@clear-capabilities/agentic-security-scanner 0.74.0

package/dist/675.index.js

@@ -0,0 +1,451 @@
+export const id = 675;
+export const ids = [675];
+export const modules = {
+
+/***/ 6675:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   runOnce: () => (/* binding */ runOnce)
+/* harmony export */ });
+/* unused harmony exports readDeps, _queryOsvForDep, loadState, persistState, loadConfig, formatPayload, _internals */
+/* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(3024);
+/* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6760);
+// Continuous CVE-watch daemon.
+//
+// Polls OSV for the project's dependency tree on a schedule (or one-shot),
+// diffs new advisories against state, fires the configured webhook on each
+// new ID. Multi-ecosystem: reads npm / pip / cargo / gem / pub / composer /
+// go.mod / maven manifests via the same DEP_FILE_NAMES list runScan uses.
+//
+// Why this exists separately from `/scan --sca`:
+//   - `/scan` is interactive; this runs unattended, daily, in a cron / GitHub Action.
+//   - `/scan` reports the FULL set of advisories for the tree; this reports
+//     only the DELTA since the last run.
+//   - This produces a webhook fire, not a console report.
+//
+// Configuration is read from `.agentic-security/cve-alerts.json`:
+//   {
+//     "alertUrl":  "https://hooks.slack.com/services/...",
+//     "alertType": "slack" | "discord" | "generic",
+//     "minSeverity": "low" | "medium" | "high" | "critical"   (optional)
+//   }
+//
+// State is persisted to `.agentic-security/cve-alerts-state.json`:
+//   { "known": ["CVE-2024-1234", "GHSA-...", ...], "lastRun": "2026-…" }
+//
+// The daemon NEVER fires a webhook for an advisory ID it has already seen;
+// the state file is the deduplication primitive.
+
+
+
+
+const OSV_API = 'https://api.osv.dev/v1/query';
+const CFG_PATH = '.agentic-security/cve-alerts.json';
+const STATE_PATH = '.agentic-security/cve-alerts-state.json';
+
+// Multi-ecosystem dep extraction. Each entry: { manifest filename → ecosystem }
+const ECOSYSTEM_BY_MANIFEST = {
+  'package.json':    'npm',
+  'requirements.txt':'PyPI',
+  'pyproject.toml':  'PyPI',
+  'Pipfile':         'PyPI',
+  'Pipfile.lock':    'PyPI',
+  'poetry.lock':     'PyPI',
+  'Gemfile':         'RubyGems',
+  'Gemfile.lock':    'RubyGems',
+  'go.mod':          'Go',
+  'go.sum':          'Go',
+  'Cargo.toml':      'crates.io',
+  'Cargo.lock':      'crates.io',
+  'composer.json':   'Packagist',
+  'composer.lock':   'Packagist',
+  'pom.xml':         'Maven',
+  'build.gradle':    'Maven',
+  'build.gradle.kts':'Maven',
+  'pubspec.yaml':    'Pub',
+  'pubspec.lock':    'Pub',
+};
+
+// ─── Manifest readers ─────────────────────────────────────────────────────
+
+function _readPackageJson(content) {
+  try {
+    const j = JSON.parse(content);
+    return [
+      ...Object.keys(j.dependencies || {}),
+      ...Object.keys(j.devDependencies || {}),
+      ...Object.keys(j.peerDependencies || {}),
+      ...Object.keys(j.optionalDependencies || {}),
+    ];
+  } catch { return []; }
+}
+
+function _readRequirementsTxt(content) {
+  // Each non-blank, non-comment line is "pkg" or "pkg==1.2.3" or "pkg>=1.2".
+  const out = [];
+  for (const raw of content.split('\n')) {
+    const line = raw.trim();
+    if (!line || line.startsWith('#') || line.startsWith('-')) continue;
+    const m = /^([A-Za-z0-9_.\-]+)/.exec(line);
+    if (m) out.push(m[1]);
+  }
+  return out;
+}
+
+function _readPyprojectToml(content) {
+  // We don't ship a TOML parser; do a best-effort line scan for the common
+  // dep-table shapes. Caller is OK if this misses some — the full SCA scan
+  // does the heavy lifting.
+  const out = new Set();
+  // PEP 621 [project] dependencies = ["foo", "bar>=1.0"]
+  // Poetry [tool.poetry.dependencies] foo = "^1.0"
+  let inDeps = false;
+  for (const raw of content.split('\n')) {
+    const line = raw.trim();
+    if (!line || line.startsWith('#')) continue;
+    if (/^\[(?:tool\.poetry\.)?(?:dev-)?dependencies\]/i.test(line) || /^\[project\.optional-dependencies\.[^\]]+\]/.test(line)) {
+      inDeps = true; continue;
+    }
+    if (/^\[[^\]]+\]/.test(line)) { inDeps = false; continue; }
+    // Inline "dependencies = [...]" form within [project]
+    const inline = /dependencies\s*=\s*\[([^\]]+)\]/i.exec(line);
+    if (inline) {
+      for (const item of inline[1].split(',')) {
+        const m = /^[\s"']*([A-Za-z0-9_.\-]+)/.exec(item);
+        if (m) out.add(m[1]);
+      }
+    }
+    if (inDeps) {
+      const m = /^([A-Za-z0-9_.\-]+)\s*=/.exec(line);
+      if (m && m[1] !== 'python') out.add(m[1]);
+    }
+  }
+  return [...out];
+}
+
+function _readGemfile(content) {
+  const out = [];
+  for (const raw of content.split('\n')) {
+    const m = /^\s*gem\s+['"]([^'"]+)['"]/.exec(raw);
+    if (m) out.push(m[1]);
+  }
+  return out;
+}
+
+function _readGoMod(content) {
+  const out = [];
+  let inRequire = false;
+  for (const raw of content.split('\n')) {
+    const line = raw.trim();
+    if (line.startsWith('require (')) { inRequire = true; continue; }
+    if (inRequire && line === ')') { inRequire = false; continue; }
+    if (inRequire || line.startsWith('require ')) {
+      // "require module/path v1.2.3" or just "module/path v1.2.3" inside block
+      const m = /(?:require\s+)?([A-Za-z0-9_./\-]+)\s+v/.exec(line);
+      if (m) out.push(m[1]);
+    }
+  }
+  return out;
+}
+
+function _readCargoToml(content) {
+  // Lines under [dependencies] / [dev-dependencies] / [build-dependencies]
+  // shaped as `pkg = "1.0"` or `pkg = { … }`.
+  const out = new Set();
+  let inDeps = false;
+  for (const raw of content.split('\n')) {
+    const line = raw.trim();
+    if (/^\[(?:dev-|build-)?dependencies\]/.test(line)) { inDeps = true; continue; }
+    if (/^\[[^\]]+\]/.test(line)) { inDeps = false; continue; }
+    if (inDeps) {
+      const m = /^([A-Za-z0-9_\-]+)\s*=/.exec(line);
+      if (m) out.add(m[1]);
+    }
+  }
+  return [...out];
+}
+
+function _readComposerJson(content) {
+  try {
+    const j = JSON.parse(content);
+    return [
+      ...Object.keys(j.require || {}).filter(k => k !== 'php'),
+      ...Object.keys(j['require-dev'] || {}).filter(k => k !== 'php'),
+    ];
+  } catch { return []; }
+}
+
+function _readMavenLikeXml(content) {
+  // crude <artifactId>x</artifactId> extraction. Misses parent POM inheritance;
+  // for full coverage the /scan --sca path is the right tool.
+  const out = [];
+  const re = /<artifactId>\s*([^<\s]+)\s*<\/artifactId>/g;
+  let m;
+  while ((m = re.exec(content)) !== null) out.push(m[1]);
+  return out;
+}
+
+function _readPubspecYaml(content) {
+  const out = new Set();
+  let inDeps = false;
+  for (const raw of content.split('\n')) {
+    const line = raw.trimEnd();
+    if (/^(dev_|)dependencies\s*:/i.test(line)) { inDeps = true; continue; }
+    if (line && !line.startsWith(' ') && !line.startsWith('\t')) {
+      // top-level key other than dependencies / dev_dependencies
+      if (!/^(dev_|)dependencies\s*:/i.test(line)) inDeps = false;
+    }
+    if (inDeps) {
+      const m = /^\s+([A-Za-z0-9_]+)\s*:/.exec(line);
+      if (m && m[1] !== 'sdk' && m[1] !== 'flutter') out.add(m[1]);
+    }
+  }
+  return [...out];
+}
+
+const MANIFEST_READERS = {
+  'package.json': _readPackageJson,
+  'requirements.txt': _readRequirementsTxt,
+  'pyproject.toml': _readPyprojectToml,
+  'Pipfile': _readPyprojectToml,           // close-enough shape
+  'Gemfile': _readGemfile,
+  'go.mod': _readGoMod,
+  'Cargo.toml': _readCargoToml,
+  'composer.json': _readComposerJson,
+  'pom.xml': _readMavenLikeXml,
+  'build.gradle': _readMavenLikeXml,
+  'build.gradle.kts': _readMavenLikeXml,
+  'pubspec.yaml': _readPubspecYaml,
+};
+
+function readDeps(scanRoot) {
+  // Walks the scan root looking for known manifest files. Returns a flat
+  // [{name, ecosystem}, ...] list; deduplicated across manifests so a
+  // package in both package.json and yarn.lock isn't queried twice.
+  const seen = new Set();
+  const out = [];
+  function walk(dir, depth) {
+    if (depth > 4) return;   // shallow walk; manifests live near the root
+    let entries;
+    try { entries = node_fs__WEBPACK_IMPORTED_MODULE_0__.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+    for (const e of entries) {
+      if (e.name.startsWith('.') && e.name !== '.gradle') continue;
+      if (e.name === 'node_modules' || e.name === 'venv' || e.name === '__pycache__'
+          || e.name === 'vendor' || e.name === 'dist' || e.name === 'build'
+          || e.name === 'target') continue;
+      const fp = node_path__WEBPACK_IMPORTED_MODULE_1__.join(dir, e.name);
+      if (e.isDirectory()) { walk(fp, depth + 1); continue; }
+      if (!ECOSYSTEM_BY_MANIFEST[e.name]) continue;
+      let content;
+      try { content = node_fs__WEBPACK_IMPORTED_MODULE_0__.readFileSync(fp, 'utf8'); } catch { continue; }
+      const reader = MANIFEST_READERS[e.name];
+      if (!reader) continue;
+      const ecosystem = ECOSYSTEM_BY_MANIFEST[e.name];
+      for (const name of reader(content)) {
+        const key = `${ecosystem}::${name}`;
+        if (seen.has(key)) continue;
+        seen.add(key);
+        out.push({ name, ecosystem });
+      }
+    }
+  }
+  walk(scanRoot, 0);
+  return out;
+}
+
+// ─── OSV query ────────────────────────────────────────────────────────────
+
+async function _queryOsvForDep({ name, ecosystem }, { fetchImpl = globalThis.fetch, timeoutMs = 4000 } = {}) {
+  // POST { package: { name, ecosystem } } — returns the full vulnerability
+  // list for the package (any version). The daemon doesn't filter by version
+  // because we treat "new advisory ID" as the signal, not "your installed
+  // version is affected" — that's what /scan --sca produces.
+  try {
+    const controller = new AbortController();
+    const t = setTimeout(() => controller.abort(), timeoutMs);
+    const res = await fetchImpl(OSV_API, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ package: { name, ecosystem } }),
+      signal: controller.signal,
+    });
+    clearTimeout(t);
+    if (!res.ok) return [];
+    const j = await res.json();
+    return Array.isArray(j.vulns) ? j.vulns : [];
+  } catch { return []; }
+}
+
+// ─── State persistence ───────────────────────────────────────────────────
+
+function loadState(scanRoot) {
+  const fp = node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot, STATE_PATH);
+  if (!node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(fp)) return { known: new Set(), lastRun: null };
+  try {
+    const j = JSON.parse(node_fs__WEBPACK_IMPORTED_MODULE_0__.readFileSync(fp, 'utf8'));
+    return { known: new Set(j.known || []), lastRun: j.lastRun || null };
+  } catch { return { known: new Set(), lastRun: null }; }
+}
+
+function persistState(scanRoot, state) {
+  const fp = node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot, STATE_PATH);
+  node_fs__WEBPACK_IMPORTED_MODULE_0__.mkdirSync(node_path__WEBPACK_IMPORTED_MODULE_1__.dirname(fp), { recursive: true });
+  node_fs__WEBPACK_IMPORTED_MODULE_0__.writeFileSync(fp, JSON.stringify({
+    known: [...state.known].sort(),
+    lastRun: state.lastRun,
+  }, null, 2));
+}
+
+function loadConfig(scanRoot) {
+  const fp = node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot, CFG_PATH);
+  if (!node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(fp)) return null;
+  try { return JSON.parse(node_fs__WEBPACK_IMPORTED_MODULE_0__.readFileSync(fp, 'utf8')); } catch { return null; }
+}
+
+// ─── Webhook formatting ──────────────────────────────────────────────────
+
+function _truncate(s, n) { s = String(s || ''); return s.length > n ? s.slice(0, n) + '…' : s; }
+
+function formatPayload(alertType, newAdvisories) {
+  // alertType: 'slack' | 'discord' | 'generic'
+  // Slack and Discord both accept `{ text }` for simple messages.
+  const lines = newAdvisories.slice(0, 10).map(a =>
+    `• \`${a.ecosystem}:${a.pkg}\` — ${a.id} (${a.severity || 'unknown'})${a.summary ? ' — ' + _truncate(a.summary, 100) : ''}`
+  );
+  const overflow = newAdvisories.length > 10 ? `\n+${newAdvisories.length - 10} more` : '';
+  const text = `🚨 *New CVEs in your dependencies* (${newAdvisories.length})\n` + lines.join('\n') + overflow + '\n\nRun `/scan --all` to assess impact.';
+  if (alertType === 'slack' || alertType === 'discord') return { text };
+  // Generic webhook: full structured payload.
+  return { event: 'new_cve', count: newAdvisories.length, advisories: newAdvisories };
+}
+
+async function _post(url, payload, { fetchImpl = globalThis.fetch, timeoutMs = 4000 } = {}) {
+  try {
+    const controller = new AbortController();
+    const t = setTimeout(() => controller.abort(), timeoutMs);
+    const res = await fetchImpl(url, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(payload),
+      signal: controller.signal,
+    });
+    clearTimeout(t);
+    return { ok: res.ok, status: res.status };
+  } catch (e) { return { ok: false, error: String(e?.message || e).slice(0, 200) }; }
+}
+
+// ─── Severity filter ─────────────────────────────────────────────────────
+
+const SEV_RANK = { critical: 4, high: 3, medium: 2, low: 1, unknown: 0 };
+
+function _normalizeSeverity(vuln) {
+  // OSV severity has a few possible shapes. Best-effort.
+  const dbSpec = vuln.database_specific?.severity || '';
+  if (/critical/i.test(dbSpec)) return 'critical';
+  if (/high/i.test(dbSpec)) return 'high';
+  if (/medium|moderate/i.test(dbSpec)) return 'medium';
+  if (/low/i.test(dbSpec)) return 'low';
+  // CVSS score
+  const score = vuln.severity?.[0]?.score;
+  if (typeof score === 'number') {
+    if (score >= 9) return 'critical';
+    if (score >= 7) return 'high';
+    if (score >= 4) return 'medium';
+    return 'low';
+  }
+  return 'unknown';
+}
+
+// ─── Main entry — runOnce ───────────────────────────────────────────────
+
+async function runOnce(scanRoot, opts = {}) {
+  // opts: { alertUrl, alertType, minSeverity, dryRun, offline, fetchImpl,
+  //         logger, throttleMs }
+  const log = opts.logger || ((msg) => process.stderr.write(msg + '\n'));
+  const cfg = loadConfig(scanRoot);
+  const alertUrl = opts.alertUrl || cfg?.alertUrl || process.env.CVE_ALERT_URL;
+  const alertType = opts.alertType || cfg?.alertType || 'slack';
+  const minSeverity = opts.minSeverity || cfg?.minSeverity || 'low';
+  const dryRun = !!opts.dryRun;
+  const offline = !!opts.offline || process.env.AGENTIC_SECURITY_OFFLINE === '1';
+  const fetchImpl = opts.fetchImpl || globalThis.fetch;
+  const throttleMs = typeof opts.throttleMs === 'number' ? opts.throttleMs : 50;
+
+  if (offline && !dryRun) {
+    return { ok: false, reason: 'offline-mode-set' };
+  }
+  if (typeof fetchImpl !== 'function') {
+    return { ok: false, reason: 'fetch-unavailable' };
+  }
+
+  const deps = readDeps(scanRoot);
+  if (deps.length === 0) {
+    return { ok: true, depsChecked: 0, newAdvisories: [], alertSent: false, reason: 'no-deps-found' };
+  }
+
+  const state = loadState(scanRoot);
+  const newAdvisories = [];
+  const sevFloor = SEV_RANK[minSeverity] ?? 0;
+
+  for (const dep of deps) {
+    const vulns = await _queryOsvForDep(dep, { fetchImpl, timeoutMs: opts.timeoutMs });
+    for (const v of vulns) {
+      if (!v.id || state.known.has(v.id)) continue;
+      const sev = _normalizeSeverity(v);
+      if ((SEV_RANK[sev] ?? 0) < sevFloor) {
+        // Below user's floor; remember the ID so we don't re-fire next run,
+        // but don't surface in the alert.
+        state.known.add(v.id);
+        continue;
+      }
+      newAdvisories.push({
+        id: v.id,
+        pkg: dep.name,
+        ecosystem: dep.ecosystem,
+        severity: sev,
+        summary: v.summary || '',
+        published: v.published || null,
+      });
+      state.known.add(v.id);
+    }
+    if (throttleMs > 0) await new Promise(r => setTimeout(r, throttleMs));
+  }
+
+  state.lastRun = new Date().toISOString();
+  if (!dryRun) persistState(scanRoot, state);
+
+  let alertSent = false;
+  let alertError = null;
+  if (newAdvisories.length > 0 && alertUrl && !dryRun) {
+    const payload = formatPayload(alertType, newAdvisories);
+    const r = await _post(alertUrl, payload, { fetchImpl, timeoutMs: opts.timeoutMs });
+    alertSent = r.ok;
+    if (!r.ok) alertError = r.error || `HTTP ${r.status}`;
+  }
+
+  log(`agentic-security cve-watch: deps=${deps.length} new=${newAdvisories.length} sent=${alertSent}${alertError ? ' err=' + alertError : ''}${dryRun ? ' (dry-run)' : ''}`);
+
+  return {
+    ok: true,
+    depsChecked: deps.length,
+    newAdvisories,
+    alertSent,
+    alertError,
+    minSeverity,
+    dryRun,
+  };
+}
+
+const _internals = {
+  ECOSYSTEM_BY_MANIFEST,
+  MANIFEST_READERS,
+  _readPackageJson, _readRequirementsTxt, _readPyprojectToml, _readGemfile,
+  _readGoMod, _readCargoToml, _readComposerJson, _readMavenLikeXml, _readPubspecYaml,
+  _normalizeSeverity,
+};
+
+
+/***/ })
+
+};

package/dist/826.index.js

@@ -0,0 +1,188 @@
+export const id = 826;
+export const ids = [826];
+export const modules = {
+
+/***/ 2826:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   renderPrComment: () => (/* binding */ renderPrComment)
+/* harmony export */ });
+/* unused harmony export _internal */
+// Advisor-tone PR comment renderer (v0.72).
+//
+// Replaces the typical "12 findings detected, see SARIF" wall of text
+// with a single security-advisor's note:
+//
+//   "I noticed you added /api/admin/users in this PR. I checked 4 things:
+//    ✓ auth (route is behind requireAdmin)
+//    ⚠ rate-limit (no rateLimit() middleware found)
+//    ✓ input validation (express-validator chain present)
+//    ✓ audit log (logger.security() called on success path)
+//
+//    The rate-limit gap matters because /admin endpoints are common
+//    credential-stuffing targets. A 5-line fix:
+//
+//    ```js
+//    import rateLimit from 'express-rate-limit';
+//    app.use('/api/admin', rateLimit({ windowMs: 15*60_000, max: 30 }));
+//    ```"
+//
+// The pure-narrative format optimizes for SCREENSHOTABILITY — engineers
+// share security-tool comments that read like a person, not a table.
+//
+// Generation is deterministic (no LLM) for the v1: we render from the
+// delta + a per-CWE narrative template. A future v2 could optionally
+// route through an LLM for richer prose when AGENTIC_SECURITY_LLM_ENDPOINT
+// is configured.
+
+const SEVERITY_GLYPH = {
+  critical: '🟥',
+  high:     '🟧',
+  medium:   '🟨',
+  low:      '🟦',
+  info:     '⬜',
+};
+
+const CWE_NARRATIVE = {
+  'CWE-89':   { name: 'SQL injection',          why: 'A malicious payload like `1\' OR 1=1--` would dump every row.' },
+  'CWE-79':   { name: 'XSS',                    why: 'An attacker who controls this string can execute JavaScript in another user\'s browser.' },
+  'CWE-78':   { name: 'Command injection',      why: 'A `;rm -rf /` style payload would run with the privileges of your service account.' },
+  'CWE-22':   { name: 'path traversal',         why: 'A `../../etc/passwd` style payload would read files outside the intended directory.' },
+  'CWE-918':  { name: 'SSRF',                   why: 'An attacker can pivot to the cloud metadata endpoint (`169.254.169.254`) or internal services.' },
+  'CWE-502':  { name: 'insecure deserialization', why: 'A crafted payload triggers gadget chains — typically remote code execution.' },
+  'CWE-611':  { name: 'XXE',                    why: 'A malicious DOCTYPE can exfiltrate local files or trigger SSRF via entity expansion.' },
+  'CWE-94':   { name: 'template injection',     why: 'A `{{7*7}}` style payload escapes to the template engine\'s expression evaluator (often RCE).' },
+  'CWE-1321': { name: 'prototype pollution',    why: 'A `__proto__` injection can alter the behavior of every downstream object check.' },
+  'CWE-352':  { name: 'CSRF',                   why: 'A cross-origin form can trigger authenticated state changes without the user\'s knowledge.' },
+  'CWE-601':  { name: 'open redirect',          why: 'Trusted-domain bouncer for phishing — credentials get harvested on the second hop.' },
+  'CWE-113':  { name: 'HTTP response splitting', why: 'CR/LF injection lets an attacker forge an entire response, including cache poisoning.' },
+  'CWE-798':  { name: 'hardcoded secret',       why: 'Committed credentials are scraped by automated scanners minutes after a push.' },
+  'CWE-327':  { name: 'weak crypto',            why: 'Modern adversaries can crack MD5/SHA-1/RC4/3DES at practical cost.' },
+  'CWE-1333': { name: 'regex DoS',              why: 'A pathological input freezes the worker for seconds — DoS without much effort.' },
+  'CWE-90':   { name: 'LDAP injection',         why: 'An attacker can extend the filter to enumerate users or bypass auth.' },
+  'CWE-643':  { name: 'XPath injection',        why: 'A `\' or \'1\'=\'1` payload can return data the query never intended to expose.' },
+  'CWE-1336': { name: 'prompt injection',       why: 'Untrusted text in the LLM context can override your system prompt.' },
+  'CWE-269':  { name: 'privilege escalation',   why: 'A low-privilege actor can reach a higher-privilege capability through this surface.' },
+};
+
+function _topCwes(findings, n = 3) {
+  const counts = new Map();
+  for (const f of findings) {
+    const k = f.cwe || 'unknown';
+    counts.set(k, (counts.get(k) || 0) + 1);
+  }
+  return [...counts.entries()].sort((a, b) => b[1] - a[1]).slice(0, n);
+}
+
+function _route(f) {
+  // Best-effort: pull a route-ish string from the file path / vuln text.
+  // Many SAST findings carry the route via `f.route` or in the vuln name.
+  if (f.route) return f.route;
+  const m = (f.vuln || '').match(/\b(GET|POST|PUT|DELETE|PATCH)\s+([\/\w:-]+)/i);
+  if (m) return `${m[1].toUpperCase()} ${m[2]}`;
+  return null;
+}
+
+/**
+ * Top-level renderer. Takes a delta produced by `computePrDelta` and
+ * emits a Markdown string suitable for posting as a single PR comment.
+ *
+ * Mode is chosen automatically:
+ *   - "clean":     no introduced + (resolved > 0 || persistent > 0)
+ *   - "trivial":   no introduced + nothing resolved
+ *   - "needs-work": one or more introduced findings
+ */
+function renderPrComment(delta, { repoName, prNumber, prTitle } = {}) {
+  if (!delta) return '_no security delta available_';
+  const intro = delta.introduced || [];
+  const resolved = delta.resolved || [];
+  const shifted = delta.shifted || [];
+  const heading = repoName && prNumber
+    ? `### 🛡 agentic-security on ${repoName}#${prNumber}`
+    : `### 🛡 agentic-security`;
+  if (intro.length === 0 && resolved.length === 0 && shifted.length === 0) {
+    return [
+      heading,
+      ``,
+      `No security delta from \`${delta.baseRef}\` → \`${delta.headRef}\`. ` +
+      `${delta.changedFiles.length} file${delta.changedFiles.length === 1 ? '' : 's'} touched; ` +
+      `nothing in those changes introduced or resolved a finding. **Safe to merge.**`,
+      ``,
+      `<sub>Scanned ${delta.head?.summary?.total ?? 0} pre-existing findings on the head ref ` +
+      `(${delta.base?.summary?.total ?? 0} on base) — none of them moved in this PR.</sub>`,
+    ].join('\n');
+  }
+  if (intro.length === 0 && (resolved.length || shifted.length)) {
+    const r = delta.summary?.resolved || {};
+    return [
+      heading,
+      ``,
+      `This PR **resolves** ${resolved.length} finding${resolved.length === 1 ? '' : 's'}` +
+      (r.critical || r.high ? ` (including ${r.critical} critical + ${r.high} high)` : '') +
+      ` and introduces **none**. Nice cleanup work — safe to merge. ✨`,
+      ``,
+      `<sub>${delta.changedFiles.length} file${delta.changedFiles.length === 1 ? '' : 's'} ` +
+      `touched between \`${delta.baseRef}\` and \`${delta.headRef}\`.</sub>`,
+    ].join('\n');
+  }
+  // needs-work mode: narrative + per-finding paragraphs.
+  const lines = [];
+  lines.push(heading);
+  lines.push('');
+  const topCwes = _topCwes(intro);
+  const cweSummary = topCwes.map(([cwe, n]) => {
+    const meta = CWE_NARRATIVE[cwe];
+    return meta ? `${n} ${meta.name}` : `${n} ${cwe}`;
+  }).join(', ');
+  const hint = prTitle ? ` in "${prTitle}"` : '';
+  lines.push(`I looked at the ${delta.changedFiles.length} file${delta.changedFiles.length === 1 ? '' : 's'} ` +
+    `you changed${hint} and noticed **${intro.length} new finding${intro.length === 1 ? '' : 's'}** ` +
+    `that wasn't on \`${delta.baseRef}\`. Top concerns: ${cweSummary}.`);
+  lines.push('');
+  // Per-introduced-finding paragraph (cap at 5 for readability).
+  const SHOW = intro.slice(0, 5);
+  for (const f of SHOW) {
+    const meta = CWE_NARRATIVE[f.cwe];
+    const sev = SEVERITY_GLYPH[f.severity] || '⬜';
+    const route = _route(f);
+    const where = route ? `\`${route}\` (\`${f.file}:${f.line}\`)` : `\`${f.file}:${f.line}\``;
+    lines.push(`${sev} **${meta?.name || f.vuln}** — ${where}`);
+    if (meta) lines.push(`  > ${meta.why}`);
+    if (f.remediation) {
+      const onelineFix = String(f.remediation).split('\n')[0].slice(0, 240);
+      lines.push(`  Suggested fix: ${onelineFix}`);
+    }
+    if (f.confidence != null && f.confidence < 0.7) {
+      lines.push(`  <sub>Lower confidence (${(f.confidence * 100).toFixed(0)}%) — may be a false positive worth a quick look.</sub>`);
+    }
+    lines.push('');
+  }
+  if (intro.length > SHOW.length) {
+    lines.push(`<sub>+${intro.length - SHOW.length} more new finding${intro.length - SHOW.length === 1 ? '' : 's'} — see the scan output for the full list.</sub>`);
+    lines.push('');
+  }
+  if (resolved.length) {
+    lines.push(`On the bright side: this PR **resolved ${resolved.length} pre-existing finding${resolved.length === 1 ? '' : 's'}**. 👏`);
+    lines.push('');
+  }
+  const i = delta.summary?.introduced || {};
+  const blockMerge = (i.critical || 0) + (i.high || 0) > 0;
+  if (blockMerge) {
+    lines.push(`---`);
+    lines.push(`**Blocking merge:** ${i.critical || 0} critical + ${i.high || 0} high severity ` +
+      `finding${(i.critical || 0) + (i.high || 0) === 1 ? '' : 's'} introduced. ` +
+      `Fix or suppress with \`// agentic-security-ignore: <rule-id>\` before merging.`);
+  } else {
+    lines.push(`---`);
+    lines.push(`Non-blocking: no critical/high severity findings introduced — but consider addressing the items above before this becomes harder to revisit.`);
+  }
+  return lines.join('\n');
+}
+
+const _internal = { CWE_NARRATIVE, SEVERITY_GLYPH, _topCwes };
+
+
+/***/ })
+
+};