@aegis-scan/core 0.16.6 → 0.18.0

package/dist/safety-controls/health-monitor.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Per-engagement health probe with auto-halt thresholds.
+ *
+ * Closes APTS-SC-010 (Health Check Monitoring with Threshold-Based
+ * Automatic Halt).
+ *
+ * Design notes:
+ *   - Three independent thresholds: heap memory, error rate, target
+ *     response time. Each is checked at every phase boundary; any
+ *     breach returns a halt-decision with the specific threshold that
+ *     fired.
+ *   - The orchestrator caller increments `record*` counters as events
+ *     flow through; the snapshot reflects the rolling window.
+ *   - Defaults are operator-friendly (1 GB heap, 50% error rate, 10 s
+ *     response). RoE.safety_controls overrides per engagement.
+ */
+export interface HealthThresholds {
+    /** Maximum heap-used in MB before halt. Default 1024. */
+    max_heap_mb?: number;
+    /** Maximum error rate (0..1) over the rolling window before halt. Default 0.5. */
+    max_error_rate?: number;
+    /** Maximum target HEAD response time in ms before halt. Default 10_000. */
+    max_target_response_ms?: number;
+}
+export interface HealthCounters {
+    /** Total event-emit attempts. Includes both ok + error paths. */
+    total_events: number;
+    /** Subset of total_events that errored. */
+    error_events: number;
+    /** Most recent target HEAD response time in ms (or null if not measured). */
+    last_target_response_ms: number | null;
+}
+export interface HealthCheckResult {
+    ok: boolean;
+    reason?: string;
+    observed?: {
+        heap_mb: number;
+        error_rate: number;
+        target_response_ms: number | null;
+    };
+    apts_refs: string[];
+}
+/**
+ * Read process heap memory in MB.
+ */
+export declare function currentHeapMb(): number;
+/**
+ * Compute the rolling error rate from counters.
+ */
+export declare function errorRate(c: HealthCounters): number;
+/**
+ * Run a health-check snapshot. Returns ok=true if every threshold is
+ * within bounds; otherwise ok=false with the specific reason and
+ * observed values for the audit trail.
+ */
+export declare function runHealthCheck(counters: HealthCounters, thresholds?: HealthThresholds): HealthCheckResult;
+/**
+ * Allocate a fresh counters object. Caller mutates as events flow.
+ */
+export declare function newHealthCounters(): HealthCounters;
+//# sourceMappingURL=health-monitor.d.ts.map

package/dist/safety-controls/health-monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health-monitor.d.ts","sourceRoot":"","sources":["../../src/safety-controls/health-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,yDAAyD;IACzD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kFAAkF;IAClF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,2EAA2E;IAC3E,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,cAAc;IAC7B,iEAAiE;IACjE,YAAY,EAAE,MAAM,CAAC;IACrB,2CAA2C;IAC3C,YAAY,EAAE,MAAM,CAAC;IACrB,6EAA6E;IAC7E,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;CACxC;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;KACnC,CAAC;IACF,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAQD;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,CAAC,EAAE,cAAc,GAAG,MAAM,CAGnD;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,cAAc,EACxB,UAAU,GAAE,gBAAqB,GAChC,iBAAiB,CAgCnB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,CAElD"}

package/dist/safety-controls/health-monitor.js

@@ -0,0 +1,79 @@
+/**
+ * Per-engagement health probe with auto-halt thresholds.
+ *
+ * Closes APTS-SC-010 (Health Check Monitoring with Threshold-Based
+ * Automatic Halt).
+ *
+ * Design notes:
+ *   - Three independent thresholds: heap memory, error rate, target
+ *     response time. Each is checked at every phase boundary; any
+ *     breach returns a halt-decision with the specific threshold that
+ *     fired.
+ *   - The orchestrator caller increments `record*` counters as events
+ *     flow through; the snapshot reflects the rolling window.
+ *   - Defaults are operator-friendly (1 GB heap, 50% error rate, 10 s
+ *     response). RoE.safety_controls overrides per engagement.
+ */
+const DEFAULTS = {
+    max_heap_mb: 1024,
+    max_error_rate: 0.5,
+    max_target_response_ms: 10_000,
+};
+/**
+ * Read process heap memory in MB.
+ */
+export function currentHeapMb() {
+    return Math.round((process.memoryUsage().heapUsed / (1024 * 1024)) * 100) / 100;
+}
+/**
+ * Compute the rolling error rate from counters.
+ */
+export function errorRate(c) {
+    if (c.total_events === 0)
+        return 0;
+    return c.error_events / c.total_events;
+}
+/**
+ * Run a health-check snapshot. Returns ok=true if every threshold is
+ * within bounds; otherwise ok=false with the specific reason and
+ * observed values for the audit trail.
+ */
+export function runHealthCheck(counters, thresholds = {}) {
+    const t = { ...DEFAULTS, ...thresholds };
+    const heapMb = currentHeapMb();
+    const er = errorRate(counters);
+    const trMs = counters.last_target_response_ms;
+    const observed = { heap_mb: heapMb, error_rate: er, target_response_ms: trMs };
+    if (heapMb > t.max_heap_mb) {
+        return {
+            ok: false,
+            reason: `heap memory ${heapMb} MB exceeds threshold ${t.max_heap_mb} MB`,
+            observed,
+            apts_refs: ['APTS-SC-010'],
+        };
+    }
+    if (er > t.max_error_rate) {
+        return {
+            ok: false,
+            reason: `error rate ${(er * 100).toFixed(1)}% exceeds threshold ${(t.max_error_rate * 100).toFixed(1)}%`,
+            observed,
+            apts_refs: ['APTS-SC-010'],
+        };
+    }
+    if (trMs !== null && trMs > t.max_target_response_ms) {
+        return {
+            ok: false,
+            reason: `target response time ${trMs} ms exceeds threshold ${t.max_target_response_ms} ms`,
+            observed,
+            apts_refs: ['APTS-SC-010'],
+        };
+    }
+    return { ok: true, observed, apts_refs: ['APTS-SC-010'] };
+}
+/**
+ * Allocate a fresh counters object. Caller mutates as events flow.
+ */
+export function newHealthCounters() {
+    return { total_events: 0, error_events: 0, last_target_response_ms: null };
+}
+//# sourceMappingURL=health-monitor.js.map

package/dist/safety-controls/health-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health-monitor.js","sourceRoot":"","sources":["../../src/safety-controls/health-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AA+BH,MAAM,QAAQ,GAA+B;IAC3C,WAAW,EAAE,IAAI;IACjB,cAAc,EAAE,GAAG;IACnB,sBAAsB,EAAE,MAAM;CAC/B,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;AAClF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,CAAiB;IACzC,IAAI,CAAC,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACnC,OAAO,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,YAAY,CAAC;AACzC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAwB,EACxB,aAA+B,EAAE;IAEjC,MAAM,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,UAAU,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,uBAAuB,CAAC;IAC9C,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAE/E,IAAI,MAAM,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,eAAe,MAAM,yBAAyB,CAAC,CAAC,WAAW,KAAK;YACxE,QAAQ;YACR,SAAS,EAAE,CAAC,aAAa,CAAC;SAC3B,CAAC;IACJ,CAAC;IACD,IAAI,EAAE,GAAG,CAAC,CAAC,cAAc,EAAE,CAAC;QAC1B,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,cAAc,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,cAAc,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;YACxG,QAAQ;YACR,SAAS,EAAE,CAAC,aAAa,CAAC;SAC3B,CAAC;IACJ,CAAC;IACD,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,GAAG,CAAC,CAAC,sBAAsB,EAAE,CAAC;QACrD,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,wBAAwB,IAAI,yBAAyB,CAAC,CAAC,sBAAsB,KAAK;YAC1F,QAAQ;YACR,SAAS,EAAE,CAAC,aAAa,CAAC;SAC3B,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,EAAE,YAAY,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAAC;AAC7E,CAAC"}

package/dist/safety-controls/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Safety Controls public surface.
+ *
+ * Closes APTS Tier-1 entries: SC-009 (multi-path kill switch), SC-010
+ * (health monitoring + auto-halt), SC-015 (post-test integrity), AL-016
+ * (continuous boundary monitoring), HO-003 (decision timeout).
+ */
+export { startKillRequestWatcher, requestKill, startDeadManHeartbeat, type KillRequestWatcherOptions, type KillRequestWatcherHandle, type HeartbeatOptions, type HeartbeatHandle, } from './kill-switch.js';
+export { runHealthCheck, newHealthCounters, currentHeapMb, errorRate, type HealthThresholds, type HealthCounters, type HealthCheckResult, } from './health-monitor.js';
+export { probeTargetIntegrity, type IntegrityProbeBaseline, type IntegrityProbeResult, type IntegrityProbeOptions, } from './post-test-integrity.js';
+export { detectScopeBreach, type FindingLike, type BreachDetectionResult, } from './boundary-monitor.js';
+export { withPhaseTimeout, derivePhaseTimeoutMs, type TimeoutResult, type TimeoutOk, type TimeoutFailure, type PhaseTimeoutOptions, } from './decision-timeout.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/safety-controls/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/safety-controls/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EACL,uBAAuB,EACvB,WAAW,EACX,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,gBAAgB,EACrB,KAAK,eAAe,GACrB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,SAAS,EACT,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,iBAAiB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,oBAAoB,EACpB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,GAC3B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,qBAAqB,GAC3B,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,mBAAmB,GACzB,MAAM,uBAAuB,CAAC"}

package/dist/safety-controls/index.js

@@ -0,0 +1,13 @@
+/**
+ * Safety Controls public surface.
+ *
+ * Closes APTS Tier-1 entries: SC-009 (multi-path kill switch), SC-010
+ * (health monitoring + auto-halt), SC-015 (post-test integrity), AL-016
+ * (continuous boundary monitoring), HO-003 (decision timeout).
+ */
+export { startKillRequestWatcher, requestKill, startDeadManHeartbeat, } from './kill-switch.js';
+export { runHealthCheck, newHealthCounters, currentHeapMb, errorRate, } from './health-monitor.js';
+export { probeTargetIntegrity, } from './post-test-integrity.js';
+export { detectScopeBreach, } from './boundary-monitor.js';
+export { withPhaseTimeout, derivePhaseTimeoutMs, } from './decision-timeout.js';
+//# sourceMappingURL=index.js.map

package/dist/safety-controls/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/safety-controls/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EACL,uBAAuB,EACvB,WAAW,EACX,qBAAqB,GAKtB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,SAAS,GAIV,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,oBAAoB,GAIrB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,iBAAiB,GAGlB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EACL,gBAAgB,EAChB,oBAAoB,GAKrB,MAAM,uBAAuB,CAAC"}

package/dist/safety-controls/kill-switch.d.ts

@@ -0,0 +1,45 @@
+export interface KillRequestWatcherOptions {
+    /** Path to watch for a `.killreq` marker (typically `<state-file>.killreq`). */
+    markerPath: string;
+    /** Poll interval in ms. Default 2000. */
+    pollIntervalMs?: number;
+    /** Callback fired when the marker is detected. */
+    onKillRequest: (markerPath: string) => void;
+}
+export interface KillRequestWatcherHandle {
+    /** Stop polling — call on engagement completion. */
+    stop: () => void;
+}
+/**
+ * Start a kill-request watcher. Polls for `markerPath` every
+ * `pollIntervalMs` ms and fires `onKillRequest` on first detection.
+ * The handle's `stop()` clears the interval.
+ */
+export declare function startKillRequestWatcher(opts: KillRequestWatcherOptions): KillRequestWatcherHandle;
+/**
+ * Write the kill-request marker. Used by the `--kill` CLI subcommand.
+ */
+export declare function requestKill(stateFilePath: string, reason?: string): string;
+export interface HeartbeatOptions {
+    /** Operator endpoint to POST a heartbeat to (HTTPS only, public IP). */
+    url: string;
+    /** Heartbeat interval in ms. Default 30 s. */
+    intervalMs?: number;
+    /** Consecutive missed heartbeats before halt. Default 3. */
+    maxConsecutiveFailures?: number;
+    /** Callback fired when the failure threshold is hit. */
+    onMissedThreshold: (consecutiveFailures: number) => void;
+    /** Override fetch — for tests. */
+    fetchImpl?: typeof fetch;
+}
+export interface HeartbeatHandle {
+    stop: () => void;
+}
+/**
+ * Start a dead-man-switch heartbeat. Posts an empty body to `url` every
+ * `intervalMs` ms; counts consecutive failures (network error, non-2xx
+ * status, timeout) and fires `onMissedThreshold` when the count crosses
+ * `maxConsecutiveFailures`.
+ */
+export declare function startDeadManHeartbeat(opts: HeartbeatOptions): HeartbeatHandle;
+//# sourceMappingURL=kill-switch.d.ts.map

package/dist/safety-controls/kill-switch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kill-switch.d.ts","sourceRoot":"","sources":["../../src/safety-controls/kill-switch.ts"],"names":[],"mappings":"AAwBA,MAAM,WAAW,yBAAyB;IACxC,gFAAgF;IAChF,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kDAAkD;IAClD,aAAa,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;CAC7C;AAED,MAAM,WAAW,wBAAwB;IACvC,oDAAoD;IACpD,IAAI,EAAE,MAAM,IAAI,CAAC;CAClB;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,yBAAyB,GAC9B,wBAAwB,CAqB1B;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,aAAa,EAAE,MAAM,EAAE,MAAM,SAAuB,GAAG,MAAM,CAOxF;AAKD,MAAM,WAAW,gBAAgB;IAC/B,wEAAwE;IACxE,GAAG,EAAE,MAAM,CAAC;IACZ,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4DAA4D;IAC5D,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,wDAAwD;IACxD,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,MAAM,KAAK,IAAI,CAAC;IACzD,kCAAkC;IAClC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,IAAI,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,gBAAgB,GAAG,eAAe,CAyC7E"}

package/dist/safety-controls/kill-switch.js

@@ -0,0 +1,117 @@
+/**
+ * Multi-path kill switch.
+ *
+ * Closes APTS-SC-009 (Kill Switch).
+ *
+ * Design notes:
+ *   - Signals (SIGINT, SIGTERM, SIGUSR1) are already wired in
+ *     `runtime/signals.ts` from Cluster-2. SC-009 requires *more than*
+ *     signals — a multi-path kill so a stuck or unreachable engagement
+ *     can be terminated by alternate channels.
+ *   - Path 1 (signals): existing.
+ *   - Path 2 (file-based kill request): operator runs
+ *     `aegis siege --kill <state-file>`, which writes a
+ *     `<state-file>.killreq` marker. The running engagement polls for
+ *     the marker every `pollIntervalMs` (default 2 s) and halts on
+ *     detection. Decoupled from process IPC so it works across hosts
+ *     (e.g. operator on a separate ssh session).
+ *   - Path 3 (dead-man-switch): operator-provided heartbeat URL.
+ *     Engagement POSTs a heartbeat every `intervalMs`; consecutive
+ *     missed heartbeats (default 3) trigger halt. Defends against the
+ *     case where the operator's monitoring infra is the canary.
+ */
+import { existsSync, writeFileSync } from 'node:fs';
+/**
+ * Start a kill-request watcher. Polls for `markerPath` every
+ * `pollIntervalMs` ms and fires `onKillRequest` on first detection.
+ * The handle's `stop()` clears the interval.
+ */
+export function startKillRequestWatcher(opts) {
+    const interval = opts.pollIntervalMs ?? 2_000;
+    let stopped = false;
+    let timer = null;
+    const tick = () => {
+        if (stopped)
+            return;
+        if (existsSync(opts.markerPath)) {
+            stopped = true;
+            if (timer)
+                clearInterval(timer);
+            opts.onKillRequest(opts.markerPath);
+        }
+    };
+    timer = setInterval(tick, interval);
+    // unref so the timer doesn't keep the event loop alive.
+    if (typeof timer.unref === 'function')
+        timer.unref();
+    return {
+        stop: () => {
+            stopped = true;
+            if (timer)
+                clearInterval(timer);
+        },
+    };
+}
+/**
+ * Write the kill-request marker. Used by the `--kill` CLI subcommand.
+ */
+export function requestKill(stateFilePath, reason = 'operator-requested') {
+    const markerPath = `${stateFilePath}.killreq`;
+    writeFileSync(markerPath, JSON.stringify({ requested_at: new Date().toISOString(), reason }) + '\n');
+    return markerPath;
+}
+/**
+ * Start a dead-man-switch heartbeat. Posts an empty body to `url` every
+ * `intervalMs` ms; counts consecutive failures (network error, non-2xx
+ * status, timeout) and fires `onMissedThreshold` when the count crosses
+ * `maxConsecutiveFailures`.
+ */
+export function startDeadManHeartbeat(opts) {
+    const interval = opts.intervalMs ?? 30_000;
+    const threshold = opts.maxConsecutiveFailures ?? 3;
+    const fetchImpl = opts.fetchImpl ?? fetch;
+    let consecutive = 0;
+    let stopped = false;
+    let fired = false;
+    let timer = null;
+    const tick = async () => {
+        if (stopped)
+            return;
+        try {
+            const res = await fetchImpl(opts.url, {
+                method: 'POST',
+                body: JSON.stringify({ ts: new Date().toISOString() }),
+                headers: { 'content-type': 'application/json' },
+            });
+            if (!res.ok) {
+                consecutive += 1;
+            }
+            else {
+                consecutive = 0;
+            }
+        }
+        catch {
+            consecutive += 1;
+        }
+        if (consecutive >= threshold && !fired) {
+            fired = true;
+            stopped = true;
+            if (timer)
+                clearInterval(timer);
+            opts.onMissedThreshold(consecutive);
+        }
+    };
+    timer = setInterval(() => {
+        void tick();
+    }, interval);
+    if (typeof timer.unref === 'function')
+        timer.unref();
+    return {
+        stop: () => {
+            stopped = true;
+            if (timer)
+                clearInterval(timer);
+        },
+    };
+}
+//# sourceMappingURL=kill-switch.js.map

package/dist/safety-controls/kill-switch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kill-switch.js","sourceRoot":"","sources":["../../src/safety-controls/kill-switch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAgBpD;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,IAA+B;IAE/B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,IAAI,KAAK,CAAC;IAC9C,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,KAAK,GAA0B,IAAI,CAAC;IACxC,MAAM,IAAI,GAAG,GAAS,EAAE;QACtB,IAAI,OAAO;YAAE,OAAO;QACpB,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAChC,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,KAAK;gBAAE,aAAa,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CAAC;IACF,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IACpC,wDAAwD;IACxD,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,UAAU;QAAE,KAAK,CAAC,KAAK,EAAE,CAAC;IACrD,OAAO;QACL,IAAI,EAAE,GAAG,EAAE;YACT,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,KAAK;gBAAE,aAAa,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,aAAqB,EAAE,MAAM,GAAG,oBAAoB;IAC9E,MAAM,UAAU,GAAG,GAAG,aAAa,UAAU,CAAC;IAC9C,aAAa,CACX,UAAU,EACV,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAC1E,CAAC;IACF,OAAO,UAAU,CAAC;AACpB,CAAC;AAsBD;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAsB;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,sBAAsB,IAAI,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,KAAK,CAAC;IAC1C,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,IAAI,KAAK,GAA0B,IAAI,CAAC;IACxC,MAAM,IAAI,GAAG,KAAK,IAAmB,EAAE;QACrC,IAAI,OAAO;YAAE,OAAO;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;gBACtD,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,WAAW,IAAI,CAAC,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,WAAW,GAAG,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,WAAW,IAAI,CAAC,CAAC;QACnB,CAAC;QACD,IAAI,WAAW,IAAI,SAAS,IAAI,CAAC,KAAK,EAAE,CAAC;YACvC,KAAK,GAAG,IAAI,CAAC;YACb,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,KAAK;gBAAE,aAAa,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CAAC;IACF,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;QACvB,KAAK,IAAI,EAAE,CAAC;IACd,CAAC,EAAE,QAAQ,CAAC,CAAC;IACb,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,UAAU;QAAE,KAAK,CAAC,KAAK,EAAE,CAAC;IACrD,OAAO;QACL,IAAI,EAAE,GAAG,EAAE;YACT,OAAO,GAAG,IAAI,CAAC;YACf,IAAI,KAAK;gBAAE,aAAa,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/safety-controls/post-test-integrity.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Post-test system integrity validation.
+ *
+ * Closes APTS-SC-015 (Post-Test System Integrity Validation).
+ *
+ * Design notes:
+ *   - Run after the engagement's reporting phase. Confirms the target
+ *     service is still responsive and records a final state-snapshot
+ *     for the audit trail. A non-responsive target after engagement is
+ *     a regression signal — record it explicitly.
+ *   - Uses safeFetch for the probe (same SSRF defenses as the rest of
+ *     orchestrator HTTP egress).
+ *   - The pre-engagement baseline is optional; when supplied, the
+ *     verdict includes a response-time delta so spikes are visible.
+ */
+import { safeFetch } from '../manipulation-resistance/redirect-policy.js';
+export interface IntegrityProbeBaseline {
+    /** Pre-engagement target response time in ms. */
+    baseline_response_ms: number;
+    /** Pre-engagement HTTP status. */
+    baseline_status: number;
+}
+export interface IntegrityProbeResult {
+    ok: boolean;
+    reason?: string;
+    observed?: {
+        status: number;
+        response_ms: number;
+        response_delta_ms?: number;
+    };
+    apts_refs: string[];
+}
+export interface IntegrityProbeOptions {
+    /** Optional baseline captured at engagement-start. */
+    baseline?: IntegrityProbeBaseline;
+    /** Maximum acceptable response-time delta vs baseline in ms. Default 5000. */
+    max_response_delta_ms?: number;
+    /** Probe timeout in ms. Default 10_000. */
+    timeout_ms?: number;
+    /** Operator opt-in to permit loopback probe. Mirrors siege --allow-loopback. */
+    allowLoopback?: boolean;
+    /** Override safeFetch — for tests. */
+    fetchImpl?: typeof safeFetch;
+}
+/**
+ * Probe the target with HEAD via safeFetch. Returns ok=false if the
+ * probe rejects, the status is 5xx, or the response-time delta vs
+ * baseline exceeds the threshold.
+ */
+export declare function probeTargetIntegrity(target: string, opts?: IntegrityProbeOptions): Promise<IntegrityProbeResult>;
+//# sourceMappingURL=post-test-integrity.d.ts.map

package/dist/safety-controls/post-test-integrity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-test-integrity.d.ts","sourceRoot":"","sources":["../../src/safety-controls/post-test-integrity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAE,SAAS,EAAwB,MAAM,+CAA+C,CAAC;AAEhG,MAAM,WAAW,sBAAsB;IACrC,iDAAiD;IACjD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kCAAkC;IAClC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE;QACT,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;QACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,qBAAqB;IACpC,sDAAsD;IACtD,QAAQ,CAAC,EAAE,sBAAsB,CAAC;IAClC,8EAA8E;IAC9E,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gFAAgF;IAChF,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,sCAAsC;IACtC,SAAS,CAAC,EAAE,OAAO,SAAS,CAAC;CAC9B;AAED;;;;GAIG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,IAAI,GAAE,qBAA0B,GAC/B,OAAO,CAAC,oBAAoB,CAAC,CAyD/B"}

package/dist/safety-controls/post-test-integrity.js

@@ -0,0 +1,79 @@
+/**
+ * Post-test system integrity validation.
+ *
+ * Closes APTS-SC-015 (Post-Test System Integrity Validation).
+ *
+ * Design notes:
+ *   - Run after the engagement's reporting phase. Confirms the target
+ *     service is still responsive and records a final state-snapshot
+ *     for the audit trail. A non-responsive target after engagement is
+ *     a regression signal — record it explicitly.
+ *   - Uses safeFetch for the probe (same SSRF defenses as the rest of
+ *     orchestrator HTTP egress).
+ *   - The pre-engagement baseline is optional; when supplied, the
+ *     verdict includes a response-time delta so spikes are visible.
+ */
+import { safeFetch, isSafeFetchRejection } from '../manipulation-resistance/redirect-policy.js';
+/**
+ * Probe the target with HEAD via safeFetch. Returns ok=false if the
+ * probe rejects, the status is 5xx, or the response-time delta vs
+ * baseline exceeds the threshold.
+ */
+export async function probeTargetIntegrity(target, opts = {}) {
+    const fetchImpl = opts.fetchImpl ?? safeFetch;
+    const timeoutMs = opts.timeout_ms ?? 10_000;
+    const start = Date.now();
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), timeoutMs);
+        const res = await fetchImpl(target, {
+            method: 'HEAD',
+            signal: controller.signal,
+            allowLoopback: opts.allowLoopback === true,
+        });
+        clearTimeout(timeout);
+        const elapsed = Date.now() - start;
+        const observed = {
+            status: res.status,
+            response_ms: elapsed,
+        };
+        if (opts.baseline) {
+            observed.response_delta_ms = elapsed - opts.baseline.baseline_response_ms;
+        }
+        if (res.status >= 500) {
+            return {
+                ok: false,
+                reason: `target returned ${res.status} (server-side fault) after engagement`,
+                observed,
+                apts_refs: ['APTS-SC-015'],
+            };
+        }
+        if (opts.baseline &&
+            observed.response_delta_ms !== undefined &&
+            observed.response_delta_ms > (opts.max_response_delta_ms ?? 5_000)) {
+            return {
+                ok: false,
+                reason: `target response time spiked by ${observed.response_delta_ms} ms vs pre-engagement baseline (${opts.baseline.baseline_response_ms} → ${elapsed} ms)`,
+                observed,
+                apts_refs: ['APTS-SC-015'],
+            };
+        }
+        return { ok: true, observed, apts_refs: ['APTS-SC-015'] };
+    }
+    catch (err) {
+        if (isSafeFetchRejection(err)) {
+            return {
+                ok: false,
+                reason: `post-test integrity probe rejected by safeFetch policy: ${err.reason}`,
+                apts_refs: ['APTS-SC-015', 'APTS-MR-009'],
+            };
+        }
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+            ok: false,
+            reason: `post-test integrity probe failed: ${msg}`,
+            apts_refs: ['APTS-SC-015'],
+        };
+    }
+}
+//# sourceMappingURL=post-test-integrity.js.map

package/dist/safety-controls/post-test-integrity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-test-integrity.js","sourceRoot":"","sources":["../../src/safety-controls/post-test-integrity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,MAAM,+CAA+C,CAAC;AAiChG;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,OAA8B,EAAE;IAEhC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC;IAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,aAAa,EAAE,IAAI,CAAC,aAAa,KAAK,IAAI;SAC3C,CAAC,CAAC;QACH,YAAY,CAAC,OAAO,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACnC,MAAM,QAAQ,GAAqC;YACjD,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,WAAW,EAAE,OAAO;SACrB,CAAC;QACF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,QAAQ,CAAC,iBAAiB,GAAG,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC;QAC5E,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YACtB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,mBAAmB,GAAG,CAAC,MAAM,uCAAuC;gBAC5E,QAAQ;gBACR,SAAS,EAAE,CAAC,aAAa,CAAC;aAC3B,CAAC;QACJ,CAAC;QACD,IACE,IAAI,CAAC,QAAQ;YACb,QAAQ,CAAC,iBAAiB,KAAK,SAAS;YACxC,QAAQ,CAAC,iBAAiB,GAAG,CAAC,IAAI,CAAC,qBAAqB,IAAI,KAAK,CAAC,EAClE,CAAC;YACD,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,kCAAkC,QAAQ,CAAC,iBAAiB,mCAAmC,IAAI,CAAC,QAAQ,CAAC,oBAAoB,MAAM,OAAO,MAAM;gBAC5J,QAAQ;gBACR,SAAS,EAAE,CAAC,aAAa,CAAC;aAC3B,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC;IAC5D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,2DAA2D,GAAG,CAAC,MAAM,EAAE;gBAC/E,SAAS,EAAE,CAAC,aAAa,EAAE,aAAa,CAAC;aAC1C,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,qCAAqC,GAAG,EAAE;YAClD,SAAS,EAAE,CAAC,aAAa,CAAC;SAC3B,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/types.d.ts

@@ -89,7 +89,24 @@ export interface Finding {
      * to mean "scanner's default confidence tier (typically high)".
      */
     confidence?: Confidence;
+    /**
+     * APTS-SC-001 — Confidentiality / Integrity / Availability impact
+     * vector. Each axis is one of `none | low | medium | high`. Populated
+     * by the orchestrator from `assignCiaVector(finding)` after scanner
+     * emit; operators may override per-finding via the suppression
+     * pipeline. Default mappings are CWE-driven; unknown CWE → all-low.
+     */
+    cia_vector?: {
+        c: CiaImpact;
+        i: CiaImpact;
+        a: CiaImpact;
+    };
 }
+/**
+ * APTS-SC-001 CIA impact ordinal. Lowercased for consistency with
+ * the `severity` enum + Zod-friendly serialization.
+ */
+export type CiaImpact = 'none' | 'low' | 'medium' | 'high';
 export interface ScanResult {
     scanner: string;
     category: ScanCategory;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEnF,MAAM,MAAM,YAAY,GACpB,UAAU,GAAG,MAAM,GAAG,cAAc,GAAG,YAAY,GAAG,SAAS,GAC/D,eAAe,GAAG,aAAa,GAAG,gBAAgB,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAClF,QAAQ,CAAC;AAEb;;;;;;;GAOG;AACH,MAAM,WAAW,WAAW;IAC1B,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4EAA4E;IAC5E,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;;;;;;OAUG;IACH,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;CACzB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,YAAY,CAAC;IACvB;;;;;;;;;OASG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CACrE;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACxL,QAAQ,EAAE,UAAU,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACtG,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;IAC1F,EAAE,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvE,OAAO,EAAE,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvC,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IACjF,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACvG,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,aAAa,GAAG,UAAU,CAAC;IAC3C,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qEAAqE;IACrE,IAAI,EAAE,MAAM,CAAC;IACb,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,sEAAsE;IACtE,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,aAAa,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;IAC1D,yFAAyF;IACzF,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,mEAAmE;IACnE,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,0FAA0F;IAC1F,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,gGAAgG;IAChG,YAAY,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAClC,iEAAiE;IACjE,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,gGAAgG;IAChG,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACtD,MAAM,MAAM,KAAK,GAAG,UAAU,GAAG,UAAU,GAAG,OAAO,GAAG,YAAY,GAAG,SAAS,GAAG,UAAU,CAAC;AAC9F,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEnD,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,KAAK,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,UAAU,CAAC;IACvB;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAAC;CACrC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEnF,MAAM,MAAM,YAAY,GACpB,UAAU,GAAG,MAAM,GAAG,cAAc,GAAG,YAAY,GAAG,SAAS,GAC/D,eAAe,GAAG,aAAa,GAAG,gBAAgB,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAClF,QAAQ,CAAC;AAEb;;;;;;;GAOG;AACH,MAAM,WAAW,WAAW;IAC1B,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4EAA4E;IAC5E,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;;;;;;OAUG;IACH,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;;;;;OAMG;IACH,UAAU,CAAC,EAAE;QAAE,CAAC,EAAE,SAAS,CAAC;QAAC,CAAC,EAAE,SAAS,CAAC;QAAC,CAAC,EAAE,SAAS,CAAA;KAAE,CAAC;CAC3D;AAED;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE3D,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,YAAY,CAAC;IACvB;;;;;;;;;OASG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CACrE;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACxL,QAAQ,EAAE,UAAU,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACtG,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;IAC1F,EAAE,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvE,OAAO,EAAE,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvC,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IACjF,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACvG,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,aAAa,GAAG,UAAU,CAAC;IAC3C,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qEAAqE;IACrE,IAAI,EAAE,MAAM,CAAC;IACb,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,sEAAsE;IACtE,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,aAAa,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;IAC1D,yFAAyF;IACzF,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,mEAAmE;IACnE,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,0FAA0F;IAC1F,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,gGAAgG;IAChG,YAAY,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAClC,iEAAiE;IACjE,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,gGAAgG;IAChG,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACtD,MAAM,MAAM,KAAK,GAAG,UAAU,GAAG,UAAU,GAAG,OAAO,GAAG,YAAY,GAAG,SAAS,GAAG,UAAU,CAAC;AAC9F,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEnD,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,KAAK,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,UAAU,CAAC;IACvB;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAAC;CACrC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aegis-scan/core",
-  "version": "0.16.6",
+  "version": "0.18.0",
   "description": "AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.",
   "license": "MIT",
   "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",
@@ -33,6 +33,7 @@
   },
   "files": [
     "dist",
+    "README.md",
     "sbom.cdx.json"
   ],
   "type": "module",

package/sbom.cdx.json

@@ -1 +1 @@
-{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:670c5742-f23f-4730-a028-8e6e4b53da93","version":1,"metadata":{"timestamp":"2026-04-26T14:21:03Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"core","group":"@aegis-scan","version":"0.16.6","description":"AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.","purl":"pkg:npm/%40aegis-scan/core@0.16.6","bom-ref":"pkg:npm/@aegis-scan/core@0.16.6","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/core/node_modules/@types/node/package.json\\npackages/core/node_modules/@types/picomatch/package.json\\npackages/core/node_modules/ignore/package.json\\npackages/core/node_modules/picomatch/package.json\\npackages/core/node_modules/typescript/package.json\\npackages/core/node_modules/vitest/package.json\\npackages/core/node_modules/zod/package.json"}]},"components":[{"authors":[{"name":"Colin McDonnell <zod@colinhacks.com>"}],"group":"","name":"zod","version":"3.25.76","description":"TypeScript-first schema declaration and validation library with static type inference","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/zod@3.25.76","externalReferences":[{"type":"website","url":"https://zod.dev"},{"type":"vcs","url":"git+https://github.com/colinhacks/zod.git"}],"type":"library","bom-ref":"pkg:npm/zod@3.25.76","properties":[{"name":"SrcFile","value":"packages/core/node_modules/zod/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/zod/package.json"}],"concludedValue":"packages/core/node_modules/zod/package.json"}]},"tags":["validation"]},{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/vitest/package.json"}],"concludedValue":"packages/core/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/core/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/typescript/package.json"}],"concludedValue":"packages/core/node_modules/typescript/package.json"}]}},{"authors":[{"name":"Jon Schlinkert (https://github.com/jonschlinkert)"}],"group":"","name":"picomatch","version":"4.0.4","description":"Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/picomatch@4.0.4","externalReferences":[{"type":"vcs","url":"https://github.com/micromatch/picomatch"}],"type":"library","bom-ref":"pkg:npm/picomatch@4.0.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/picomatch/package.json"},{"name":"ImportedModules","value":"picomatch"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/picomatch/package.json"}],"occurrences":[{"location":"dist/utils.js#5"},{"location":"src/utils.ts#5"}]}},{"authors":[{"name":"kael"}],"group":"","name":"ignore","version":"7.0.5","description":"Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/ignore@7.0.5","type":"library","bom-ref":"pkg:npm/ignore@7.0.5","properties":[{"name":"SrcFile","value":"packages/core/node_modules/ignore/package.json"},{"name":"ImportedModules","value":"ignore"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/ignore/package.json"}],"concludedValue":"packages/core/node_modules/ignore/package.json"}],"occurrences":[{"location":"dist/utils.js#4"},{"location":"src/utils.ts#4"}]}},{"group":"@types","name":"picomatch","version":"3.0.2","description":"TypeScript definitions for picomatch","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/picomatch@3.0.2","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/picomatch"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/picomatch@3.0.2","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/picomatch/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/@types/picomatch/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/node/package.json"}],"concludedValue":"packages/core/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/core@0.16.6"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-04-26T14:21:03Z","text":"This Software Bill-of-Materials (SBOM) document was created on Sunday, April 26, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'core' with version '0.16.6'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 7 source files."}]}
+{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:34366355-b756-4ee1-9350-4872ba7f0db0","version":1,"metadata":{"timestamp":"2026-05-01T15:54:28Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"core","group":"@aegis-scan","version":"0.18.0","description":"AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.","purl":"pkg:npm/%40aegis-scan/core@0.18.0","bom-ref":"pkg:npm/@aegis-scan/core@0.18.0","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/core/node_modules/@types/node/package.json\\npackages/core/node_modules/@types/picomatch/package.json\\npackages/core/node_modules/ignore/package.json\\npackages/core/node_modules/picomatch/package.json\\npackages/core/node_modules/typescript/package.json\\npackages/core/node_modules/vitest/package.json\\npackages/core/node_modules/zod/package.json"}]},"components":[{"authors":[{"name":"Colin McDonnell <zod@colinhacks.com>"}],"group":"","name":"zod","version":"3.25.76","description":"TypeScript-first schema declaration and validation library with static type inference","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/zod@3.25.76","externalReferences":[{"type":"website","url":"https://zod.dev"},{"type":"vcs","url":"git+https://github.com/colinhacks/zod.git"}],"type":"library","bom-ref":"pkg:npm/zod@3.25.76","properties":[{"name":"SrcFile","value":"packages/core/node_modules/zod/package.json"},{"name":"ImportedModules","value":"zod,zod/z"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/zod/package.json"}],"concludedValue":"packages/core/node_modules/zod/package.json"}],"occurrences":[{"location":"dist/manipulation-resistance/response-validator.js#23"},{"location":"dist/roe/types.js#24"},{"location":"dist/runtime/state.js#32"},{"location":"src/manipulation-resistance/response-validator.ts#23"},{"location":"src/roe/types.ts#24"},{"location":"src/runtime/state.ts#32"}]},"tags":["validation"]},{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/vitest/package.json"}],"concludedValue":"packages/core/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/core/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/typescript/package.json"}],"concludedValue":"packages/core/node_modules/typescript/package.json"}]}},{"authors":[{"name":"Jon Schlinkert (https://github.com/jonschlinkert)"}],"group":"","name":"picomatch","version":"4.0.4","description":"Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/picomatch@4.0.4","externalReferences":[{"type":"vcs","url":"https://github.com/micromatch/picomatch"}],"type":"library","bom-ref":"pkg:npm/picomatch@4.0.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/picomatch/package.json"},{"name":"ImportedModules","value":"picomatch"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/picomatch/package.json"}],"occurrences":[{"location":"dist/utils.js#5"},{"location":"src/utils.ts#5"}]}},{"authors":[{"name":"kael"}],"group":"","name":"ignore","version":"7.0.5","description":"Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/ignore@7.0.5","type":"library","bom-ref":"pkg:npm/ignore@7.0.5","properties":[{"name":"SrcFile","value":"packages/core/node_modules/ignore/package.json"},{"name":"ImportedModules","value":"ignore"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/ignore/package.json"}],"concludedValue":"packages/core/node_modules/ignore/package.json"}],"occurrences":[{"location":"dist/utils.js#4"},{"location":"src/utils.ts#4"}]}},{"group":"@types","name":"picomatch","version":"3.0.2","description":"TypeScript definitions for picomatch","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/picomatch@3.0.2","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/picomatch"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/picomatch@3.0.2","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/picomatch/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/@types/picomatch/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/node/package.json"}],"concludedValue":"packages/core/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/core@0.18.0"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-01T15:54:28Z","text":"This Software Bill-of-Materials (SBOM) document was created on Friday, May 1, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'core' with version '0.18.0'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 7 source files."}]}