@clear-capabilities/agentic-security-scanner 0.78.0 → 0.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/bin/.agentic-security/findings.json +16 -16
  2. package/bin/.agentic-security/last-scan.json +16 -16
  3. package/bin/.agentic-security/last-scan.json.sig +1 -1
  4. package/bin/.agentic-security/scan-history.json +51 -0
  5. package/bin/.agentic-security/streak.json +5 -5
  6. package/bin/agentic-security.js +22 -7
  7. package/dist/178.index.js +1 -1
  8. package/dist/384.index.js +1 -1
  9. package/dist/476.index.js +5 -5
  10. package/dist/637.index.js +1 -1
  11. package/dist/700.index.js +138 -0
  12. package/dist/718.index.js +53 -0
  13. package/dist/838.index.js +1 -1
  14. package/dist/985.index.js +5 -0
  15. package/dist/agentic-security.mjs +1 -1
  16. package/dist/agentic-security.mjs.sha256 +1 -1
  17. package/package.json +2 -2
  18. package/src/dataflow/engine.js +52 -8
  19. package/src/engine.js +107 -6
  20. package/src/integrations/index.js +2 -1
  21. package/src/ir/callgraph.js +27 -7
  22. package/src/llm-validator/index.js +7 -5
  23. package/src/mcp/audit.js +5 -0
  24. package/src/posture/calibration-drift.js +2 -1
  25. package/src/posture/calibration.js +3 -2
  26. package/src/posture/fix-history.js +8 -2
  27. package/src/posture/profile.js +4 -5
  28. package/src/posture/rule-overrides.js +2 -3
  29. package/src/posture/rule-pack-signing.js +2 -3
  30. package/src/posture/rule-synthesis.js +5 -6
  31. package/src/posture/security-trend.js +4 -7
  32. package/src/posture/state-dir.js +124 -0
  33. package/src/posture/streak.js +3 -0
  34. package/src/posture/suppressions.js +5 -8
  35. package/src/posture/triage.js +3 -5
  36. package/src/posture/validator-metrics.js +3 -6
  37. package/src/sast/db-taint.js +24 -0
  38. package/src/sast/rust.js +26 -0
  39. package/src/sca/binary-metadata.js +124 -0
  40. package/src/sca/py-package-functions.js +118 -0
  41. package/src/sca/vendor-detect.js +53 -0
  42. package/src/.agentic-security/findings.json +0 -82642
  43. package/src/.agentic-security/last-scan.json +0 -82642
  44. package/src/.agentic-security/last-scan.json.sig +0 -1
  45. package/src/.agentic-security/scan-history.json +0 -10054
  46. package/src/.agentic-security/streak.json +0 -21
  47. package/src/dataflow/.agentic-security/findings.json +0 -3515
  48. package/src/dataflow/.agentic-security/last-scan.json +0 -3515
  49. package/src/dataflow/.agentic-security/last-scan.json.sig +0 -1
  50. package/src/dataflow/.agentic-security/scan-history.json +0 -702
  51. package/src/dataflow/.agentic-security/streak.json +0 -22
  52. package/src/ir/.agentic-security/findings.json +0 -3777
  53. package/src/ir/.agentic-security/last-scan.json +0 -3777
  54. package/src/ir/.agentic-security/last-scan.json.sig +0 -1
  55. package/src/ir/.agentic-security/scan-history.json +0 -771
  56. package/src/ir/.agentic-security/streak.json +0 -21
  57. package/src/posture/.agentic-security/findings.json +0 -51562
  58. package/src/posture/.agentic-security/last-scan.json +0 -51562
  59. package/src/posture/.agentic-security/last-scan.json.sig +0 -1
  60. package/src/posture/.agentic-security/scan-history.json +0 -650
  61. package/src/posture/.agentic-security/streak.json +0 -20
  62. package/src/report/.agentic-security/findings.json +0 -80
  63. package/src/report/.agentic-security/last-scan.json +0 -80
  64. package/src/report/.agentic-security/last-scan.json.sig +0 -1
  65. package/src/report/.agentic-security/scan-history.json +0 -35
  66. package/src/report/.agentic-security/streak.json +0 -22
  67. package/src/sast/.agentic-security/findings.json +0 -5190
  68. package/src/sast/.agentic-security/last-scan.json +0 -5190
  69. package/src/sast/.agentic-security/last-scan.json.sig +0 -1
  70. package/src/sast/.agentic-security/scan-history.json +0 -408
  71. package/src/sast/.agentic-security/streak.json +0 -20
  72. package/src/sca/.agentic-security/findings.json +0 -1587
  73. package/src/sca/.agentic-security/last-scan.json +0 -1587
  74. package/src/sca/.agentic-security/last-scan.json.sig +0 -1
  75. package/src/sca/.agentic-security/scan-history.json +0 -36
  76. package/src/sca/.agentic-security/streak.json +0 -21
package/dist/838.index.js CHANGED
@@ -14,7 +14,7 @@ __webpack_require__.r(__webpack_exports__);
14
14
  /* harmony import */ var node_child_process__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1421);
15
15
  /* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(3024);
16
16
  /* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(6760);
17
- /* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(8636);
17
+ /* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(6048);
18
18
  // Closed-loop /fix verification (Sentinel-parity FR-L4-4, FR-L4-5).
19
19
  //
20
20
  // Given a candidate patch (the new file content + the finding stableId being
package/dist/985.index.js CHANGED
@@ -1465,6 +1465,11 @@ async function _postRemote(url, entry) {
1465
1465
  function auditCall({ sessionRoot, tool, args, outcome, reason }) {
1466
1466
  if (!sessionRoot) return;
1467
1467
  try {
1468
+ // Safety: only write audit log if sessionRoot looks like a project root
1469
+ const MARKERS = ['.git', 'package.json', 'pyproject.toml', 'go.mod', 'Cargo.toml', 'pom.xml', 'composer.json', 'Gemfile'];
1470
+ let hasMarker = false;
1471
+ for (const m of MARKERS) { try { if (external_node_fs_.existsSync(external_node_path_.join(sessionRoot, m))) { hasMarker = true; break; } } catch {} }
1472
+ if (!hasMarker) return;
1468
1473
  const dir = external_node_path_.join(sessionRoot, '.agentic-security');
1469
1474
  external_node_fs_.mkdirSync(dir, { recursive: true });
1470
1475
  const logFile = external_node_path_.join(dir, 'mcp-audit.log');