@clear-capabilities/agentic-security-scanner 0.75.0 → 0.77.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/CHANGELOG.md +57 -0
  2. package/bin/agentic-security.js +2 -2
  3. package/dist/838.index.js +152 -0
  4. package/dist/{634.index.js → 985.index.js} +21 -144
  5. package/dist/agentic-security.mjs +8 -8
  6. package/dist/agentic-security.mjs.sha256 +1 -1
  7. package/package.json +6 -6
  8. package/src/mcp/tools.js +17 -2
  9. package/src/sca/base-images.json +1 -1
  10. package/bin/.agentic-security/findings.json +0 -1596
  11. package/bin/.agentic-security/last-scan.json +0 -1596
  12. package/bin/.agentic-security/last-scan.json.sig +0 -1
  13. package/bin/.agentic-security/scan-history.json +0 -470
  14. package/bin/.agentic-security/streak.json +0 -25
  15. package/dist/218.index.js +0 -793
  16. package/dist/601.index.js +0 -1038
  17. package/src/.agentic-security/findings.json +0 -80844
  18. package/src/.agentic-security/last-scan.json +0 -80844
  19. package/src/.agentic-security/last-scan.json.sig +0 -1
  20. package/src/.agentic-security/scan-history.json +0 -8408
  21. package/src/.agentic-security/streak.json +0 -26
  22. package/src/dataflow/.agentic-security/findings.json +0 -3487
  23. package/src/dataflow/.agentic-security/last-scan.json +0 -3487
  24. package/src/dataflow/.agentic-security/last-scan.json.sig +0 -1
  25. package/src/dataflow/.agentic-security/scan-history.json +0 -735
  26. package/src/dataflow/.agentic-security/streak.json +0 -24
  27. package/src/integrations/.agentic-security/findings.json +0 -1504
  28. package/src/integrations/.agentic-security/last-scan.json +0 -1504
  29. package/src/integrations/.agentic-security/scan-history.json +0 -40
  30. package/src/integrations/.agentic-security/streak.json +0 -21
  31. package/src/ir/.agentic-security/findings.json +0 -3036
  32. package/src/ir/.agentic-security/last-scan.json +0 -3036
  33. package/src/ir/.agentic-security/last-scan.json.sig +0 -1
  34. package/src/ir/.agentic-security/scan-history.json +0 -364
  35. package/src/ir/.agentic-security/streak.json +0 -23
  36. package/src/llm-validator/.agentic-security/findings.json +0 -1891
  37. package/src/llm-validator/.agentic-security/last-scan.json +0 -1891
  38. package/src/llm-validator/.agentic-security/last-scan.json.sig +0 -1
  39. package/src/llm-validator/.agentic-security/scan-history.json +0 -168
  40. package/src/llm-validator/.agentic-security/streak.json +0 -20
  41. package/src/lsp/.agentic-security/findings.json +0 -28
  42. package/src/lsp/.agentic-security/last-scan.json +0 -28
  43. package/src/lsp/.agentic-security/scan-history.json +0 -79
  44. package/src/lsp/.agentic-security/streak.json +0 -22
  45. package/src/mcp/.agentic-security/findings.json +0 -8358
  46. package/src/mcp/.agentic-security/last-scan.json +0 -8358
  47. package/src/mcp/.agentic-security/last-scan.json.sig +0 -1
  48. package/src/mcp/.agentic-security/scan-history.json +0 -1125
  49. package/src/mcp/.agentic-security/streak.json +0 -22
  50. package/src/posture/.agentic-security/findings.json +0 -51239
  51. package/src/posture/.agentic-security/last-scan.json +0 -51239
  52. package/src/posture/.agentic-security/last-scan.json.sig +0 -1
  53. package/src/posture/.agentic-security/scan-history.json +0 -5557
  54. package/src/posture/.agentic-security/streak.json +0 -24
  55. package/src/report/.agentic-security/findings.json +0 -79
  56. package/src/report/.agentic-security/last-scan.json +0 -79
  57. package/src/report/.agentic-security/last-scan.json.sig +0 -1
  58. package/src/report/.agentic-security/scan-history.json +0 -332
  59. package/src/report/.agentic-security/streak.json +0 -23
  60. package/src/sast/.agentic-security/findings.json +0 -5051
  61. package/src/sast/.agentic-security/last-scan.json +0 -5051
  62. package/src/sast/.agentic-security/last-scan.json.sig +0 -1
  63. package/src/sast/.agentic-security/scan-history.json +0 -788
  64. package/src/sast/.agentic-security/streak.json +0 -23
  65. package/src/sast/bench-shape/.agentic-security/findings.json +0 -28
  66. package/src/sast/bench-shape/.agentic-security/last-scan.json +0 -28
  67. package/src/sast/bench-shape/.agentic-security/scan-history.json +0 -24
  68. package/src/sast/bench-shape/.agentic-security/streak.json +0 -22
package/src/posture/.agentic-security/streak.json DELETED
@@ -1,24 +0,0 @@
1
- {
2
- "firstScanDate": "2026-05-13T19:07:35.663Z",
3
- "lastScanDate": "2026-05-20T15:34:20.296Z",
4
- "totalScans": 223,
5
- "daysCleanCritical": 0,
6
- "lastCleanDate": "2026-05-19",
7
- "lastCriticalDate": "2026-05-20",
8
- "hasEverHadCritical": true,
9
- "bestDaysCleanCritical": 2,
10
- "totalFindingsAtFirstScan": 28,
11
- "totalFindingsAtLastScan": 257,
12
- "totalFixesInferred": 1,
13
- "lastGrade": "C",
14
- "bestGrade": "A",
15
- "launchCheckPassedAt": null,
16
- "achievements": [
17
- "first-fix",
18
- "first-scan",
19
- "grade-a",
20
- "scan-veteran-100",
21
- "scan-veteran-25"
22
- ],
23
- "previousGrade": "C"
24
- }
package/src/report/.agentic-security/findings.json DELETED
@@ -1,79 +0,0 @@
1
- {
2
- "scanId": "c3ef4632-79ae-4ffb-8f06-3ff4f6f0fef2",
3
- "startedAt": "2026-05-19T21:49:07.932Z",
4
- "durationMs": 196,
5
- "scanned": {
6
- "files": 2,
7
- "lines": 0
8
- },
9
- "findings": [],
10
- "bundles": [],
11
- "routes": [],
12
- "components": [],
13
- "suppressedCount": 0,
14
- "blastRadiusSignals": {
15
- "industry": "generic",
16
- "industryConfidence": "low",
17
- "jurisdictions": [],
18
- "controls": [],
19
- "estimatedUsers": 50,
20
- "revenueIndicator": "pre-revenue",
21
- "hasStripe": false,
22
- "hasAuth": false,
23
- "hasUserTable": false,
24
- "hasPII": false,
25
- "hasPHI": false,
26
- "hasS3": false
27
- },
28
- "_v3": {
29
- "counterfactual": {
30
- "spofControls": [],
31
- "controlsDetected": 167
32
- },
33
- "threatModel": {
34
- "summary": {
35
- "assetCount": 0,
36
- "boundaryCount": 0,
37
- "strideCounts": {
38
- "spoofing": 0,
39
- "tampering": 0,
40
- "repudiation": 0,
41
- "informationDisclosure": 0,
42
- "denialOfService": 0,
43
- "elevationOfPrivilege": 0
44
- }
45
- },
46
- "assets": [],
47
- "trustBoundaries": [],
48
- "stride": {
49
- "spoofing": [],
50
- "tampering": [],
51
- "repudiation": [],
52
- "informationDisclosure": [],
53
- "denialOfService": [],
54
- "elevationOfPrivilege": []
55
- }
56
- },
57
- "trustBoundaryDiagram": {
58
- "mermaid": "flowchart LR\n INTERNET((Internet))\n APP[\"Application\"]\n classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n classDef sev_medium fill:#fff3cd,stroke:#a80;\n classDef sev_low fill:#e8eaf6,stroke:#557;",
59
- "nodes": [
60
- {
61
- "id": "INTERNET",
62
- "kind": "external",
63
- "label": "Internet"
64
- },
65
- {
66
- "id": "APP",
67
- "kind": "app",
68
- "label": "Application"
69
- }
70
- ],
71
- "edges": [],
72
- "decorations": []
73
- },
74
- "calibrationDrift": {
75
- "alarms": [],
76
- "note": "no-feedback-data"
77
- }
78
- }
79
- }
package/src/report/.agentic-security/last-scan.json DELETED
@@ -1,79 +0,0 @@
1
- {
2
- "scanId": "c3ef4632-79ae-4ffb-8f06-3ff4f6f0fef2",
3
- "startedAt": "2026-05-19T21:49:07.932Z",
4
- "durationMs": 196,
5
- "scanned": {
6
- "files": 2,
7
- "lines": 0
8
- },
9
- "findings": [],
10
- "bundles": [],
11
- "routes": [],
12
- "components": [],
13
- "suppressedCount": 0,
14
- "blastRadiusSignals": {
15
- "industry": "generic",
16
- "industryConfidence": "low",
17
- "jurisdictions": [],
18
- "controls": [],
19
- "estimatedUsers": 50,
20
- "revenueIndicator": "pre-revenue",
21
- "hasStripe": false,
22
- "hasAuth": false,
23
- "hasUserTable": false,
24
- "hasPII": false,
25
- "hasPHI": false,
26
- "hasS3": false
27
- },
28
- "_v3": {
29
- "counterfactual": {
30
- "spofControls": [],
31
- "controlsDetected": 167
32
- },
33
- "threatModel": {
34
- "summary": {
35
- "assetCount": 0,
36
- "boundaryCount": 0,
37
- "strideCounts": {
38
- "spoofing": 0,
39
- "tampering": 0,
40
- "repudiation": 0,
41
- "informationDisclosure": 0,
42
- "denialOfService": 0,
43
- "elevationOfPrivilege": 0
44
- }
45
- },
46
- "assets": [],
47
- "trustBoundaries": [],
48
- "stride": {
49
- "spoofing": [],
50
- "tampering": [],
51
- "repudiation": [],
52
- "informationDisclosure": [],
53
- "denialOfService": [],
54
- "elevationOfPrivilege": []
55
- }
56
- },
57
- "trustBoundaryDiagram": {
58
- "mermaid": "flowchart LR\n INTERNET((Internet))\n APP[\"Application\"]\n classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n classDef sev_medium fill:#fff3cd,stroke:#a80;\n classDef sev_low fill:#e8eaf6,stroke:#557;",
59
- "nodes": [
60
- {
61
- "id": "INTERNET",
62
- "kind": "external",
63
- "label": "Internet"
64
- },
65
- {
66
- "id": "APP",
67
- "kind": "app",
68
- "label": "Application"
69
- }
70
- ],
71
- "edges": [],
72
- "decorations": []
73
- },
74
- "calibrationDrift": {
75
- "alarms": [],
76
- "note": "no-feedback-data"
77
- }
78
- }
79
- }
package/src/report/.agentic-security/last-scan.json.sig DELETED
@@ -1 +0,0 @@
1
- 3cd9d9783f17e2685c9bac77499113866f2092dfbc7fd24dc665e09107d1c6f7
package/src/report/.agentic-security/scan-history.json DELETED
@@ -1,332 +0,0 @@
1
- [
2
- {
3
- "timestamp": "2026-05-16T12:14:36.442Z",
4
- "label": "scan",
5
- "total": 0,
6
- "critical": 0,
7
- "high": 0,
8
- "medium": 0,
9
- "low": 0,
10
- "kev": 0,
11
- "ids": []
12
- },
13
- {
14
- "timestamp": "2026-05-16T23:36:58.645Z",
15
- "label": "scan",
16
- "total": 0,
17
- "critical": 0,
18
- "high": 0,
19
- "medium": 0,
20
- "low": 0,
21
- "kev": 0,
22
- "ids": []
23
- },
24
- {
25
- "timestamp": "2026-05-18T17:48:29.014Z",
26
- "label": "scan",
27
- "total": 0,
28
- "critical": 0,
29
- "high": 0,
30
- "medium": 0,
31
- "low": 0,
32
- "kev": 0,
33
- "ids": []
34
- },
35
- {
36
- "timestamp": "2026-05-18T17:56:28.844Z",
37
- "label": "scan",
38
- "total": 0,
39
- "critical": 0,
40
- "high": 0,
41
- "medium": 0,
42
- "low": 0,
43
- "kev": 0,
44
- "ids": []
45
- },
46
- {
47
- "timestamp": "2026-05-18T22:34:47.507Z",
48
- "label": "scan",
49
- "total": 0,
50
- "critical": 0,
51
- "high": 0,
52
- "medium": 0,
53
- "low": 0,
54
- "kev": 0,
55
- "ids": []
56
- },
57
- {
58
- "timestamp": "2026-05-18T22:59:24.059Z",
59
- "label": "scan",
60
- "total": 0,
61
- "critical": 0,
62
- "high": 0,
63
- "medium": 0,
64
- "low": 0,
65
- "kev": 0,
66
- "ids": []
67
- },
68
- {
69
- "timestamp": "2026-05-18T22:59:40.564Z",
70
- "label": "scan",
71
- "total": 0,
72
- "critical": 0,
73
- "high": 0,
74
- "medium": 0,
75
- "low": 0,
76
- "kev": 0,
77
- "ids": []
78
- },
79
- {
80
- "timestamp": "2026-05-18T23:08:03.888Z",
81
- "label": "scan",
82
- "total": 0,
83
- "critical": 0,
84
- "high": 0,
85
- "medium": 0,
86
- "low": 0,
87
- "kev": 0,
88
- "ids": []
89
- },
90
- {
91
- "timestamp": "2026-05-18T23:08:22.652Z",
92
- "label": "scan",
93
- "total": 0,
94
- "critical": 0,
95
- "high": 0,
96
- "medium": 0,
97
- "low": 0,
98
- "kev": 0,
99
- "ids": []
100
- },
101
- {
102
- "timestamp": "2026-05-18T23:10:59.592Z",
103
- "label": "scan",
104
- "total": 0,
105
- "critical": 0,
106
- "high": 0,
107
- "medium": 0,
108
- "low": 0,
109
- "kev": 0,
110
- "ids": []
111
- },
112
- {
113
- "timestamp": "2026-05-19T00:09:08.611Z",
114
- "label": "scan",
115
- "total": 0,
116
- "critical": 0,
117
- "high": 0,
118
- "medium": 0,
119
- "low": 0,
120
- "kev": 0,
121
- "ids": []
122
- },
123
- {
124
- "timestamp": "2026-05-19T00:09:16.891Z",
125
- "label": "scan",
126
- "total": 0,
127
- "critical": 0,
128
- "high": 0,
129
- "medium": 0,
130
- "low": 0,
131
- "kev": 0,
132
- "ids": []
133
- },
134
- {
135
- "timestamp": "2026-05-19T00:10:01.720Z",
136
- "label": "scan",
137
- "total": 0,
138
- "critical": 0,
139
- "high": 0,
140
- "medium": 0,
141
- "low": 0,
142
- "kev": 0,
143
- "ids": []
144
- },
145
- {
146
- "timestamp": "2026-05-19T00:10:15.908Z",
147
- "label": "scan",
148
- "total": 0,
149
- "critical": 0,
150
- "high": 0,
151
- "medium": 0,
152
- "low": 0,
153
- "kev": 0,
154
- "ids": []
155
- },
156
- {
157
- "timestamp": "2026-05-19T02:01:28.011Z",
158
- "label": "scan",
159
- "total": 0,
160
- "critical": 0,
161
- "high": 0,
162
- "medium": 0,
163
- "low": 0,
164
- "kev": 0,
165
- "ids": []
166
- },
167
- {
168
- "timestamp": "2026-05-19T02:09:03.968Z",
169
- "label": "scan",
170
- "total": 0,
171
- "critical": 0,
172
- "high": 0,
173
- "medium": 0,
174
- "low": 0,
175
- "kev": 0,
176
- "ids": []
177
- },
178
- {
179
- "timestamp": "2026-05-19T02:17:39.336Z",
180
- "label": "scan",
181
- "total": 0,
182
- "critical": 0,
183
- "high": 0,
184
- "medium": 0,
185
- "low": 0,
186
- "kev": 0,
187
- "ids": []
188
- },
189
- {
190
- "timestamp": "2026-05-19T03:11:59.398Z",
191
- "label": "scan",
192
- "total": 0,
193
- "critical": 0,
194
- "high": 0,
195
- "medium": 0,
196
- "low": 0,
197
- "kev": 0,
198
- "ids": []
199
- },
200
- {
201
- "timestamp": "2026-05-19T03:13:30.141Z",
202
- "label": "scan",
203
- "total": 0,
204
- "critical": 0,
205
- "high": 0,
206
- "medium": 0,
207
- "low": 0,
208
- "kev": 0,
209
- "ids": []
210
- },
211
- {
212
- "timestamp": "2026-05-19T03:21:16.211Z",
213
- "label": "scan",
214
- "total": 0,
215
- "critical": 0,
216
- "high": 0,
217
- "medium": 0,
218
- "low": 0,
219
- "kev": 0,
220
- "ids": []
221
- },
222
- {
223
- "timestamp": "2026-05-19T04:45:00.044Z",
224
- "label": "scan",
225
- "total": 0,
226
- "critical": 0,
227
- "high": 0,
228
- "medium": 0,
229
- "low": 0,
230
- "kev": 0,
231
- "ids": []
232
- },
233
- {
234
- "timestamp": "2026-05-19T04:45:15.057Z",
235
- "label": "scan",
236
- "total": 0,
237
- "critical": 0,
238
- "high": 0,
239
- "medium": 0,
240
- "low": 0,
241
- "kev": 0,
242
- "ids": []
243
- },
244
- {
245
- "timestamp": "2026-05-19T04:54:36.921Z",
246
- "label": "scan",
247
- "total": 0,
248
- "critical": 0,
249
- "high": 0,
250
- "medium": 0,
251
- "low": 0,
252
- "kev": 0,
253
- "ids": []
254
- },
255
- {
256
- "timestamp": "2026-05-19T13:24:54.931Z",
257
- "label": "scan",
258
- "total": 0,
259
- "critical": 0,
260
- "high": 0,
261
- "medium": 0,
262
- "low": 0,
263
- "kev": 0,
264
- "ids": []
265
- },
266
- {
267
- "timestamp": "2026-05-19T13:25:09.569Z",
268
- "label": "scan",
269
- "total": 0,
270
- "critical": 0,
271
- "high": 0,
272
- "medium": 0,
273
- "low": 0,
274
- "kev": 0,
275
- "ids": []
276
- },
277
- {
278
- "timestamp": "2026-05-19T20:25:04.198Z",
279
- "label": "scan",
280
- "total": 0,
281
- "critical": 0,
282
- "high": 0,
283
- "medium": 0,
284
- "low": 0,
285
- "kev": 0,
286
- "ids": []
287
- },
288
- {
289
- "timestamp": "2026-05-19T20:26:03.116Z",
290
- "label": "scan",
291
- "total": 0,
292
- "critical": 0,
293
- "high": 0,
294
- "medium": 0,
295
- "low": 0,
296
- "kev": 0,
297
- "ids": []
298
- },
299
- {
300
- "timestamp": "2026-05-19T20:26:12.780Z",
301
- "label": "scan",
302
- "total": 0,
303
- "critical": 0,
304
- "high": 0,
305
- "medium": 0,
306
- "low": 0,
307
- "kev": 0,
308
- "ids": []
309
- },
310
- {
311
- "timestamp": "2026-05-19T21:46:43.850Z",
312
- "label": "scan",
313
- "total": 0,
314
- "critical": 0,
315
- "high": 0,
316
- "medium": 0,
317
- "low": 0,
318
- "kev": 0,
319
- "ids": []
320
- },
321
- {
322
- "timestamp": "2026-05-19T21:49:08.128Z",
323
- "label": "scan",
324
- "total": 0,
325
- "critical": 0,
326
- "high": 0,
327
- "medium": 0,
328
- "low": 0,
329
- "kev": 0,
330
- "ids": []
331
- }
332
- ]
package/src/report/.agentic-security/streak.json DELETED
@@ -1,23 +0,0 @@
1
- {
2
- "firstScanDate": "2026-05-15T12:33:46.108Z",
3
- "lastScanDate": "2026-05-19T21:49:08.136Z",
4
- "totalScans": 35,
5
- "daysCleanCritical": 2,
6
- "lastCleanDate": "2026-05-19",
7
- "lastCriticalDate": null,
8
- "hasEverHadCritical": false,
9
- "bestDaysCleanCritical": 2,
10
- "totalFindingsAtFirstScan": 0,
11
- "totalFindingsAtLastScan": 0,
12
- "totalFixesInferred": 0,
13
- "lastGrade": "A+",
14
- "bestGrade": "A+",
15
- "launchCheckPassedAt": null,
16
- "achievements": [
17
- "first-scan",
18
- "grade-a",
19
- "grade-a-plus",
20
- "scan-veteran-25"
21
- ],
22
- "previousGrade": "A+"
23
- }