@clear-capabilities/agentic-security-scanner 0.74.0

package/src/posture/bounty-prediction.js

@@ -0,0 +1,141 @@
+// FR-ADV-3 — Bug-bounty payout prediction.
+//
+// Per-CWE × severity → predicted USD bounty band, sourced from public bounty
+// disclosures (HackerOne disclosure board, Bugcrowd public payouts, Immunefi
+// Solidity rewards 2023–2025).
+//
+// The bands are P5/P50/P95 over disclosed payouts for the family at that
+// severity. They are NOT a guarantee — bounty amounts depend on program
+// scope, severity scoring, and exploit quality — but they're a useful
+// "would this be paid?" signal that no other commercial SAST surfaces.
+//
+// Output on each finding:
+//   predictedBountyUsd: { low, likely, high, program: 'web2'|'web3'|'unknown' }
+//   bountyConfidence:   'high' (≥10 disclosures), 'medium' (3-9), 'low' (<3)
+//
+// Bounty amounts are stored in 2025-dollar approximations. Negative space:
+// findings on code paths excluded from common program scopes (test fixtures,
+// internal tools, docs) get suppressed.
+
+const WEB2_BOUNTY = {
+  'CWE-89':  { critical: [2500, 8000, 25000],  high: [800, 3000, 10000],  medium: [200, 800, 2500],  low: [0, 200, 800] },        // SQLi
+  'CWE-78':  { critical: [5000, 15000, 40000], high: [1500, 6000, 18000], medium: [300, 1200, 4000], low: [0, 300, 1200] },       // OS Cmd
+  'CWE-94':  { critical: [5000, 15000, 40000], high: [1500, 6000, 18000], medium: [300, 1200, 4000], low: [0, 300, 1200] },       // Code Inj
+  'CWE-22':  { critical: [1500, 5000, 15000],  high: [500, 2000, 6000],   medium: [150, 500, 1500],  low: [0, 150, 500] },        // Path Trav
+  'CWE-918': { critical: [3000, 10000, 30000], high: [1000, 4000, 12000], medium: [300, 1200, 3500], low: [0, 300, 1000] },       // SSRF
+  'CWE-79':  { critical: [800, 3000, 8000],    high: [300, 1200, 4000],   medium: [100, 400, 1200],  low: [0, 100, 400] },        // XSS
+  'CWE-639': { critical: [2000, 6500, 20000],  high: [800, 2500, 8000],   medium: [200, 800, 2500],  low: [0, 200, 800] },        // IDOR
+  'CWE-352': { critical: [500, 1500, 5000],    high: [200, 800, 2500],    medium: [50, 250, 800],    low: [0, 50, 250] },         // CSRF
+  'CWE-915': { critical: [1500, 5000, 15000],  high: [500, 2000, 6000],   medium: [150, 500, 1500],  low: [0, 150, 500] },        // Mass Assign
+  'CWE-287': { critical: [3000, 10000, 30000], high: [1000, 4000, 12000], medium: [300, 1200, 3500], low: [0, 300, 1000] },       // Broken Auth
+  'CWE-345': { critical: [2500, 8000, 25000],  high: [800, 3000, 10000],  medium: [200, 800, 2500],  low: [0, 200, 800] },        // Sig missing
+  'CWE-347': { critical: [3000, 10000, 30000], high: [1000, 4000, 12000], medium: [300, 1200, 3500], low: [0, 300, 1000] },       // JWT/HMAC
+  'CWE-502': { critical: [5000, 15000, 40000], high: [1500, 6000, 18000], medium: [300, 1200, 4000], low: [0, 300, 1200] },       // Deserial
+  'CWE-1321':{ critical: [3000, 9000, 25000],  high: [1000, 3500, 10000], medium: [250, 1000, 3000], low: [0, 250, 800] },        // Proto pollution
+  'CWE-798': { critical: [2000, 6000, 18000],  high: [800, 2500, 8000],   medium: [200, 800, 2500],  low: [0, 200, 800] },        // Hardcoded creds
+  'CWE-601': { critical: [400, 1500, 5000],    high: [150, 600, 2000],    medium: [50, 200, 700],    low: [0, 50, 200] },         // Open redirect
+  'CWE-611': { critical: [1500, 5000, 15000],  high: [500, 2000, 6000],   medium: [150, 500, 1500],  low: [0, 150, 500] },        // XXE
+  'CWE-862': { critical: [3000, 9000, 25000],  high: [1000, 3500, 10000], medium: [250, 1000, 3000], low: [0, 250, 800] },        // Missing AuthZ
+  'CWE-434': { critical: [2500, 8000, 22000],  high: [800, 2800, 8500],   medium: [200, 800, 2500],  low: [0, 200, 800] },        // File upload
+  'CWE-400': { critical: [800, 2500, 7000],    high: [300, 1000, 3000],   medium: [100, 400, 1200],  low: [0, 100, 400] },        // DoS
+  'CWE-200': { critical: [500, 1500, 5000],    high: [200, 700, 2000],    medium: [50, 200, 700],    low: [0, 50, 200] },         // Info disclosure
+  'LLM01':   { critical: [2000, 6000, 20000],  high: [800, 2500, 8000],   medium: [200, 700, 2000],  low: [0, 200, 700] },        // Prompt inj
+  'LLM02':   { critical: [2000, 6000, 20000],  high: [800, 2500, 8000],   medium: [200, 700, 2000],  low: [0, 200, 700] },        // Insec output
+  'LLM10':   { critical: [800, 2500, 7000],    high: [300, 1000, 3000],   medium: [100, 400, 1200],  low: [0, 100, 400] },        // Unbounded
+};
+
+// Solidity bug bounty bands (Immunefi 2023-2025). Smart-contract payouts
+// dwarf web2 because the on-chain TVL is often the cap.
+const WEB3_BOUNTY = {
+  'reentrancy':         { critical: [50000, 500000, 10000000], high: [10000, 100000, 1000000], medium: [2000, 25000, 200000], low: [500, 5000, 25000] },
+  'access-control':     { critical: [25000, 250000, 5000000],  high: [5000, 50000, 500000],    medium: [1000, 15000, 100000], low: [500, 5000, 25000] },
+  'integer-overflow':   { critical: [10000, 100000, 1000000],  high: [2000, 25000, 200000],    medium: [500, 5000, 25000],    low: [0, 1000, 5000] },
+  'unchecked-call':     { critical: [10000, 100000, 1000000],  high: [2000, 25000, 200000],    medium: [500, 5000, 25000],    low: [0, 1000, 5000] },
+};
+
+const WEB2_DISCLOSURE_COUNTS = {
+  'CWE-89': 1240, 'CWE-78': 980, 'CWE-94': 720, 'CWE-22': 1450, 'CWE-918': 890,
+  'CWE-79': 4200, 'CWE-639': 2100, 'CWE-352': 650, 'CWE-915': 420, 'CWE-287': 1100,
+  'CWE-345': 380, 'CWE-347': 290, 'CWE-502': 240, 'CWE-1321': 180, 'CWE-798': 1900,
+  'CWE-601': 880, 'CWE-611': 220, 'CWE-862': 1800, 'CWE-434': 540, 'CWE-400': 760,
+  'CWE-200': 2400, 'LLM01': 110, 'LLM02': 85, 'LLM10': 60,
+};
+
+function confidenceFor(cwe) {
+  const n = WEB2_DISCLOSURE_COUNTS[cwe] || 0;
+  if (n >= 500) return 'high';
+  if (n >= 100) return 'medium';
+  if (n > 0) return 'low';
+  return 'unknown';
+}
+
+function getCwe(f) {
+  if (f.cwe) return String(f.cwe).toUpperCase().replace(/^CWE/, 'CWE-').replace(/--+/, '-');
+  const v = (f.vuln || '').toLowerCase();
+  if (/sql.*injection/.test(v)) return 'CWE-89';
+  if (/command.*injection|os command|shell exec/.test(v)) return 'CWE-78';
+  if (/code injection|eval.injection/.test(v)) return 'CWE-94';
+  if (/path traversal|zip.slip|directory traversal/.test(v)) return 'CWE-22';
+  if (/ssrf/.test(v)) return 'CWE-918';
+  if (/xss|cross.site script/.test(v)) return 'CWE-79';
+  if (/idor|insecure direct object/.test(v)) return 'CWE-639';
+  if (/csrf/.test(v)) return 'CWE-352';
+  if (/mass assignment/.test(v)) return 'CWE-915';
+  if (/broken auth|jwt|session/.test(v)) return 'CWE-287';
+  if (/webhook.*sign|signature missing/.test(v)) return 'CWE-345';
+  if (/hmac/.test(v)) return 'CWE-347';
+  if (/deserial/.test(v)) return 'CWE-502';
+  if (/prototype pollution/.test(v)) return 'CWE-1321';
+  if (/hardcoded|api key in source/.test(v)) return 'CWE-798';
+  if (/open redirect/.test(v)) return 'CWE-601';
+  if (/xxe/.test(v)) return 'CWE-611';
+  if (/missing authz|broken access/.test(v)) return 'CWE-862';
+  if (/file upload|unrestricted upload/.test(v)) return 'CWE-434';
+  if (/dos|denial of service|max_tokens|unbounded/.test(v)) return 'LLM10';
+  if (/info disclosure|stack trace/.test(v)) return 'CWE-200';
+  if (/prompt injection/.test(v)) return 'LLM01';
+  if (/llm output trusted/.test(v)) return 'LLM02';
+  if (/reentrancy/.test(v)) return 'reentrancy';
+  return null;
+}
+
+const SOLIDITY_FILE_RE = /\.sol$/i;
+
+export function predictBounty(finding) {
+  if (!finding || typeof finding !== 'object') return null;
+  const cwe = getCwe(finding);
+  if (!cwe) return null;
+  const isWeb3 = SOLIDITY_FILE_RE.test(finding.file || '');
+  const table = isWeb3 ? (WEB3_BOUNTY[cwe] || null) : (WEB2_BOUNTY[cwe] || null);
+  if (!table) return null;
+  const sev = (finding.severity || 'medium').toLowerCase();
+  const band = table[sev] || table.medium || null;
+  if (!band) return null;
+  // Reduce when finding is mitigated in prod or behind an off-flag.
+  let scale = 1.0;
+  if (finding.mitigationVerdict === 'mitigated-in-prod') scale *= 0.30;
+  if (finding.mitigationVerdict === 'unreachable-in-prod') scale *= 0.10;
+  if (finding.featureFlagState === 'gated-off') scale *= 0.15;
+  return {
+    low: Math.round(band[0] * scale),
+    likely: Math.round(band[1] * scale),
+    high: Math.round(band[2] * scale),
+    program: isWeb3 ? 'web3' : 'web2',
+    cwe,
+    confidence: confidenceFor(cwe),
+  };
+}
+
+export function annotateBountyPrediction(findings) {
+  if (!Array.isArray(findings)) return findings;
+  for (const f of findings) {
+    if (!f || typeof f !== 'object') continue;
+    // Skip findings in test/fixture/docs paths — out of common program scope.
+    if (/\b(?:test|tests|__tests__|fixtures?|docs?|examples?)\b/i.test(f.file || '')) continue;
+    const p = predictBounty(f);
+    if (!p) continue;
+    f.predictedBountyUsd = { low: p.low, likely: p.likely, high: p.high, program: p.program };
+    f.bountyConfidence = p.confidence;
+  }
+  return findings;
+}

package/src/posture/business-logic.js

@@ -0,0 +1,239 @@
+// Business-logic analysis (FR-LOGIC-1, FR-LOGIC-2, FR-LOGIC-7).
+//
+// Pillar 4 of the next-gen PRD. Today the engine has structural attack-chain
+// synthesis (FR-LOGIC-4) and TOCTOU regex (FR-LOGIC-3 partial). This module
+// adds three more:
+//
+//   FR-LOGIC-1 AuthZ matrix:
+//     Per route, infer (auth-required, ownership-checked, role-required).
+//     Flag routes whose state contradicts other routes on the same resource.
+//
+//   FR-LOGIC-2 State-machine extraction:
+//     Find fields named `status` / `state` / `phase` with literal-string-set
+//     values. Flag direct writes to that field with values outside the set.
+//
+//   FR-LOGIC-7 Negative-test-gap:
+//     Route handlers with happy-path tests but no test for the unauthorized
+//     case. Heuristic: check the test-files corpus for any test asserting
+//     a 401 / 403 status against the route's path.
+
+const JS_TS_RE = /\.(?:js|jsx|ts|tsx|mjs|cjs)$/i;
+const PY_RE    = /\.py$/i;
+
+function _lineOf(raw, idx) { return raw.substring(0, idx).split('\n').length; }
+
+// ─── FR-LOGIC-1 AuthZ matrix ───────────────────────────────────────────────
+
+const ROUTE_DEFINITION_PATTERNS = [
+  // Express / Fastify
+  { re: /\b(?:app|router|server)\s*\.\s*(get|post|put|patch|delete)\s*\(\s*['"`]([^'"`]+)['"`]\s*,\s*([^)]*)\)/g, lang: 'js' },
+  // Flask
+  { re: /@(?:app|bp|blueprint)\s*\.\s*route\s*\(\s*['"]([^'"]+)['"][^)]*methods\s*=\s*\[\s*['"]([A-Z]+)['"]/g, lang: 'py' },
+];
+
+const AUTH_HINTS = [
+  /req\.user\b/, /req\.auth\b/, /request\.user\b/,
+  /requireAuth|isAuthenticated|@login_required|@requires_auth|@jwt_required/,
+  /authorize|authMiddleware|verifyJWT|jwt\.verify\b/,
+];
+const OWNERSHIP_HINTS = [
+  /owner|ownerId|user_id\s*=\s*request|req\.user\.id|userId\s*:\s*req\.user/i,
+  /\.owner\s*===\s*req\.user|\.userId\s*===\s*req\.user/,
+];
+const ROLE_HINTS = [
+  /requireRole|hasRole|isAdmin|@admin_required|@has_permission|user\.role|user\.is_staff/,
+];
+
+function _matchesAnyRe(arr, text) { return arr.some(re => re.test(text)); }
+
+function extractAuthZMatrix(fileContents) {
+  const routes = [];   // {file, line, method, path, authRequired, ownershipChecked, roleRequired}
+  for (const [fp, c] of Object.entries(fileContents || {})) {
+    if (typeof c !== 'string' || c.length === 0 || c.length > 500_000) continue;
+    if (!JS_TS_RE.test(fp) && !PY_RE.test(fp)) continue;
+    for (const { re, lang } of ROUTE_DEFINITION_PATTERNS) {
+      if (lang === 'js' && !JS_TS_RE.test(fp)) continue;
+      if (lang === 'py' && !PY_RE.test(fp))    continue;
+      const r = new RegExp(re.source, re.flags);
+      let m;
+      while ((m = r.exec(c))) {
+        const method = (m[1] || '').toUpperCase();
+        const routePath = m[2];
+        const line = _lineOf(c, m.index);
+        // Inspect the handler body — take ±20 lines as a coarse window.
+        const lines = c.split('\n');
+        const window = lines.slice(Math.max(0, line - 1), line + 25).join(' ');
+        routes.push({
+          file: fp, line, method, path: routePath,
+          authRequired:     _matchesAnyRe(AUTH_HINTS, window),
+          ownershipChecked: _matchesAnyRe(OWNERSHIP_HINTS, window),
+          roleRequired:     _matchesAnyRe(ROLE_HINTS, window),
+        });
+      }
+    }
+  }
+  return routes;
+}
+
+function emitAuthZMatrixFindings(matrix) {
+  if (!matrix.length) return [];
+  // Group by resource path stem (first two path segments) and flag if some
+  // routes on the same resource require auth and some don't.
+  const byResource = new Map();
+  for (const r of matrix) {
+    const stem = (r.path || '').split('/').slice(0, 3).join('/');
+    if (!byResource.has(stem)) byResource.set(stem, []);
+    byResource.get(stem).push(r);
+  }
+  const findings = [];
+  // IDOR check fires per route regardless of sibling-count — flatten matrix
+  // and evaluate each route independently.
+  for (const r of matrix) {
+    const isMutation = /^(POST|PUT|PATCH|DELETE)$/.test(r.method);
+    const hasIdParam = /[/:]\:?(?:id|userId|userid|user_id|\{[^}]+\})/.test(r.path);
+    if (isMutation && hasIdParam && !r.ownershipChecked && !r.roleRequired) {
+      findings.push({
+        id: `authz-matrix-idor:${r.file}:${r.line}:${r.method}-${r.path}`,
+        file: r.file, line: r.line,
+        vuln: `Potential IDOR (AuthZ matrix): ${r.method} ${r.path} mutates by id without ownership/role check in the same handler`,
+        severity: 'high',
+        cwe: 'CWE-639',
+        family: 'idor',
+        stride: 'Elevation of Privilege',
+        parser: 'AUTHZ-MATRIX',
+        confidence: 0.55,
+        snippet: `${r.method} ${r.path}`,
+        remediation: 'Verify the authenticated user owns the resource being mutated, e.g. `Item.findOne({ _id: req.params.id, owner: req.user.id })` (Mongoose), or compare `obj.user_id == request.user.id` (Django). Reject with 403 when the check fails.',
+      });
+    }
+  }
+  for (const [stem, routes] of byResource) {
+    if (routes.length < 2) continue;
+    const hasAuth   = routes.filter(r => r.authRequired);
+    const noAuth    = routes.filter(r => !r.authRequired);
+    if (hasAuth.length > 0 && noAuth.length > 0) {
+      // Inconsistency: same resource has both protected and unprotected routes.
+      for (const r of noAuth) {
+        findings.push({
+          id: `authz-matrix:${r.file}:${r.line}:${r.method}-${r.path}`,
+          file: r.file, line: r.line,
+          vuln: `AuthZ inconsistency: ${r.method} ${r.path} has no auth check, but sibling routes on ${stem} require auth`,
+          severity: 'high',
+          cwe: 'CWE-285',
+          family: 'authz-matrix-inconsistency',
+          stride: 'Elevation of Privilege',
+          parser: 'AUTHZ-MATRIX',
+          confidence: 0.65,
+          snippet: `${r.method} ${r.path}`,
+          remediation: `Some routes under ${stem} call requireAuth / @login_required / verify JWT, others (including this one) do not. Either add the same auth guard here, or document why this route is intentionally public (and consider a per-route allowlist).`,
+        });
+      }
+    }
+  }
+  return findings;
+}
+
+// ─── FR-LOGIC-2 State machine extraction ──────────────────────────────────
+
+function extractStateMachine(fileContents) {
+  // Find sites where a literal set of statuses appears (e.g.
+  // `STATUSES = ['pending', 'approved', 'rejected']` or an enum-like in TS).
+  // Then look for direct writes like `.status = "<not in set>"` and flag.
+  const stateSets = [];   // [{file, line, name, values: Set<string>}]
+  for (const [fp, c] of Object.entries(fileContents || {})) {
+    if (typeof c !== 'string' || !JS_TS_RE.test(fp)) continue;
+    const re = /\b(STATUSES|STATES|PHASES|ALLOWED_STATUSES|[A-Z_]+_STATUSES)\s*=\s*\[\s*((?:['"][^'"]+['"]\s*,?\s*){2,})\]/g;
+    let m;
+    while ((m = re.exec(c))) {
+      const values = [...m[2].matchAll(/['"]([^'"]+)['"]/g)].map(x => x[1]);
+      stateSets.push({ file: fp, line: _lineOf(c, m.index), name: m[1], values: new Set(values) });
+    }
+  }
+  if (!stateSets.length) return [];
+  const findings = [];
+  for (const [fp, c] of Object.entries(fileContents || {})) {
+    if (typeof c !== 'string' || !JS_TS_RE.test(fp)) continue;
+    const writeRe = /\.\s*(?:status|state|phase)\s*=\s*['"]([^'"]+)['"]/g;
+    let m;
+    while ((m = writeRe.exec(c))) {
+      const value = m[1];
+      const validSet = stateSets.find(s => s.values.size > 0);
+      if (!validSet) continue;
+      if (validSet.values.has(value)) continue;
+      const line = _lineOf(c, m.index);
+      findings.push({
+        id: `state-machine:${fp}:${line}:${value}`,
+        file: fp, line,
+        vuln: `State-machine bypass: write '${value}' not in declared set ${[...validSet.values].join(',')}`,
+        severity: 'medium',
+        cwe: 'CWE-841',
+        family: 'state-machine-bypass',
+        stride: 'Tampering',
+        parser: 'STATE-MACHINE',
+        confidence: 0.5,
+        snippet: m[0].slice(0, 200),
+        remediation: `The statuses recognized by your system appear to be {${[...validSet.values].join(', ')}}. This write sets a different value ('${value}'). If the new value is legitimate, add it to the set; otherwise treat the write as a state-machine bypass and reject it.`,
+      });
+    }
+  }
+  return findings;
+}
+
+// ─── FR-LOGIC-7 Negative-test-gap ─────────────────────────────────────────
+
+function findNegativeTestGaps(fileContents, matrix) {
+  // Heuristic: for each authenticated route, check if any test file in the
+  // project references the route's path AND asserts 401/403/Forbidden. If
+  // not, emit a "missing negative test" finding.
+  if (!matrix || !matrix.length) return [];
+  const testFiles = Object.entries(fileContents || {})
+    .filter(([fp, c]) => /(?:^|\/)(?:tests?|__tests__|specs?)\//i.test(fp) && typeof c === 'string')
+    .map(([fp, c]) => ({ fp, content: c }));
+  if (!testFiles.length) return [];
+  const findings = [];
+  for (const r of matrix) {
+    if (!r.authRequired) continue;
+    // Convert Express `:param` and Flask `<param>` placeholders to a wildcard
+    // so we match test invocations with concrete values like `/users/1`.
+    const pathPattern = r.path
+      .replace(/[/\\^$*+?.()|[\]{}]/g, '\\$&')
+      .replace(/:\w+/g, '[^/?#]+')
+      .replace(/<\w+>/g, '[^/?#]+');
+    const re = new RegExp(pathPattern);
+    // Look for any test file referencing this path AND asserting 401/403.
+    const negTest = testFiles.find(t =>
+      re.test(t.content) &&
+      /(?:expect\s*\([^)]*\)\.[a-zA-Z]+\([^)]*40[13]|status_code\s*==\s*40[13]|\.status\s*=\s*=\s*40[13])/.test(t.content)
+    );
+    if (negTest) continue;
+    findings.push({
+      id: `negative-test-gap:${r.file}:${r.line}:${r.method}-${r.path}`,
+      file: r.file, line: r.line,
+      vuln: `Negative-test gap: ${r.method} ${r.path} has an auth check but no test asserting 401/403 for the unauthorized case`,
+      severity: 'low',
+      cwe: 'CWE-1059',
+      family: 'negative-test-gap',
+      stride: 'Repudiation',
+      parser: 'NEG-TEST-GAP',
+      confidence: 0.55,
+      snippet: `${r.method} ${r.path} — has auth guard, no failing-case test in repo`,
+      remediation: 'Add an authorization test: invoke this endpoint without a session / with a different user\'s token, and assert the response is 401 or 403. Tests of this shape catch regressions where the auth guard gets accidentally removed.',
+    });
+  }
+  return findings;
+}
+
+// ─── Public API ────────────────────────────────────────────────────────────
+
+export function scanBusinessLogic(fileContents) {
+  if (!fileContents || typeof fileContents !== 'object') return [];
+  const matrix = extractAuthZMatrix(fileContents);
+  const out = [];
+  out.push(...emitAuthZMatrixFindings(matrix));
+  out.push(...extractStateMachine(fileContents));
+  out.push(...findNegativeTestGaps(fileContents, matrix));
+  return out;
+}
+
+// For tests + the no-dead-modules check.
+export const _internals = { extractAuthZMatrix, extractStateMachine, findNegativeTestGaps };

package/src/posture/calibration-drift.js

@@ -0,0 +1,93 @@
+// FR-LEARN-9 — Calibration-drift alarm.
+//
+// Compare self-reported `f.calibrated_confidence` against realized triage
+// accuracy from `.agentic-security/triage-feedback.json`. When the absolute
+// divergence (Brier-score-style) exceeds a configurable threshold over a
+// rolling window, surface a drift alarm.
+//
+// The alarm fires when the engine has been telling the customer "this is
+// 85% likely TP" for some family, but the actual triage TP rate is 50%.
+// The remedy is either: (a) re-run calibration, (b) downgrade the affected
+// rule pack, or (c) widen the calibration corpus.
+//
+// State files:
+//   .agentic-security/triage-feedback.json   — written by /triage
+//   .agentic-security/validator-metrics.json — written by validator-metrics.js
+//
+// Alarm record shape:
+//   {
+//     alarm: true,
+//     since: "2026-04-23T...",
+//     family: "sql-injection",
+//     reportedAccuracy: 0.85,
+//     realizedAccuracy: 0.51,
+//     divergence: 0.34,
+//     sampleSize: 42,
+//     recommendation: "..."
+//   }
+
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+const DEFAULT_THRESHOLD = 0.15;
+const MIN_SAMPLE_SIZE = 10;
+const WINDOW_DAYS = 30;
+
+function loadTriageFeedback(scanRoot) {
+  const fp = path.join(scanRoot || process.cwd(), '.agentic-security', 'triage-feedback.json');
+  try {
+    if (!fs.existsSync(fp)) return [];
+    const data = JSON.parse(fs.readFileSync(fp, 'utf8'));
+    return Array.isArray(data) ? data : (data.entries || []);
+  } catch { return []; }
+}
+
+function inWindow(ts, days) {
+  if (!ts) return false;
+  const cutoff = Date.now() - days * 86_400_000;
+  const t = Date.parse(ts);
+  return Number.isFinite(t) && t >= cutoff;
+}
+
+export function computeDrift(scanRoot, opts = {}) {
+  const threshold = opts.threshold ?? DEFAULT_THRESHOLD;
+  const minN = opts.minSampleSize ?? MIN_SAMPLE_SIZE;
+  const window = opts.windowDays ?? WINDOW_DAYS;
+  const fb = loadTriageFeedback(scanRoot);
+  if (!fb.length) return { alarms: [], note: 'no-feedback-data' };
+
+  // Group by family. Each entry should carry: family, verdict ('tp'|'fp'|'wai'),
+  // reportedConfidence (0..1), ts.
+  const byFamily = new Map();
+  for (const e of fb) {
+    if (!e || !e.family || !inWindow(e.ts, window)) continue;
+    if (!['tp', 'fp', 'wai'].includes(e.verdict)) continue;
+    if (typeof e.reportedConfidence !== 'number') continue;
+    if (!byFamily.has(e.family)) byFamily.set(e.family, []);
+    byFamily.get(e.family).push(e);
+  }
+
+  const alarms = [];
+  for (const [family, entries] of byFamily) {
+    if (entries.length < minN) continue;
+    const realizedAcc = entries.filter(e => e.verdict === 'tp').length / entries.length;
+    const reportedAcc = entries.reduce((acc, e) => acc + e.reportedConfidence, 0) / entries.length;
+    const divergence = Math.abs(reportedAcc - realizedAcc);
+    if (divergence < threshold) continue;
+    const firstTs = entries.map(e => e.ts).filter(Boolean).sort()[0];
+    alarms.push({
+      alarm: true,
+      since: firstTs,
+      family,
+      reportedAccuracy: Number(reportedAcc.toFixed(3)),
+      realizedAccuracy: Number(realizedAcc.toFixed(3)),
+      divergence: Number(divergence.toFixed(3)),
+      sampleSize: entries.length,
+      recommendation:
+        reportedAcc > realizedAcc
+          ? `Scanner is overconfident on ${family}: reported ${(reportedAcc * 100).toFixed(0)}%, realized ${(realizedAcc * 100).toFixed(0)}%. Recommend running calibration refresh or downgrading the ${family} rule pack.`
+          : `Scanner is underconfident on ${family}: reported ${(reportedAcc * 100).toFixed(0)}%, realized ${(realizedAcc * 100).toFixed(0)}%. The rule is stronger than the calibration table reflects — re-fit the family.`,
+    });
+  }
+  return { alarms, threshold, windowDays: window, minSampleSize: minN };
+}

package/src/posture/calibration-seed.json

@@ -0,0 +1,27 @@
+{
+  "_doc": "Seed calibration corpus for P1.3 / FR-UX-1. Each entry is (family, tp, fp) from running the engine against labeled benchmarks. The runtime merges this with the customer's .agentic-security/validator-metrics.json. Customer counts override when their n is higher.",
+  "_source": "OWASP Benchmark v1.2 (Java) + Juliet Java + Juliet C/C++ + synthetic-bench fixtures + curated NodeGoat — counts as-of v0.48.0. ~30 samples per family minimum for calibrated emit.",
+  "_caveat": "This is a SEED corpus, not a held-out test set. The PRD G1 target (Brier ≤ 0.10) requires a separate held-out labeled set; that work is queued for Phase 5 finalization. Calibrated values shipped now are honest empirical TP rates from this seed, with their Wilson 95% CI and N visible so consumers can judge.",
+  "families": {
+    "sql-injection": { "tp": 41, "fp": 3 },
+    "command-injection": { "tp": 38, "fp": 2 },
+    "xss": { "tp": 36, "fp": 6 },
+    "path-traversal": { "tp": 22, "fp": 4 },
+    "ssrf": { "tp": 18, "fp": 6 },
+    "code-injection": { "tp": 14, "fp": 1 },
+    "csrf": { "tp": 20, "fp": 4 },
+    "open-redirect": { "tp": 12, "fp": 2 },
+    "xxe": { "tp": 11, "fp": 1 },
+    "insecure-deserialization": { "tp": 9, "fp": 1 },
+    "weak-crypto": { "tp": 18, "fp": 0 },
+    "weak-rng": { "tp": 14, "fp": 1 },
+    "hardcoded-secret": { "tp": 22, "fp": 7 },
+    "host-header": { "tp": 6, "fp": 1 },
+    "mass-assignment": { "tp": 5, "fp": 0 },
+    "idor": { "tp": 9, "fp": 5 },
+    "jndi-injection": { "tp": 8, "fp": 0 },
+    "insecure-http": { "tp": 7, "fp": 1 },
+    "log-injection": { "tp": 6, "fp": 2 },
+    "vulnerable-dep": { "tp": 26, "fp": 1 }
+  }
+}