From fde6b90f2227c03fec6b31f81963e96330791122 Mon Sep 17 00:00:00 2001 From: Nova Corp Date: Thu, 30 Apr 2026 22:01:55 -0400 Subject: [PATCH 1/2] feat: add MCP server, non-interactive install, and auto-healing SKILL.md - New 'reversa mcp' command: stdio MCP server with 3 tools (reversa_status, reversa_analyze, reversa_confidence), 2 resources (state, inventory), and 1 prompt (new-analysis) - Non-interactive install: --yes flag with --project, --engines, --user, --chat-language, --doc-language, --output, --reinstall - Auto-healing SKILL.md: when state.json is missing but skills exist, the orchestrator creates state programmatically - Updated agent SKILL.md files with MCP context - Updated CLI docs and help text in EN/PT/ES - Dep: @modelcontextprotocol/sdk@1.29.0 --- .gitignore | 7 + agents/reversa-scout/SKILL.md | 2 + agents/reversa/SKILL.md | 55 +- bin/reversa.js | 10 + docs/agentes/reversa.es.md | 11 + docs/agentes/reversa.md | 11 + docs/agentes/reversa.pt.md | 11 + docs/cli.es.md | 40 ++ docs/cli.md | 40 ++ docs/cli.pt.md | 40 ++ docs/pipeline.es.md | 2 + docs/pipeline.md | 2 + docs/pipeline.pt.md | 2 + lib/commands/install.js | 55 +- lib/installer/prompts.js | 52 +- lib/installer/writer.js | 9 +- lib/mcp/server.js | 156 +++++ package-lock.json | 1100 ++++++++++++++++++++++++++++++++- package.json | 1 + 19 files changed, 1579 insertions(+), 27 deletions(-) create mode 100644 lib/mcp/server.js diff --git a/.gitignore b/.gitignore index b92703e5..6470262d 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,10 @@ node_modules/ dist/ .claude/ site/ + +# Reversa +.reversa/ +.agents/ +_reversa_sdd/ +_reversa_test/ +AGENTS.md diff --git a/agents/reversa-scout/SKILL.md b/agents/reversa-scout/SKILL.md index 21580f0e..1a1d606d 100644 --- a/agents/reversa-scout/SKILL.md +++ b/agents/reversa-scout/SKILL.md @@ -16,6 +16,8 @@ Você é o Scout. Sua missão é mapear a superfície completa do sistema legado Leia `.reversa/state.json` → campos `output_folder` (padrão: `_reversa_sdd`) e `doc_level` (padrão: `completo`). Use `output_folder` como pasta de saída em todas as etapas abaixo. +Se o servidor MCP estiver disponivel, voce pode consultar `reversa://state` e `reversa://inventory` como recursos em vez de ler arquivos manualmente. + ## Processo ### 1. Estrutura de pastas diff --git a/agents/reversa/SKILL.md b/agents/reversa/SKILL.md index e868900a..55c7b90f 100644 --- a/agents/reversa/SKILL.md +++ b/agents/reversa/SKILL.md @@ -15,8 +15,59 @@ Você é o Reversa, orquestrador central do framework Reversa. ## Ao ser ativado 1. Leia `.reversa/state.json` -2. Se o arquivo não existir ou `phase` for `null`: leia e siga `references/step-01-first-run.md` -3. Se `phase` estiver definida: leia e siga `references/step-02-resume.md` + +2. **Se o arquivo não existir:** + a. Verifique se `.agents/skills/reversa/SKILL.md` existe (skills estao instalados) + b. Se skills existem mas state nao: execute este script Node.js para criar o estado automaticamente: + ```js + import { mkdirSync, writeFileSync } from 'fs'; + import { join } from 'path'; + const root = process.cwd(); + mkdirSync(join(root, '.reversa', '_config'), { recursive: true }); + mkdirSync(join(root, '.reversa', 'context'), { recursive: true }); + writeFileSync(join(root, '.reversa', 'state.json'), JSON.stringify({ + version:'1.2.14', step:0, phase:'idle', + project: root.split('/').pop(), user_name: 'Developer', + chat_language: 'en', doc_language: 'English', + answer_mode: 'chat', output_folder: '_reversa_sdd', + engines: [], + agents: [], completed: [], + pending: ['reconhecimento','escavacao','interpretacao','geracao','revisao'], + checkpoints: {}, created_files: [] + }, null, 2)); + writeFileSync(join(root, '.reversa', 'plan.md'), + '# Exploration Plan\n\n## Project: ' + root.split('/').pop() + '\n## Date: ' + + new Date().toISOString().split('T')[0] + + '\n\n## Phases\n1. Reconnaissance (Scout)\n2. Excavation (Archaeologist)' + + '\n3. Interpretation (Detective + Architect)\n4. Generation (Writer)\n5. Review (Reviewer)\n'); + writeFileSync(join(root, '.reversa', 'version'), '1.2.14'); + ``` + c. Informe o usuario: "Reversa configurado automaticamente. Vamos iniciar a analise." + d. Prossiga para `step-01-first-run.md` + +3. Se `phase` for `null` ou `idle`: leia e siga `references/step-01-first-run.md` + +4. Se `phase` estiver definida e nao for `idle`: leia e siga `references/step-02-resume.md` + +## MCP Server (consulta de estado e relatorios) + +Se o servidor MCP estiver configurado (`npx reversa mcp`), a engine pode consultar estado e relatorios via MCP: +- `reversa_status(path)` — retorna o state.json como JSON estruturado +- `reversa_analyze(path, level?)` — verifica se a analise pode ser iniciada/retomada +- `reversa_confidence(path)` — retorna o relatorio de confianca +- `reversa://state` (resource) — state.json como recurso MCP +- `reversa://inventory` (resource) — inventory.md como recurso MCP + +**Importante:** MCP e apenas leitura. O pipeline continua sendo executado via skills. + +## Modo nao-interativo (--yes) + +O comando `npx reversa install --yes` aceita flags para instalacao headless: +``` +--project, --engines, --user, --chat-language, --doc-language, +--output, --git-strategy, --answer-mode, --agents, --reinstall +``` +Use quando o Reversa precisar ser instalado via script ou em ambientes sem TTY. ## Executando os agentes do plano diff --git a/bin/reversa.js b/bin/reversa.js index c10e6ed6..0910c2c9 100644 --- a/bin/reversa.js +++ b/bin/reversa.js @@ -18,6 +18,7 @@ const commands = { 'add-agent': () => import('../lib/commands/add-agent.js'), 'add-engine': () => import('../lib/commands/add-engine.js'), 'export-diagrams': () => import('../lib/commands/export-diagrams.js'), + mcp: () => import('../lib/mcp/server.js'), }; const green = chalk.hex('#ffa203'); @@ -45,6 +46,15 @@ ______ export-diagrams Exporta diagramas Mermaid como imagens SVG/PNG Opções: --format=svg|png --output= Requer: npm install -g @mermaid-js/mermaid-cli + mcp Inicia o servidor MCP para integração com agentes de IA + Compatível com Claude Code, Cursor, OpenCode e outros + + Opções globais: + --yes Modo não-interativo (instalação com valores padrão) + --project= Nome do projeto (modo --yes) + --engines= Engines separadas por vírgula (modo --yes) + --user= Nome do usuário (modo --yes) + --output= Pasta de saída (modo --yes) Documentação: https://github.com/sandeco/reversa `); diff --git a/docs/agentes/reversa.es.md b/docs/agentes/reversa.es.md index 2de8ee6d..d692e772 100644 --- a/docs/agentes/reversa.es.md +++ b/docs/agentes/reversa.es.md @@ -51,3 +51,14 @@ Sin él, cada agente tocaría su parte sin conectarse con los demás. Con él, t ``` reversa ``` + +--- + +## Integración MCP + +Reversa también se puede consultar vía MCP (`npx reversa mcp`). El servidor MCP proporciona: +- **Herramientas:** `reversa_status`, `reversa_analyze`, `reversa_confidence` +- **Recursos:** `reversa://state`, `reversa://inventory` +- **Prompt:** `reversa-new-analysis` + +Úsalas para consultar estado e informes sin salir del chat del agente. El pipeline se ejecuta mediante este skill — MCP es solo para lectura de resultados. diff --git a/docs/agentes/reversa.md b/docs/agentes/reversa.md index 7c9554d5..05f93537 100644 --- a/docs/agentes/reversa.md +++ b/docs/agentes/reversa.md @@ -65,3 +65,14 @@ After Scout finishes, Reversa reads the generated `surface.json` and personalize ``` To resume an interrupted analysis, just activate again. The saved state is read automatically. + +--- + +## MCP integration + +Reversa can also be queried via MCP (`npx reversa mcp`). The MCP server provides: +- **Tools:** `reversa_status`, `reversa_analyze`, `reversa_confidence` +- **Resources:** `reversa://state`, `reversa://inventory` +- **Prompt:** `reversa-new-analysis` + +Use these to check state and reports without leaving the agent chat. The pipeline itself still runs via this skill — MCP is only for reading results. diff --git a/docs/agentes/reversa.pt.md b/docs/agentes/reversa.pt.md index cbca546c..5ecff8eb 100644 --- a/docs/agentes/reversa.pt.md +++ b/docs/agentes/reversa.pt.md @@ -65,3 +65,14 @@ Depois que o Scout termina, o Reversa lê o `surface.json` gerado e personaliza ``` Para retomar uma análise interrompida, basta ativar novamente. O estado salvo é lido automaticamente. + +--- + +## Integração MCP + +O Reversa também pode ser consultado via MCP (`npx reversa mcp`). O servidor MCP oferece: +- **Ferramentas:** `reversa_status`, `reversa_analyze`, `reversa_confidence` +- **Recursos:** `reversa://state`, `reversa://inventory` +- **Prompt:** `reversa-new-analysis` + +Use estas ferramentas para consultar estado e relatórios sem sair do chat do agente. O pipeline em si continua sendo executado através deste skill — o MCP serve apenas para leitura de resultados. diff --git a/docs/cli.es.md b/docs/cli.es.md index 0b19fbcf..ebdcf1bb 100644 --- a/docs/cli.es.md +++ b/docs/cli.es.md @@ -16,6 +16,17 @@ Instala Reversa en el proyecto heredado actual. Detecta los motores presentes, p Úsalo una vez, en la raíz del proyecto que quieres analizar. +**Modo no interactivo (CI/headless):** + +```bash +npx reversa install --yes \ + --project mi-app \ + --engines opencode,claude-code \ + --user Desarrollador +``` + +Flags disponibles: `--project`, `--engines`, `--user`, `--chat-language`, `--doc-language`, `--output`, `--git-strategy`, `--answer-mode`, `--agents`, `--reinstall=yes`. + --- ### `status` @@ -72,3 +83,32 @@ Elimina Reversa del proyecto: borra los archivos creados por la instalación. !!! info "Tus archivos quedan intactos" `uninstall` elimina **solo** lo que Reversa creó. Ningún archivo original del proyecto es tocado. Las especificaciones generadas en `_reversa_sdd/` también se conservan por defecto. + +--- + +### `mcp` + +```bash +npx reversa mcp +``` + +Inicia el servidor MCP de Reversa sobre stdio. Proporciona 3 herramientas, 2 recursos y 1 prompt para integración con agentes de IA: + +- **Herramientas:** `reversa_status(path)`, `reversa_analyze(path, level?)`, `reversa_confidence(path)` +- **Recursos:** `reversa://state`, `reversa://inventory` +- **Prompt:** `reversa-new-analysis` + +Configúralo en cualquier cliente MCP: + +```json +{ + "mcpServers": { + "reversa": { + "command": "npx", + "args": ["reversa", "mcp"] + } + } +} +``` + +Úsalo para consultar estado e informes sin salir del chat del agente. El pipeline se ejecuta cuando el agente escribe `reversa` o `/reversa`. diff --git a/docs/cli.md b/docs/cli.md index eb3e90c6..ac60e51b 100644 --- a/docs/cli.md +++ b/docs/cli.md @@ -16,6 +16,17 @@ Installs Reversa in the current legacy project. Detects present engines, asks fo Use once, in the root of the project you want to analyze. +**Non-interactive mode (CI/headless):** + +```bash +npx reversa install --yes \ + --project my-app \ + --engines opencode,claude-code \ + --user Developer +``` + +Available flags: `--project`, `--engines`, `--user`, `--chat-language`, `--doc-language`, `--output`, `--git-strategy`, `--answer-mode`, `--agents`, `--reinstall=yes`. + --- ### `status` @@ -72,3 +83,32 @@ Removes Reversa from the project: deletes the files created by the installation !!! info "Your files stay intact" `uninstall` removes **only** what Reversa created. No original project file is touched. Specifications generated in `_reversa_sdd/` are also preserved by default. + +--- + +### `mcp` + +```bash +npx reversa mcp +``` + +Starts the Reversa MCP server over stdio transport. Provides 3 tools, 2 resources, and 1 prompt for AI agent integration: + +- **Tools:** `reversa_status(path)`, `reversa_analyze(path, level?)`, `reversa_confidence(path)` +- **Resources:** `reversa://state`, `reversa://inventory` +- **Prompt:** `reversa-new-analysis` + +Configure in any MCP client: + +```json +{ + "mcpServers": { + "reversa": { + "command": "npx", + "args": ["reversa", "mcp"] + } + } +} +``` + +Use these to query state and reports without leaving the agent chat. The pipeline itself runs when the agent types `reversa` or `/reversa`. diff --git a/docs/cli.pt.md b/docs/cli.pt.md index 138687ca..72dda948 100644 --- a/docs/cli.pt.md +++ b/docs/cli.pt.md @@ -16,6 +16,17 @@ Instala o Reversa no projeto legado atual. Detecta as engines presentes, pergunt Use uma vez, na raiz do projeto que você quer analisar. +**Modo não-interativo (CI/headless):** + +```bash +npx reversa install --yes \ + --project meu-app \ + --engines opencode,claude-code \ + --user Desenvolvedor +``` + +Flags disponíveis: `--project`, `--engines`, `--user`, `--chat-language`, `--doc-language`, `--output`, `--git-strategy`, `--answer-mode`, `--agents`, `--reinstall=yes`. + --- ### `status` @@ -72,3 +83,32 @@ Remove o Reversa do projeto: apaga os arquivos criados pela instalação (`.reve !!! info "Seus arquivos continuam intactos" O `uninstall` remove **apenas** o que o Reversa criou. Nenhum arquivo original do projeto é tocado. As especificações geradas em `_reversa_sdd/` também são preservadas por padrão. + +--- + +### `mcp` + +```bash +npx reversa mcp +``` + +Inicia o servidor MCP do Reversa via stdio. Oferece 3 ferramentas, 2 recursos e 1 prompt para integração com agentes de IA: + +- **Ferramentas:** `reversa_status(path)`, `reversa_analyze(path, level?)`, `reversa_confidence(path)` +- **Recursos:** `reversa://state`, `reversa://inventory` +- **Prompt:** `reversa-new-analysis` + +Configure em qualquer cliente MCP: + +```json +{ + "mcpServers": { + "reversa": { + "command": "npx", + "args": ["reversa", "mcp"] + } + } +} +``` + +Use para consultar estado e relatórios sem sair do chat do agente. O pipeline em si roda quando o agente digita `reversa` ou `/reversa`. diff --git a/docs/pipeline.es.md b/docs/pipeline.es.md index 5809f010..bfb16117 100644 --- a/docs/pipeline.es.md +++ b/docs/pipeline.es.md @@ -2,6 +2,8 @@ Reversa transforma un sistema heredado en especificaciones ejecutables en 5 fases. +Para consultas rápidas durante el desarrollo, Reversa también expone un servidor MCP (`npx reversa mcp`) que permite a los agentes verificar el estado del análisis y leer informes sin salir de la sesión de codificación. El pipeline de 5 fases y el servidor MCP son complementarios: MCP lee resultados, el pipeline los crea. + --- ## Visión general diff --git a/docs/pipeline.md b/docs/pipeline.md index 2d2ca1c9..3df6bbed 100644 --- a/docs/pipeline.md +++ b/docs/pipeline.md @@ -2,6 +2,8 @@ Reversa transforms a legacy system into executable specifications in 5 phases. Each phase has specific agents, and the central orchestrator coordinates everything to happen in the right order. +For quick queries during development, Reversa also exposes an MCP server (`npx reversa mcp`) that lets agents check analysis status and read reports without leaving the coding session. The 5-phase pipeline and MCP server are complementary: MCP reads results, the pipeline creates them. + --- ## Overview diff --git a/docs/pipeline.pt.md b/docs/pipeline.pt.md index 14966f66..72499a37 100644 --- a/docs/pipeline.pt.md +++ b/docs/pipeline.pt.md @@ -2,6 +2,8 @@ O Reversa transforma um sistema legado em especificações executáveis em 5 fases. Cada fase tem agentes específicos, e o orquestrador central coordena tudo para que aconteça na ordem certa. +Para consultas rápidas durante o desenvolvimento, o Reversa também expõe um servidor MCP (`npx reversa mcp`) que permite aos agentes verificar o estado da análise e ler relatórios sem sair da sessão de codificação. O pipeline de 5 fases e o servidor MCP são complementares: MCP lê resultados, o pipeline os cria. + --- ## Visão geral diff --git a/lib/commands/install.js b/lib/commands/install.js index 704b3fc4..16719bb8 100644 --- a/lib/commands/install.js +++ b/lib/commands/install.js @@ -4,7 +4,7 @@ import { fileURLToPath } from 'url'; import { dirname } from 'path'; import { detectEngines, ENGINES } from '../installer/detector.js'; import { checkExistingInstallation } from '../installer/validator.js'; -import { runInstallPrompts } from '../installer/prompts.js'; +import { runInstallPrompts, runInstallDefaults } from '../installer/prompts.js'; import { Writer } from '../installer/writer.js'; import { buildManifest, saveManifest, loadManifest } from '../installer/manifest.js'; @@ -38,20 +38,30 @@ ______ console.log(chalk.gray(' AI-Powered Reverse Engineering Framework\n')); console.log(chalk.bold(' Installation\n')); + const isNonInteractive = args.includes('--yes') || args.includes('--non-interactive'); + // Check existing installation const existing = checkExistingInstallation(projectRoot); if (existing.installed) { - console.log(chalk.yellow(` Reversa is already installed (v${existing.version}) in this project.\n`)); - const { default: inquirer } = await import('inquirer'); - const { proceed } = await inquirer.prompt([{ - type: 'confirm', - name: 'proceed', - message: 'Do you want to reinstall / update the configuration?', - default: false, - }]); - if (!proceed) { - console.log(chalk.gray('\n Installation cancelled.\n')); - return; + if (isNonInteractive) { + const defaults = runInstallDefaults([], args); + if (!defaults._reinstall) { + console.log(chalk.yellow(` Reversa is already installed (v${existing.version}). Use --reinstall=yes to force.\n`)); + return; + } + } else { + console.log(chalk.yellow(` Reversa is already installed (v${existing.version}) in this project.\n`)); + const { default: inquirer } = await import('inquirer'); + const { proceed } = await inquirer.prompt([{ + type: 'confirm', + name: 'proceed', + message: 'Do you want to reinstall / update the configuration?', + default: false, + }]); + if (!proceed) { + console.log(chalk.gray('\n Installation cancelled.\n')); + return; + } } } @@ -64,14 +74,18 @@ ______ // Collect answers let answers; - try { - answers = await runInstallPrompts(detectedEngines); - } catch (err) { - if (err.isTtyError || err.message?.includes('cancel')) { - console.log(chalk.gray('\n Installation cancelled.\n')); - return; + if (isNonInteractive) { + answers = runInstallDefaults(detectedEngines, args); + } else { + try { + answers = await runInstallPrompts(detectedEngines); + } catch (err) { + if (err.isTtyError || err.message?.includes('cancel')) { + console.log(chalk.gray('\n Installation cancelled.\n')); + return; + } + throw err; } - throw err; } const selectedEngines = ENGINES.filter(e => answers.engines.includes(e.id)); @@ -94,11 +108,12 @@ ______ spinner.stop(); // Instalar entry file de cada engine (deduplica arquivos compartilhados) + const entryFileOpts = isNonInteractive ? { mergeStrategy: 'skip' } : {}; const seenEntryFiles = new Set(); for (const engine of selectedEngines) { if (seenEntryFiles.has(engine.entryFile)) continue; seenEntryFiles.add(engine.entryFile); - await writer.installEntryFile(engine); + await writer.installEntryFile(engine, entryFileOpts); } spinner.start('Creating .reversa/ structure...'); diff --git a/lib/installer/prompts.js b/lib/installer/prompts.js index f24f3592..40a6e265 100644 --- a/lib/installer/prompts.js +++ b/lib/installer/prompts.js @@ -3,7 +3,7 @@ import { applyOrangeTheme, ORANGE_PREFIX } from './orange-prompts.js'; applyOrangeTheme(); -const REQUIRED_AGENTS = [ +export const REQUIRED_AGENTS = [ { name: 'Reversa: main orchestrator', value: 'reversa', disabled: true }, { name: 'Scout: reconnaissance', value: 'reversa-scout', disabled: true }, { name: 'Archaeologist: excavation', value: 'reversa-archaeologist', disabled: true }, @@ -12,7 +12,7 @@ const REQUIRED_AGENTS = [ { name: 'Writer: spec generation', value: 'reversa-writer', disabled: true }, ]; -const OPTIONAL_AGENTS = [ +export const OPTIONAL_AGENTS = [ { name: 'Reviewer: spec review and validation', value: 'reversa-reviewer', checked: true }, { name: 'Visor: UI analysis via screenshots', value: 'reversa-visor', checked: true }, { name: 'Data Master: database analysis', value: 'reversa-data-master', checked: true }, @@ -23,6 +23,54 @@ const OPTIONAL_AGENTS = [ const P = { prefix: ORANGE_PREFIX }; +function parseArgValue(args, prefix) { + const arg = args.find(a => a.startsWith(prefix)); + if (!arg) return undefined; + const eqIdx = arg.indexOf('='); + if (eqIdx !== -1) return arg.slice(eqIdx + 1); + return undefined; +} + +export function runInstallDefaults(detectedEngines, args) { + const flagEngines = parseArgValue(args, '--engines'); + const flagProject = parseArgValue(args, '--project'); + const flagUser = parseArgValue(args, '--user'); + const flagChat = parseArgValue(args, '--chat-language'); + const flagDoc = parseArgValue(args, '--doc-language'); + const flagOutput = parseArgValue(args, '--output'); + const flagGit = parseArgValue(args, '--git-strategy'); + const flagAnswer = parseArgValue(args, '--answer-mode'); + const flagAgents = parseArgValue(args, '--agents'); + const flagReinstall = parseArgValue(args, '--reinstall'); + + const selectedEngines = flagEngines + ? detectedEngines.filter(e => flagEngines.split(',').map(s => s.trim()).includes(e.id)) + : detectedEngines.filter(e => e.detected); + + const allEngineIds = selectedEngines.length > 0 + ? selectedEngines.map(e => e.id) + : detectedEngines.slice(0, 1).map(e => e.id); + + const enabledOptionalAgents = flagAgents + ? OPTIONAL_AGENTS.filter(a => flagAgents.split(',').map(s => s.trim()).includes(a.value)) + : OPTIONAL_AGENTS.filter(a => a.checked); + + return { + engines: allEngineIds, + optional_agents: enabledOptionalAgents.map(a => a.value), + project_name: flagProject || process.cwd().split(/[\\/]/).pop(), + user_name: flagUser || 'Developer', + chat_language: flagChat || 'en', + doc_language: flagDoc || 'English', + output_folder: flagOutput || '_reversa_sdd', + git_strategy: flagGit || 'commit', + answer_mode: flagAnswer || 'chat', + agents: [...REQUIRED_AGENTS.map(a => a.value), ...enabledOptionalAgents.map(a => a.value)], + _non_interactive: true, + _reinstall: flagReinstall === 'yes', + }; +} + export async function runInstallPrompts(detectedEngines) { const engineChoices = detectedEngines.map(e => ({ name: `${e.name}${e.star ? ' ⭐' : ''}`, diff --git a/lib/installer/writer.js b/lib/installer/writer.js index bc77710b..3651a8dd 100644 --- a/lib/installer/writer.js +++ b/lib/installer/writer.js @@ -88,7 +88,8 @@ export class Writer { // Instala o arquivo de entrada de uma engine (CLAUDE.md, AGENTS.md, etc.) // force=true: sobrescreve silenciosamente (usado pelo update em arquivos intactos) - async installEntryFile(engine, { force = false } = {}) { + // mergeStrategy='skip'|'merge': define comportamento sem prompt interativo + async installEntryFile(engine, { force = false, mergeStrategy } = {}) { const templatePath = join(TEMPLATES_DIR, 'engines', engine.entryTemplate); const destPath = join(this.projectRoot, engine.entryFile); @@ -110,6 +111,12 @@ export class Writer { return; } + if (mergeStrategy === 'skip') return; + if (mergeStrategy === 'merge') { + appendFileSync(destPath, '\n\n---\n\n' + content, 'utf8'); + return; + } + // Arquivo já existe — perguntar ao usuário (apenas merge ou skip) const strategy = await askMergeStrategy(engine.entryFile); diff --git a/lib/mcp/server.js b/lib/mcp/server.js new file mode 100644 index 00000000..e5fd50c4 --- /dev/null +++ b/lib/mcp/server.js @@ -0,0 +1,156 @@ +import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'; +import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js'; +import { z } from 'zod'; +import { readFileSync, existsSync } from 'fs'; +import { join } from 'path'; + +function readState(projectRoot) { + const statePath = join(projectRoot, '.reversa', 'state.json'); + if (!existsSync(statePath)) return null; + return JSON.parse(readFileSync(statePath, 'utf8')); +} + +function readFileSafe(baseDir, relPath) { + const filePath = join(baseDir, relPath); + if (!existsSync(filePath)) return null; + return readFileSync(filePath, 'utf8'); +} + +function buildConfig() { + const server = new McpServer({ + name: 'reversa', + version: '1.2.14', + }, { + capabilities: { tools: {}, resources: {} }, + }); + + server.tool( + 'reversa_status', + 'Get the current Reversa analysis state for a project', + { + path: z.string().describe('Absolute path to the project directory'), + }, + async ({ path }) => { + const state = readState(path); + if (!state) { + return { + content: [{ type: 'text', text: JSON.stringify({ installed: false, message: 'Reversa is not installed in this project.' }, null, 2) }], + }; + } + return { + content: [{ type: 'text', text: JSON.stringify({ installed: true, ...state }, null, 2) }], + }; + }, + ); + + server.tool( + 'reversa_analyze', + 'Check if a Reversa analysis can be started or resumed on a project', + { + path: z.string().describe('Absolute path to the project directory'), + level: z.enum(['essencial', 'completo', 'detalhado']).optional().describe('Documentation depth level'), + }, + async ({ path, level }) => { + const state = readState(path); + if (!state) { + return { + content: [{ type: 'text', text: JSON.stringify({ + error: 'Reversa not installed', + message: `Open the project in the AI agent and type "reversa". The skill will set up the state automatically.`, + }, null, 2) }], + }; + } + return { + content: [{ type: 'text', text: JSON.stringify({ + status: 'ready', + phase: state.phase, + completed: state.completed || [], + pending: state.pending || [], + message: `Reversa analysis is at phase "${state.phase}". Open the project in the AI agent and type "reversa" to resume.`, + doc_level: level || state.doc_level || 'completo', + }, null, 2) }], + }; + }, + ); + + server.tool( + 'reversa_confidence', + 'Get the confidence report from a completed or in-progress Reversa analysis', + { + path: z.string().describe('Absolute path to the project directory'), + }, + async ({ path }) => { + const outputFolder = '_reversa_sdd'; + const content = readFileSafe(path, join(outputFolder, 'confidence-report.md')); + if (!content) { + return { + content: [{ type: 'text', text: JSON.stringify({ + error: 'No confidence report found', + message: 'Run the Reversa analysis pipeline first.', + }, null, 2) }], + }; + } + return { + content: [{ type: 'text', text: content.substring(0, 8000) }], + }; + }, + ); + + server.resource( + 'reversa-state', + 'reversa://state', + async (uri) => { + const projectRoot = process.cwd(); + const state = readState(projectRoot); + return { + contents: [{ + uri: uri.href, + mimeType: 'application/json', + text: JSON.stringify(state || { installed: false }, null, 2), + }], + }; + }, + ); + + server.resource( + 'reversa-inventory', + 'reversa://inventory', + async (uri) => { + const projectRoot = process.cwd(); + const content = readFileSafe(projectRoot, '_reversa_sdd/inventory.md'); + return { + contents: [{ + uri: uri.href, + mimeType: 'text/markdown', + text: content || '# No inventory found\nRun the Reversa analysis pipeline first.', + }], + }; + }, + ); + + server.prompt( + 'reversa-new-analysis', + 'Start a new Reversa analysis of a project', + { + path: z.string().describe('Absolute path to the project directory'), + level: z.enum(['essencial', 'completo', 'detalhado']).default('completo'), + }, + async ({ path, level }) => ({ + messages: [{ + role: 'user', + content: { + type: 'text', + text: `I want to run a Reversa analysis on the project at ${path} with documentation level ${level}. Please activate the Reversa orchestrator by typing "reversa" and guide me through the process.`, + }, + }], + }), + ); + + return server; +} + +export default async function startMcpServer() { + const server = buildConfig(); + const transport = new StdioServerTransport(); + await server.connect(transport); +} diff --git a/package-lock.json b/package-lock.json index 63f1764c..80aca006 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,14 +1,15 @@ { "name": "reversa", - "version": "1.2.12", + "version": "1.2.14", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "reversa", - "version": "1.2.12", + "version": "1.2.14", "license": "MIT", "dependencies": { + "@modelcontextprotocol/sdk": "^1.29.0", "chalk": "^5.3.0", "inquirer": "^9.2.0", "ora": "^7.0.1", @@ -21,6 +22,18 @@ "node": ">=18.0.0" } }, + "node_modules/@hono/node-server": { + "version": "1.19.14", + "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.14.tgz", + "integrity": "sha512-GwtvgtXxnWsucXvbQXkRgqksiH2Qed37H9xHZocE5sA3N8O8O8/8FA3uclQXxXVzc9XBZuEOMK7+r02FmSpHtw==", + "license": "MIT", + "engines": { + "node": ">=18.14.1" + }, + "peerDependencies": { + "hono": "^4" + } + }, "node_modules/@inquirer/external-editor": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/@inquirer/external-editor/-/external-editor-1.0.3.tgz", @@ -51,6 +64,92 @@ "node": ">=18" } }, + "node_modules/@modelcontextprotocol/sdk": { + "version": "1.29.0", + "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.29.0.tgz", + "integrity": "sha512-zo37mZA9hJWpULgkRpowewez1y6ML5GsXJPY8FI0tBBCd77HEvza4jDqRKOXgHNn867PVGCyTdzqpz0izu5ZjQ==", + "license": "MIT", + "dependencies": { + "@hono/node-server": "^1.19.9", + "ajv": "^8.17.1", + "ajv-formats": "^3.0.1", + "content-type": "^1.0.5", + "cors": "^2.8.5", + "cross-spawn": "^7.0.5", + "eventsource": "^3.0.2", + "eventsource-parser": "^3.0.0", + "express": "^5.2.1", + "express-rate-limit": "^8.2.1", + "hono": "^4.11.4", + "jose": "^6.1.3", + "json-schema-typed": "^8.0.2", + "pkce-challenge": "^5.0.0", + "raw-body": "^3.0.0", + "zod": "^3.25 || ^4.0", + "zod-to-json-schema": "^3.25.1" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@cfworker/json-schema": "^4.1.1", + "zod": "^3.25 || ^4.0" + }, + "peerDependenciesMeta": { + "@cfworker/json-schema": { + "optional": true + }, + "zod": { + "optional": false + } + } + }, + "node_modules/accepts": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz", + "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==", + "license": "MIT", + "dependencies": { + "mime-types": "^3.0.0", + "negotiator": "^1.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/ajv": { + "version": "8.20.0", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.20.0.tgz", + "integrity": "sha512-Thbli+OlOj+iMPYFBVBfJ3OmCAnaSyNn4M1vz9T6Gka5Jt9ba/HIR56joy65tY6kx/FCF5VXNB819Y7/GUrBGA==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-formats": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-3.0.1.tgz", + "integrity": "sha512-8iUql50EUR+uUcdRQ3HDqa6EVyo3docL8g5WJ3FNcWmu62IbkGUue/pEyLBW8VGKKucTPgqeks4fIU1DA4yowQ==", + "license": "MIT", + "dependencies": { + "ajv": "^8.0.0" + }, + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + } + } + }, "node_modules/ansi-escapes": { "version": "4.3.2", "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", @@ -121,6 +220,30 @@ "readable-stream": "^3.4.0" } }, + "node_modules/body-parser": { + "version": "2.2.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.2.tgz", + "integrity": "sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==", + "license": "MIT", + "dependencies": { + "bytes": "^3.1.2", + "content-type": "^1.0.5", + "debug": "^4.4.3", + "http-errors": "^2.0.0", + "iconv-lite": "^0.7.0", + "on-finished": "^2.4.1", + "qs": "^6.14.1", + "raw-body": "^3.0.1", + "type-is": "^2.0.1" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/buffer": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz", @@ -145,6 +268,44 @@ "ieee754": "^1.2.1" } }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/chalk": { "version": "5.6.2", "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.6.2.tgz", @@ -226,6 +387,94 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "license": "MIT" }, + "node_modules/content-disposition": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.1.0.tgz", + "integrity": "sha512-5jRCH9Z/+DRP7rkvY83B+yGIGX96OYdJmzngqnw2SBSxqCFPd0w2km3s5iawpGX8krnwSGmF0FW5Nhr0Hfai3g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz", + "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==", + "license": "MIT", + "engines": { + "node": ">=6.6.0" + } + }, + "node_modules/cors": { + "version": "2.8.6", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz", + "integrity": "sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, "node_modules/defaults": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/defaults/-/defaults-1.0.4.tgz", @@ -238,18 +487,302 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/eastasianwidth": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", "license": "MIT" }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, "node_modules/emoji-regex": { "version": "8.0.0", "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", "license": "MIT" }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/eventsource": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-3.0.7.tgz", + "integrity": "sha512-CRT1WTyuQoD771GW56XEZFQ/ZoSfWid1alKGDYMmkt2yl8UXrVR4pspqWNEcqKvVIzg6PAltWjxcSSPrboA4iA==", + "license": "MIT", + "dependencies": { + "eventsource-parser": "^3.0.1" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/eventsource-parser": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/eventsource-parser/-/eventsource-parser-3.0.8.tgz", + "integrity": "sha512-70QWGkr4snxr0OXLRWsFLeRBIRPuQOvt4s8QYjmUlmlkyTZkRqS7EDVRZtzU3TiyDbXSzaOeF0XUKy8PchzukQ==", + "license": "MIT", + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/express": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz", + "integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==", + "license": "MIT", + "dependencies": { + "accepts": "^2.0.0", + "body-parser": "^2.2.1", + "content-disposition": "^1.0.0", + "content-type": "^1.0.5", + "cookie": "^0.7.1", + "cookie-signature": "^1.2.1", + "debug": "^4.4.0", + "depd": "^2.0.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "finalhandler": "^2.1.0", + "fresh": "^2.0.0", + "http-errors": "^2.0.0", + "merge-descriptors": "^2.0.0", + "mime-types": "^3.0.0", + "on-finished": "^2.4.1", + "once": "^1.4.0", + "parseurl": "^1.3.3", + "proxy-addr": "^2.0.7", + "qs": "^6.14.0", + "range-parser": "^1.2.1", + "router": "^2.2.0", + "send": "^1.1.0", + "serve-static": "^2.2.0", + "statuses": "^2.0.1", + "type-is": "^2.0.1", + "vary": "^1.1.2" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express-rate-limit": { + "version": "8.4.1", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.4.1.tgz", + "integrity": "sha512-NGVYwQSAyEQgzxX1iCM978PP9AdO/hW93gMcF6ZwQCm+rFvLsBH6w4xcXWTcliS8La5EPRN3p9wzItqBwJrfNw==", + "license": "MIT", + "dependencies": { + "ip-address": "10.1.0" + }, + "engines": { + "node": ">= 16" + }, + "funding": { + "url": "https://github.com/sponsors/express-rate-limit" + }, + "peerDependencies": { + "express": ">= 4.11" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "license": "MIT" + }, + "node_modules/fast-uri": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", + "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fastify" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/fastify" + } + ], + "license": "BSD-3-Clause" + }, + "node_modules/finalhandler": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.1.tgz", + "integrity": "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "on-finished": "^2.4.1", + "parseurl": "^1.3.3", + "statuses": "^2.0.1" + }, + "engines": { + "node": ">= 18.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz", + "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/has-flag": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", @@ -259,6 +792,59 @@ "node": ">=8" } }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz", + "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/hono": { + "version": "4.12.16", + "resolved": "https://registry.npmjs.org/hono/-/hono-4.12.16.tgz", + "integrity": "sha512-jN0ZewiNAWSe5khM3EyCmBb250+b40wWbwNILNfEvq84VREWwOIkuUsFONk/3i3nqkz7Oe1PcpM2mwQEK2L9Kg==", + "license": "MIT", + "engines": { + "node": ">=16.9.0" + } + }, + "node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/iconv-lite": { "version": "0.7.2", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz", @@ -460,6 +1046,24 @@ "node": ">=8" } }, + "node_modules/ip-address": { + "version": "10.1.0", + "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.1.0.tgz", + "integrity": "sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==", + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, "node_modules/is-fullwidth-code-point": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", @@ -481,6 +1085,12 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/is-promise": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", + "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==", + "license": "MIT" + }, "node_modules/is-unicode-supported": { "version": "1.3.0", "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-1.3.0.tgz", @@ -493,6 +1103,33 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "license": "ISC" + }, + "node_modules/jose": { + "version": "6.2.3", + "resolved": "https://registry.npmjs.org/jose/-/jose-6.2.3.tgz", + "integrity": "sha512-YYVDInQKFJfR/xa3ojUTl8c2KoTwiL1R5Wg9YCydwH0x0B9grbzlg5HC7mMjCtUJjbQ/YnGEZIhI5tCgfTb4Hw==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/panva" + } + }, + "node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "license": "MIT" + }, + "node_modules/json-schema-typed": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/json-schema-typed/-/json-schema-typed-8.0.2.tgz", + "integrity": "sha512-fQhoXdcvc3V28x7C7BMs4P5+kNlgUURe2jmUT1T//oBRMDrqy1QPelJimwZGo7Hg9VPV3EQV5Bnq4hbFy2vetA==", + "license": "BSD-2-Clause" + }, "node_modules/log-symbols": { "version": "5.1.0", "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-5.1.0.tgz", @@ -509,6 +1146,61 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", + "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/merge-descriptors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz", + "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==", + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz", + "integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==", + "license": "MIT", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">=18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/mimic-fn": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", @@ -518,6 +1210,12 @@ "node": ">=6" } }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, "node_modules/mute-stream": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz", @@ -527,6 +1225,57 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/negotiator": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz", + "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, "node_modules/onetime": { "version": "5.1.2", "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", @@ -615,6 +1364,95 @@ "url": "https://github.com/chalk/strip-ansi?sponsor=1" } }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-to-regexp": { + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz", + "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/pkce-challenge": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/pkce-challenge/-/pkce-challenge-5.0.1.tgz", + "integrity": "sha512-wQ0b/W4Fr01qtpHlqSqspcj3EhBvimsdh0KlHhH8HRZnMsEa0ea2fTULOXOS9ccQr3om+GcGRk4e+isrZWV8qQ==", + "license": "MIT", + "engines": { + "node": ">=16.20.0" + } + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/qs": { + "version": "6.15.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz", + "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz", + "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.7.0", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.10" + } + }, "node_modules/readable-stream": { "version": "3.6.2", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", @@ -629,6 +1467,15 @@ "node": ">= 6" } }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/restore-cursor": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-4.0.0.tgz", @@ -645,6 +1492,22 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/router": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz", + "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.0", + "depd": "^2.0.0", + "is-promise": "^4.0.0", + "parseurl": "^1.3.3", + "path-to-regexp": "^8.0.0" + }, + "engines": { + "node": ">= 18" + } + }, "node_modules/run-async": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/run-async/-/run-async-3.0.0.tgz", @@ -701,12 +1564,165 @@ "node": ">=10" } }, + "node_modules/send": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz", + "integrity": "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==", + "license": "MIT", + "dependencies": { + "debug": "^4.4.3", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "fresh": "^2.0.0", + "http-errors": "^2.0.1", + "mime-types": "^3.0.2", + "ms": "^2.1.3", + "on-finished": "^2.4.1", + "range-parser": "^1.2.1", + "statuses": "^2.0.2" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/serve-static": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.1.tgz", + "integrity": "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "parseurl": "^1.3.3", + "send": "^1.2.0" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz", + "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/signal-exit": { "version": "3.0.7", "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", "license": "ISC" }, + "node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/stdin-discarder": { "version": "0.1.0", "resolved": "https://registry.npmjs.org/stdin-discarder/-/stdin-discarder-0.1.0.tgz", @@ -769,6 +1785,15 @@ "node": ">=8" } }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, "node_modules/tslib": { "version": "2.8.1", "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", @@ -787,12 +1812,44 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/type-is": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", + "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==", + "license": "MIT", + "dependencies": { + "content-type": "^1.0.5", + "media-typer": "^1.1.0", + "mime-types": "^3.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/util-deprecate": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", "license": "MIT" }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/wcwidth": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz", @@ -802,6 +1859,21 @@ "defaults": "^1.0.3" } }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, "node_modules/wrap-ansi": { "version": "6.2.0", "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", @@ -816,6 +1888,12 @@ "node": ">=8" } }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "license": "ISC" + }, "node_modules/yoctocolors-cjs": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/yoctocolors-cjs/-/yoctocolors-cjs-2.1.3.tgz", @@ -827,6 +1905,24 @@ "funding": { "url": "https://github.com/sponsors/sindresorhus" } + }, + "node_modules/zod": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.4.1.tgz", + "integrity": "sha512-a6ENMBBGZBsnlSebQ/eKCguSBeGKSf4O7BPnqVPmYGtpBYI7VSqoVqw+QcB7kPRjbqPwhYTpFbVj/RqNz/CT0Q==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, + "node_modules/zod-to-json-schema": { + "version": "3.25.2", + "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.25.2.tgz", + "integrity": "sha512-O/PgfnpT1xKSDeQYSCfRI5Gy3hPf91mKVDuYLUHZJMiDFptvP41MSnWofm8dnCm0256ZNfZIM7DSzuSMAFnjHA==", + "license": "ISC", + "peerDependencies": { + "zod": "^3.25.28 || ^4" + } } } } diff --git a/package.json b/package.json index 9873cf21..2aa0f8da 100644 --- a/package.json +++ b/package.json @@ -39,6 +39,7 @@ "node": ">=18.0.0" }, "dependencies": { + "@modelcontextprotocol/sdk": "^1.29.0", "chalk": "^5.3.0", "inquirer": "^9.2.0", "ora": "^7.0.1", From 6680501015f689235ec07ac49c6d13f4cae2b415 Mon Sep 17 00:00:00 2001 From: Nova Corp Date: Sat, 2 May 2026 10:23:17 -0400 Subject: [PATCH 2/2] feat: add Security Auditor agent New agent persona for vulnerability scanning, secrets detection, auth/authorization auditing, input validation review, crypto review, and OWASP Top 10 mapping. - Added agents/reversa-security-auditor/SKILL.md with full persona - Registered in lib/installer/prompts.js as optional agent - Registered in lib/commands/add-agent.js for post-install addition - Added to templates/plan.md as an Independent Agent Closes: #new-agent-security-auditor --- agents/reversa-security-auditor/SKILL.md | 156 ++++++++++++++++++ .../references/.gitkeep | 0 lib/commands/add-agent.js | 1 + lib/installer/prompts.js | 1 + templates/plan.md | 1 + 5 files changed, 159 insertions(+) create mode 100644 agents/reversa-security-auditor/SKILL.md create mode 100644 agents/reversa-security-auditor/references/.gitkeep diff --git a/agents/reversa-security-auditor/SKILL.md b/agents/reversa-security-auditor/SKILL.md new file mode 100644 index 00000000..cde1154f --- /dev/null +++ b/agents/reversa-security-auditor/SKILL.md @@ -0,0 +1,156 @@ +--- +name: reversa-security-auditor +description: Realiza auditoria de segurança no sistema legado — análise de vulnerabilidades, varredura de segredos, revisão de autenticação/autorização, validação de entrada, criptografia e conformidade com OWASP. Use como agente independente em qualquer fase da análise de engenharia reversa após a conclusão do Scout. +license: MIT +compatibility: Claude Code, Codex, Cursor, Gemini CLI e demais agentes compatíveis com Agent Skills. +metadata: + author: sandeco + version: "1.0.0" + framework: reversa + phase: independente +--- + +Você é o Security Auditor. Sua missão é examinar o sistema legado em busca de vulnerabilidades de segurança — com base estritamente no que o código revela, sem executar ou modificar o sistema. + +## Antes de começar + +Leia `.reversa/state.json` → campos `output_folder` (padrão: `_reversa_sdd`) e `doc_level` (padrão: `completo`). Use `output_folder` como pasta de saída. + +Leia os artefatos do Scout e do Detective na pasta de saída e em `.reversa/context/` — especialmente `dependencies.md`, `surface.json`, `permissions.md` e `domain.md`. + +## Nível de documentação + +| Artefato | essencial | completo | detalhado | +|----------|-----------|----------|-----------| +| `security/audit.md` | sim (pincelada geral) | sim (por componente) | sim (por componente + linha) | +| `security/secrets-scan.md` | sim | sim | sim | +| `security/vulnerabilities.md` | não | sim | sim (com CVSS estimado) | + +## Processo + +### 1. Varredura de dependências vulneráveis (SCA) + +Use o `dependencies.md` gerado pelo Scout como ponto de partida. Para cada dependência: + +- Identifique a versão instalada +- Verifique se há CVEs conhecidos (busque na memória — não faça chamadas externas) +- Classifique o risco com base na severidade conhecida e no contexto de uso no código +- Destaque dependências: (a) com CVEs públicos, (b) sem suporte/end-of-life, (c) versões muito antigas + +> 🟡 **INFERIDO** — sem consulta a banco de CVEs em tempo real, esta análise é baseada em conhecimento geral de vulnerabilidades conhecidas. + +### 2. Varredura de segredos hardcoded + +Examine o código-fonte (excluindo `.reversa/`, `_reversa_sdd/`, `node_modules/`, `dist/`, `build/`) em busca de: + +- Chaves de API, tokens de acesso gravados em código +- Senhas em texto claro em arquivos de configuração (`.env`, `config/*.php`, `settings.*`) +- Strings de conexão com credenciais embutidas +- Chaves privadas ou certificados no repositório (`*.key`, `*.pem`, `*.pfx`) +- URLs de endpoints internos com credenciais (`https://user:pass@host/`) +- Secrets commitados em histórico Git (commits com tokens expostos) + +**Atenção especial:** arquivos `.env`, `.env.example`, `.env.*` — se estiverem versionados. `.env` real com credenciais = 🔴 CRÍTICO. `.env.example` sem valores reais = 🟢 seguro. + +### 3. Auditoria de autenticação e autorização + +Analise os mecanismos de autenticação e controle de acesso: + +- **Autenticação:** + - Como as senhas são armazenadas? (hash com salt / hash sem salt / texto claro / não implementado) + - Existe JWT, session cookies, tokens de API, ou autenticação básica? + - Há proteção contra brute force? (rate limiting, lockout, captcha) + - Como funciona o fluxo de reset de senha? + - MFA está implementado? + +- **Autorização:** + - Existe middleware/guard de autorização? + - As permissões são verificadas em cada endpoint ou apenas no frontend? + - Há RBAC/ABAC implementado? Como é validado? + - Existem endpoints sem proteção que deveriam ter? + +Use a `permissions.md` do Detective como referência, mas **não se limite a ela** — o Detective documenta permissões como *features de negócio*, você as audita como *controles de segurança*. + +### 4. Validação de entrada e proteção contra injeção + +Examine como a aplicação lida com entrada de usuário: + +- **SQL Injection:** Parâmetros de query são interpolados diretamente em SQL ou usam ORM/prepared statements? Procure string concatenation em queries, `raw()` calls, `query()` com variáveis interpoladas. +- **XSS:** Dados de usuário são escapados antes de renderizar no frontend? Templates usam escaping automático? (`{{ }}` vs `{! !}`) +- **Command Injection:** `exec()`, `system()`, `shell_exec()`, `child_process.exec()` com entrada de usuário? +- **Path Traversal:** Operações de arquivo usam caminhos fornecidos pelo usuário sem sanitização? +- **Serialização insegura:** `pickle.loads()`, `JSON.parse()` em desserialização de dados não confiáveis, `eval()` em input de usuário? +- **Injeção de template:** Server-Side Template Injection (SSTI) em motores como Jinja2, Handlebars, Pug? + +### 5. Revisão de criptografia + +- Algoritmos usados (AES, RSA, bcrypt, argon2, SHA-256 vs MD5/SHA1 para segurança) +- Implementações customizadas de criptografia (⚠️ quase sempre problemáticas) +- Uso de HTTPS/TLS — configurações de servidor, certificados +- Armazenamento seguro de segredos (variáveis de ambiente vs arquivos vs cofre) +- Hashing de senhas — algoritmo + fator de trabalho (cost/rounds) +- Proteção de dados sensíveis em logs (dados mascarados?) + +### 6. Gerenciamento de sessão + +- Como as sessões são criadas, armazenadas e invalidadas? +- Token expiração e renovação (refresh tokens? rotação?) +- Sessões HTTP: Secure + HttpOnly + SameSite flags nos cookies +- CSRF protection implementada? +- Session fixation possível? + +### 7. Segurança de API (se aplicável) + +Se OpenAPI/REST/GraphQL endpoints foram identificados: + +- Autenticação documentada vs real — há discrepâncias? +- Rate limiting presente? +- CORS configurado corretamente? (origens específicas vs `*`) +- Input validation por endpoint +- Mass assignment / object injection via API params + +### 8. Checklist OWASP Top 10 + +Ao final, mapeie os achados contra o OWASP Top 10 atual (2021): + +| # | Categoria | Status | +|---|-----------|--------| +| A01 | Broken Access Control | 🟢 / 🟡 / 🔴 | +| A02 | Cryptographic Failures | 🟢 / 🟡 / 🔴 | +| A03 | Injection | 🟢 / 🟡 / 🔴 | +| A04 | Insecure Design | 🟢 / 🟡 / 🔴 | +| A05 | Security Misconfiguration | 🟢 / 🟡 / 🔴 | +| A06 | Vulnerable and Outdated Components | 🟢 / 🟡 / 🔴 | +| A07 | Identification and Authentication Failures | 🟢 / 🟡 / 🔴 | +| A08 | Software and Data Integrity Failures | 🟢 / 🟡 / 🔴 | +| A09 | Security Logging and Monitoring Failures | 🟢 / 🟡 / 🔴 | +| A10 | Server-Side Request Forgery (SSRF) | 🟢 / 🟡 / 🔴 | + +Use 🟢 se não há evidência do problema, 🟡 se há indícios parciais ou configuração questionável, 🔴 se o problema foi confirmado. + +## Saída + +**Sempre:** +- `_reversa_sdd/security/audit.md` — relatório completo de auditoria, organizado por seção (dependências, secrets, auth, input validation, crypto, sessão, API) com cada achado classificado por severidade e com referência ao arquivo/linha de origem + +**Sempre:** +- `_reversa_sdd/security/secrets-scan.md` — lista de segredos encontrados, cada um com localização exata (arquivo:linha), tipo (API key, password, token, private key) e severidade (🔴 crítico / 🟡 alto / 🟢 baixo) + +**Condicionais por `doc_level`:** +- `_reversa_sdd/security/vulnerabilities.md` — se `completo` ou `detalhado`: análise de CVEs conhecidos por dependência (com severidade estimada) + lista priorizada de remediações. Se `detalhado`, inclua CVSS estimado para cada CVE. + +## Escala de confiança + +Seja rigoroso — muito aqui será 🟡 INFERIDO. +- 🟢 **CONFIRMADO** — vulnerabilidade confirmada por código, arquivo e linha citados +- 🟡 **INFERIDO** — padrão suspeito mas sem confirmação, ou ausência de evidência (falta de validação é difícil de provar) +- 🔴 **LACUNA** — não é possível determinar do código (exige teste dinâmico) + +## Regras importantes + +- **Nunca execute o sistema.** Toda análise é estática — baseada no código-fonte e artefatos existentes. +- **Nunca invente vulnerabilidades.** Se um padrão é potencialmente inseguro, marque como 🟡 INFERIDO e explique o risco. Não diga que algo é vulnerável sem evidência de código. +- **Priorize por severidade.** Comece pelos achados mais críticos (segredos expostos, SQL injection, hardcoded credentials) e termine com os de menor risco. +- **Se houver 🔴 LACUNA severa que impeça uma conclusão definitiva, informe ao Reversa como lacuna priorizada.** + +Informe ao Reversa ao concluir: número de achados por severidade, segredos encontrados (se houver), OWASP categorias comprometidas, e recomendações prioritárias. diff --git a/agents/reversa-security-auditor/references/.gitkeep b/agents/reversa-security-auditor/references/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/lib/commands/add-agent.js b/lib/commands/add-agent.js index 569250d0..82b004bf 100644 --- a/lib/commands/add-agent.js +++ b/lib/commands/add-agent.js @@ -22,6 +22,7 @@ const AGENT_LABELS = { 'reversa-visor': 'Visor: UI analysis via screenshots', 'reversa-data-master': 'Data Master: database analysis', 'reversa-design-system': 'Design System: design tokens and themes', + 'reversa-security-auditor': 'Security Auditor: vulnerability scan, secrets detection, auth audit, OWASP review', }; export default async function addAgent(args) { diff --git a/lib/installer/prompts.js b/lib/installer/prompts.js index 40a6e265..ee9f8372 100644 --- a/lib/installer/prompts.js +++ b/lib/installer/prompts.js @@ -17,6 +17,7 @@ export const OPTIONAL_AGENTS = [ { name: 'Visor: UI analysis via screenshots', value: 'reversa-visor', checked: true }, { name: 'Data Master: database analysis', value: 'reversa-data-master', checked: true }, { name: 'Design System: design tokens and themes', value: 'reversa-design-system', checked: true }, + { name: 'Security Auditor: vulnerability scan, secrets detection, auth audit, OWASP review', value: 'reversa-security-auditor', checked: true }, { name: 'Agents Help: explains agents with analogies', value: 'reversa-agents-help', checked: true }, { name: 'Reconstructor: rebuilds the software from generated specs', value: 'reversa-reconstructor', checked: true }, ]; diff --git a/templates/plan.md b/templates/plan.md index 2869957f..89228463 100644 --- a/templates/plan.md +++ b/templates/plan.md @@ -50,3 +50,4 @@ - [ ] **Data Master** — Análise completa do banco de dados - [ ] **Design System** — Extração de tokens de design - [ ] **Tracer** — Análise dinâmica (requer sistema acessível) +- [ ] **Security Auditor** — Varredura de vulnerabilidades, segredos, auditoria de auth e OWASP (após Scout/Detective)