-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathrules.ts
More file actions
67 lines (58 loc) · 2.32 KB
/
Copy pathrules.ts
File metadata and controls
67 lines (58 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
/**
* codeinspectus_list_rules — active detectors, engine versions, DB freshness
* (PRD §11). Reads the detection-db manifest and probes engine availability.
*/
import { z } from "zod";
import { readFile } from "node:fs/promises";
import { join } from "node:path";
import { DETECTION_DB_DIR, CODEINSPECTUS_AI_VERSION, type EngineName } from "./config.js";
import { probeEngine } from "./engines/resolve.js";
import { readTrivyDbDate } from "./engines/trivy.js";
import type { listRulesOutput, ruleInfoSchema } from "./schemas.js";
import type { ListRulesInput } from "./schemas.js";
type ListRulesResult = z.infer<typeof listRulesOutput>;
type RuleInfo = z.infer<typeof ruleInfoSchema>;
interface Manifest {
version: string;
date: string;
custom_rules: RuleInfo[];
}
async function loadManifest(): Promise<Manifest> {
const raw = await readFile(join(DETECTION_DB_DIR, "manifest.json"), "utf8");
return JSON.parse(raw) as Manifest;
}
export async function listRules(input: ListRulesInput): Promise<ListRulesResult> {
const manifest = await loadManifest().catch(() => ({
version: "unknown",
date: "unknown",
custom_rules: [] as RuleInfo[],
}));
const engineNames: EngineName[] = ["opengrep", "gitleaks", "trivy"];
const probes = await Promise.all(engineNames.map((e) => probeEngine(e)));
const trivyDbDate = await readTrivyDbDate();
const engines = [
...engineNames.map((engine, i) => ({
engine,
version: probes[i]!.version,
available: probes[i]!.available,
ruleset: engine === "opengrep" ? "security-baseline" : engine === "gitleaks" ? "codeinspectus.toml + defaults" : "embedded + vuln DB",
})),
{
engine: "codeinspectus-ai" as const,
version: CODEINSPECTUS_AI_VERSION,
available: true,
ruleset: "AI-code analyzers (§6)",
},
];
let custom = manifest.custom_rules;
if (input.engine) custom = custom.filter((r) => r.engine === input.engine);
return {
detection_db_version: manifest.version,
detection_db_date: manifest.date,
engines,
...(trivyDbDate ? { trivy_db_date: trivyDbDate } : {}),
custom_rules: custom,
custom_rule_count: custom.length,
note: "Generic SAST is provided by the bundled engines; CodeInspectus's custom rules target AI-code / vibe-coding / framework-specific issues the engines miss (PRD §9).",
};
}