uneven-ai 1.1.9 → 1.2.2

package/CHANGELOG.md

@@ -5,6 +5,53 @@ All notable changes to Uneven AI will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.2] - 2026-05-02
+
+### Fixed
+
+- **Local model path** — After `uneven-ai init`, commands such as `index` and `ask` failed with `Cannot open ./models/…: No such file or directory`. The Rust engine was resolving model files relative to `./models/` while the installer writes them to `.uneven/models/`. Both the inference loader (GGUF + tokenizer) and the embeddings module now read from `.uneven/models/` consistently.
+
+---
+
+## [1.2.1] - 2026-05-01
+
+### Fixed
+
+- **Auto-fix rollback** — In certain error scenarios the engine would skip the rollback step, leaving partially applied changes on disk. Rollback is now reliably triggered on every failure path.
+- **Shell crash on fix confirmation timeout** — When the auto-fix confirmation prompt timed out, Node.js could throw an unhandled rejection and exit. The prompt now degrades gracefully.
+- **Fix engine context accuracy** — The code context sent to the AI for generating fixes was occasionally pulled from the wrong region of the file. The engine now uses an accurate line-based extraction window.
+- **AI confidence out of range** — The fix engine could accept confidence scores outside the valid 0–1 range, skewing fix prioritization. Scores are now clamped correctly.
+- **Knowledge Map file routing** — Files were occasionally matched incorrectly when two files share a similar suffix (e.g. `user.ts` and `power-user.ts`). Path boundary matching is now enforced.
+- **Knowledge Map multi-line response parsing** — When the AI returned a formatted (multi-line) file list, the parser silently dropped all entries. Both compact and formatted responses are now handled correctly.
+- **Knowledge Map path corruption** — A stray trailing comma in the fallback parser produced unresolvable paths, causing context retrieval to fail silently.
+- **Knowledge Map context overflow** — On large projects with many indexed files, the full file list could overflow the AI context window. The map is now capped at 800 entries with a clear truncation notice.
+- **Watcher stability** — An uncaught error during a proactive scan could bring down the file watcher. Errors are now isolated and logged without interrupting the watch loop.
+- **Index integrity** — A failed file read during indexing could record an empty hash, causing the file to be treated as unchanged on the next run. Affected files are now skipped until readable.
+- **Remote shell hardening** — Improved robustness of the built-in remote shell endpoint.
+- **Session lock reliability** — A lock-timeout error could be silently swallowed under concurrent load. Errors are now surfaced to the logger.
+- **Local model loader stability** — Under concurrent usage, the local model could be loaded more than once simultaneously. Loader now serializes concurrent requests correctly.
+- **Symlink loop protection** — Directory indexing could enter an infinite loop when the project contained circular symbolic links. Symlinked directories are now skipped during traversal.
+- **Large file context cap** — Files without a size cap could saturate the AI context window when used as reference material. Content is now capped at 8 000 characters with a truncation notice.
+
+---
+
+## [1.2.0] - 2026-04-29
+
+### Added
+- **Global Strategy Architecture**: Introduced `src/utils` and `src/interfaces` to centralize shared constants and contracts, significantly reducing circular dependencies and improving modularity.
+- **Data Analyst Strategy Pattern**: Refactored the monolithic `analyzer.ts` into a decoupled architecture using a Strategy pattern. Database-specific logic is now isolated in `KnexAdapter` and `MongoAdapter`.
+- **Centralized Security Definitions**: Created `src/utils/security-definitions.ts` to host all security constants (`PORTS`, `REQUIRED_HEADERS`) used by the analysis engines.
+- **Legal Compliance Flow (Frontend)**: Implemented `LegalGateModal` with dynamic localized links (BRL/PT vs USD/EN) and mandatory consent interceptor in the pricing flow.
+
+### Changed
+- **Pentester Modernization**: Deep refactoring of the `active` analysis module. Procedural logic in `helpers.ts`, `http.ts`, and `network.ts` replaced with modern asynchronous patterns and functional programming (Map/Filter).
+- **Interface Segregation**: Moved all domain-specific interfaces to `src/interfaces/data-analyst.ts` and `src/interfaces/active-analysis.ts`.
+- **Infrastructure Cleanup**: Streamlined core context files (`context.ts`) by removing heavy data definitions and focusing on runtime configuration.
+
+### Fixed
+- **Mobile UX (Frontend)**: Resolved horizontal overflow issues hiding the mobile menu; fixed logo font-size and spacing constraints for small screens.
+- **CSS Syntax Error**: Corrected invalid `items-center` property in the Legal Modal to proper `align-items: center`.
+
 ## [1.1.9] - 2026-04-27
 
 ### Added

package/LICENSE

@@ -24,7 +24,7 @@ contato@rileysolucoes.com.br
 
 ---
 
-Uneven AI's "Maria" agent is powered by Llama 3.2. Llama 3.2 is licensed under the Llama 3.2 Community License, Copyright © Meta Platforms, Inc. All Rights Reserved.
+Uneven AI's "Snatchy" agent is powered by Llama 3.2. Llama 3.2 is licensed under the Llama 3.2 Community License, Copyright © Meta Platforms, Inc. All Rights Reserved.
 
 ---
 

package/README.md

@@ -3,20 +3,19 @@
 ![npm version](https://img.shields.io/npm/v/uneven-ai)
 ![license](https://img.shields.io/badge/license-BSL%201.1-blue)
 ![node](https://img.shields.io/node/v/uneven-ai)
-![typescript](https://img.shields.io/badge/TypeScript-ready-blue)
 
 > **Autonomous local development agent for Node.js.**
 >
-> Runs on your machine. Meets **Maria**, your autonomous senior engineer. She indexes your codebase, watches running terminals in real time, **autonomously fixes errors**, scans for **malicious code**, performs **security testing**, and manages your project via a **conversational shell**.
+> Runs on your machine. Meets **Snatchy**, your autonomous senior engineer. She indexes your codebase, watches running terminals in real time, **autonomously fixes errors**, scans for **malicious code**, performs **security testing**, and manages your project via a **conversational shell**.
 >
-> Use your own API key or run 100% offline with **Maria** (Standard or Pro). No telemetry. No cloud lock-in.
+> Use your own API key or run 100% offline with **Snatchy**. No telemetry. No cloud lock-in.
 
 ---
 
 ## Features
 
-- **💬 Maria Shell** — Run `uneven-ai` to talk with **Maria**, your local senior agent. She understands your intent and dispatches commands automatically.
-- **🧠 Local Sovereignty** — Powered by **Maria**, our built-in offline brain. Choose between **Maria Standard** (Llama 3.2 — fast & light) or **Maria Pro** (Llama 4 Scout — high performance).
+- **💬 Snatchy Shell** — Run `uneven-ai` to talk with **Snatchy**, your local senior agent. She understands your intent in any language and dispatches commands automatically.
+- **🧠 Local Sovereignty** — Powered by **Snatchy**, our built-in offline brain. Runs entirely on your machine — no API key, no cloud, no data leaving your environment.
 - **⚡ Selective Knowledge Retrieval** — New **Knowledge Map Strategy** for massive projects. The AI identifies relevant files from a compact project map before reading content, reducing token costs by up to 90% and eliminating "context noise".
 - **🔍 Semantic Knowledge Base** — Scalable indexing for codebase, databases, and docs. Optimized for surgical context delivery in v1.1.1.
 - **👀 Terminal Watcher** — Monitors your dev workflow and catches execution errors in real time.
@@ -75,13 +74,13 @@ Requirements vary depending on the **brain provider** you choose.
 | Disk | 200 MB + model size | Ollama stores models in its own directory |
 | OS | Linux, macOS, Windows 11 | |
 
-### Local brain (LLaMA — no API, no cloud)
+### Local brain (Snatchy — no API, no cloud)
 
 | Item | Minimum | Recommended |
 |---|---|---|
 | Node.js | v18 (ESM required) | v20+ |
 | RAM | 4 GB | 8 GB+ |
-| Disk | 200 MB (embeddings) | 2 GB+ (local LLM) |
+| Disk | 200 MB (embeddings) | 2 GB+ (local model) |
 | OS | Linux, macOS, Windows 11 | Linux / macOS |
 
 ---
@@ -142,7 +141,7 @@ uneven-ai ci
 
 `uneven-ai init` walks you through selecting a provider and downloading required models:
 
-- **Maria (Local)** — Downloads an optimized offline model. Detects GPU automatically. Choose **Maria Standard** (Llama 3.2) for speed or **Maria Pro** (Llama 4) for advanced reasoning.
+- **Snatchy (Local)** — Downloads an optimized offline model. Detects your hardware automatically and installs the accelerated binary. Just run `init` and Snatchy handles the rest.
 - **Ollama** — Connects to your existing Ollama infrastructure.
 - **Cloud providers** — Requires environment API keys:
   ```bash
@@ -158,7 +157,7 @@ uneven-ai ci
 Run `uneven-ai` with no arguments to open the interactive shell:
 
 ```
-  ◈  Uneven AI  v1.1.9
+  ◈  Uneven AI  v1.2.0
   ────────────────────────────────────────────────────────────
   Olá! O que posso fazer por você hoje?
   (Escreva sua mensagem ou "sair" para encerrar)
@@ -204,8 +203,8 @@ import { UnevenConfig } from 'uneven-ai'
 
 const config: UnevenConfig = {
   brain: {
-    provider: 'local',          // 'local' (Maria) | 'openai' | 'claude' | 'gemini' | 'ollama'
-    model: 'maria-standard',    // 'maria-standard' (Llama 3.2) | 'maria-pro' (Llama 4)
+    provider: 'local',          // 'local' (Snatchy) | 'ollama' | 'gemini' | 'openai' | 'claude'
+    model: '',                  // set automatically by 'uneven-ai init'
     apiKey: process.env.AI_KEY, // cloud providers only
     temperature: 0.3,
     maxTokens: 2048,
@@ -373,7 +372,7 @@ uneven-ai ci --github               # Write GitHub Actions step summary
 uneven-ai ci --output ./ci-out.json # Custom output path
 ```
 
-Pipeline steps: TypeScript typecheck → malware scan → test suite. Exit code 0 = pass.
+Pipeline steps: type check → malware scan → test suite. Exit code 0 = pass.
 
 ---
 
@@ -383,7 +382,7 @@ Pipeline steps: TypeScript typecheck → malware scan → test suite. Exit code
 import { Uneven } from 'uneven-ai'
 
 const ai = new Uneven({
-  brain: { provider: 'local', model: 'llama-3.2-1b-q8' },
+  brain: { provider: 'local' },  // model set by 'uneven-ai init'
   knowledge: { dirs: ['./src'] },
   watch: { terminal: 'npm run dev', autoFix: true },
 })
@@ -553,7 +552,7 @@ New to Uneven AI? Follow the step-by-step guide to verify each feature works cor
 
 ---
 
-**© 2025 KR Riley Soluções. All rights reserved.**
+**© 2026 KR Riley Soluções. All rights reserved.**
 
 Uneven AI is developed and owned by **KR Riley Soluções** — a software engineering consultancy in Brazil.
 

package/dist/application/analysis/active/helpers.d.ts

@@ -1,10 +1,19 @@
 import * as http from 'http';
+/**
+ * Modern TCP connection check with clean promise handling
+ */
 export declare function tcpConnect(host: string, port: number, timeoutMs: number): Promise<boolean>;
+/**
+ * Streamlined HTTP request with automatic dossier injection
+ */
 export declare function httpRequest(options: http.RequestOptions, useHttps: boolean): Promise<{
     statusCode: number;
     headers: Record<string, string | string[] | undefined>;
     body: string;
 }>;
+/**
+ * Extracts and analyzes TLS certificate information
+ */
 export declare function parseTlsInfo(host: string, port: number): Promise<{
     valid: boolean;
     expired: boolean;
@@ -14,6 +23,9 @@ export declare function parseTlsInfo(host: string, port: number): Promise<{
     subject: string;
     issuer: string;
 } | null>;
+/**
+ * Resolves target string to host, port and protocol using native URL API
+ */
 export declare function resolveHostPort(target: string): {
     host: string;
     port: number;

package/dist/application/analysis/active/helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/helpers.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAI5B,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAO1F;AAED,wBAAsB,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1F,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAA;IACtD,IAAI,EAAE,MAAM,CAAA;CACb,CAAC,CA0BD;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IAChE,KAAK,EAAE,OAAO,CAAA;IACd,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf,GAAG,IAAI,CAAC,CA8BR;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAY9F"}
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/helpers.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAK5B;;GAEG;AACH,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAkBhG;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,cAAc,EAAE,QAAQ,EAAE,OAAO,GAAG,OAAO,CAAC;IAC1F,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAA;IACtD,IAAI,EAAE,MAAM,CAAA;CACb,CAAC,CAqCD;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IACtE,KAAK,EAAE,OAAO,CAAA;IACd,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,OAAO,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf,GAAG,IAAI,CAAC,CAiCR;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAoB9F"}

package/dist/application/analysis/active/helpers.js

@@ -2,81 +2,114 @@ import * as net from 'net';
 import * as tls from 'tls';
 import * as https from 'https';
 import * as http from 'http';
-import { CONNECT_TIMEOUT_MS, HTTP_TIMEOUT_MS } from './context.js';
-import { getPublicIp } from '../../../infrastructure/utils/network.js';
-export function tcpConnect(host, port, timeoutMs) {
-    return new Promise(resolve => {
-        const sock = net.createConnection({ host, port });
-        const timer = setTimeout(() => { sock.destroy(); resolve(false); }, timeoutMs);
-        sock.on('connect', () => { clearTimeout(timer); sock.destroy(); resolve(true); });
-        sock.on('error', () => { clearTimeout(timer); resolve(false); });
+import { CONNECT_TIMEOUT_MS, HTTP_TIMEOUT_MS } from '../../../utils/security-definitions.js';
+import { getAttackerDossier } from '../../../infrastructure/utils/dossier.js';
+import { PentestSecurityContext } from '../pentest-security-context.js';
+/**
+ * Modern TCP connection check with clean promise handling
+ */
+export async function tcpConnect(host, port, timeoutMs) {
+    return new Promise((resolve) => {
+        const socket = net.createConnection({ host, port });
+        socket.setTimeout(timeoutMs);
+        socket.on('connect', () => {
+            socket.destroy();
+            resolve(true);
+        });
+        const onFail = () => {
+            socket.destroy();
+            resolve(false);
+        };
+        socket.on('timeout', onFail);
+        socket.on('error', onFail);
     });
 }
+/**
+ * Streamlined HTTP request with automatic dossier injection
+ */
 export async function httpRequest(options, useHttps) {
-    const ip = await getPublicIp();
-    const customHeaders = {
-        ...options.headers,
+    // Context management could be optimized outside this helper, but kept here for now
+    const ctx = new PentestSecurityContext();
+    const scope = await ctx.loadScope();
+    const dossier = await getAttackerDossier(scope);
+    const dossierBase64 = Buffer.from(JSON.stringify(dossier)).toString('base64');
+    const mergedHeaders = {
         'User-Agent': 'Uneven-Pentester/1.1.9',
-        ...(ip ? { 'X-Uneven-Origin-Trace': ip } : {})
+        'X-Uneven-Dossier': dossierBase64,
+        ...options.headers,
     };
     return new Promise((resolve, reject) => {
-        const mod = useHttps ? https : http;
-        const req = mod.request({ ...options, headers: customHeaders, rejectUnauthorized: false }, res => {
+        const client = useHttps ? https : http;
+        const req = client.request({ ...options, headers: mergedHeaders, rejectUnauthorized: false }, (res) => {
             let body = '';
-            res.on('data', (chunk) => { body += chunk.toString('utf-8'); });
+            res.setEncoding('utf-8');
+            res.on('data', chunk => { body += chunk; });
             res.on('end', () => resolve({
                 statusCode: res.statusCode ?? 0,
                 headers: res.headers,
                 body: body.slice(0, 4096),
             }));
         });
-        req.setTimeout(HTTP_TIMEOUT_MS, () => { req.destroy(); reject(new Error('timeout')); });
+        req.setTimeout(HTTP_TIMEOUT_MS, () => {
+            req.destroy();
+            reject(new Error('Request timeout'));
+        });
         req.on('error', reject);
         req.end();
     });
 }
-export function parseTlsInfo(host, port) {
-    return new Promise(resolve => {
-        const sock = tls.connect({ host, port, rejectUnauthorized: false, timeout: CONNECT_TIMEOUT_MS }, () => {
-            const cert = sock.getPeerCertificate();
-            const protocol = sock.getProtocol() ?? 'unknown';
+/**
+ * Extracts and analyzes TLS certificate information
+ */
+export async function parseTlsInfo(host, port) {
+    return new Promise((resolve) => {
+        const socket = tls.connect({ host, port, rejectUnauthorized: false, timeout: CONNECT_TIMEOUT_MS }, () => {
+            const cert = socket.getPeerCertificate();
             if (!cert || !cert.valid_to) {
-                sock.destroy();
-                resolve(null);
-                return;
+                socket.destroy();
+                return resolve(null);
             }
             const expiry = new Date(cert.valid_to);
-            const now = new Date();
-            const daysToExpiry = Math.floor((expiry.getTime() - now.getTime()) / 86400000);
-            const selfSigned = cert.issuer?.CN === cert.subject?.CN;
+            const daysToExpiry = Math.floor((expiry.getTime() - Date.now()) / 86400000);
             resolve({
-                valid: sock.authorized,
+                valid: socket.authorized,
                 expired: daysToExpiry < 0,
-                selfSigned,
+                selfSigned: cert.issuer?.CN === cert.subject?.CN,
                 daysToExpiry,
-                protocol,
+                protocol: socket.getProtocol() ?? 'unknown',
                 subject: String(cert.subject?.CN ?? ''),
                 issuer: String(cert.issuer?.CN ?? ''),
             });
-            sock.destroy();
+            socket.destroy();
+        });
+        socket.on('error', () => resolve(null));
+        socket.setTimeout(CONNECT_TIMEOUT_MS, () => {
+            socket.destroy();
+            resolve(null);
         });
-        sock.setTimeout(CONNECT_TIMEOUT_MS, () => { sock.destroy(); resolve(null); });
-        sock.on('error', () => resolve(null));
     });
 }
+/**
+ * Resolves target string to host, port and protocol using native URL API
+ */
 export function resolveHostPort(target) {
-    let raw = target;
-    let useHttps = true;
-    let defaultPort = 443;
-    if (raw.startsWith('http://')) {
-        raw = raw.slice(7);
-        useHttps = false;
-        defaultPort = 80;
+    const hasProtocol = /^https?:\/\//i.test(target);
+    const normalizedTarget = hasProtocol ? target : `https://${target}`;
+    try {
+        const url = new URL(normalizedTarget);
+        return {
+            host: url.hostname,
+            port: url.port ? parseInt(url.port, 10) : (url.protocol === 'https:' ? 443 : 80),
+            https: url.protocol === 'https:'
+        };
     }
-    else if (raw.startsWith('https://')) {
-        raw = raw.slice(8);
+    catch {
+        // Fallback for non-URL compatible targets (like raw IPs)
+        const [host, port] = target.split(':');
+        return {
+            host: host || target,
+            port: port ? parseInt(port, 10) : 443,
+            https: true
+        };
     }
-    const [host, portStr] = raw.split(':');
-    const port = portStr ? parseInt(portStr, 10) : defaultPort;
-    return { host: host ?? raw, port, https: useHttps };
 }

package/dist/application/analysis/active/http.d.ts

@@ -1,6 +1,15 @@
-import type { SecurityFinding } from '../security/index.js';
-import type { ActiveCtx } from './context.js';
+import type { SecurityFinding } from '../../../interfaces/index.js';
+import type { ActiveCtx } from '../../../interfaces/active-analysis.js';
+/**
+ * Audits HTTP headers for missing security controls and info disclosure
+ */
 export declare function doAuditHeaders(ctx: ActiveCtx, target: string): Promise<SecurityFinding[]>;
+/**
+ * Tests CORS configuration for common misconfigurations
+ */
 export declare function doTestCORS(ctx: ActiveCtx, target: string): Promise<SecurityFinding[]>;
+/**
+ * Tests for dangerous HTTP methods allowed by the server
+ */
 export declare function doTestDangerousMethods(ctx: ActiveCtx, target: string): Promise<SecurityFinding[]>;
 //# sourceMappingURL=http.d.ts.map

package/dist/application/analysis/active/http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/http.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAI7C,wBAAsB,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAoD/F;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA+C3F;AAED,wBAAsB,sBAAsB,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAiCvG"}
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/http.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAA;AACnE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wCAAwC,CAAA;AAmBvE;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAsD/F;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAgD3F;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAiCvG"}

package/dist/application/analysis/active/http.js

@@ -1,14 +1,25 @@
-import { REQUIRED_HEADERS } from './context.js';
+import { REQUIRED_HEADERS } from '../../../utils/security-definitions.js';
 import { httpRequest, resolveHostPort } from './helpers.js';
-export async function doAuditHeaders(ctx, target) {
-    const { host, port, https: useHttps } = resolveHostPort(target);
-    await ctx.logger.info(`ActiveScan: HTTP header audit → ${host}:${port}`);
-    const findings = [];
+/**
+ * Checks if the target is allowed and logs the operation
+ */
+async function ensureTargetAllowed(ctx, target, op) {
+    const { host, port } = resolveHostPort(target);
+    await ctx.logger.info(`ActiveScan: ${op} → ${host}:${port}`);
     const check = await ctx.ctx.checkTarget(target);
     if (check.blocked) {
-        ctx.audit(`BLOCKED header audit ${target} — ${check.reason}`);
-        return [];
+        ctx.audit(`BLOCKED ${op} ${target} — ${check.reason}`);
+        return false;
     }
+    return true;
+}
+/**
+ * Audits HTTP headers for missing security controls and info disclosure
+ */
+export async function doAuditHeaders(ctx, target) {
+    if (!await ensureTargetAllowed(ctx, target, 'Header Audit'))
+        return [];
+    const { host, port, https: useHttps } = resolveHostPort(target);
     let res;
     try {
         res = await httpRequest({ host, port, path: '/', method: 'GET' }, useHttps);
@@ -16,20 +27,22 @@ export async function doAuditHeaders(ctx, target) {
     catch {
         return [];
     }
-    ctx.audit(`HTTP header audit ${host}:${port} — ${res.statusCode}`);
+    ctx.audit(`HTTP Header Audit ${host}:${port} — ${res.statusCode}`);
     const h = res.headers;
-    for (const rule of REQUIRED_HEADERS) {
-        if (!h[rule.key]) {
-            findings.push({
-                severity: rule.severity,
-                type: `ActiveScan: Missing ${rule.header}`,
-                message: rule.message(host),
-                recommendation: rule.recommendation,
-                cvss: rule.cvss,
-                match: host,
-            });
-        }
-    }
+    const findings = [];
+    // 1. Missing Security Headers
+    const missingHeaders = REQUIRED_HEADERS
+        .filter(rule => !h[rule.key])
+        .map(rule => ({
+        severity: rule.severity,
+        type: `ActiveScan: Missing ${rule.header}`,
+        message: rule.messageBuilder(host),
+        recommendation: rule.recommendation,
+        cvss: rule.cvss,
+        match: host,
+    }));
+    findings.push(...missingHeaders);
+    // 2. Information Disclosure: Server version
     const server = h['server'];
     if (server && /\/\d+\.\d+/.test(server)) {
         findings.push({
@@ -40,6 +53,7 @@ export async function doAuditHeaders(ctx, target) {
             match: server,
         });
     }
+    // 3. Information Disclosure: X-Powered-By
     const powered = h['x-powered-by'];
     if (powered) {
         findings.push({
@@ -52,15 +66,13 @@ export async function doAuditHeaders(ctx, target) {
     }
     return findings;
 }
+/**
+ * Tests CORS configuration for common misconfigurations
+ */
 export async function doTestCORS(ctx, target) {
-    const { host, port, https: useHttps } = resolveHostPort(target);
-    await ctx.logger.info(`ActiveScan: CORS test → ${host}:${port}`);
-    const findings = [];
-    const check = await ctx.ctx.checkTarget(target);
-    if (check.blocked) {
-        ctx.audit(`BLOCKED CORS test ${target} — ${check.reason}`);
+    if (!await ensureTargetAllowed(ctx, target, 'CORS Test'))
         return [];
-    }
+    const { host, port, https: useHttps } = resolveHostPort(target);
     const EVIL_ORIGIN = 'https://evil.attacker-example.com';
     let res;
     try {
@@ -69,9 +81,10 @@ export async function doTestCORS(ctx, target) {
     catch {
         return [];
     }
-    ctx.audit(`CORS test ${host}:${port} — ACAO=${res.headers['access-control-allow-origin']}`);
     const acao = res.headers['access-control-allow-origin'];
     const acac = res.headers['access-control-allow-credentials'];
+    ctx.audit(`CORS Test ${host}:${port} — ACAO=${acao ?? 'none'}`);
+    const findings = [];
     if (acao === EVIL_ORIGIN) {
         findings.push({
             severity: 'high', cvss: 8.1,
@@ -81,7 +94,7 @@ export async function doTestCORS(ctx, target) {
             match: acao,
         });
     }
-    if (acao === 'null') {
+    else if (acao === 'null') {
         findings.push({
             severity: 'high', cvss: 7.4,
             type: 'ActiveScan: CORS Null Origin Allowed',
@@ -101,37 +114,38 @@ export async function doTestCORS(ctx, target) {
     }
     return findings;
 }
+/**
+ * Tests for dangerous HTTP methods allowed by the server
+ */
 export async function doTestDangerousMethods(ctx, target) {
-    const { host, port, https: useHttps } = resolveHostPort(target);
-    await ctx.logger.info(`ActiveScan: HTTP methods → ${host}:${port}`);
-    const findings = [];
-    const check = await ctx.ctx.checkTarget(target);
-    if (check.blocked) {
-        ctx.audit(`BLOCKED method test ${target} — ${check.reason}`);
+    if (!await ensureTargetAllowed(ctx, target, 'Methods Test'))
         return [];
-    }
+    const { host, port, https: useHttps } = resolveHostPort(target);
     const DANGEROUS = [
         { method: 'TRACE', severity: 'medium', cvss: 4.8, reason: 'Cross-Site Tracing (XST) — can steal cookies/headers via JavaScript' },
         { method: 'PUT', severity: 'high', cvss: 7.5, reason: 'PUT method allowed — may permit arbitrary file upload' },
         { method: 'DELETE', severity: 'high', cvss: 7.5, reason: 'DELETE method allowed — may permit resource deletion' },
         { method: 'CONNECT', severity: 'medium', cvss: 5.8, reason: 'CONNECT method allowed — server may be used as HTTP proxy' },
     ];
-    await Promise.all(DANGEROUS.map(async ({ method, severity, cvss, reason }) => {
+    const results = await Promise.all(DANGEROUS.map(async ({ method, severity, cvss, reason }) => {
         try {
             const res = await httpRequest({ host, port, path: '/', method }, useHttps);
             ctx.audit(`${method} ${host}:${port} — ${res.statusCode}`);
             if (res.statusCode !== 405 && res.statusCode !== 501 && res.statusCode !== 0) {
-                findings.push({
+                return {
                     severity,
                     type: `ActiveScan: HTTP ${method} Method Allowed`,
                     message: `${host} accepts HTTP ${method} requests (${res.statusCode}) — ${reason}`,
                     recommendation: `Disable the ${method} method in your web server / API framework unless explicitly required.`,
                     cvss,
                     match: `${method} ${res.statusCode}`,
-                });
+                };
             }
         }
-        catch { /* host down or timeout */ }
+        catch {
+            // Quietly ignore network errors during method probe
+        }
+        return null;
     }));
-    return findings;
+    return results.filter((f) => f !== null);
 }

package/dist/application/analysis/active/index.d.ts

@@ -1,7 +1,7 @@
 import type { Logger } from '../../../infrastructure/index.js';
 import type { PentestSecurityContext } from '../pentest-security-context.js';
-import type { SecurityFinding } from '../security/index.js';
-import type { ActiveCtx } from './context.js';
+import type { SecurityFinding } from '../../../interfaces/index.js';
+import type { ActiveCtx } from '../../../interfaces/active-analysis.js';
 export declare class ActiveScanner implements ActiveCtx {
     logger: Logger;
     ctx: PentestSecurityContext;

package/dist/application/analysis/active/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAI7C,qBAAa,aAAc,YAAW,SAAS;IAC7C,MAAM,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,sBAAsB,CAAA;IAC3B,QAAQ,EAAE,MAAM,EAAE,CAAK;gBAEX,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,sBAAsB;IAKvD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAKlB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IASpC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACrD,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACxD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACpD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACpD,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAE1D,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CAoBnE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAA;AACnE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wCAAwC,CAAA;AAIvE,qBAAa,aAAc,YAAW,SAAS;IAC7C,MAAM,EAAE,MAAM,CAAA;IACd,GAAG,EAAE,sBAAsB,CAAA;IAC3B,QAAQ,EAAE,MAAM,EAAE,CAAK;gBAEX,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,sBAAsB;IAKvD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAKlB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IASpC,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACrD,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACxD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACpD,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IACpD,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAE1D,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;CAoBnE"}

package/dist/application/analysis/active/network.d.ts

@@ -1,5 +1,11 @@
-import type { SecurityFinding } from '../security/index.js';
-import type { ActiveCtx } from './context.js';
+import type { SecurityFinding } from '../../../interfaces/index.js';
+import type { ActiveCtx } from '../../../interfaces/active-analysis.js';
+/**
+ * Performs a stealthy port scan and generates security findings
+ */
 export declare function doScanPorts(ctx: ActiveCtx, target: string): Promise<SecurityFinding[]>;
+/**
+ * Audits TLS certificate and protocol version
+ */
 export declare function doAuditTLS(ctx: ActiveCtx, target: string): Promise<SecurityFinding[]>;
 //# sourceMappingURL=network.d.ts.map

package/dist/application/analysis/active/network.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/network.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAI7C,wBAAsB,WAAW,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA0C5F;AAED,wBAAsB,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA8D3F"}
+{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../../src/application/analysis/active/network.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAA;AACnE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wCAAwC,CAAA;AAoBvE;;GAEG;AACH,wBAAsB,WAAW,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA6B5F;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAmE3F"}