@clear-capabilities/agentic-security-scanner 0.76.1 → 0.78.0

package/src/.agentic-security/streak.json

@@ -1,26 +1,21 @@
 {
-  "firstScanDate": "2026-05-13T12:55:24.025Z",
-  "lastScanDate": "2026-05-20T21:26:48.636Z",
-  "totalScans": 281,
+  "firstScanDate": "2026-05-27T01:13:03.739Z",
+  "lastScanDate": "2026-05-27T13:31:16.009Z",
+  "totalScans": 31,
   "daysCleanCritical": 0,
-  "lastCleanDate": "2026-05-19",
-  "lastCriticalDate": "2026-05-20",
+  "lastCleanDate": null,
+  "lastCriticalDate": "2026-05-27",
   "hasEverHadCritical": true,
-  "bestDaysCleanCritical": 2,
-  "totalFindingsAtFirstScan": 135,
-  "totalFindingsAtLastScan": 408,
-  "totalFixesInferred": 114,
+  "bestDaysCleanCritical": 0,
+  "totalFindingsAtFirstScan": 412,
+  "totalFindingsAtLastScan": 414,
+  "totalFixesInferred": 0,
   "lastGrade": "C",
-  "bestGrade": "B-",
+  "bestGrade": "C",
   "launchCheckPassedAt": null,
   "achievements": [
-    "clean-sweep",
-    "first-fix",
     "first-scan",
-    "scan-veteran-100",
-    "scan-veteran-25",
-    "triage-master",
-    "triage-silver"
+    "scan-veteran-25"
   ],
   "previousGrade": "C"
 }

package/src/dataflow/.agentic-security/findings.json

@@ -1,9 +1,9 @@
 {
-  "scanId": "c0ec088f-7109-4755-b599-aa770643cf19",
-  "startedAt": "2026-05-20T21:19:04.813Z",
-  "durationMs": 486,
+  "scanId": "e19aeff8-8736-4df3-9d8d-a4d227edb6b1",
+  "startedAt": "2026-05-27T09:30:01.863Z",
+  "durationMs": 501,
   "scanned": {
-    "files": 27,
+    "files": 28,
     "lines": 0
   },
   "findings": [
@@ -116,6 +116,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -344,6 +345,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -572,6 +574,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -800,6 +803,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1028,6 +1032,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1256,6 +1261,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1484,6 +1490,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1712,6 +1719,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1940,6 +1948,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -2060,7 +2069,7 @@
       "attackPlaybook": null
     },
     {
-      "id": "ssrf-meta-hardcoded:catalog.js:431",
+      "id": "ssrf-meta-hardcoded:catalog.js:538",
       "kind": "sast",
       "severity": "medium",
       "vuln": "SSRF: explicit reference to cloud instance-metadata endpoint",
@@ -2068,7 +2077,7 @@
       "owaspLlm": null,
       "stride": "Information Disclosure",
       "file": "catalog.js",
-      "line": 431,
+      "line": 538,
       "snippet": "remediation: 'Resolve the host first, reject 169.254.169.254 / RFC1918 / localhost; or proxy through a server-side allow-list.' } },",
       "fix": null,
       "reachable": false,
@@ -2149,7 +2158,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Capital One 2019 SSRF → $190M settlement (100M records, $1.90/rec)",
         "confidence": "low",
-        "narrative": "SSRF: explicit reference to cloud instance-metadata endpoint on `catalog.js:431` could expose production credentials and API keys. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $24k · likely $138k · worst $778k. Dominant driver: legal counsel. Comparable: Capital One 2019 SSRF → $190M settlement (100M records, $1.90/rec)."
+        "narrative": "SSRF: explicit reference to cloud instance-metadata endpoint on `catalog.js:538` could expose production credentials and API keys. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $24k · likely $138k · worst $778k. Dominant driver: legal counsel. Comparable: Capital One 2019 SSRF → $190M settlement (100M records, $1.90/rec)."
       },
       "stableId": "3dfe482b8d5e3a09",
       "confidenceTier": "medium",
@@ -2166,15 +2175,16 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "ssrf",
+      "parser": "SSRF-METADATA",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
       "regression_test": {
         "lang": "node",
-        "framework": "jest",
-        "filename": "security_3dfe482b8d5e3a09.test.mjs",
-        "runHint": "npx jest",
-        "code": "// Regression test for SSRF: explicit reference to cloud instance-metadata endpoint (CWE-918).\n// Auto-generated from P1.1 PoC; fails on vulnerable code, passes after the fix.\n\nimport { test, expect } from '@jest/globals';\n\ntest('SSRF: explicit reference to cloud instance-metadata endpoint', async () => {\n  const URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\n  const METHOD = \"POST\";\n  const PAYLOAD = \"http://127.0.0.1:65533/poc-ssrf-sentinel\";\n  const body = METHOD === 'GET' ? null : JSON.stringify({ input: PAYLOAD });\n  const reqUrl = METHOD === 'GET'\n    ? URL_ + (URL_.includes('?') ? '&' : '?') + 'input=' + encodeURIComponent(PAYLOAD)\n    : URL_;\n  const r = await fetch(reqUrl, { method: METHOD, headers: { 'Content-Type': 'application/json' }, body });\n  const text = await r.text();\n  // The assertion below is the \"exploit demonstrated\" signal — when this\n  // test PASSES, the vuln is still present. After the fix, this assertion\n  // SHOULD fail. Inverse the assertion in a green build.\n  const demonstrated = text.includes('PoC') || /syntax error/i.test(text) || text.includes('<script>');\n  expect(demonstrated).toBe(false);\n});\n"
+        "framework": null,
+        "filename": null,
+        "runHint": null,
+        "code": null
       },
       "poc": {
         "lang": "node",
@@ -2182,7 +2192,10 @@
         "cwe": "CWE-918",
         "family": "ssrf",
         "runHint": "node poc.mjs",
-        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n"
+        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n",
+        "paramKey": null,
+        "paramKeyConfidence": "low",
+        "paramKeyInferred": false
       },
       "calibrated_confidence": null,
       "calibrated_confidence_ci": null,
@@ -2409,15 +2422,16 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "ssrf",
+      "parser": "SSRF-METADATA",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
       "regression_test": {
         "lang": "node",
-        "framework": "jest",
-        "filename": "security_88ebc2728475812c.test.mjs",
-        "runHint": "npx jest",
-        "code": "// Regression test for SSRF: explicit reference to cloud instance-metadata endpoint (CWE-918).\n// Auto-generated from P1.1 PoC; fails on vulnerable code, passes after the fix.\n\nimport { test, expect } from '@jest/globals';\n\ntest('SSRF: explicit reference to cloud instance-metadata endpoint', async () => {\n  const URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\n  const METHOD = \"POST\";\n  const PAYLOAD = \"http://127.0.0.1:65533/poc-ssrf-sentinel\";\n  const body = METHOD === 'GET' ? null : JSON.stringify({ input: PAYLOAD });\n  const reqUrl = METHOD === 'GET'\n    ? URL_ + (URL_.includes('?') ? '&' : '?') + 'input=' + encodeURIComponent(PAYLOAD)\n    : URL_;\n  const r = await fetch(reqUrl, { method: METHOD, headers: { 'Content-Type': 'application/json' }, body });\n  const text = await r.text();\n  // The assertion below is the \"exploit demonstrated\" signal — when this\n  // test PASSES, the vuln is still present. After the fix, this assertion\n  // SHOULD fail. Inverse the assertion in a green build.\n  const demonstrated = text.includes('PoC') || /syntax error/i.test(text) || text.includes('<script>');\n  expect(demonstrated).toBe(false);\n});\n"
+        "framework": null,
+        "filename": null,
+        "runHint": null,
+        "code": null
       },
       "poc": {
         "lang": "node",
@@ -2425,7 +2439,10 @@
         "cwe": "CWE-918",
         "family": "ssrf",
         "runHint": "node poc.mjs",
-        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n"
+        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n",
+        "paramKey": null,
+        "paramKeyConfidence": "low",
+        "paramKeyInferred": false
       },
       "calibrated_confidence": null,
       "calibrated_confidence_ci": null,
@@ -2650,6 +2667,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "toctou-file-existence-permission-check-b",
+      "parser": "TOCTOU",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -2871,6 +2889,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "toctou-file-existence-permission-check-b",
+      "parser": "TOCTOU",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -3064,7 +3083,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "Race Condition (TOCTOU) on `incremental.js:223` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     },
     {
       "id": "logic:incremental.js:50:TOCTOU:_existsSync_followed_by_file_op",
@@ -3145,7 +3166,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "TOCTOU: existsSync followed by file op on `incremental.js:50` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     },
     {
       "id": "logic:incremental.js:68:TOCTOU:_existsSync_followed_by_file_op",
@@ -3226,7 +3249,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "TOCTOU: existsSync followed by file op on `incremental.js:68` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     },
     {
       "id": "logic:incremental.js:223:TOCTOU:_existsSync_followed_by_file_op",
@@ -3307,7 +3332,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "TOCTOU: existsSync followed by file op on `incremental.js:223` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     }
   ],
   "bundles": [],
@@ -3331,7 +3358,7 @@
   "_v3": {
     "counterfactual": {
       "spofControls": [],
-      "controlsDetected": 195
+      "controlsDetected": 219
     },
     "threatModel": {
       "summary": {
@@ -3367,7 +3394,7 @@
           {
             "vuln": "SSRF: explicit reference to cloud instance-metadata endpoint",
             "file": "catalog.js",
-            "line": 431,
+            "line": 538,
             "severity": "medium"
           },
           {
@@ -3483,5 +3510,6 @@
       "alarms": [],
       "note": "no-feedback-data"
     }
-  }
+  },
+  "annotatorErrors": []
 }

package/src/dataflow/.agentic-security/last-scan.json

@@ -1,9 +1,9 @@
 {
-  "scanId": "c0ec088f-7109-4755-b599-aa770643cf19",
-  "startedAt": "2026-05-20T21:19:04.813Z",
-  "durationMs": 486,
+  "scanId": "e19aeff8-8736-4df3-9d8d-a4d227edb6b1",
+  "startedAt": "2026-05-27T09:30:01.863Z",
+  "durationMs": 501,
   "scanned": {
-    "files": 27,
+    "files": 28,
     "lines": 0
   },
   "findings": [
@@ -116,6 +116,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -344,6 +345,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -572,6 +574,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -800,6 +803,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1028,6 +1032,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1256,6 +1261,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1484,6 +1490,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1712,6 +1719,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -1940,6 +1948,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "dos-sync-io",
+      "parser": "STRUCTURAL",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -2060,7 +2069,7 @@
       "attackPlaybook": null
     },
     {
-      "id": "ssrf-meta-hardcoded:catalog.js:431",
+      "id": "ssrf-meta-hardcoded:catalog.js:538",
       "kind": "sast",
       "severity": "medium",
       "vuln": "SSRF: explicit reference to cloud instance-metadata endpoint",
@@ -2068,7 +2077,7 @@
       "owaspLlm": null,
       "stride": "Information Disclosure",
       "file": "catalog.js",
-      "line": 431,
+      "line": 538,
       "snippet": "remediation: 'Resolve the host first, reject 169.254.169.254 / RFC1918 / localhost; or proxy through a server-side allow-list.' } },",
       "fix": null,
       "reachable": false,
@@ -2149,7 +2158,7 @@
         "dominantDriver": "legal counsel",
         "comparable": "Capital One 2019 SSRF → $190M settlement (100M records, $1.90/rec)",
         "confidence": "low",
-        "narrative": "SSRF: explicit reference to cloud instance-metadata endpoint on `catalog.js:431` could expose production credentials and API keys. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $24k · likely $138k · worst $778k. Dominant driver: legal counsel. Comparable: Capital One 2019 SSRF → $190M settlement (100M records, $1.90/rec)."
+        "narrative": "SSRF: explicit reference to cloud instance-metadata endpoint on `catalog.js:538` could expose production credentials and API keys. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $24k · likely $138k · worst $778k. Dominant driver: legal counsel. Comparable: Capital One 2019 SSRF → $190M settlement (100M records, $1.90/rec)."
       },
       "stableId": "3dfe482b8d5e3a09",
       "confidenceTier": "medium",
@@ -2166,15 +2175,16 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "ssrf",
+      "parser": "SSRF-METADATA",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
       "regression_test": {
         "lang": "node",
-        "framework": "jest",
-        "filename": "security_3dfe482b8d5e3a09.test.mjs",
-        "runHint": "npx jest",
-        "code": "// Regression test for SSRF: explicit reference to cloud instance-metadata endpoint (CWE-918).\n// Auto-generated from P1.1 PoC; fails on vulnerable code, passes after the fix.\n\nimport { test, expect } from '@jest/globals';\n\ntest('SSRF: explicit reference to cloud instance-metadata endpoint', async () => {\n  const URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\n  const METHOD = \"POST\";\n  const PAYLOAD = \"http://127.0.0.1:65533/poc-ssrf-sentinel\";\n  const body = METHOD === 'GET' ? null : JSON.stringify({ input: PAYLOAD });\n  const reqUrl = METHOD === 'GET'\n    ? URL_ + (URL_.includes('?') ? '&' : '?') + 'input=' + encodeURIComponent(PAYLOAD)\n    : URL_;\n  const r = await fetch(reqUrl, { method: METHOD, headers: { 'Content-Type': 'application/json' }, body });\n  const text = await r.text();\n  // The assertion below is the \"exploit demonstrated\" signal — when this\n  // test PASSES, the vuln is still present. After the fix, this assertion\n  // SHOULD fail. Inverse the assertion in a green build.\n  const demonstrated = text.includes('PoC') || /syntax error/i.test(text) || text.includes('<script>');\n  expect(demonstrated).toBe(false);\n});\n"
+        "framework": null,
+        "filename": null,
+        "runHint": null,
+        "code": null
       },
       "poc": {
         "lang": "node",
@@ -2182,7 +2192,10 @@
         "cwe": "CWE-918",
         "family": "ssrf",
         "runHint": "node poc.mjs",
-        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n"
+        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n",
+        "paramKey": null,
+        "paramKeyConfidence": "low",
+        "paramKeyInferred": false
       },
       "calibrated_confidence": null,
       "calibrated_confidence_ci": null,
@@ -2409,15 +2422,16 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "ssrf",
+      "parser": "SSRF-METADATA",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
       "regression_test": {
         "lang": "node",
-        "framework": "jest",
-        "filename": "security_88ebc2728475812c.test.mjs",
-        "runHint": "npx jest",
-        "code": "// Regression test for SSRF: explicit reference to cloud instance-metadata endpoint (CWE-918).\n// Auto-generated from P1.1 PoC; fails on vulnerable code, passes after the fix.\n\nimport { test, expect } from '@jest/globals';\n\ntest('SSRF: explicit reference to cloud instance-metadata endpoint', async () => {\n  const URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\n  const METHOD = \"POST\";\n  const PAYLOAD = \"http://127.0.0.1:65533/poc-ssrf-sentinel\";\n  const body = METHOD === 'GET' ? null : JSON.stringify({ input: PAYLOAD });\n  const reqUrl = METHOD === 'GET'\n    ? URL_ + (URL_.includes('?') ? '&' : '?') + 'input=' + encodeURIComponent(PAYLOAD)\n    : URL_;\n  const r = await fetch(reqUrl, { method: METHOD, headers: { 'Content-Type': 'application/json' }, body });\n  const text = await r.text();\n  // The assertion below is the \"exploit demonstrated\" signal — when this\n  // test PASSES, the vuln is still present. After the fix, this assertion\n  // SHOULD fail. Inverse the assertion in a green build.\n  const demonstrated = text.includes('PoC') || /syntax error/i.test(text) || text.includes('<script>');\n  expect(demonstrated).toBe(false);\n});\n"
+        "framework": null,
+        "filename": null,
+        "runHint": null,
+        "code": null
       },
       "poc": {
         "lang": "node",
@@ -2425,7 +2439,10 @@
         "cwe": "CWE-918",
         "family": "ssrf",
         "runHint": "node poc.mjs",
-        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n"
+        "code": "// Demonstrates SSRF by forcing the server to fetch a localhost sentinel URL.\n// Endpoint:   POST http://localhost:3000/REPLACE-WITH-ENDPOINT\n// Payload:    http://127.0.0.1:65533/poc-ssrf-sentinel\n// Expect:     sentinel server logs a request from the target — proves the target made an outbound call we controlled\n// Run:        node poc.mjs\n// Exit code:  0 = exploit demonstrated, 1 = not demonstrated, 2 = error\n\nconst URL_ = \"http://localhost:3000/REPLACE-WITH-ENDPOINT\";\nconst METHOD = \"POST\";\nconst PAYLOAD = `http://127.0.0.1:65533/poc-ssrf-sentinel`;\n\nconst body = METHOD === 'GET'\n  ? null\n  : JSON.stringify({ \"input\": PAYLOAD });\n\nconst headers = { 'Content-Type': 'application/json' };\n\nconst reqUrl = METHOD === 'GET'\n  ? URL_ + (URL_.includes('?') ? '&' : '?') + \"input\" + '=' + encodeURIComponent(PAYLOAD)\n  : URL_;\n\ntry {\n  const r = await fetch(reqUrl, { method: METHOD, headers, body, redirect: 'follow' });\n  const text = await r.text();\n  const sig = (text.includes(\"http://127.0.0.1:65533/poc-ssrf-sentinel\") ? 'payload reflected' : '');\n  if (sig) {\n    process.stderr.write('PoC: exploit demonstrated — ' + sig + '\\n');\n    process.exit(0);\n  }\n  process.stderr.write('PoC: payload sent (status ' + r.status + '), no exploit evidence in response\\n');\n  process.exit(1);\n} catch (e) {\n  process.stderr.write('PoC: error reaching target — ' + e.message + '\\n');\n  process.exit(2);\n}\n",
+        "paramKey": null,
+        "paramKeyConfidence": "low",
+        "paramKeyInferred": false
       },
       "calibrated_confidence": null,
       "calibrated_confidence_ci": null,
@@ -2650,6 +2667,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "toctou-file-existence-permission-check-b",
+      "parser": "TOCTOU",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -2871,6 +2889,7 @@
       "unvalidated": true,
       "cross_language": false,
       "family": "toctou-file-existence-permission-check-b",
+      "parser": "TOCTOU",
       "_unsigned": false,
       "_passThroughSigning": false,
       "signatureStatus": "verified",
@@ -3064,7 +3083,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "Race Condition (TOCTOU) on `incremental.js:223` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     },
     {
       "id": "logic:incremental.js:50:TOCTOU:_existsSync_followed_by_file_op",
@@ -3145,7 +3166,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "TOCTOU: existsSync followed by file op on `incremental.js:50` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     },
     {
       "id": "logic:incremental.js:68:TOCTOU:_existsSync_followed_by_file_op",
@@ -3226,7 +3249,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "TOCTOU: existsSync followed by file op on `incremental.js:68` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     },
     {
       "id": "logic:incremental.js:223:TOCTOU:_existsSync_followed_by_file_op",
@@ -3307,7 +3332,9 @@
         "comparable": "Generic finding — likely cost driven by user count + jurisdiction stack",
         "confidence": "low",
         "narrative": "TOCTOU: existsSync followed by file op on `incremental.js:223` could expose configuration / internal data. Context: general SaaS / no specific regulatory exposure. Estimated cost: best $23k · likely $136k · worst $775k. Dominant driver: legal counsel. Comparable: Generic finding — likely cost driven by user count + jurisdiction stack."
-      }
+      },
+      "parser": "LOGIC",
+      "family": null
     }
   ],
   "bundles": [],
@@ -3331,7 +3358,7 @@
   "_v3": {
     "counterfactual": {
       "spofControls": [],
-      "controlsDetected": 195
+      "controlsDetected": 219
     },
     "threatModel": {
       "summary": {
@@ -3367,7 +3394,7 @@
           {
             "vuln": "SSRF: explicit reference to cloud instance-metadata endpoint",
             "file": "catalog.js",
-            "line": 431,
+            "line": 538,
             "severity": "medium"
           },
           {
@@ -3483,5 +3510,6 @@
       "alarms": [],
       "note": "no-feedback-data"
     }
-  }
+  },
+  "annotatorErrors": []
 }

package/src/dataflow/.agentic-security/last-scan.json.sig

@@ -1 +1 @@
-aabdedd5a2d54315b990bf23e43cd3c73840c46055f3604989e06d68a9b06b76
+15284d745cace7e5e74c8a8a9817f9b55d27f5fb3eb433baea772008b6419a1f