Initial commit

Author: jdalton

.config/eslint.config.mjs

@@ -0,0 +1,261 @@
+import { createRequire } from 'node:module'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+
+import {
+  convertIgnorePatternToMinimatch,
+  includeIgnoreFile,
+} from '@eslint/compat'
+import jsPlugin from '@eslint/js'
+import { flatConfigs as origImportXFlatConfigs } from 'eslint-plugin-import-x'
+import nodePlugin from 'eslint-plugin-n'
+import sortDestructureKeysPlugin from 'eslint-plugin-sort-destructure-keys'
+import unicornPlugin from 'eslint-plugin-unicorn'
+import globals from 'globals'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = path.dirname(__filename)
+const require = createRequire(import.meta.url)
+
+// Get maintained Node versions
+const getMaintainedNodeVersions = () => ['18', '20', '22', '24']
+
+const rootPath = path.dirname(__dirname)
+
+const nodeGlobalsConfig = Object.fromEntries(
+  Object.entries(globals.node).map(([k]) => [k, 'readonly']),
+)
+
+const biomeConfigPath = path.join(rootPath, 'biome.json')
+const biomeConfig = require(biomeConfigPath)
+const biomeIgnores = {
+  name: 'Imported biome.json ignore patterns',
+  ignores: biomeConfig.files.includes
+    .filter(p => p.startsWith('!'))
+    .map(p => convertIgnorePatternToMinimatch(p.slice(1))),
+}
+
+const gitignorePath = path.join(rootPath, '.gitignore')
+const gitIgnores = {
+  ...includeIgnoreFile(gitignorePath),
+  name: 'Imported .gitignore ignore patterns',
+}
+
+const sharedPlugins = {
+  ...nodePlugin.configs['flat/recommended-script'].plugins,
+  'sort-destructure-keys': sortDestructureKeysPlugin,
+  unicorn: unicornPlugin,
+}
+
+const sharedRules = {
+  'n/exports-style': ['error', 'module.exports'],
+  'n/no-missing-require': ['off'],
+  'n/no-process-exit': 'error',
+  'n/no-unpublished-bin': 'error',
+  'n/no-unsupported-features/es-builtins': 'error',
+  'n/no-unsupported-features/es-syntax': [
+    'error',
+    {
+      ignores: ['promise-withresolvers'],
+      version: getMaintainedNodeVersions().current,
+    },
+  ],
+  'n/no-unsupported-features/node-builtins': [
+    'error',
+    {
+      ignores: [
+        'test',
+        'test.describe',
+        'ReadableStream',
+        'events.getMaxListeners',
+      ],
+      version: '>=24.10.0',
+    },
+  ],
+  'n/prefer-node-protocol': 'error',
+  'unicorn/consistent-function-scoping': 'error',
+  curly: 'error',
+  'line-comment-position': ['error', { position: 'above' }],
+  'no-await-in-loop': 'error',
+  'no-control-regex': 'off',
+  'no-empty': ['error', { allowEmptyCatch: true }],
+  'no-new': 'error',
+  'no-proto': 'error',
+  'no-undef': 'error',
+  'no-unexpected-multiline': 'off',
+  'no-unused-vars': [
+    'error',
+    {
+      argsIgnorePattern: '^_|^this$',
+      ignoreRestSiblings: true,
+      varsIgnorePattern: '^_',
+    },
+  ],
+  'no-var': 'error',
+  'no-warning-comments': ['warn', { terms: ['fixme'] }],
+  'prefer-const': 'error',
+  'sort-destructure-keys/sort-destructure-keys': 'error',
+  'sort-imports': 'off',
+}
+
+const sharedRulesForImportX = {
+  ...origImportXFlatConfigs.recommended.rules,
+  'import-x/extensions': [
+    'error',
+    'never',
+    {
+      cjs: 'ignorePackages',
+      js: 'ignorePackages',
+      json: 'always',
+      mjs: 'ignorePackages',
+    },
+  ],
+  'import-x/no-unresolved': [
+    'error',
+    {
+      // Ignore @socketsecurity subpaths - resolved by runtime loader
+      ignore: ['^@socketsecurity/'],
+    },
+  ],
+  'import-x/order': [
+    'warn',
+    {
+      groups: [
+        'builtin',
+        'external',
+        'internal',
+        ['parent', 'sibling', 'index'],
+        'type',
+      ],
+      pathGroups: [
+        {
+          pattern: '@socket{registry,security}/**',
+          group: 'internal',
+        },
+      ],
+      pathGroupsExcludedImportTypes: ['type'],
+      'newlines-between': 'always',
+      alphabetize: {
+        order: 'asc',
+      },
+    },
+  ],
+}
+
+function getImportXFlatConfigs(isEsm) {
+  return {
+    recommended: {
+      ...origImportXFlatConfigs.recommended,
+      languageOptions: {
+        ...origImportXFlatConfigs.recommended.languageOptions,
+        ecmaVersion: 'latest',
+        sourceType: isEsm ? 'module' : 'script',
+      },
+      rules: {
+        ...sharedRulesForImportX,
+        'import-x/no-named-as-default-member': 'off',
+      },
+    },
+    typescript: {
+      ...origImportXFlatConfigs.typescript,
+      plugins: origImportXFlatConfigs.recommended.plugins,
+      settings: {
+        ...origImportXFlatConfigs.typescript.settings,
+      },
+      rules: {
+        ...sharedRulesForImportX,
+        // TypeScript compilation already ensures that named imports exist in
+        // the referenced module.
+        'import-x/named': 'off',
+        'import-x/no-named-as-default-member': 'off',
+        'import-x/no-unresolved': 'off',
+      },
+    },
+  }
+}
+
+const importFlatConfigsForScript = getImportXFlatConfigs(false)
+const importFlatConfigsForModule = getImportXFlatConfigs(true)
+
+export default [
+  biomeIgnores,
+  gitIgnores,
+  {
+    ignores: [
+      // Dot folders.
+      '.*/**',
+      // Nested directories.
+      '**/build/**',
+      '**/coverage/**',
+      '**/dist/**',
+      '**/external/**',
+      '**/node_modules/**',
+      // Generated files.
+      '**/*.d.ts',
+      '**/*.d.ts.map',
+      '**/*.tsbuildinfo',
+    ],
+  },
+  {
+    files: ['**/*.{cjs,js}'],
+    ...jsPlugin.configs.recommended,
+    ...importFlatConfigsForScript.recommended,
+    ...nodePlugin.configs['flat/recommended-script'],
+    languageOptions: {
+      ...jsPlugin.configs.recommended.languageOptions,
+      ...importFlatConfigsForModule.recommended.languageOptions,
+      ...nodePlugin.configs['flat/recommended-script'].languageOptions,
+      globals: {
+        ...jsPlugin.configs.recommended.languageOptions?.globals,
+        ...importFlatConfigsForModule.recommended.languageOptions?.globals,
+        ...nodePlugin.configs['flat/recommended-script'].languageOptions
+          ?.globals,
+        ...nodeGlobalsConfig,
+      },
+    },
+    plugins: {
+      ...jsPlugin.configs.recommended.plugins,
+      ...importFlatConfigsForScript.recommended.plugins,
+      ...sharedPlugins,
+    },
+    rules: {
+      ...jsPlugin.configs.recommended.rules,
+      ...importFlatConfigsForScript.recommended.rules,
+      ...nodePlugin.configs['flat/recommended-script'].rules,
+      ...sharedRules,
+    },
+  },
+  {
+    files: ['**/*.mjs'],
+    ...jsPlugin.configs.recommended,
+    ...importFlatConfigsForModule.recommended,
+    languageOptions: {
+      ...jsPlugin.configs.recommended.languageOptions,
+      ...importFlatConfigsForModule.recommended.languageOptions,
+      globals: {
+        ...jsPlugin.configs.recommended.languageOptions?.globals,
+        ...importFlatConfigsForModule.recommended.languageOptions?.globals,
+        ...nodeGlobalsConfig,
+      },
+      sourceType: 'module',
+    },
+    plugins: {
+      ...jsPlugin.configs.recommended.plugins,
+      ...importFlatConfigsForModule.recommended.plugins,
+      ...sharedPlugins,
+    },
+    rules: {
+      ...jsPlugin.configs.recommended.rules,
+      ...importFlatConfigsForModule.recommended.rules,
+      ...sharedRules,
+    },
+  },
+  {
+    // Relax rules for script files
+    files: ['**/scripts/**/*.{cjs,mjs}'],
+    rules: {
+      'n/no-process-exit': 'off',
+      'no-await-in-loop': 'off',
+    },
+  },
+]

.config/taze.config.mts

@@ -0,0 +1,16 @@
+import { defineConfig } from 'taze'
+
+export default defineConfig({
+  // Exclude these packages (add as needed).
+  exclude: ['eslint-plugin-unicorn'],
+  // Interactive mode disabled for automation.
+  interactive: false,
+  // Use minimal logging similar to ncu loglevel.
+  loglevel: 'warn',
+  // Only update packages that have been stable for 7 days.
+  maturityPeriod: 7,
+  // Update mode: 'latest' is similar to ncu's default behavior.
+  mode: 'latest',
+  // Write to package.json automatically.
+  write: true,
+})

.git-hooks/commit-msg

@@ -0,0 +1,73 @@
+#!/bin/bash
+# Socket Security Commit-msg Hook
+# Additional security layer - validates commit even if pre-commit was bypassed.
+
+set -e
+
+# Colors for output.
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m'
+
+# Allowed public API key (used in socket-lib).
+ALLOWED_PUBLIC_KEY="sktsec_t_--RAN5U4ivauy4w37-6aoKyYPDt5ZbaT5JBVMqiwKo_api"
+
+ERRORS=0
+
+# Get files in this commit (for security checks).
+COMMITTED_FILES=$(git diff --cached --name-only --diff-filter=ACM 2>/dev/null || echo "")
+
+# Quick checks for critical issues in committed files.
+if [ -n "$COMMITTED_FILES" ]; then
+  for file in $COMMITTED_FILES; do
+    if [ -f "$file" ]; then
+      # Check for Socket API keys (except allowed).
+      if grep -E 'sktsec_[a-zA-Z0-9_-]+' "$file" 2>/dev/null | grep -v "$ALLOWED_PUBLIC_KEY" | grep -v 'your_api_key_here' | grep -v 'fake-token' | grep -v 'test-token' | grep -v '\.example' | grep -q .; then
+        printf "${RED}✗ SECURITY: Potential API key detected in commit!${NC}\n"
+        echo "File: $file"
+        ERRORS=$((ERRORS + 1))
+      fi
+
+      # Check for .env files.
+      if echo "$file" | grep -qE '^\.env(\.local)?$'; then
+        printf "${RED}✗ SECURITY: .env file in commit!${NC}\n"
+        ERRORS=$((ERRORS + 1))
+      fi
+    fi
+  done
+fi
+
+# Auto-strip AI attribution from commit message.
+COMMIT_MSG_FILE="$1"
+if [ -f "$COMMIT_MSG_FILE" ]; then
+  # Create a temporary file to store the cleaned message.
+  TEMP_FILE=$(mktemp)
+  REMOVED_LINES=0
+
+  # Read the commit message line by line and filter out AI attribution.
+  while IFS= read -r line || [ -n "$line" ]; do
+    # Check if this line contains AI attribution patterns.
+    if echo "$line" | grep -qiE "(Generated with|Co-Authored-By: Claude|Co-Authored-By: AI|🤖 Generated|AI generated|Claude Code|@anthropic|Assistant:|Generated by Claude|Machine generated)"; then
+      REMOVED_LINES=$((REMOVED_LINES + 1))
+    else
+      # Line doesn't contain AI attribution, keep it.
+      printf '%s\n' "$line" >> "$TEMP_FILE"
+    fi
+  done < "$COMMIT_MSG_FILE"
+
+  # Replace the original commit message with the cleaned version.
+  if [ $REMOVED_LINES -gt 0 ]; then
+    mv "$TEMP_FILE" "$COMMIT_MSG_FILE"
+    printf "${GREEN}✓ Auto-stripped${NC} $REMOVED_LINES AI attribution line(s) from commit message\n"
+  else
+    # No lines were removed, just clean up the temp file.
+    rm -f "$TEMP_FILE"
+  fi
+fi
+
+if [ $ERRORS -gt 0 ]; then
+  printf "${RED}✗ Commit blocked by security validation${NC}\n"
+  exit 1
+fi
+
+exit 0