@aegis-scan/core 0.18.0 → 0.18.2

package/dist/index.d.ts

@@ -10,7 +10,7 @@ export { parseSuppressions, isSuppressed, getUnusedSuppressions, getNakedSuppres
 export { globToRegex, configSuppressionMatches, applyPipelineSuppressions, type SuppressionStats, } from './suppression-filter.js';
 export { PRECISION_GATES, SCANNER_TIERS, tierOf, gateFor, passesPrecisionGate, type PrecisionTier, } from './precision-tiers.js';
 export { RoESchema, validateTargetInScope, validateTemporalEnvelope, getAssetCriticality, validateAction, synthesizeMinimalRoE, loadRoE, type RoE, type ValidationDecision, type RoEParseResult, type RoEParseSuccess, type RoEParseFailure, } from './roe/index.js';
-export { emitEvent, makeEvent, findingEvent, isCriticalSeverity, initStateFile, EngagementStateSchema, writeEngagementState, loadEngagementState, newEngagementState, installSignalHandlers, dispatchNotification, sha256, canonicalize, hashCanonical, ChainedEmitter, verifyAuditChain, type EngagementEvent, type EngagementEventBase, type EventSink, type EngagementState, type LoadStateResult, type LoadStateOk, type LoadStateFailure, type DumpReason, type SignalHandlerOptions, type NotificationConfig, type ChainedEmitterOpts, type ChainVerifyResult, type ChainVerifyOk, type ChainVerifyFailure, } from './runtime/index.js';
+export { emitEvent, makeEvent, findingEvent, isCriticalSeverity, initStateFile, EngagementStateSchema, writeEngagementState, loadEngagementState, newEngagementState, installSignalHandlers, dispatchNotification, sha256, canonicalize, hashCanonical, ChainedEmitter, verifyAuditChain, opsecPace, applyOpsecHeaders, applyOpsecDispatcher, validateProxyUrl, _resetOpsecPacingForTesting, type EngagementEvent, type EngagementEventBase, type EventSink, type EngagementState, type LoadStateResult, type LoadStateOk, type LoadStateFailure, type DumpReason, type SignalHandlerOptions, type NotificationConfig, type ChainedEmitterOpts, type ChainVerifyResult, type ChainVerifyOk, type ChainVerifyFailure, type OpsecOptions, } from './runtime/index.js';
 export { assignCiaVector, evaluateCiaThreshold, CWE_CIA_DEFAULTS, evaluateApprovalGate, detectIrreversibleActions, evaluateIrreversibleGate, PHASE_TO_AUTONOMY_LEVEL, validateDelegationMatrix, rolesForAction, escalateOnSeverity, escalateOnConfidence, escalateOnComplianceTrigger, type CiaThresholdEvaluation, type AutonomyLevel, type AutonomyLevelPolicy, type AutonomyLevelsConfig, type ApprovalGateDecision, type IrreversibleGateDecision, type DelegationEntry, type AuthorityMatrixValidation, type SeverityEscalationConfig, type ConfidencePauseConfig, type ComplianceTriggerConfig, type EscalationDecision, } from './oversight/index.js';
 export { startKillRequestWatcher, requestKill, startDeadManHeartbeat, runHealthCheck, newHealthCounters, currentHeapMb, errorRate, probeTargetIntegrity, detectScopeBreach, withPhaseTimeout, derivePhaseTimeoutMs, type KillRequestWatcherOptions, type KillRequestWatcherHandle, type HeartbeatOptions, type HeartbeatHandle, type HealthThresholds, type HealthCounters, type HealthCheckResult, type IntegrityProbeBaseline, type IntegrityProbeResult, type IntegrityProbeOptions, type FindingLike, type BreachDetectionResult, type TimeoutResult, type TimeoutOk, type TimeoutFailure, type PhaseTimeoutOptions, } from './safety-controls/index.js';
 export { enforceInstructionBoundary, WRAPPER_ACTION_ALLOWLIST, validateWrapperResponse, detectAuthorityClaim, pinConfig, verifyConfig, safeFetch, classifyIp, isSafeFetchRejection, detectScopeExpansion, composeEgressAllowlist, withEgressEnv, ORCHESTRATOR_ESSENTIALS, validateSandboxMode, wrapForSandbox, preflightSandboxImages, SANDBOX_MODES, DEFAULT_WRAPPER_IMAGES, type WrapperAction, type ResponseValidation, type AuthorityClaim, type AuthorityClaimResult, type ConfigPin, type ConfigVerifyResult, type SafeFetchOptions, type SafeFetchRejection, type SafeFetchRejectReason, type ScopeExpansionKind, type ScopeExpansionResult, type EgressAllowlist, type ComposeEgressAllowlistOptions, type SandboxMode, type SandboxModeValidation, type WrapForSandboxOptions, type WrappedExec, type SandboxPreflightResult, type PreflightSandboxOptions, } from './manipulation-resistance/index.js';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,mBAAmB,EAAE,eAAe,EAAE,KAAK,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AACnJ,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,qBAAqB,EACrB,oBAAoB,EACpB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,yBAAyB,EACzB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,eAAe,EACf,aAAa,EACb,MAAM,EACN,OAAO,EACP,mBAAmB,EACnB,KAAK,aAAa,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,oBAAoB,EACpB,OAAO,EACP,KAAK,GAAG,EACR,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,MAAM,EACN,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,gBAAgB,EACrB,KAAK,UAAU,EACf,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,kBAAkB,GACxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,2BAA2B,EAC3B,KAAK,sBAAsB,EAC3B,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EACzB,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,GACxB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,uBAAuB,EACvB,WAAW,EACX,qBAAqB,EACrB,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,WAAW,EAChB,KAAK,qBAAqB,EAC1B,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,mBAAmB,GACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,oBAAoB,EACpB,SAAS,EACT,YAAY,EACZ,SAAS,EACT,UAAU,EACV,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,aAAa,EACb,sBAAsB,EACtB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,SAAS,EACd,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,KAAK,6BAA6B,EAClC,KAAK,WAAW,EAChB,KAAK,qBAAqB,EAC1B,KAAK,qBAAqB,EAC1B,KAAK,WAAW,EAChB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,oCAAoC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,UAAU,EAAE,KAAK,eAAe,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,mBAAmB,EAAE,eAAe,EAAE,KAAK,UAAU,EAAE,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AACnJ,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,qBAAqB,EACrB,oBAAoB,EACpB,KAAK,WAAW,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,yBAAyB,EACzB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,eAAe,EACf,aAAa,EACb,MAAM,EACN,OAAO,EACP,mBAAmB,EACnB,KAAK,aAAa,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,oBAAoB,EACpB,OAAO,EACP,KAAK,GAAG,EACR,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,MAAM,EACN,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,2BAA2B,EAC3B,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,gBAAgB,EACrB,KAAK,UAAU,EACf,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,2BAA2B,EAC3B,KAAK,sBAAsB,EAC3B,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,oBAAoB,EACzB,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EACpB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,EAC5B,KAAK,kBAAkB,GACxB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,uBAAuB,EACvB,WAAW,EACX,qBAAqB,EACrB,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,KAAK,WAAW,EAChB,KAAK,qBAAqB,EAC1B,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,cAAc,EACnB,KAAK,mBAAmB,GACzB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,oBAAoB,EACpB,SAAS,EACT,YAAY,EACZ,SAAS,EACT,UAAU,EACV,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,aAAa,EACb,sBAAsB,EACtB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,oBAAoB,EACzB,KAAK,SAAS,EACd,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,KAAK,6BAA6B,EAClC,KAAK,WAAW,EAChB,KAAK,qBAAqB,EAC1B,KAAK,qBAAqB,EAC1B,KAAK,WAAW,EAChB,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,GAC7B,MAAM,oCAAoC,CAAC"}

package/dist/index.js

@@ -10,7 +10,7 @@ export { parseSuppressions, isSuppressed, getUnusedSuppressions, getNakedSuppres
 export { globToRegex, configSuppressionMatches, applyPipelineSuppressions, } from './suppression-filter.js';
 export { PRECISION_GATES, SCANNER_TIERS, tierOf, gateFor, passesPrecisionGate, } from './precision-tiers.js';
 export { RoESchema, validateTargetInScope, validateTemporalEnvelope, getAssetCriticality, validateAction, synthesizeMinimalRoE, loadRoE, } from './roe/index.js';
-export { emitEvent, makeEvent, findingEvent, isCriticalSeverity, initStateFile, EngagementStateSchema, writeEngagementState, loadEngagementState, newEngagementState, installSignalHandlers, dispatchNotification, sha256, canonicalize, hashCanonical, ChainedEmitter, verifyAuditChain, } from './runtime/index.js';
+export { emitEvent, makeEvent, findingEvent, isCriticalSeverity, initStateFile, EngagementStateSchema, writeEngagementState, loadEngagementState, newEngagementState, installSignalHandlers, dispatchNotification, sha256, canonicalize, hashCanonical, ChainedEmitter, verifyAuditChain, opsecPace, applyOpsecHeaders, applyOpsecDispatcher, validateProxyUrl, _resetOpsecPacingForTesting, } from './runtime/index.js';
 export { assignCiaVector, evaluateCiaThreshold, CWE_CIA_DEFAULTS, evaluateApprovalGate, detectIrreversibleActions, evaluateIrreversibleGate, PHASE_TO_AUTONOMY_LEVEL, validateDelegationMatrix, rolesForAction, escalateOnSeverity, escalateOnConfidence, escalateOnComplianceTrigger, } from './oversight/index.js';
 export { startKillRequestWatcher, requestKill, startDeadManHeartbeat, runHealthCheck, newHealthCounters, currentHeapMb, errorRate, probeTargetIntegrity, detectScopeBreach, withPhaseTimeout, derivePhaseTimeoutMs, } from './safety-controls/index.js';
 export { enforceInstructionBoundary, WRAPPER_ACTION_ALLOWLIST, validateWrapperResponse, detectAuthorityClaim, pinConfig, verifyConfig, safeFetch, classifyIp, isSafeFetchRejection, detectScopeExpansion, composeEgressAllowlist, withEgressEnv, ORCHESTRATOR_ESSENTIALS, validateSandboxMode, wrapForSandbox, preflightSandboxImages, SANDBOX_MODES, DEFAULT_WRAPPER_IMAGES, } from './manipulation-resistance/index.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,UAAU,EAAwB,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,mBAAmB,EAAE,eAAe,EAAqC,MAAM,YAAY,CAAC;AACnJ,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,qBAAqB,EACrB,oBAAoB,GAErB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,yBAAyB,GAE1B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,eAAe,EACf,aAAa,EACb,MAAM,EACN,OAAO,EACP,mBAAmB,GAEpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,oBAAoB,EACpB,OAAO,GAMR,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,MAAM,EACN,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,GAejB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,2BAA2B,GAa5B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,uBAAuB,EACvB,WAAW,EACX,qBAAqB,EACrB,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,GAiBrB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,oBAAoB,EACpB,SAAS,EACT,YAAY,EACZ,SAAS,EACT,UAAU,EACV,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,aAAa,EACb,sBAAsB,GAoBvB,MAAM,oCAAoC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,UAAU,EAAwB,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,mBAAmB,EAAE,eAAe,EAAqC,MAAM,YAAY,CAAC;AACnJ,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,qBAAqB,EACrB,oBAAoB,GAErB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,WAAW,EACX,wBAAwB,EACxB,yBAAyB,GAE1B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,eAAe,EACf,aAAa,EACb,MAAM,EACN,OAAO,EACP,mBAAmB,GAEpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,SAAS,EACT,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,cAAc,EACd,oBAAoB,EACpB,OAAO,GAMR,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,MAAM,EACN,YAAY,EACZ,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,2BAA2B,GAgB5B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,eAAe,EACf,oBAAoB,EACpB,gBAAgB,EAChB,oBAAoB,EACpB,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,2BAA2B,GAa5B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,uBAAuB,EACvB,WAAW,EACX,qBAAqB,EACrB,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,GAiBrB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,oBAAoB,EACpB,SAAS,EACT,YAAY,EACZ,SAAS,EACT,UAAU,EACV,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,aAAa,EACb,sBAAsB,GAoBvB,MAAM,oCAAoC,CAAC"}

package/dist/runtime/index.d.ts

@@ -4,4 +4,5 @@ export { installSignalHandlers, type DumpReason, type SignalHandlerOptions, } fr
 export { dispatchNotification, type NotificationConfig, } from './notifications.js';
 export { sha256, canonicalize, hashCanonical, } from './hash.js';
 export { ChainedEmitter, verifyAuditChain, type ChainedEmitterOpts, type ChainVerifyResult, type ChainVerifyOk, type ChainVerifyFailure, } from './chain.js';
+export { opsecPace, applyOpsecHeaders, applyOpsecDispatcher, validateProxyUrl, _resetOpsecPacingForTesting, type OpsecOptions, } from './opsec.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/runtime/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,GACf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,gBAAgB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,qBAAqB,EACrB,KAAK,UAAU,EACf,KAAK,oBAAoB,GAC1B,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,oBAAoB,EACpB,KAAK,kBAAkB,GACxB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,MAAM,EACN,YAAY,EACZ,aAAa,GACd,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,kBAAkB,GACxB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,EACb,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,GACf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,gBAAgB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,qBAAqB,EACrB,KAAK,UAAU,EACf,KAAK,oBAAoB,GAC1B,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,oBAAoB,EACpB,KAAK,kBAAkB,GACxB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,MAAM,EACN,YAAY,EACZ,aAAa,GACd,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,kBAAkB,GACxB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,2BAA2B,EAC3B,KAAK,YAAY,GAClB,MAAM,YAAY,CAAC"}

package/dist/runtime/index.js

@@ -4,4 +4,5 @@ export { installSignalHandlers, } from './signals.js';
 export { dispatchNotification, } from './notifications.js';
 export { sha256, canonicalize, hashCanonical, } from './hash.js';
 export { ChainedEmitter, verifyAuditChain, } from './chain.js';
+export { opsecPace, applyOpsecHeaders, applyOpsecDispatcher, validateProxyUrl, _resetOpsecPacingForTesting, } from './opsec.js';
 //# sourceMappingURL=index.js.map

package/dist/runtime/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,GAId,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,GAKnB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,qBAAqB,GAGtB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,oBAAoB,GAErB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,MAAM,EACN,YAAY,EACZ,aAAa,GACd,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,cAAc,EACd,gBAAgB,GAKjB,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,aAAa,GAId,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,GAKnB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,qBAAqB,GAGtB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,oBAAoB,GAErB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,MAAM,EACN,YAAY,EACZ,aAAa,GACd,MAAM,WAAW,CAAC;AAEnB,OAAO,EACL,cAAc,EACd,gBAAgB,GAKjB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,EAChB,2BAA2B,GAE5B,MAAM,YAAY,CAAC"}

package/dist/runtime/notifications.d.ts

@@ -1,20 +1,26 @@
 /**
- * Notification dispatcher.
+ * Notification dispatcher — multi-channel.
  *
  * Closes APTS-HO-015 (Real-Time Activity Monitoring and Multi-Channel
- * Notification — partial closure: webhook channel only; multi-channel
- * (Slack/email/PagerDuty) is Cluster-2.5 work).
+ * Notification). v0.18.0 F-NOTIFY-CHANNELS-1 added Slack + Discord adapters
+ * alongside the original generic webhook channel; PagerDuty + Email remain
+ * future additions.
  *
- * Operator declares one or more webhook URLs in the RoE schema (notifications
- * field) or via the siege --notify-webhook flag. The dispatcher fires
- * fire-and-forget HTTP POST with the JSONL event payload. Failures are
- * logged to the same event channel as `notification-failed` events but do
- * not halt the engagement.
+ * Operator declares channels per type in the RoE schema (notifications
+ * field) or via siege CLI flags (--notify-webhook / --notify-slack /
+ * --notify-discord, all repeatable). The dispatcher fires fire-and-forget
+ * HTTP POST per channel with the channel-specific payload shape. Failures
+ * are logged as halt-events with a channel-tagged reason but do not halt
+ * the engagement.
  */
 import type { EngagementEvent, EventSink } from './events.js';
 export interface NotificationConfig {
-    /** Webhook URLs to POST events to. Operators may set multiple. */
-    webhooks: string[];
+    /** Generic webhook URLs (raw EngagementEvent JSON). Repeatable. */
+    webhooks?: string[];
+    /** Slack incoming-webhook URLs (Slack Block-Kit shape). Repeatable. */
+    slack?: string[];
+    /** Discord webhook URLs (Discord embed shape). Repeatable. */
+    discord?: string[];
     /** Subset of event types to forward. Defaults to high-signal events. */
     events?: EngagementEvent['event'][];
     /** Per-request timeout in ms. Default 5000. */

package/dist/runtime/notifications.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../src/runtime/notifications.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG9D,MAAM,WAAW,kBAAkB;IACjC,kEAAkE;IAClE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,wEAAwE;IACxE,MAAM,CAAC,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IACpC,+CAA+C;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAWD,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,eAAe,EACtB,MAAM,EAAE,kBAAkB,EAC1B,SAAS,EAAE,SAAS,EACpB,OAAO,GAAE,OAAO,KAAa,GAC5B,OAAO,CAAC,IAAI,CAAC,CAkCf"}
+{"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../src/runtime/notifications.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAG9D,MAAM,WAAW,kBAAkB;IACjC,mEAAmE;IACnE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,uEAAuE;IACvE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,8DAA8D;IAC9D,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,wEAAwE;IACxE,MAAM,CAAC,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;IACpC,+CAA+C;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAuED,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,eAAe,EACtB,MAAM,EAAE,kBAAkB,EAC1B,SAAS,EAAE,SAAS,EACpB,OAAO,GAAE,OAAO,KAAa,GAC5B,OAAO,CAAC,IAAI,CAAC,CAqCf"}

package/dist/runtime/notifications.js

@@ -7,30 +7,83 @@ const DEFAULT_FORWARDED = [
     'kill',
     'completion',
 ];
+// Discord embed colors per event type (decimal RGB).
+const DISCORD_COLORS = {
+    'engagement-start': 3447003, // blue
+    'critical-finding': 16711680, // red
+    intervention: 15105570, // orange
+    halt: 16711680, // red
+    kill: 0, // black
+    completion: 5763719, // green
+};
+function formatForSlack(event) {
+    const summary = `🛡 AEGIS \`${event.event}\` — engagement \`${event.engagement_id}\``;
+    // Truncate JSON to fit Slack block-kit text limits (~3000 chars per section)
+    const payloadJson = JSON.stringify(event, null, 2).slice(0, 1500);
+    return {
+        text: summary,
+        blocks: [
+            { type: 'header', text: { type: 'plain_text', text: `AEGIS — ${event.event}` } },
+            { type: 'section', text: { type: 'mrkdwn', text: `*engagement:* \`${event.engagement_id}\`\n*ts:* ${event.ts}` } },
+            { type: 'section', text: { type: 'mrkdwn', text: '```' + payloadJson + '```' } },
+        ],
+    };
+}
+function formatForDiscord(event) {
+    const color = DISCORD_COLORS[event.event] ?? 8421504; // default: gray
+    // Discord embed-field value limit is 1024 chars
+    const payloadJson = JSON.stringify(event, null, 2).slice(0, 900);
+    return {
+        content: `**AEGIS** — \`${event.event}\``,
+        embeds: [{
+                title: event.event,
+                description: `engagement: \`${event.engagement_id}\``,
+                color,
+                timestamp: event.ts,
+                fields: [{ name: 'payload', value: '```json\n' + payloadJson + '\n```' }],
+            }],
+    };
+}
+function buildTargets(event, config) {
+    const targets = [];
+    for (const url of config.webhooks ?? []) {
+        targets.push({ url, body: event, channel: 'webhook' });
+    }
+    for (const url of config.slack ?? []) {
+        targets.push({ url, body: formatForSlack(event), channel: 'slack' });
+    }
+    for (const url of config.discord ?? []) {
+        targets.push({ url, body: formatForDiscord(event), channel: 'discord' });
+    }
+    return targets;
+}
 export async function dispatchNotification(event, config, eventSink, fetcher = fetch) {
     const allowed = config.events ?? DEFAULT_FORWARDED;
     if (!allowed.includes(event.event))
         return;
+    const targets = buildTargets(event, config);
+    if (targets.length === 0)
+        return;
     const timeoutMs = config.timeoutMs ?? 5000;
-    for (const url of config.webhooks) {
+    for (const target of targets) {
         const controller = new AbortController();
         const timer = setTimeout(() => controller.abort(), timeoutMs);
         try {
-            const res = await fetcher(url, {
+            const res = await fetcher(target.url, {
                 method: 'POST',
                 headers: { 'content-type': 'application/json' },
-                body: JSON.stringify(event),
+                body: JSON.stringify(target.body),
                 signal: controller.signal,
             });
             if (!res.ok) {
                 emitEvent(makeEvent(event.engagement_id, 'halt', {
-                    reason: `notification-webhook ${url} returned ${res.status} for event ${event.event} — non-fatal`,
+                    reason: `notification-${target.channel} ${target.url} returned ${res.status} for event ${event.event} — non-fatal`,
                 }), eventSink);
             }
         }
         catch (err) {
             emitEvent(makeEvent(event.engagement_id, 'halt', {
-                reason: `notification-webhook ${url} threw for event ${event.event}: ${err instanceof Error ? err.message : String(err)} — non-fatal`,
+                reason: `notification-${target.channel} ${target.url} threw for event ${event.event}: ${err instanceof Error ? err.message : String(err)} — non-fatal`,
             }), eventSink);
         }
         finally {

package/dist/runtime/notifications.js.map

@@ -1 +1 @@
-{"version":3,"file":"notifications.js","sourceRoot":"","sources":["../../src/runtime/notifications.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAWnD,MAAM,iBAAiB,GAA+B;IACpD,kBAAkB;IAClB,kBAAkB;IAClB,cAAc;IACd,MAAM;IACN,MAAM;IACN,YAAY;CACb,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAsB,EACtB,MAA0B,EAC1B,SAAoB,EACpB,UAAwB,KAAK;IAE7B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,IAAI,iBAAiB,CAAC;IACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,OAAO;IAE3C,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE;gBAC7B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;gBAC3B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,SAAS,CACP,SAAS,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,EAAE;oBACrC,MAAM,EAAE,wBAAwB,GAAG,aAAa,GAAG,CAAC,MAAM,cAAc,KAAK,CAAC,KAAK,cAAc;iBAClG,CAAC,EACF,SAAS,CACV,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,CACP,SAAS,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,EAAE;gBACrC,MAAM,EAAE,wBAAwB,GAAG,oBAAoB,KAAK,CAAC,KAAK,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc;aACtI,CAAC,EACF,SAAS,CACV,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"notifications.js","sourceRoot":"","sources":["../../src/runtime/notifications.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAenD,MAAM,iBAAiB,GAA+B;IACpD,kBAAkB;IAClB,kBAAkB;IAClB,cAAc;IACd,MAAM;IACN,MAAM;IACN,YAAY;CACb,CAAC;AAEF,qDAAqD;AACrD,MAAM,cAAc,GAAsD;IACxE,kBAAkB,EAAE,OAAO,EAAK,OAAO;IACvC,kBAAkB,EAAE,QAAQ,EAAI,MAAM;IACtC,YAAY,EAAE,QAAQ,EAAU,SAAS;IACzC,IAAI,EAAE,QAAQ,EAAkB,MAAM;IACtC,IAAI,EAAE,CAAC,EAAyB,QAAQ;IACxC,UAAU,EAAE,OAAO,EAAa,QAAQ;CACzC,CAAC;AAEF,SAAS,cAAc,CAAC,KAAsB;IAC5C,MAAM,OAAO,GAAG,cAAc,KAAK,CAAC,KAAK,qBAAqB,KAAK,CAAC,aAAa,IAAI,CAAC;IACtF,6EAA6E;IAC7E,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAClE,OAAO;QACL,IAAI,EAAE,OAAO;QACb,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE;YAChF,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,mBAAmB,KAAK,CAAC,aAAa,aAAa,KAAK,CAAC,EAAE,EAAE,EAAE,EAAE;YAClH,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,GAAG,WAAW,GAAG,KAAK,EAAE,EAAE;SACjF;KACF,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAsB;IAC9C,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,CAAC,gBAAgB;IACtE,gDAAgD;IAChD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACjE,OAAO;QACL,OAAO,EAAE,iBAAiB,KAAK,CAAC,KAAK,IAAI;QACzC,MAAM,EAAE,CAAC;gBACP,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,WAAW,EAAE,iBAAiB,KAAK,CAAC,aAAa,IAAI;gBACrD,KAAK;gBACL,SAAS,EAAE,KAAK,CAAC,EAAE;gBACnB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,GAAG,WAAW,GAAG,OAAO,EAAE,CAAC;aAC1E,CAAC;KACH,CAAC;AACJ,CAAC;AAQD,SAAS,YAAY,CAAC,KAAsB,EAAE,MAA0B;IACtE,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QACvC,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,gBAAgB,CAAC,KAAK,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAsB,EACtB,MAA0B,EAC1B,SAAoB,EACpB,UAAwB,KAAK;IAE7B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,IAAI,iBAAiB,CAAC;IACnD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,OAAO;IAE3C,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO;IAEjC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC;IAC3C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE;gBACpC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;gBACjC,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,SAAS,CACP,SAAS,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,EAAE;oBACrC,MAAM,EAAE,gBAAgB,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,GAAG,aAAa,GAAG,CAAC,MAAM,cAAc,KAAK,CAAC,KAAK,cAAc;iBACnH,CAAC,EACF,SAAS,CACV,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,SAAS,CACP,SAAS,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,EAAE;gBACrC,MAAM,EAAE,gBAAgB,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,GAAG,oBAAoB,KAAK,CAAC,KAAK,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc;aACvJ,CAAC,EACF,SAAS,CACV,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/runtime/opsec.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Phase-17 OPSEC (Operational Security) options for outbound traffic during
+ * active-mode engagements. Controls request pacing, UA fingerprint, and
+ * upstream proxy routing — supports non-paranoid environments (dev-server
+ * testing, CI ephemerals) and reduces detection surface against rate-limited
+ * targets.
+ *
+ * Proxy semantics: when `proxy` is set, `applyOpsecDispatcher` calls
+ * `undici.setGlobalDispatcher(new ProxyAgent(proxy))`, which routes ALL
+ * `fetch()` calls in the Node process through that upstream proxy — including
+ * native fetch in attack-probes AND LLM-API calls in `aegis fix`. DAST tool
+ * wrappers (zap, nuclei, strix, ptai, pentestswarm) shell out to external
+ * binaries via `child_process.exec` and do NOT honor the dispatcher; they
+ * use their own per-tool proxy configuration.
+ */
+export interface OpsecOptions {
+    /** Random delay 0..jitterMs added between requests on top of rateMs */
+    jitterMs?: number;
+    /** Minimum delay (ms) between successive requests across all scanners */
+    rateMs?: number;
+    /** User-Agent header override (default: scanner-specific UA when unset) */
+    userAgent?: string;
+    /**
+     * Upstream HTTP(S) proxy URL (e.g. `http://127.0.0.1:8080` for mitmproxy).
+     * Routes all native-fetch traffic through the proxy via undici.ProxyAgent.
+     * Shell-out DAST tools bypass this — see module-level docstring.
+     */
+    proxy?: string;
+}
+/** Test-only: reset the global request-time tracker between specs. */
+export declare function _resetOpsecPacingForTesting(): void;
+/**
+ * Pace the next outbound request: sleeps until rateMs has elapsed since the
+ * last call, plus a random 0..jitterMs jitter on top. No-op when opsec is
+ * undefined or both fields are zero. Module-global state — pacing applies
+ * across all parallel scanner calls, which is the correct behavior for an
+ * overall-rate budget.
+ */
+export declare function opsecPace(opsec?: OpsecOptions): Promise<void>;
+/**
+ * Apply opsec headers (currently just User-Agent) to a fetch RequestInit.
+ * Returns a new init object — does not mutate the input. When opsec.userAgent
+ * is set, it overrides any pre-existing User-Agent header in the init.
+ */
+export declare function applyOpsecHeaders(init: RequestInit | undefined, opsec?: OpsecOptions): RequestInit;
+/**
+ * Validate a proxy URL eagerly — fail-fast at CLI flag-parse time rather
+ * than mid-engagement on the first outbound request. Throws on invalid URL,
+ * non-http(s) protocol, or ProxyAgent constructor failure.
+ *
+ * Exposed so CLI handlers can validate `--proxy` before any orchestrator
+ * setup (per advisor 2026-05-02 — operator gets a clear error up-front).
+ */
+export declare function validateProxyUrl(proxy: string): void;
+/**
+ * Apply the opsec proxy by saving the current global undici dispatcher and
+ * installing a `ProxyAgent`. Returns a restore-fn that puts the prior
+ * dispatcher back — callers MUST invoke it on engagement teardown (and tests
+ * MUST invoke it in afterEach to avoid cross-test state leakage).
+ *
+ * No-op (returns identity restore-fn) when opsec is undefined or proxy is
+ * unset. Validates the proxy URL via `validateProxyUrl` before mutating
+ * global state — callers that already validated may still call this safely.
+ */
+export declare function applyOpsecDispatcher(opsec?: OpsecOptions): () => void;
+//# sourceMappingURL=opsec.d.ts.map

package/dist/runtime/opsec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"opsec.d.ts","sourceRoot":"","sources":["../../src/runtime/opsec.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,YAAY;IAC3B,uEAAuE;IACvE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yEAAyE;IACzE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2EAA2E;IAC3E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,sEAAsE;AACtE,wBAAgB,2BAA2B,IAAI,IAAI,CAElD;AAED;;;;;;GAMG;AACH,wBAAsB,SAAS,CAAC,KAAK,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAenE;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,WAAW,GAAG,SAAS,EAC7B,KAAK,CAAC,EAAE,YAAY,GACnB,WAAW,CAQb;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAcpD;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,CAAC,EAAE,YAAY,GAAG,MAAM,IAAI,CAWrE"}

package/dist/runtime/opsec.js

@@ -0,0 +1,92 @@
+import { getGlobalDispatcher, setGlobalDispatcher, ProxyAgent } from 'undici';
+let lastRequestTime = 0;
+/** Test-only: reset the global request-time tracker between specs. */
+export function _resetOpsecPacingForTesting() {
+    lastRequestTime = 0;
+}
+/**
+ * Pace the next outbound request: sleeps until rateMs has elapsed since the
+ * last call, plus a random 0..jitterMs jitter on top. No-op when opsec is
+ * undefined or both fields are zero. Module-global state — pacing applies
+ * across all parallel scanner calls, which is the correct behavior for an
+ * overall-rate budget.
+ */
+export async function opsecPace(opsec) {
+    if (!opsec)
+        return;
+    const rateMs = opsec.rateMs ?? 0;
+    const jitterMs = opsec.jitterMs ?? 0;
+    if (rateMs === 0 && jitterMs === 0)
+        return;
+    const now = Date.now();
+    const since = now - lastRequestTime;
+    const remaining = Math.max(0, rateMs - since);
+    const jitter = jitterMs > 0 ? Math.floor(Math.random() * jitterMs) : 0;
+    const wait = remaining + jitter;
+    if (wait > 0) {
+        await new Promise((r) => setTimeout(r, wait));
+    }
+    lastRequestTime = Date.now();
+}
+/**
+ * Apply opsec headers (currently just User-Agent) to a fetch RequestInit.
+ * Returns a new init object — does not mutate the input. When opsec.userAgent
+ * is set, it overrides any pre-existing User-Agent header in the init.
+ */
+export function applyOpsecHeaders(init, opsec) {
+    const result = { ...(init ?? {}) };
+    if (opsec?.userAgent) {
+        const headers = new Headers(result.headers);
+        headers.set('User-Agent', opsec.userAgent);
+        result.headers = headers;
+    }
+    return result;
+}
+/**
+ * Validate a proxy URL eagerly — fail-fast at CLI flag-parse time rather
+ * than mid-engagement on the first outbound request. Throws on invalid URL,
+ * non-http(s) protocol, or ProxyAgent constructor failure.
+ *
+ * Exposed so CLI handlers can validate `--proxy` before any orchestrator
+ * setup (per advisor 2026-05-02 — operator gets a clear error up-front).
+ */
+export function validateProxyUrl(proxy) {
+    let parsed;
+    try {
+        parsed = new URL(proxy);
+    }
+    catch {
+        throw new Error(`Invalid --proxy URL: ${proxy} (must be http(s)://host:port)`);
+    }
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+        throw new Error(`Invalid --proxy protocol: ${parsed.protocol} (only http: and https: supported)`);
+    }
+    // ProxyAgent construction performs additional validation (parsing port,
+    // host); surface those errors to the operator pre-engagement too.
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const _probe = new ProxyAgent(proxy);
+}
+/**
+ * Apply the opsec proxy by saving the current global undici dispatcher and
+ * installing a `ProxyAgent`. Returns a restore-fn that puts the prior
+ * dispatcher back — callers MUST invoke it on engagement teardown (and tests
+ * MUST invoke it in afterEach to avoid cross-test state leakage).
+ *
+ * No-op (returns identity restore-fn) when opsec is undefined or proxy is
+ * unset. Validates the proxy URL via `validateProxyUrl` before mutating
+ * global state — callers that already validated may still call this safely.
+ */
+export function applyOpsecDispatcher(opsec) {
+    if (!opsec?.proxy)
+        return () => { };
+    validateProxyUrl(opsec.proxy);
+    const prior = getGlobalDispatcher();
+    const agent = new ProxyAgent(opsec.proxy);
+    setGlobalDispatcher(agent);
+    return () => {
+        setGlobalDispatcher(prior);
+        // Best-effort agent close — never throw from a teardown fn.
+        void agent.close().catch(() => { });
+    };
+}
+//# sourceMappingURL=opsec.js.map

package/dist/runtime/opsec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"opsec.js","sourceRoot":"","sources":["../../src/runtime/opsec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,UAAU,EAAmB,MAAM,QAAQ,CAAC;AAgC/F,IAAI,eAAe,GAAG,CAAC,CAAC;AAExB,sEAAsE;AACtE,MAAM,UAAU,2BAA2B;IACzC,eAAe,GAAG,CAAC,CAAC;AACtB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,KAAoB;IAClD,IAAI,CAAC,KAAK;QAAE,OAAO;IACnB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,CAAC,CAAC;IACrC,IAAI,MAAM,KAAK,CAAC,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO;IAE3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,KAAK,GAAG,GAAG,GAAG,eAAe,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,MAAM,IAAI,GAAG,SAAS,GAAG,MAAM,CAAC;IAChC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,IAA6B,EAC7B,KAAoB;IAEpB,MAAM,MAAM,GAAgB,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;IAChD,IAAI,KAAK,EAAE,SAAS,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wBAAwB,KAAK,gCAAgC,CAAC,CAAC;IACjF,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,CAAC,QAAQ,oCAAoC,CAAC,CAAC;IACpG,CAAC;IACD,wEAAwE;IACxE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAoB;IACvD,IAAI,CAAC,KAAK,EAAE,KAAK;QAAE,OAAO,GAAG,EAAE,GAAE,CAAC,CAAC;IACnC,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAe,mBAAmB,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1C,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAC3B,OAAO,GAAG,EAAE;QACV,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC3B,4DAA4D;QAC5D,KAAK,KAAK,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACrC,CAAC,CAAC;AACJ,CAAC"}

package/dist/types.d.ts

@@ -194,6 +194,18 @@ export interface SuppressionOptions {
     /** Default true — log a warning for suppressions without a reason. */
     warnNaked?: boolean;
 }
+/**
+ * Phase-17 OPSEC options applied to outbound active-mode traffic. Mirrors the
+ * `OpsecOptions` type re-exported from `runtime/opsec` so AegisConfig is a
+ * single import for downstream scanners. Field semantics: see runtime/opsec.ts.
+ */
+export interface AegisConfigOpsec {
+    jitterMs?: number;
+    rateMs?: number;
+    userAgent?: string;
+    /** Upstream HTTP(S) proxy URL — see runtime/opsec.ts for routing semantics. */
+    proxy?: string;
+}
 export interface AegisConfig {
     projectPath: string;
     stack: DetectedStack;
@@ -204,6 +216,8 @@ export interface AegisConfig {
     ignore?: string[];
     target?: string;
     mode: 'scan' | 'audit' | 'pentest' | 'siege' | 'fortress';
+    /** Phase-17 OPSEC options for outbound active-mode traffic. */
+    opsec?: AegisConfigOpsec;
     /** When set, only report findings for files in this list (diff mode). Absolute paths. */
     diffFiles?: string[];
     /** User-defined taint sources extending built-in TAINT_SOURCES. */

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEnF,MAAM,MAAM,YAAY,GACpB,UAAU,GAAG,MAAM,GAAG,cAAc,GAAG,YAAY,GAAG,SAAS,GAC/D,eAAe,GAAG,aAAa,GAAG,gBAAgB,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAClF,QAAQ,CAAC;AAEb;;;;;;;GAOG;AACH,MAAM,WAAW,WAAW;IAC1B,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4EAA4E;IAC5E,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;;;;;;OAUG;IACH,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;;;;;OAMG;IACH,UAAU,CAAC,EAAE;QAAE,CAAC,EAAE,SAAS,CAAC;QAAC,CAAC,EAAE,SAAS,CAAC;QAAC,CAAC,EAAE,SAAS,CAAA;KAAE,CAAC;CAC3D;AAED;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE3D,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,YAAY,CAAC;IACvB;;;;;;;;;OASG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CACrE;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACxL,QAAQ,EAAE,UAAU,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACtG,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;IAC1F,EAAE,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvE,OAAO,EAAE,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvC,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IACjF,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACvG,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,aAAa,GAAG,UAAU,CAAC;IAC3C,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qEAAqE;IACrE,IAAI,EAAE,MAAM,CAAC;IACb,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,sEAAsE;IACtE,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,aAAa,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;IAC1D,yFAAyF;IACzF,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,mEAAmE;IACnE,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,0FAA0F;IAC1F,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,gGAAgG;IAChG,YAAY,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAClC,iEAAiE;IACjE,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,gGAAgG;IAChG,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACtD,MAAM,MAAM,KAAK,GAAG,UAAU,GAAG,UAAU,GAAG,OAAO,GAAG,YAAY,GAAG,SAAS,GAAG,UAAU,CAAC;AAC9F,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEnD,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,KAAK,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,UAAU,CAAC;IACvB;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAAC;CACrC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEnF,MAAM,MAAM,YAAY,GACpB,UAAU,GAAG,MAAM,GAAG,cAAc,GAAG,YAAY,GAAG,SAAS,GAC/D,eAAe,GAAG,aAAa,GAAG,gBAAgB,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAClF,QAAQ,CAAC;AAEb;;;;;;;GAOG;AACH,MAAM,WAAW,WAAW;IAC1B,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4EAA4E;IAC5E,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,QAAQ,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB;;;;;;;;;;OAUG;IACH,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;;;;;;OAUG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;;;;;;OAMG;IACH,UAAU,CAAC,EAAE;QAAE,CAAC,EAAE,SAAS,CAAC;QAAC,CAAC,EAAE,SAAS,CAAC;QAAC,CAAC,EAAE,SAAS,CAAA;KAAE,CAAC;CAC3D;AAED;;;GAGG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE3D,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,YAAY,CAAC;IACvB;;;;;;;;;OASG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnD,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;CACrE;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,QAAQ,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,SAAS,CAAC;IACxL,QAAQ,EAAE,UAAU,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACtG,IAAI,EAAE,eAAe,GAAG,WAAW,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,GAAG,SAAS,CAAC;IAC1F,EAAE,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvE,OAAO,EAAE,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;IACvC,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAAC;IACjF,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,SAAS,CAAC;IACvG,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,aAAa,GAAG,UAAU,CAAC;IAC3C,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qEAAqE;IACrE,IAAI,EAAE,MAAM,CAAC;IACb,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,4EAA4E;IAC5E,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,sEAAsE;IACtE,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+EAA+E;IAC/E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,aAAa,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,OAAO,GAAG,UAAU,CAAC;IAC1D,+DAA+D;IAC/D,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB,yFAAyF;IACzF,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,mEAAmE;IACnE,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,0FAA0F;IAC1F,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,eAAe,EAAE,CAAC;IACrC,gGAAgG;IAChG,YAAY,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAClC,iEAAiE;IACjE,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,gGAAgG;IAChG,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,MAAM,KAAK,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACtD,MAAM,MAAM,KAAK,GAAG,UAAU,GAAG,UAAU,GAAG,OAAO,GAAG,YAAY,GAAG,SAAS,GAAG,UAAU,CAAC;AAC9F,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEnD,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,KAAK,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC,YAAY,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvF,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,UAAU,CAAC;IACvB;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,CAAC;CACrC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aegis-scan/core",
-  "version": "0.18.0",
+  "version": "0.18.2",
   "description": "AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.",
   "license": "MIT",
   "author": "RideMatch1 <230386010+RideMatch1@users.noreply.github.com>",
@@ -48,6 +48,7 @@
   "dependencies": {
     "ignore": "7.0.5",
     "picomatch": "^4.0.0",
+    "undici": "7.25.0",
     "zod": "^3.23.0"
   },
   "devDependencies": {

package/sbom.cdx.json

@@ -1 +1 @@
-{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:34366355-b756-4ee1-9350-4872ba7f0db0","version":1,"metadata":{"timestamp":"2026-05-01T15:54:28Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"core","group":"@aegis-scan","version":"0.18.0","description":"AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.","purl":"pkg:npm/%40aegis-scan/core@0.18.0","bom-ref":"pkg:npm/@aegis-scan/core@0.18.0","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/core/node_modules/@types/node/package.json\\npackages/core/node_modules/@types/picomatch/package.json\\npackages/core/node_modules/ignore/package.json\\npackages/core/node_modules/picomatch/package.json\\npackages/core/node_modules/typescript/package.json\\npackages/core/node_modules/vitest/package.json\\npackages/core/node_modules/zod/package.json"}]},"components":[{"authors":[{"name":"Colin McDonnell <zod@colinhacks.com>"}],"group":"","name":"zod","version":"3.25.76","description":"TypeScript-first schema declaration and validation library with static type inference","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/zod@3.25.76","externalReferences":[{"type":"website","url":"https://zod.dev"},{"type":"vcs","url":"git+https://github.com/colinhacks/zod.git"}],"type":"library","bom-ref":"pkg:npm/zod@3.25.76","properties":[{"name":"SrcFile","value":"packages/core/node_modules/zod/package.json"},{"name":"ImportedModules","value":"zod,zod/z"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/zod/package.json"}],"concludedValue":"packages/core/node_modules/zod/package.json"}],"occurrences":[{"location":"dist/manipulation-resistance/response-validator.js#23"},{"location":"dist/roe/types.js#24"},{"location":"dist/runtime/state.js#32"},{"location":"src/manipulation-resistance/response-validator.ts#23"},{"location":"src/roe/types.ts#24"},{"location":"src/runtime/state.ts#32"}]},"tags":["validation"]},{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/vitest/package.json"}],"concludedValue":"packages/core/node_modules/vitest/package.json"}]},"tags":["framework"]},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/core/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/typescript/package.json"}],"concludedValue":"packages/core/node_modules/typescript/package.json"}]}},{"authors":[{"name":"Jon Schlinkert (https://github.com/jonschlinkert)"}],"group":"","name":"picomatch","version":"4.0.4","description":"Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/picomatch@4.0.4","externalReferences":[{"type":"vcs","url":"https://github.com/micromatch/picomatch"}],"type":"library","bom-ref":"pkg:npm/picomatch@4.0.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/picomatch/package.json"},{"name":"ImportedModules","value":"picomatch"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/picomatch/package.json"}],"occurrences":[{"location":"dist/utils.js#5"},{"location":"src/utils.ts#5"}]}},{"authors":[{"name":"kael"}],"group":"","name":"ignore","version":"7.0.5","description":"Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/ignore@7.0.5","type":"library","bom-ref":"pkg:npm/ignore@7.0.5","properties":[{"name":"SrcFile","value":"packages/core/node_modules/ignore/package.json"},{"name":"ImportedModules","value":"ignore"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/ignore/package.json"}],"concludedValue":"packages/core/node_modules/ignore/package.json"}],"occurrences":[{"location":"dist/utils.js#4"},{"location":"src/utils.ts#4"}]}},{"group":"@types","name":"picomatch","version":"3.0.2","description":"TypeScript definitions for picomatch","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/picomatch@3.0.2","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/picomatch"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/picomatch@3.0.2","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/picomatch/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/@types/picomatch/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/node/package.json"}],"concludedValue":"packages/core/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/core@0.18.0"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-01T15:54:28Z","text":"This Software Bill-of-Materials (SBOM) document was created on Friday, May 1, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'core' with version '0.18.0'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 7 source files."}]}
+{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:18bf68ae-a1ca-4c63-a4e4-2152273fd8b0","version":1,"metadata":{"timestamp":"2026-05-07T09:07:43Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"core","group":"@aegis-scan","version":"0.18.2","description":"AEGIS core engine — orchestrator, scoring (0-1000), config loader with Zod-strict schema, suppression filter, shared types + utilities. The foundation of the AEGIS security-scanner suite for Next.js + Supabase.","purl":"pkg:npm/%40aegis-scan/core@0.18.2","bom-ref":"pkg:npm/@aegis-scan/core@0.18.2","author":"RideMatch1 <230386010+RideMatch1@users.noreply.github.com>","type":"application","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"externalReferences":[{"type":"vcs","url":"https://github.com/RideMatch1/a.e.g.i.s#readme"},{"type":"vcs","url":"git+https://github.com/RideMatch1/a.e.g.i.s.git"}]},"properties":[{"name":"cdx:bom:componentTypes","value":"npm"},{"name":"cdx:bom:componentNamespaces","value":"@types"},{"name":"cdx:bom:componentSrcFiles","value":"packages/core/node_modules/@types/node/package.json\\npackages/core/node_modules/@types/picomatch/package.json\\npackages/core/node_modules/ignore/package.json\\npackages/core/node_modules/picomatch/package.json\\npackages/core/node_modules/typescript/package.json\\npackages/core/node_modules/undici/package.json\\npackages/core/node_modules/vitest/package.json\\npackages/core/node_modules/zod/package.json"}]},"components":[{"authors":[{"name":"Colin McDonnell <zod@colinhacks.com>"}],"group":"","name":"zod","version":"3.25.76","description":"TypeScript-first schema declaration and validation library with static type inference","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/zod@3.25.76","externalReferences":[{"type":"website","url":"https://zod.dev"},{"type":"vcs","url":"git+https://github.com/colinhacks/zod.git"}],"type":"library","bom-ref":"pkg:npm/zod@3.25.76","properties":[{"name":"SrcFile","value":"packages/core/node_modules/zod/package.json"},{"name":"ImportedModules","value":"zod,zod/z"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/zod/package.json"}],"concludedValue":"packages/core/node_modules/zod/package.json"}],"occurrences":[{"location":"dist/manipulation-resistance/response-validator.js#23"},{"location":"dist/roe/types.js#24"},{"location":"dist/runtime/state.js#32"},{"location":"src/manipulation-resistance/response-validator.ts#23"},{"location":"src/roe/types.ts#24"},{"location":"src/runtime/state.ts#32"}]},"tags":["validation"]},{"authors":[{"name":"Anthony Fu <anthonyfu117@hotmail.com>"}],"group":"","name":"vitest","version":"3.2.4","description":"Next generation testing framework powered by Vite","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/vitest@3.2.4","externalReferences":[{"type":"vcs","url":"https://github.com/vitest-dev/vitest#readme"},{"type":"vcs","url":"git+https://github.com/vitest-dev/vitest.git"}],"type":"framework","bom-ref":"pkg:npm/vitest@3.2.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/vitest/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/vitest/package.json"}],"concludedValue":"packages/core/node_modules/vitest/package.json"}]},"tags":["framework"]},{"group":"","name":"undici","version":"7.25.0","description":"An HTTP/1.1 client, written from scratch for Node.js","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/undici@7.25.0","externalReferences":[{"type":"website","url":"https://undici.nodejs.org"},{"type":"vcs","url":"git+https://github.com/nodejs/undici.git"}],"type":"library","bom-ref":"pkg:npm/undici@7.25.0","properties":[{"name":"SrcFile","value":"packages/core/node_modules/undici/package.json"},{"name":"ImportedModules","value":"undici,getGlobalDispatcher,undici/getGlobalDispatcher,setGlobalDispatcher,undici/setGlobalDispatcher,ProxyAgent,undici/ProxyAgent,Dispatcher,undici/Dispatcher"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/undici/package.json"}],"concludedValue":"packages/core/node_modules/undici/package.json"}],"occurrences":[{"location":"dist/runtime/opsec.js#1"},{"location":"src/runtime/opsec.ts#1"}]}},{"authors":[{"name":"Microsoft Corp."}],"group":"","name":"typescript","version":"5.9.3","description":"TypeScript is a language for application scale JavaScript development","scope":"optional","licenses":[{"license":{"id":"Apache-2.0","url":"https://opensource.org/licenses/Apache-2.0"}}],"purl":"pkg:npm/typescript@5.9.3","externalReferences":[{"type":"website","url":"https://www.typescriptlang.org/"},{"type":"vcs","url":"https://github.com/microsoft/TypeScript.git"}],"type":"library","bom-ref":"pkg:npm/typescript@5.9.3","properties":[{"name":"SrcFile","value":"packages/core/node_modules/typescript/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/typescript/package.json"}],"concludedValue":"packages/core/node_modules/typescript/package.json"}]}},{"authors":[{"name":"Jon Schlinkert (https://github.com/jonschlinkert)"}],"group":"","name":"picomatch","version":"4.0.4","description":"Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/picomatch@4.0.4","externalReferences":[{"type":"vcs","url":"https://github.com/micromatch/picomatch"}],"type":"library","bom-ref":"pkg:npm/picomatch@4.0.4","properties":[{"name":"SrcFile","value":"packages/core/node_modules/picomatch/package.json"},{"name":"ImportedModules","value":"picomatch"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/picomatch/package.json"}],"occurrences":[{"location":"dist/utils.js#5"},{"location":"src/utils.ts#5"}]}},{"authors":[{"name":"kael"}],"group":"","name":"ignore","version":"7.0.5","description":"Ignore is a manager and filter for .gitignore rules, the one used by eslint, gitbook and many others.","scope":"required","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/ignore@7.0.5","type":"library","bom-ref":"pkg:npm/ignore@7.0.5","properties":[{"name":"SrcFile","value":"packages/core/node_modules/ignore/package.json"},{"name":"ImportedModules","value":"ignore"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/ignore/package.json"}],"concludedValue":"packages/core/node_modules/ignore/package.json"}],"occurrences":[{"location":"dist/utils.js#4"},{"location":"src/utils.ts#4"}]}},{"group":"@types","name":"picomatch","version":"3.0.2","description":"TypeScript definitions for picomatch","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/picomatch@3.0.2","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/picomatch"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/picomatch@3.0.2","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/picomatch/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/picomatch/package.json"}],"concludedValue":"packages/core/node_modules/@types/picomatch/package.json"}]}},{"group":"@types","name":"node","version":"22.19.17","description":"TypeScript definitions for node","scope":"optional","licenses":[{"license":{"id":"MIT","url":"https://opensource.org/licenses/MIT"}}],"purl":"pkg:npm/%40types/node@22.19.17","externalReferences":[{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node"},{"type":"vcs","url":"https://github.com/DefinitelyTyped/DefinitelyTyped.git"}],"type":"library","bom-ref":"pkg:npm/@types/node@22.19.17","properties":[{"name":"SrcFile","value":"packages/core/node_modules/@types/node/package.json"}],"evidence":{"identity":[{"field":"purl","confidence":0.7,"methods":[{"technique":"manifest-analysis","confidence":0.7,"value":"packages/core/node_modules/@types/node/package.json"}],"concludedValue":"packages/core/node_modules/@types/node/package.json"}]}}],"dependencies":[],"annotations":[{"bom-ref":"metadata-annotations","subjects":["pkg:npm/@aegis-scan/core@0.18.2"],"annotator":{"component":{"group":"@cyclonedx","name":"cdxgen","version":"12.1.4","purl":"pkg:npm/%40cyclonedx/cdxgen@12.1.4","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@12.1.4","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}},"timestamp":"2026-05-07T09:07:43Z","text":"This Software Bill-of-Materials (SBOM) document was created on Thursday, May 7, 2026 with cdxgen. The data was captured during the build lifecycle phase. The document describes an application named 'core' with version '0.18.2'. The package type in this SBOM is npm with a single purl namespace '@types' described under components. The components were identified from 8 source files."}]}