@clear-capabilities/agentic-security-scanner 0.74.0

package/src/ir/.agentic-security/last-scan.json.sig

@@ -0,0 +1 @@
+a1c1494ded2872530fa2cf6558148e7bc5f680b69e56ad96435f859f2d8c3078

package/src/ir/.agentic-security/scan-history.json

@@ -0,0 +1,364 @@
+[
+  {
+    "timestamp": "2026-05-18T18:07:37.257Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-18T18:07:52.302Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-18T18:07:55.308Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T15:08:17.723Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T15:13:36.271Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T15:14:33.487Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T15:15:32.497Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T15:16:14.591Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T15:16:47.095Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T15:39:01.083Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T20:23:03.902Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T20:39:09.197Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-19T20:39:21.000Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-20T03:49:13.475Z",
+    "label": "scan",
+    "total": 0,
+    "critical": 0,
+    "high": 0,
+    "medium": 0,
+    "low": 0,
+    "kev": 0,
+    "ids": []
+  },
+  {
+    "timestamp": "2026-05-20T03:50:06.549Z",
+    "label": "scan",
+    "total": 1,
+    "critical": 0,
+    "high": 0,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T03:50:48.754Z",
+    "label": "scan",
+    "total": 1,
+    "critical": 0,
+    "high": 0,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T03:52:59.627Z",
+    "label": "scan",
+    "total": 1,
+    "critical": 0,
+    "high": 0,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:32:01.638Z",
+    "label": "scan",
+    "total": 2,
+    "critical": 0,
+    "high": 1,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:32:06.661Z",
+    "label": "scan",
+    "total": 2,
+    "critical": 0,
+    "high": 1,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:32:15.761Z",
+    "label": "scan",
+    "total": 2,
+    "critical": 0,
+    "high": 1,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:32:20.916Z",
+    "label": "scan",
+    "total": 2,
+    "critical": 0,
+    "high": 1,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:32:26.044Z",
+    "label": "scan",
+    "total": 2,
+    "critical": 0,
+    "high": 1,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:34:20.136Z",
+    "label": "scan",
+    "total": 3,
+    "critical": 0,
+    "high": 2,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-kt.js:207:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:34:25.000Z",
+    "label": "scan",
+    "total": 3,
+    "critical": 0,
+    "high": 2,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-kt.js:207:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:34:32.674Z",
+    "label": "scan",
+    "total": 3,
+    "critical": 0,
+    "high": 2,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-kt.js:207:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:34:40.056Z",
+    "label": "scan",
+    "total": 3,
+    "critical": 0,
+    "high": 2,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-kt.js:207:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T12:34:45.128Z",
+    "label": "scan",
+    "total": 3,
+    "critical": 0,
+    "high": 2,
+    "medium": 1,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-kt.js:207:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)"
+    ]
+  },
+  {
+    "timestamp": "2026-05-20T17:01:27.551Z",
+    "label": "scan",
+    "total": 12,
+    "critical": 0,
+    "high": 2,
+    "medium": 10,
+    "low": 0,
+    "kev": 0,
+    "ids": [
+      "struct:parser-cs.js:208:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-kt.js:207:Mass_Assignment_(req.body_Direct_to_Model)",
+      "struct:parser-py-cst.js:91:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:190:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:198:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:216:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:245:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:48:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:58:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "struct:type-stubs.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
+      "toctou-fs:type-stubs.js:48"
+    ]
+  }
+]

package/src/ir/.agentic-security/streak.json

@@ -0,0 +1,23 @@
+{
+  "firstScanDate": "2026-05-18T18:07:37.263Z",
+  "lastScanDate": "2026-05-20T17:01:27.572Z",
+  "totalScans": 28,
+  "daysCleanCritical": 3,
+  "lastCleanDate": "2026-05-20",
+  "lastCriticalDate": null,
+  "hasEverHadCritical": false,
+  "bestDaysCleanCritical": 3,
+  "totalFindingsAtFirstScan": 0,
+  "totalFindingsAtLastScan": 13,
+  "totalFixesInferred": 0,
+  "lastGrade": "A-",
+  "bestGrade": "A+",
+  "launchCheckPassedAt": null,
+  "achievements": [
+    "first-scan",
+    "grade-a",
+    "grade-a-plus",
+    "scan-veteran-25"
+  ],
+  "previousGrade": "A-"
+}

package/src/ir/CLAUDE.md

@@ -0,0 +1,172 @@
+# scanner/src/ir/
+
+Layer-1 intermediate representation. Per-file IR + cross-file call graph;
+consumed by `scanner/src/dataflow/` for taint analysis.
+
+## Parsers
+
+| Language | Module                | Backend                                          |
+|----------|-----------------------|--------------------------------------------------|
+| JS / TS  | `parser-js.js`        | `@babel/parser`                                  |
+| Python   | `parser-py-cst.js`    | Python 3.8+ stdlib `ast` via subprocess (default when available) |
+| Python   | `parser-py.js`        | Hand-rolled regex parser (fallback when python3 missing) |
+| Java     | `parser-java.js`      | `java-parser` npm package (async)                |
+
+## Python parser — dual-path with auto fallback
+
+The Python pipeline has two implementations. The dispatcher in `index.js`
+picks one at scan time:
+
+```
+AGENTIC_SECURITY_PY_PARSER=auto    (default) — try CST, fall back to regex
+AGENTIC_SECURITY_PY_PARSER=cst     force CST; error if python3 missing
+AGENTIC_SECURITY_PY_PARSER=regex   force regex
+```
+
+### Why two
+
+The regex parser (`parser-py.js`) was the original v1. It's a hand-rolled
+indentation walker with a balanced-paren expression matcher. It admits in
+its own comments to dropping:
+
+- list / dict / set / generator comprehensions
+- decorators (parsed but body never lowered)
+- `match` statements
+- `async` / `await` (modeled as transparent unwrap)
+- lambda bodies (collapsed to opaque)
+
+Real-world Python is full of these. The taint engine silently no-ops on
+every dropped function.
+
+The CST parser (`parser-py-cst.js`) shells out to a small Python helper
+script (`parser-py.helper.py`) that uses the stdlib `ast` module — zero
+external dependencies, ships with every Python 3.8+ install. The helper
+emits the same IR shape (`{functions[{qid,name,line,params,cfg,file}],
+topLevel}`) as the regex parser. The CFG is built from the real AST, so:
+
+- decorators don't drop the function record
+- async def is recognized
+- match statements don't drop the function (the body's `case` arms are a
+  noop placeholder for now — future work — but the function is captured)
+- comprehensions surface their elt expression so taint propagates through
+  `[x for x in untrusted]`
+- nested function defs become separate entries in `functions[]`
+- `def f(x=Foo(1,2))` and `db.execute(sanitize(x))` parse correctly
+
+### Cost
+
+- One `python3` subprocess **per `runScan`** (NOT per file). All Python
+  files in the project go in a single batched stdin payload, parsed in a
+  single linear loop on the Python side.
+- Capability probe (`python3 --version`) runs ONCE per process and is
+  cached.
+- When the helper crashes mid-batch, the dispatcher silently falls back
+  to the regex parser. Set `AGENTIC_SECURITY_PY_PARSER_DEBUG=1` to see
+  the failure on stderr.
+
+### When `auto` falls back to regex
+
+- `python3` / `python` not on PATH
+- Python version < 3.8
+- helper script's stdin JSON corruption
+- helper subprocess timeout (10 s for the whole batch — generous)
+- helper output isn't parseable JSON
+
+Each of these is a real failure mode; the regex fallback keeps the scan
+producing findings instead of returning empty.
+
+### What CST still doesn't model
+
+The helper builds a CFG only for shapes the dataflow engine actually
+consumes. The following still emit `kind: 'noop'` nodes (future work):
+
+- `match` case bodies (the function is captured; the per-case taint flow
+  isn't lowered)
+- destructuring assignment (`a, b = req.body`) — only single-target
+  assignments get a precise `target` field
+- comprehension generators (`for x in iter`) — the iter expression is
+  visible via the elt, but the generator's own `if` filters aren't yet
+  modeled
+- walrus `:=` at expression position — the RHS flows forward, but the
+  named binding isn't tracked as a separate variable
+
+These are deliberate to keep the CFG bounded; the regex parser's behavior
+was strictly worse (it dropped the entire function).
+
+## IR shape contract
+
+Every parser must produce this shape:
+
+```js
+{
+  file: 'rel/path.py',
+  functions: [
+    {
+      qid: 'file.py::name@line#sha',  // stable cross-file identifier
+      name: 'function_name',
+      line: 42,
+      params: ['arg1', 'arg2', ...],
+      file: 'file.py',
+      cfg: {
+        entry: 'nodeId',
+        exit:  'nodeId',
+        nodes: {
+          [nodeId]: {
+            kind: 'entry'|'exit'|'noop'|'loop-header'|'assign'|'call'
+                  |'if'|'return'|'throw'|'unknown',
+            line: number,
+            succ: [nodeId, ...],
+            pred: [nodeId, ...],
+            // kind-specific:
+            // assign:  target (string or null), source (expr)
+            // call:    callee (string or expr), args ([expr])
+            // if:      cond (expr)
+            // return:  value (expr or null)
+          }
+        }
+      }
+    }
+  ],
+  topLevel: null,   // reserved for module-level code; not yet used
+}
+```
+
+Expression shape (returned by `source`, `cond`, `args[i]`, etc.):
+
+```js
+{ kind: 'literal',  value: any }
+{ kind: 'ident',    name: 'x' }
+{ kind: 'member',   object: expr, prop: 'attr' }
+{ kind: 'binary',   op: '+', left: expr, right: expr }
+{ kind: 'logical',  op: 'and'|'or', left: expr, right: expr }
+{ kind: 'tpl',      parts: [expr, ...] }
+{ kind: 'call',     callee: string|expr, args: [expr, ...] }
+{ kind: 'array',    elements: [expr, ...] }
+{ kind: 'object',   props: [{value: expr}, ...] }
+{ kind: 'union',    branches: [expr, expr] }
+{ kind: 'unknown' }
+```
+
+Any change to this shape must update **all** parsers AND the dataflow
+engine — `scanner/src/dataflow/engine.js` is the contract reader.
+
+## Adding a Python construct
+
+1. Add a recognizer + lowerer branch in `parser-py.helper.py`'s
+   `_lower_stmt` or `_lower_expr` function.
+2. Add a fixture-style test in `scanner/test/parser-py-cst.test.js`.
+3. Run `npm run test:dataflow` to confirm no IR-consumer regressions.
+4. Optionally: add a corresponding case to `parser-py.js` so the regex
+   fallback handles the same shape (but don't block on this — the regex
+   parser is a fallback, not a target).
+
+## When to retire the regex parser
+
+The regex parser stays as long as some customers run scans on machines
+without Python 3.8+. Realistic CI / dev environments have Python; locked-
+down enterprise runners sometimes don't. Targets for retirement:
+
+- Two minor releases with zero `parser-py-cst → regex` fallbacks reported
+  via the optional telemetry surface.
+- Or, the `AGENTIC_SECURITY_PY_PARSER` env defaults to `cst` (strict
+  mode) for one release with no customer complaint tickets filed.

package/src/ir/callgraph.js

@@ -0,0 +1,73 @@
+// Cross-file call graph from the JS/TS IR.
+//
+// Resolves call sites to callee function IDs. Resolution rules (best-effort):
+//   1. Direct function call to a name defined in the same file → resolve to that fn.
+//   2. Method call `obj.foo()` where obj is a class instance with a known
+//      method `foo` in the same file → resolve to that method.
+//   3. Module-imported name: look up in another file's exports.
+//   4. Anything else → unresolved; the dataflow engine treats the callee as
+//      an opaque sink for taint.
+
+export function buildCallGraph(perFileIR) {
+  // perFileIR is { [file]: parseJsFile output }
+  const functions = new Map(); // qid → FunctionIR
+  const byNameInFile = new Map(); // file → Map<name, qid>
+  const classMethods = new Map(); // 'ClassName.method' → qid
+
+  for (const file of Object.keys(perFileIR || {})) {
+    const ir = perFileIR[file];
+    if (!ir || !ir.functions) continue;
+    byNameInFile.set(file, new Map());
+    for (const fn of ir.functions) {
+      functions.set(fn.qid, fn);
+      byNameInFile.get(file).set(fn.name, fn.qid);
+      // Class methods: qid carries the class name as the scope.
+      const m = fn.qid.match(/::([A-Z]\w*)::(\w+)@/);
+      if (m) classMethods.set(`${m[1]}.${m[2]}`, fn.qid);
+    }
+  }
+
+  // Resolve each call site.
+  const edges = []; // { caller, site, callee, ambiguous? }
+  for (const fn of functions.values()) {
+    for (const c of (fn.calls || [])) {
+      if (!c.callee) { edges.push({ caller: fn.qid, site: c.site, callee: null, line: c.line }); continue; }
+      // 1. Direct name in same file
+      const sameFileMap = byNameInFile.get(fn.file);
+      const resolved = sameFileMap?.get(c.callee) ||
+                       classMethods.get(c.callee) ||
+                       // 2. ClassName.method form
+                       (c.callee.includes('.') ? classMethods.get(c.callee) : null) ||
+                       null;
+      edges.push({ caller: fn.qid, site: c.site, callee: resolved, calleeName: c.callee, line: c.line });
+    }
+  }
+
+  // Reverse index: callee → callers.
+  const callersOf = new Map();
+  for (const e of edges) {
+    if (!e.callee) continue;
+    if (!callersOf.has(e.callee)) callersOf.set(e.callee, []);
+    callersOf.get(e.callee).push(e);
+  }
+  // Premortem #7: expose a name→qid resolver so the taint engine can ask
+  // the call graph for the callee's qid at the assign-from-call site.
+  // Same precedence as the edge resolution above (same-file ident wins,
+  // ClassName.method falls back).
+  function resolve(name) {
+    if (!name || typeof name !== 'string') return null;
+    // Direct ident match — search every file's same-file map.
+    for (const m of byNameInFile.values()) {
+      if (m.has(name)) return m.get(name);
+    }
+    if (classMethods.has(name)) return classMethods.get(name);
+    if (name.includes('.')) {
+      const tail = name.split('.').slice(-1)[0];
+      for (const m of byNameInFile.values()) {
+        if (m.has(tail)) return m.get(tail);
+      }
+    }
+    return null;
+  }
+  return { functions, edges, callersOf, resolve };
+}