@clear-capabilities/agentic-security-scanner 0.76.1 → 0.78.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/bin/.agentic-security/findings.json +320 -9
  2. package/bin/.agentic-security/last-scan.json +320 -9
  3. package/bin/.agentic-security/last-scan.json.sig +1 -1
  4. package/bin/.agentic-security/scan-history.json +17 -377
  5. package/bin/.agentic-security/streak.json +11 -16
  6. package/bin/agentic-security.js +33 -2
  7. package/dist/178.index.js +1 -1
  8. package/dist/384.index.js +1 -1
  9. package/dist/637.index.js +1 -1
  10. package/dist/718.index.js +106 -0
  11. package/dist/824.index.js +126 -0
  12. package/dist/838.index.js +1 -1
  13. package/dist/agentic-security.mjs +32 -32
  14. package/dist/agentic-security.mjs.sha256 +1 -1
  15. package/package.json +7 -7
  16. package/src/.agentic-security/findings.json +5731 -3933
  17. package/src/.agentic-security/last-scan.json +5731 -3933
  18. package/src/.agentic-security/last-scan.json.sig +1 -1
  19. package/src/.agentic-security/scan-history.json +2533 -887
  20. package/src/.agentic-security/streak.json +11 -16
  21. package/src/dataflow/.agentic-security/findings.json +52 -24
  22. package/src/dataflow/.agentic-security/last-scan.json +52 -24
  23. package/src/dataflow/.agentic-security/last-scan.json.sig +1 -1
  24. package/src/dataflow/.agentic-security/scan-history.json +101 -134
  25. package/src/dataflow/.agentic-security/streak.json +8 -10
  26. package/src/dataflow/async-sequencing.js +16 -7
  27. package/src/dataflow/builtin-summaries.js +131 -0
  28. package/src/dataflow/catalog.js +107 -0
  29. package/src/dataflow/cross-repo.js +75 -1
  30. package/src/dataflow/engine.js +129 -0
  31. package/src/dataflow/implicit-flow.js +24 -6
  32. package/src/dataflow/stub-aware-filter.js +69 -11
  33. package/src/dataflow/summaries.js +28 -3
  34. package/src/engine-parallel.js +70 -0
  35. package/src/engine.js +165 -15
  36. package/src/ir/.agentic-security/findings.json +757 -16
  37. package/src/ir/.agentic-security/last-scan.json +757 -16
  38. package/src/ir/.agentic-security/last-scan.json.sig +1 -1
  39. package/src/ir/.agentic-security/scan-history.json +545 -138
  40. package/src/ir/.agentic-security/streak.json +11 -13
  41. package/src/ir/index.js +22 -1
  42. package/src/ir/parser-go.js +403 -0
  43. package/src/ir/parser-js.js +2 -0
  44. package/src/ir/parser-php.js +330 -0
  45. package/src/ir/parser-py.helper.py +137 -11
  46. package/src/ir/parser-rb.js +309 -0
  47. package/src/posture/.agentic-security/findings.json +407 -84
  48. package/src/posture/.agentic-security/last-scan.json +407 -84
  49. package/src/posture/.agentic-security/last-scan.json.sig +1 -1
  50. package/src/posture/.agentic-security/scan-history.json +16 -4923
  51. package/src/posture/.agentic-security/streak.json +10 -14
  52. package/src/posture/calibration.js +14 -0
  53. package/src/posture/triage.js +13 -0
  54. package/src/report/.agentic-security/findings.json +6 -5
  55. package/src/report/.agentic-security/last-scan.json +6 -5
  56. package/src/report/.agentic-security/last-scan.json.sig +1 -1
  57. package/src/report/.agentic-security/scan-history.json +3 -300
  58. package/src/report/.agentic-security/streak.json +7 -8
  59. package/src/report/index.js +23 -2
  60. package/src/sast/.agentic-security/findings.json +195 -56
  61. package/src/sast/.agentic-security/last-scan.json +195 -56
  62. package/src/sast/.agentic-security/last-scan.json.sig +1 -1
  63. package/src/sast/.agentic-security/scan-history.json +14 -394
  64. package/src/sast/.agentic-security/streak.json +10 -13
  65. package/src/sast/cache-poisoning.js +77 -0
  66. package/src/sast/comparison-safety.js +73 -0
  67. package/src/sast/db-taint.js +54 -0
  68. package/src/sast/graphql.js +127 -0
  69. package/src/sast/llm-stored-prompt.js +57 -0
  70. package/src/sast/mutation-xss.js +43 -0
  71. package/src/sast/nosql-injection.js +5 -0
  72. package/src/sast/null-byte-injection.js +76 -0
  73. package/src/sast/redos-nfa.js +338 -0
  74. package/src/sast/sensitive-data-logging.js +73 -0
  75. package/src/sast/weak-password-hash.js +77 -0
  76. package/src/sast/weak-randomness.js +100 -0
  77. package/src/sca/.agentic-security/findings.json +502 -11
  78. package/src/sca/.agentic-security/last-scan.json +502 -11
  79. package/src/sca/.agentic-security/last-scan.json.sig +1 -1
  80. package/src/sca/.agentic-security/scan-history.json +19 -1
  81. package/src/sca/.agentic-security/streak.json +6 -6
  82. package/src/sca/llm-function-extract.js +107 -0
  83. package/src/sca/vendor-detect.js +91 -0
  84. package/dist/218.index.js +0 -793
  85. package/dist/601.index.js +0 -1038
  86. package/dist/634.index.js +0 -1892
  87. package/src/integrations/.agentic-security/findings.json +0 -1504
  88. package/src/integrations/.agentic-security/last-scan.json +0 -1504
  89. package/src/integrations/.agentic-security/scan-history.json +0 -40
  90. package/src/integrations/.agentic-security/streak.json +0 -21
  91. package/src/llm-validator/.agentic-security/findings.json +0 -1891
  92. package/src/llm-validator/.agentic-security/last-scan.json +0 -1891
  93. package/src/llm-validator/.agentic-security/last-scan.json.sig +0 -1
  94. package/src/llm-validator/.agentic-security/scan-history.json +0 -168
  95. package/src/llm-validator/.agentic-security/streak.json +0 -20
  96. package/src/lsp/.agentic-security/findings.json +0 -28
  97. package/src/lsp/.agentic-security/last-scan.json +0 -28
  98. package/src/lsp/.agentic-security/scan-history.json +0 -79
  99. package/src/lsp/.agentic-security/streak.json +0 -22
  100. package/src/mcp/.agentic-security/findings.json +0 -8403
  101. package/src/mcp/.agentic-security/last-scan.json +0 -8403
  102. package/src/mcp/.agentic-security/last-scan.json.sig +0 -1
  103. package/src/mcp/.agentic-security/scan-history.json +0 -1182
  104. package/src/mcp/.agentic-security/streak.json +0 -22
  105. package/src/sast/bench-shape/.agentic-security/findings.json +0 -28
  106. package/src/sast/bench-shape/.agentic-security/last-scan.json +0 -28
  107. package/src/sast/bench-shape/.agentic-security/scan-history.json +0 -24
  108. package/src/sast/bench-shape/.agentic-security/streak.json +0 -22
package/src/dataflow/.agentic-security/scan-history.json CHANGED
@@ -1,63 +1,16 @@
1
1
  [
2
2
  {
3
- "timestamp": "2026-05-20T16:31:09.056Z",
3
+ "timestamp": "2026-05-26T15:54:30.242Z",
4
4
  "label": "scan",
5
- "total": 12,
6
- "critical": 0,
7
- "high": 0,
8
- "medium": 12,
9
- "low": 0,
10
- "kev": 0,
11
- "ids": [
12
- "ssrf-meta-hardcoded:catalog.js:431",
13
- "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
14
- "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
15
- "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
16
- "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
17
- "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
18
- "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
19
- "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
20
- "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
21
- "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
22
- "toctou-fs:incremental.js:50",
23
- "toctou-fs:incremental.js:68"
24
- ]
25
- },
26
- {
27
- "timestamp": "2026-05-20T16:31:17.139Z",
28
- "label": "scan",
29
- "total": 12,
30
- "critical": 0,
31
- "high": 0,
32
- "medium": 12,
33
- "low": 0,
34
- "kev": 0,
35
- "ids": [
36
- "ssrf-meta-hardcoded:catalog.js:431",
37
- "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
38
- "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
39
- "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
40
- "struct:incremental.js:220:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
41
- "struct:incremental.js:223:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
42
- "struct:incremental.js:50:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
43
- "struct:incremental.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
44
- "struct:incremental.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
45
- "struct:incremental.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
46
- "toctou-fs:incremental.js:50",
47
- "toctou-fs:incremental.js:68"
48
- ]
49
- },
50
- {
51
- "timestamp": "2026-05-20T16:33:05.965Z",
52
- "label": "scan",
53
- "total": 12,
5
+ "total": 13,
54
6
  "critical": 0,
55
7
  "high": 0,
56
- "medium": 12,
8
+ "medium": 13,
57
9
  "low": 0,
58
10
  "kev": 0,
59
11
  "ids": [
60
- "ssrf-meta-hardcoded:catalog.js:431",
12
+ "ssrf-meta-hardcoded:catalog.js:439",
13
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
61
14
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
62
15
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
63
16
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -72,16 +25,17 @@
72
25
  ]
73
26
  },
74
27
  {
75
- "timestamp": "2026-05-20T16:57:16.355Z",
28
+ "timestamp": "2026-05-26T15:59:57.002Z",
76
29
  "label": "scan",
77
- "total": 12,
30
+ "total": 13,
78
31
  "critical": 0,
79
32
  "high": 0,
80
- "medium": 12,
33
+ "medium": 13,
81
34
  "low": 0,
82
35
  "kev": 0,
83
36
  "ids": [
84
- "ssrf-meta-hardcoded:catalog.js:431",
37
+ "ssrf-meta-hardcoded:catalog.js:459",
38
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
85
39
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
86
40
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
87
41
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -96,16 +50,17 @@
96
50
  ]
97
51
  },
98
52
  {
99
- "timestamp": "2026-05-20T16:57:24.018Z",
53
+ "timestamp": "2026-05-26T16:16:54.427Z",
100
54
  "label": "scan",
101
- "total": 12,
55
+ "total": 13,
102
56
  "critical": 0,
103
57
  "high": 0,
104
- "medium": 12,
58
+ "medium": 13,
105
59
  "low": 0,
106
60
  "kev": 0,
107
61
  "ids": [
108
- "ssrf-meta-hardcoded:catalog.js:431",
62
+ "ssrf-meta-hardcoded:catalog.js:496",
63
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
109
64
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
110
65
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
111
66
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -120,16 +75,17 @@
120
75
  ]
121
76
  },
122
77
  {
123
- "timestamp": "2026-05-20T16:57:32.326Z",
78
+ "timestamp": "2026-05-26T16:42:13.064Z",
124
79
  "label": "scan",
125
- "total": 12,
80
+ "total": 13,
126
81
  "critical": 0,
127
82
  "high": 0,
128
- "medium": 12,
83
+ "medium": 13,
129
84
  "low": 0,
130
85
  "kev": 0,
131
86
  "ids": [
132
- "ssrf-meta-hardcoded:catalog.js:431",
87
+ "ssrf-meta-hardcoded:catalog.js:496",
88
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
133
89
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
134
90
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
135
91
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -144,16 +100,17 @@
144
100
  ]
145
101
  },
146
102
  {
147
- "timestamp": "2026-05-20T16:58:29.583Z",
103
+ "timestamp": "2026-05-26T16:42:59.107Z",
148
104
  "label": "scan",
149
- "total": 12,
105
+ "total": 13,
150
106
  "critical": 0,
151
107
  "high": 0,
152
- "medium": 12,
108
+ "medium": 13,
153
109
  "low": 0,
154
110
  "kev": 0,
155
111
  "ids": [
156
- "ssrf-meta-hardcoded:catalog.js:431",
112
+ "ssrf-meta-hardcoded:catalog.js:496",
113
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
157
114
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
158
115
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
159
116
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -168,16 +125,17 @@
168
125
  ]
169
126
  },
170
127
  {
171
- "timestamp": "2026-05-20T16:58:42.591Z",
128
+ "timestamp": "2026-05-26T16:46:50.684Z",
172
129
  "label": "scan",
173
- "total": 12,
130
+ "total": 13,
174
131
  "critical": 0,
175
132
  "high": 0,
176
- "medium": 12,
133
+ "medium": 13,
177
134
  "low": 0,
178
135
  "kev": 0,
179
136
  "ids": [
180
- "ssrf-meta-hardcoded:catalog.js:431",
137
+ "ssrf-meta-hardcoded:catalog.js:496",
138
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
181
139
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
182
140
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
183
141
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -192,16 +150,17 @@
192
150
  ]
193
151
  },
194
152
  {
195
- "timestamp": "2026-05-20T16:58:52.648Z",
153
+ "timestamp": "2026-05-26T16:47:41.341Z",
196
154
  "label": "scan",
197
- "total": 12,
155
+ "total": 13,
198
156
  "critical": 0,
199
157
  "high": 0,
200
- "medium": 12,
158
+ "medium": 13,
201
159
  "low": 0,
202
160
  "kev": 0,
203
161
  "ids": [
204
- "ssrf-meta-hardcoded:catalog.js:431",
162
+ "ssrf-meta-hardcoded:catalog.js:496",
163
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
205
164
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
206
165
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
207
166
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -216,16 +175,17 @@
216
175
  ]
217
176
  },
218
177
  {
219
- "timestamp": "2026-05-20T16:59:09.183Z",
178
+ "timestamp": "2026-05-26T16:48:31.461Z",
220
179
  "label": "scan",
221
- "total": 12,
180
+ "total": 13,
222
181
  "critical": 0,
223
182
  "high": 0,
224
- "medium": 12,
183
+ "medium": 13,
225
184
  "low": 0,
226
185
  "kev": 0,
227
186
  "ids": [
228
- "ssrf-meta-hardcoded:catalog.js:431",
187
+ "ssrf-meta-hardcoded:catalog.js:496",
188
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
229
189
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
230
190
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
231
191
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -240,16 +200,17 @@
240
200
  ]
241
201
  },
242
202
  {
243
- "timestamp": "2026-05-20T16:59:19.384Z",
203
+ "timestamp": "2026-05-26T17:02:35.530Z",
244
204
  "label": "scan",
245
- "total": 12,
205
+ "total": 13,
246
206
  "critical": 0,
247
207
  "high": 0,
248
- "medium": 12,
208
+ "medium": 13,
249
209
  "low": 0,
250
210
  "kev": 0,
251
211
  "ids": [
252
- "ssrf-meta-hardcoded:catalog.js:431",
212
+ "ssrf-meta-hardcoded:catalog.js:496",
213
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
253
214
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
254
215
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
255
216
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -264,16 +225,17 @@
264
225
  ]
265
226
  },
266
227
  {
267
- "timestamp": "2026-05-20T17:03:16.117Z",
228
+ "timestamp": "2026-05-26T17:05:59.505Z",
268
229
  "label": "scan",
269
- "total": 12,
230
+ "total": 13,
270
231
  "critical": 0,
271
232
  "high": 0,
272
- "medium": 12,
233
+ "medium": 13,
273
234
  "low": 0,
274
235
  "kev": 0,
275
236
  "ids": [
276
- "ssrf-meta-hardcoded:catalog.js:431",
237
+ "ssrf-meta-hardcoded:catalog.js:496",
238
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
277
239
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
278
240
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
279
241
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -288,16 +250,17 @@
288
250
  ]
289
251
  },
290
252
  {
291
- "timestamp": "2026-05-20T17:03:21.783Z",
253
+ "timestamp": "2026-05-26T17:11:46.314Z",
292
254
  "label": "scan",
293
- "total": 12,
255
+ "total": 13,
294
256
  "critical": 0,
295
257
  "high": 0,
296
- "medium": 12,
258
+ "medium": 13,
297
259
  "low": 0,
298
260
  "kev": 0,
299
261
  "ids": [
300
- "ssrf-meta-hardcoded:catalog.js:431",
262
+ "ssrf-meta-hardcoded:catalog.js:496",
263
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
301
264
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
302
265
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
303
266
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -312,16 +275,17 @@
312
275
  ]
313
276
  },
314
277
  {
315
- "timestamp": "2026-05-20T17:03:29.788Z",
278
+ "timestamp": "2026-05-27T00:47:42.438Z",
316
279
  "label": "scan",
317
- "total": 12,
280
+ "total": 13,
318
281
  "critical": 0,
319
282
  "high": 0,
320
- "medium": 12,
283
+ "medium": 13,
321
284
  "low": 0,
322
285
  "kev": 0,
323
286
  "ids": [
324
- "ssrf-meta-hardcoded:catalog.js:431",
287
+ "ssrf-meta-hardcoded:catalog.js:505",
288
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
325
289
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
326
290
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
327
291
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -336,16 +300,17 @@
336
300
  ]
337
301
  },
338
302
  {
339
- "timestamp": "2026-05-20T17:11:50.246Z",
303
+ "timestamp": "2026-05-27T00:49:00.083Z",
340
304
  "label": "scan",
341
- "total": 12,
305
+ "total": 13,
342
306
  "critical": 0,
343
307
  "high": 0,
344
- "medium": 12,
308
+ "medium": 13,
345
309
  "low": 0,
346
310
  "kev": 0,
347
311
  "ids": [
348
- "ssrf-meta-hardcoded:catalog.js:431",
312
+ "ssrf-meta-hardcoded:catalog.js:508",
313
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
349
314
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
350
315
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
351
316
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -360,16 +325,17 @@
360
325
  ]
361
326
  },
362
327
  {
363
- "timestamp": "2026-05-20T17:11:56.125Z",
328
+ "timestamp": "2026-05-27T00:52:13.881Z",
364
329
  "label": "scan",
365
- "total": 12,
330
+ "total": 13,
366
331
  "critical": 0,
367
332
  "high": 0,
368
- "medium": 12,
333
+ "medium": 13,
369
334
  "low": 0,
370
335
  "kev": 0,
371
336
  "ids": [
372
- "ssrf-meta-hardcoded:catalog.js:431",
337
+ "ssrf-meta-hardcoded:catalog.js:515",
338
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
373
339
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
374
340
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
375
341
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -384,16 +350,17 @@
384
350
  ]
385
351
  },
386
352
  {
387
- "timestamp": "2026-05-20T17:12:06.495Z",
353
+ "timestamp": "2026-05-27T00:56:08.313Z",
388
354
  "label": "scan",
389
- "total": 12,
355
+ "total": 13,
390
356
  "critical": 0,
391
357
  "high": 0,
392
- "medium": 12,
358
+ "medium": 13,
393
359
  "low": 0,
394
360
  "kev": 0,
395
361
  "ids": [
396
- "ssrf-meta-hardcoded:catalog.js:431",
362
+ "ssrf-meta-hardcoded:catalog.js:527",
363
+ "ssrf-meta-hardcoded:exploit-prover.js:33",
397
364
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
398
365
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
399
366
  "struct:incremental.js:209:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -408,7 +375,7 @@
408
375
  ]
409
376
  },
410
377
  {
411
- "timestamp": "2026-05-20T17:14:15.768Z",
378
+ "timestamp": "2026-05-27T00:57:22.450Z",
412
379
  "label": "scan",
413
380
  "total": 13,
414
381
  "critical": 0,
@@ -417,7 +384,7 @@
417
384
  "low": 0,
418
385
  "kev": 0,
419
386
  "ids": [
420
- "ssrf-meta-hardcoded:catalog.js:431",
387
+ "ssrf-meta-hardcoded:catalog.js:538",
421
388
  "ssrf-meta-hardcoded:exploit-prover.js:33",
422
389
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
423
390
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -433,7 +400,7 @@
433
400
  ]
434
401
  },
435
402
  {
436
- "timestamp": "2026-05-20T17:14:23.117Z",
403
+ "timestamp": "2026-05-27T02:34:32.799Z",
437
404
  "label": "scan",
438
405
  "total": 13,
439
406
  "critical": 0,
@@ -442,7 +409,7 @@
442
409
  "low": 0,
443
410
  "kev": 0,
444
411
  "ids": [
445
- "ssrf-meta-hardcoded:catalog.js:431",
412
+ "ssrf-meta-hardcoded:catalog.js:538",
446
413
  "ssrf-meta-hardcoded:exploit-prover.js:33",
447
414
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
448
415
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -458,7 +425,7 @@
458
425
  ]
459
426
  },
460
427
  {
461
- "timestamp": "2026-05-20T17:14:38.025Z",
428
+ "timestamp": "2026-05-27T02:44:28.731Z",
462
429
  "label": "scan",
463
430
  "total": 13,
464
431
  "critical": 0,
@@ -467,7 +434,7 @@
467
434
  "low": 0,
468
435
  "kev": 0,
469
436
  "ids": [
470
- "ssrf-meta-hardcoded:catalog.js:431",
437
+ "ssrf-meta-hardcoded:catalog.js:538",
471
438
  "ssrf-meta-hardcoded:exploit-prover.js:33",
472
439
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
473
440
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -483,7 +450,7 @@
483
450
  ]
484
451
  },
485
452
  {
486
- "timestamp": "2026-05-20T17:15:39.150Z",
453
+ "timestamp": "2026-05-27T02:46:28.817Z",
487
454
  "label": "scan",
488
455
  "total": 13,
489
456
  "critical": 0,
@@ -492,7 +459,7 @@
492
459
  "low": 0,
493
460
  "kev": 0,
494
461
  "ids": [
495
- "ssrf-meta-hardcoded:catalog.js:431",
462
+ "ssrf-meta-hardcoded:catalog.js:538",
496
463
  "ssrf-meta-hardcoded:exploit-prover.js:33",
497
464
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
498
465
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -508,7 +475,7 @@
508
475
  ]
509
476
  },
510
477
  {
511
- "timestamp": "2026-05-20T21:13:56.233Z",
478
+ "timestamp": "2026-05-27T02:51:52.901Z",
512
479
  "label": "scan",
513
480
  "total": 13,
514
481
  "critical": 0,
@@ -517,7 +484,7 @@
517
484
  "low": 0,
518
485
  "kev": 0,
519
486
  "ids": [
520
- "ssrf-meta-hardcoded:catalog.js:431",
487
+ "ssrf-meta-hardcoded:catalog.js:538",
521
488
  "ssrf-meta-hardcoded:exploit-prover.js:33",
522
489
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
523
490
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -533,7 +500,7 @@
533
500
  ]
534
501
  },
535
502
  {
536
- "timestamp": "2026-05-20T21:14:16.986Z",
503
+ "timestamp": "2026-05-27T03:01:05.846Z",
537
504
  "label": "scan",
538
505
  "total": 13,
539
506
  "critical": 0,
@@ -542,7 +509,7 @@
542
509
  "low": 0,
543
510
  "kev": 0,
544
511
  "ids": [
545
- "ssrf-meta-hardcoded:catalog.js:431",
512
+ "ssrf-meta-hardcoded:catalog.js:538",
546
513
  "ssrf-meta-hardcoded:exploit-prover.js:33",
547
514
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
548
515
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -558,7 +525,7 @@
558
525
  ]
559
526
  },
560
527
  {
561
- "timestamp": "2026-05-20T21:14:36.687Z",
528
+ "timestamp": "2026-05-27T03:14:22.409Z",
562
529
  "label": "scan",
563
530
  "total": 13,
564
531
  "critical": 0,
@@ -567,7 +534,7 @@
567
534
  "low": 0,
568
535
  "kev": 0,
569
536
  "ids": [
570
- "ssrf-meta-hardcoded:catalog.js:431",
537
+ "ssrf-meta-hardcoded:catalog.js:538",
571
538
  "ssrf-meta-hardcoded:exploit-prover.js:33",
572
539
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
573
540
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -583,7 +550,7 @@
583
550
  ]
584
551
  },
585
552
  {
586
- "timestamp": "2026-05-20T21:16:21.666Z",
553
+ "timestamp": "2026-05-27T09:06:49.555Z",
587
554
  "label": "scan",
588
555
  "total": 13,
589
556
  "critical": 0,
@@ -592,7 +559,7 @@
592
559
  "low": 0,
593
560
  "kev": 0,
594
561
  "ids": [
595
- "ssrf-meta-hardcoded:catalog.js:431",
562
+ "ssrf-meta-hardcoded:catalog.js:538",
596
563
  "ssrf-meta-hardcoded:exploit-prover.js:33",
597
564
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
598
565
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -608,7 +575,7 @@
608
575
  ]
609
576
  },
610
577
  {
611
- "timestamp": "2026-05-20T21:16:30.170Z",
578
+ "timestamp": "2026-05-27T09:07:34.195Z",
612
579
  "label": "scan",
613
580
  "total": 13,
614
581
  "critical": 0,
@@ -617,7 +584,7 @@
617
584
  "low": 0,
618
585
  "kev": 0,
619
586
  "ids": [
620
- "ssrf-meta-hardcoded:catalog.js:431",
587
+ "ssrf-meta-hardcoded:catalog.js:538",
621
588
  "ssrf-meta-hardcoded:exploit-prover.js:33",
622
589
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
623
590
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -633,7 +600,7 @@
633
600
  ]
634
601
  },
635
602
  {
636
- "timestamp": "2026-05-20T21:16:44.344Z",
603
+ "timestamp": "2026-05-27T09:27:55.033Z",
637
604
  "label": "scan",
638
605
  "total": 13,
639
606
  "critical": 0,
@@ -642,7 +609,7 @@
642
609
  "low": 0,
643
610
  "kev": 0,
644
611
  "ids": [
645
- "ssrf-meta-hardcoded:catalog.js:431",
612
+ "ssrf-meta-hardcoded:catalog.js:538",
646
613
  "ssrf-meta-hardcoded:exploit-prover.js:33",
647
614
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
648
615
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -658,7 +625,7 @@
658
625
  ]
659
626
  },
660
627
  {
661
- "timestamp": "2026-05-20T21:16:58.040Z",
628
+ "timestamp": "2026-05-27T09:28:46.801Z",
662
629
  "label": "scan",
663
630
  "total": 13,
664
631
  "critical": 0,
@@ -667,7 +634,7 @@
667
634
  "low": 0,
668
635
  "kev": 0,
669
636
  "ids": [
670
- "ssrf-meta-hardcoded:catalog.js:431",
637
+ "ssrf-meta-hardcoded:catalog.js:538",
671
638
  "ssrf-meta-hardcoded:exploit-prover.js:33",
672
639
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
673
640
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -683,7 +650,7 @@
683
650
  ]
684
651
  },
685
652
  {
686
- "timestamp": "2026-05-20T21:17:06.611Z",
653
+ "timestamp": "2026-05-27T09:29:26.721Z",
687
654
  "label": "scan",
688
655
  "total": 13,
689
656
  "critical": 0,
@@ -692,7 +659,7 @@
692
659
  "low": 0,
693
660
  "kev": 0,
694
661
  "ids": [
695
- "ssrf-meta-hardcoded:catalog.js:431",
662
+ "ssrf-meta-hardcoded:catalog.js:538",
696
663
  "ssrf-meta-hardcoded:exploit-prover.js:33",
697
664
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
698
665
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
@@ -708,7 +675,7 @@
708
675
  ]
709
676
  },
710
677
  {
711
- "timestamp": "2026-05-20T21:19:05.300Z",
678
+ "timestamp": "2026-05-27T09:30:02.365Z",
712
679
  "label": "scan",
713
680
  "total": 13,
714
681
  "critical": 0,
@@ -717,7 +684,7 @@
717
684
  "low": 0,
718
685
  "kev": 0,
719
686
  "ids": [
720
- "ssrf-meta-hardcoded:catalog.js:431",
687
+ "ssrf-meta-hardcoded:catalog.js:538",
721
688
  "ssrf-meta-hardcoded:exploit-prover.js:33",
722
689
  "struct:incremental.js:203:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
723
690
  "struct:incremental.js:204:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
package/src/dataflow/.agentic-security/streak.json CHANGED
@@ -1,23 +1,21 @@
1
1
  {
2
- "firstScanDate": "2026-05-18T18:08:52.292Z",
3
- "lastScanDate": "2026-05-20T21:19:05.322Z",
4
- "totalScans": 105,
5
- "daysCleanCritical": 3,
6
- "lastCleanDate": "2026-05-20",
2
+ "firstScanDate": "2026-05-26T15:54:30.269Z",
3
+ "lastScanDate": "2026-05-27T09:30:02.400Z",
4
+ "totalScans": 28,
5
+ "daysCleanCritical": 2,
6
+ "lastCleanDate": "2026-05-27",
7
7
  "lastCriticalDate": null,
8
8
  "hasEverHadCritical": false,
9
- "bestDaysCleanCritical": 3,
10
- "totalFindingsAtFirstScan": 0,
9
+ "bestDaysCleanCritical": 2,
10
+ "totalFindingsAtFirstScan": 17,
11
11
  "totalFindingsAtLastScan": 17,
12
12
  "totalFixesInferred": 0,
13
13
  "lastGrade": "A",
14
- "bestGrade": "A+",
14
+ "bestGrade": "A",
15
15
  "launchCheckPassedAt": null,
16
16
  "achievements": [
17
17
  "first-scan",
18
18
  "grade-a",
19
- "grade-a-plus",
20
- "scan-veteran-100",
21
19
  "scan-veteran-25"
22
20
  ],
23
21
  "previousGrade": "A"