feat: migrate to use MCP tools instead of helper scripts

2025-10-23 11:56:47 -07:00
parent cfe8dc8bc8
commit eae0b8d654
46 changed files with 1444 additions and 381 deletions
@@ -0,0 +1,6 @@
+/**
+ * Validation layer barrel export
+ */
+
+export * from './queue-validator.js';
+export * from './totp-validator.js';
@@ -0,0 +1,51 @@
+/**
+ * Queue Validator
+ *
+ * Validates JSON structure for vulnerability queue files.
+ * Ported from tools/save_deliverable.js (lines 56-75).
+ */
+
+/**
+ * @typedef {Object} ValidationResult
+ * @property {boolean} valid
+ * @property {string} [message]
+ * @property {Object} [data]
+ */
+
+/**
+ * Validate JSON structure for queue files
+ * Queue files must have a 'vulnerabilities' array
+ *
+ * @param {string} content - JSON string to validate
+ * @returns {ValidationResult} ValidationResult with valid flag, optional error message, and parsed data
+ */
+export function validateQueueJson(content) {
+  try {
+    const parsed = JSON.parse(content);
+
+    // Queue files must have a 'vulnerabilities' array
+    if (!parsed.vulnerabilities) {
+      return {
+        valid: false,
+        message: `Invalid queue structure: Missing 'vulnerabilities' property. Expected: {"vulnerabilities": [...]}`,
+      };
+    }
+
+    if (!Array.isArray(parsed.vulnerabilities)) {
+      return {
+        valid: false,
+        message: `Invalid queue structure: 'vulnerabilities' must be an array. Expected: {"vulnerabilities": [...]}`,
+      };
+    }
+
+    return {
+      valid: true,
+      data: parsed,
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      message: `Invalid JSON: ${error instanceof Error ? error.message : String(error)}`,
+    };
+  }
+}
@@ -0,0 +1,71 @@
+/**
+ * TOTP Validator
+ *
+ * Validates TOTP secrets and provides base32 decoding.
+ * Ported from tools/generate-totp-standalone.mjs (lines 43-72).
+ */
+
+/**
+ * Base32 decode function
+ * Ported from generate-totp-standalone.mjs
+ *
+ * @param {string} encoded - Base32 encoded string
+ * @returns {Buffer} Buffer containing decoded bytes
+ */
+export function base32Decode(encoded) {
+  const alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+  const cleanInput = encoded.toUpperCase().replace(/[^A-Z2-7]/g, '');
+
+  if (cleanInput.length === 0) {
+    return Buffer.alloc(0);
+  }
+
+  const output = [];
+  let bits = 0;
+  let value = 0;
+
+  for (const char of cleanInput) {
+    const index = alphabet.indexOf(char);
+    if (index === -1) {
+      throw new Error(`Invalid base32 character: ${char}`);
+    }
+
+    value = (value << 5) | index;
+    bits += 5;
+
+    if (bits >= 8) {
+      output.push((value >>> (bits - 8)) & 255);
+      bits -= 8;
+    }
+  }
+
+  return Buffer.from(output);
+}
+
+/**
+ * Validate TOTP secret
+ * Must be base32-encoded string
+ *
+ * @param {string} secret - Secret to validate
+ * @returns {boolean} true if valid, throws Error if invalid
+ */
+export function validateTotpSecret(secret) {
+  if (!secret || secret.length === 0) {
+    throw new Error('TOTP secret cannot be empty');
+  }
+
+  // Check if it's valid base32 (only A-Z and 2-7, case-insensitive)
+  const base32Regex = /^[A-Z2-7]+$/i;
+  if (!base32Regex.test(secret.replace(/[^A-Z2-7]/gi, ''))) {
+    throw new Error('TOTP secret must be base32-encoded (characters A-Z and 2-7)');
+  }
+
+  // Try to decode to ensure it's valid
+  try {
+    base32Decode(secret);
+  } catch (error) {
+    throw new Error(`Invalid TOTP secret: ${error instanceof Error ? error.message : String(error)}`);
+  }
+
+  return true;
+}