 -0
package/dist/realtime/mcp-server.d.ts +14 -0
package/dist/realtime/mcp-server.js +200 -0
package/dist/realtime/mcp-server.js.map +1 -0
package/dist/realtime/stream-interceptor.d.ts +65 -0
package/dist/realtime/stream-interceptor.js +174 -0
package/dist/realtime/stream-interceptor.js.map +1 -0
package/dist/realtime/streaming-checks.d.ts +55 -0
package/dist/realtime/streaming-checks.js +452 -0
package/dist/realtime/streaming-checks.js.map +1 -0
package/dist/realtime/streaming-verifier.d.ts +57 -0
package/dist/realtime/streaming-verifier.js +134 -0
package/dist/realtime/streaming-verifier.js.map +1 -0
package/dist/realtime/types.d.ts +99 -0
package/dist/realtime/types.js +8 -0
package/dist/realtime/types.js.map +1 -0
package/package.json +2 -1

package/dist/realtime/types.d.ts ADDED Viewed

@@ -0,0 +1,99 @@
+/**
+ * Shared types for the real-time verification pipeline.
+ *
+ * Phase 2 of the 10x roadmap: verify code as it streams from the LLM,
+ * not after generation completes.
+ */
+export type CodeUnitKind = 'statement' | 'function' | 'block' | 'line';
+export interface CodeUnit {
+    /** The complete code text for this unit */
+    text: string;
+    /** What kind of code structure completed */
+    kind: CodeUnitKind;
+    /** Byte offset in the full buffer where this unit starts */
+    startOffset: number;
+    /** Byte offset in the full buffer where this unit ends */
+    endOffset: number;
+    /** Detected or configured language */
+    language: string;
+}
+export type CheckSeverity = 'critical' | 'high' | 'medium' | 'low';
+export interface StreamingCheck {
+    /** Unique identifier (e.g. 'sql_parameterized', 'learned_rule_42') */
+    id: string;
+    /** Human-readable name */
+    name: string;
+    /** Languages this check applies to (empty = all) */
+    languages: string[];
+    /** Pre-compiled regex pattern */
+    pattern: RegExp;
+    /** What a match means */
+    verdict: 'FAIL' | 'PASS';
+    /** Severity when this check triggers a FAIL */
+    severity: CheckSeverity;
+    /** Human-readable evidence template (may include $1, $2 for captures) */
+    evidenceTemplate: string;
+    /** Optional fix suggestion */
+    suggestion?: string;
+    /** Source: 'formal' (hand-crafted) or 'learned' (from rule catalog) */
+    source: 'formal' | 'learned';
+    /**
+     * Optional context keywords for relevance filtering.
+     * If set, this check only runs when at least one keyword appears
+     * in the code unit text (case-insensitive). If unset, the check
+     * runs against all code units (no filtering).
+     */
+    contextKeywords?: string[];
+}
+export interface CompiledCheckSet {
+    /** All checks, pre-filtered by language and pre-compiled */
+    checks: StreamingCheck[];
+    /** Language these checks are filtered for */
+    language: string;
+    /** Time taken to compile (ms) */
+    compileTimeMs: number;
+}
+export interface VerificationEvent {
+    /** Finding or pass */
+    type: 'finding' | 'pass';
+    /** The code unit that was checked */
+    codeUnit: CodeUnit;
+    /** Which check produced this event */
+    checkId: string;
+    /** Check name */
+    checkName: string;
+    /** Pass or fail */
+    verdict: 'PASS' | 'FAIL';
+    /** Evidence string explaining the verdict */
+    evidence: string;
+    /** Severity (only meaningful for FAIL) */
+    severity: CheckSeverity;
+    /** Fix suggestion if available */
+    suggestion?: string;
+    /** How long this check took (ms) */
+    latencyMs: number;
+}
+export interface StreamingVerifierStats {
+    /** Total code units processed */
+    unitsProcessed: number;
+    /** Total individual checks run */
+    checksRun: number;
+    /** Total findings (FAIL verdicts) */
+    findings: number;
+    /** Average latency per code unit (ms) */
+    avgLatencyMs: number;
+    /** Max latency for any single code unit (ms) */
+    maxLatencyMs: number;
+    /** Total elapsed time (ms) */
+    totalTimeMs: number;
+}
+export interface CorrectionResult {
+    /** The re-generated segment after correction */
+    correctedText: string;
+    /** The original text that was wrong */
+    originalText: string;
+    /** The finding that triggered correction */
+    finding: VerificationEvent;
+    /** Tokens consumed for the correction */
+    tokensUsed: number;
+}

package/dist/realtime/types.js ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Shared types for the real-time verification pipeline.
+ *
+ * Phase 2 of the 10x roadmap: verify code as it streams from the LLM,
+ * not after generation completes.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/realtime/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/realtime/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "tryassay",
-  "version": "0.33.1",
+  "version": "0.34.0",
   "description": "AI code verification CLI — find bugs that tests miss, linters ignore, and code review overlooks",
   "type": "module",
   "main": "./dist/index.js",
@@ -45,6 +45,7 @@
   ],
   "dependencies": {
     "@anthropic-ai/sdk": "^0.39.0",
+    "@modelcontextprotocol/sdk": "^1.27.1",
     "@supabase/supabase-js": "^2.95.3",
     "@upstash/ratelimit": "^2.0.8",
     "@upstash/redis": "^1.36.2",