@clear-capabilities/agentic-security-scanner 0.78.0 → 0.79.0

package/src/posture/.agentic-security/scan-history.json

@@ -1,650 +0,0 @@
-[
-  {
-    "timestamp": "2026-05-27T11:16:44.690Z",
-    "label": "scan",
-    "total": 204,
-    "critical": 0,
-    "high": 0,
-    "medium": 11,
-    "low": 193,
-    "kev": 0,
-    "ids": [
-      "llm-redteam:noMaxTokens:aibom.js:31",
-      "llm-redteam:noMaxTokens:aibom.js:34",
-      "llm-redteam:userInputInSystem:adversary-agent.js:109",
-      "prompt-firewall:MISSING_MAX_TOKENS:aibom.js:31",
-      "prompt-tpl:llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "prototype-pollution-direct:adversarial-self-test.js:60",
-      "ssrf-meta-hardcoded:attack-playbooks.js:72",
-      "ssrf-meta-hardcoded:defender-agent.js:41",
-      "ssrf-meta-hardcoded:flow-narration.js:24",
-      "ssrf-meta-hardcoded:verifier.js:55",
-      "state-machine:business-logic.js:141:<not in set>",
-      "state-machine:fix-history.js:255:failed",
-      "state-machine:fix-history.js:261:applied",
-      "state-machine:fix-history.js:306:failed",
-      "state-machine:fix-history.js:316:applied-stale",
-      "state-machine:fix-history.js:319:applied",
-      "state-machine:fix-history.js:324:failed",
-      "state-machine:fix-history.js:329:failed",
-      "state-machine:triage.js:58:fixed",
-      "struct:agents-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:117:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:45:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:70:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:auth-posture-import.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:auth-posture-import.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:201:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:202:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:289:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:291:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:293:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:332:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:334:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:369:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:370:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:387:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration-drift.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration-drift.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration.js:108:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration.js:98:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:323:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:345:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:94:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:218:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:228:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:271:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:273:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:281:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:289:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:290:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deploy-platform.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deploy-platform.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:exploitability-probability.js:142:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:exploitability-probability.js:145:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:feature-flags.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:feature-flags.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:348:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:42:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:holdout-eval.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:holdout-eval.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:52:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:69:Mass_Assignment_(req.body_Direct_to_Model)",
-      "struct:integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
-      "struct:learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:85:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:45:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:66:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:78:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:22:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:27:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:23:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:73:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:75:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:78:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:109:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:155:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:156:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:199:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:207:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:100:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:24:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:ruleset-version.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:ruleset-version.js:37:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:security-trend.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:security-trend.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:stack-playbook.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:stack-playbook.js:14:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:179:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:188:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:28:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:59:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:telemetry-ingest.js:41:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:18:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-target.js:66:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-target.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier.js:129:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:version.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:version.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:waf-ingest.js:138:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:waf-ingest.js:140:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "toctou-fs:agents-memory.js:107",
-      "toctou-fs:agents-memory.js:44",
-      "toctou-fs:agents-memory.js:69",
-      "toctou-fs:agents-memory.js:72",
-      "toctou-fs:auth-posture-import.js:53",
-      "toctou-fs:calibration-drift.js:39",
-      "toctou-fs:cve-alert-daemon.js:271",
-      "toctou-fs:cve-alert-daemon.js:289",
-      "toctou-fs:cve-lookup.js:32",
-      "toctou-fs:deterministic.js:53",
-      "toctou-fs:epss.js:34",
-      "toctou-fs:exploitability-probability.js:142",
-      "toctou-fs:feature-flags.js:53",
-      "toctou-fs:fix-history.js:25",
-      "toctou-fs:fix-history.js:42",
-      "toctou-fs:fix-verify-loop.js:33",
-      "toctou-fs:grader-calibration.js:34",
-      "toctou-fs:harness-discovery.js:39",
-      "toctou-fs:holdout-eval.js:53",
-      "toctou-fs:integrity.js:43",
-      "toctou-fs:integrity.js:77",
-      "toctou-fs:learning.js:30",
-      "toctou-fs:license-policy.js:30",
-      "toctou-fs:network-policy-import.js:85",
-      "toctou-fs:policy-gate.js:154",
-      "toctou-fs:profile.js:45",
-      "toctou-fs:profile.js:78",
-      "toctou-fs:router.js:21",
-      "toctou-fs:rule-overrides.js:23",
-      "toctou-fs:rule-overrides.js:73",
-      "toctou-fs:rule-pack-signing.js:109",
-      "toctou-fs:rule-pack-signing.js:156",
-      "toctou-fs:rule-pack-signing.js:67",
-      "toctou-fs:rule-synthesis.js:24",
-      "toctou-fs:ruleset-version.js:36",
-      "toctou-fs:suppressions.js:26",
-      "toctou-fs:telemetry-ingest.js:41",
-      "toctou-fs:triage.js:18",
-      "toctou-fs:validator-metrics.js:35",
-      "toctou-fs:verifier-target.js:66",
-      "toctou-fs:version.js:43",
-      "toctou-fs:waf-ingest.js:138"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T11:18:32.723Z",
-    "label": "scan",
-    "total": 204,
-    "critical": 0,
-    "high": 0,
-    "medium": 11,
-    "low": 193,
-    "kev": 0,
-    "ids": [
-      "llm-redteam:noMaxTokens:aibom.js:31",
-      "llm-redteam:noMaxTokens:aibom.js:34",
-      "llm-redteam:userInputInSystem:adversary-agent.js:109",
-      "prompt-firewall:MISSING_MAX_TOKENS:aibom.js:31",
-      "prompt-tpl:llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "prototype-pollution-direct:adversarial-self-test.js:60",
-      "ssrf-meta-hardcoded:attack-playbooks.js:72",
-      "ssrf-meta-hardcoded:defender-agent.js:41",
-      "ssrf-meta-hardcoded:flow-narration.js:24",
-      "ssrf-meta-hardcoded:verifier.js:55",
-      "state-machine:business-logic.js:141:<not in set>",
-      "state-machine:fix-history.js:255:failed",
-      "state-machine:fix-history.js:261:applied",
-      "state-machine:fix-history.js:306:failed",
-      "state-machine:fix-history.js:316:applied-stale",
-      "state-machine:fix-history.js:319:applied",
-      "state-machine:fix-history.js:324:failed",
-      "state-machine:fix-history.js:329:failed",
-      "state-machine:triage.js:58:fixed",
-      "struct:agents-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:117:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:45:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:70:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:auth-posture-import.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:auth-posture-import.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:201:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:202:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:289:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:291:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:293:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:332:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:334:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:369:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:370:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:387:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration-drift.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration-drift.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration.js:108:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration.js:98:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:323:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:345:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:94:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:218:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:228:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:271:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:273:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:281:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:289:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:290:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deploy-platform.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deploy-platform.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:exploitability-probability.js:142:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:exploitability-probability.js:145:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:feature-flags.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:feature-flags.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:348:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:42:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:holdout-eval.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:holdout-eval.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:52:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:69:Mass_Assignment_(req.body_Direct_to_Model)",
-      "struct:integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
-      "struct:learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:85:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:45:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:66:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:78:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:22:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:27:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:23:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:73:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:75:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:78:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:109:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:155:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:156:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:199:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:207:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:100:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:24:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:ruleset-version.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:ruleset-version.js:37:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:security-trend.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:security-trend.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:stack-playbook.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:stack-playbook.js:14:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:179:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:188:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:28:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:59:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:telemetry-ingest.js:41:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:18:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-target.js:66:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-target.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier.js:129:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:version.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:version.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:waf-ingest.js:138:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:waf-ingest.js:140:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "toctou-fs:agents-memory.js:107",
-      "toctou-fs:agents-memory.js:44",
-      "toctou-fs:agents-memory.js:69",
-      "toctou-fs:agents-memory.js:72",
-      "toctou-fs:auth-posture-import.js:53",
-      "toctou-fs:calibration-drift.js:39",
-      "toctou-fs:cve-alert-daemon.js:271",
-      "toctou-fs:cve-alert-daemon.js:289",
-      "toctou-fs:cve-lookup.js:32",
-      "toctou-fs:deterministic.js:53",
-      "toctou-fs:epss.js:34",
-      "toctou-fs:exploitability-probability.js:142",
-      "toctou-fs:feature-flags.js:53",
-      "toctou-fs:fix-history.js:25",
-      "toctou-fs:fix-history.js:42",
-      "toctou-fs:fix-verify-loop.js:33",
-      "toctou-fs:grader-calibration.js:34",
-      "toctou-fs:harness-discovery.js:39",
-      "toctou-fs:holdout-eval.js:53",
-      "toctou-fs:integrity.js:43",
-      "toctou-fs:integrity.js:77",
-      "toctou-fs:learning.js:30",
-      "toctou-fs:license-policy.js:30",
-      "toctou-fs:network-policy-import.js:85",
-      "toctou-fs:policy-gate.js:154",
-      "toctou-fs:profile.js:45",
-      "toctou-fs:profile.js:78",
-      "toctou-fs:router.js:21",
-      "toctou-fs:rule-overrides.js:23",
-      "toctou-fs:rule-overrides.js:73",
-      "toctou-fs:rule-pack-signing.js:109",
-      "toctou-fs:rule-pack-signing.js:156",
-      "toctou-fs:rule-pack-signing.js:67",
-      "toctou-fs:rule-synthesis.js:24",
-      "toctou-fs:ruleset-version.js:36",
-      "toctou-fs:suppressions.js:26",
-      "toctou-fs:telemetry-ingest.js:41",
-      "toctou-fs:triage.js:18",
-      "toctou-fs:validator-metrics.js:35",
-      "toctou-fs:verifier-target.js:66",
-      "toctou-fs:version.js:43",
-      "toctou-fs:waf-ingest.js:138"
-    ]
-  },
-  {
-    "timestamp": "2026-05-27T11:19:53.822Z",
-    "label": "scan",
-    "total": 204,
-    "critical": 0,
-    "high": 0,
-    "medium": 11,
-    "low": 193,
-    "kev": 0,
-    "ids": [
-      "llm-redteam:noMaxTokens:aibom.js:31",
-      "llm-redteam:noMaxTokens:aibom.js:34",
-      "llm-redteam:userInputInSystem:adversary-agent.js:109",
-      "prompt-firewall:MISSING_MAX_TOKENS:aibom.js:31",
-      "prompt-tpl:llm-redteam-prompts.js:332:Prompt_Template__user_input_interpolated_into_prompt_string_",
-      "prototype-pollution-direct:adversarial-self-test.js:60",
-      "ssrf-meta-hardcoded:attack-playbooks.js:72",
-      "ssrf-meta-hardcoded:defender-agent.js:41",
-      "ssrf-meta-hardcoded:flow-narration.js:24",
-      "ssrf-meta-hardcoded:verifier.js:55",
-      "state-machine:business-logic.js:141:<not in set>",
-      "state-machine:fix-history.js:255:failed",
-      "state-machine:fix-history.js:261:applied",
-      "state-machine:fix-history.js:306:failed",
-      "state-machine:fix-history.js:316:applied-stale",
-      "state-machine:fix-history.js:319:applied",
-      "state-machine:fix-history.js:324:failed",
-      "state-machine:fix-history.js:329:failed",
-      "state-machine:triage.js:58:fixed",
-      "struct:agents-memory.js:103:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:107:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:117:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:45:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:70:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:72:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:agents-memory.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:auth-posture-import.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:auth-posture-import.js:55:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:201:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:202:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:289:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:291:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:293:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:332:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:334:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:369:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:370:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:blast-radius.js:387:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration-drift.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration-drift.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration.js:108:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:calibration.js:98:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:323:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:345:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:57:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:60:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:custom-rules.js:94:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:218:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:228:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:271:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:273:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:281:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:289:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-alert-daemon.js:290:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:cve-lookup.js:40:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deploy-platform.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deploy-platform.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:47:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:deterministic.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:38:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:epss.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:exploitability-probability.js:142:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:exploitability-probability.js:145:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:feature-flags.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:feature-flags.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:348:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:42:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-history.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-plan.js:111:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify-loop.js:33:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify-loop.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:fix-verify.js:65:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:34:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:grader-calibration.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:holdout-eval.js:53:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:holdout-eval.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:52:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:69:Mass_Assignment_(req.body_Direct_to_Model)",
-      "struct:integrity.js:77:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:79:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:integrity.js:83:Mass_Assignment_(req.body_Direct_to_Model)",
-      "struct:learning.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:learning.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:learning.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:license-policy.js:30:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:license-policy.js:32:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:49:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:51:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:54:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:85:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:network-policy-import.js:87:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:157:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:policy-gate.js:162:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:pre-incident-archaeology.js:31:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:45:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:46:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:66:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:78:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:profile.js:82:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:21:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:22:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:router.js:27:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:23:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:73:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:75:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-overrides.js:78:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:109:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:154:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:155:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:156:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:199:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:207:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:67:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-pack-signing.js:69:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:100:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:24:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:rule-synthesis.js:25:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:ruleset-version.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:ruleset-version.js:37:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:security-trend.js:16:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:security-trend.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:stack-playbook.js:13:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:stack-playbook.js:14:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:179:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:188:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:streak.js:39:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:28:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:suppressions.js:59:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:telemetry-ingest.js:41:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:telemetry-ingest.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:18:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:19:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:triage.js:26:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:35:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:36:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:validator-metrics.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-ephemeral.js:90:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-target.js:66:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier-target.js:68:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:verifier.js:129:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:version.js:43:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:version.js:44:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:waf-ingest.js:138:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "struct:waf-ingest.js:140:Synchronous_Blocking_I/O_(DoS_Risk_in_Server_Context)",
-      "toctou-fs:agents-memory.js:107",
-      "toctou-fs:agents-memory.js:44",
-      "toctou-fs:agents-memory.js:69",
-      "toctou-fs:agents-memory.js:72",
-      "toctou-fs:auth-posture-import.js:53",
-      "toctou-fs:calibration-drift.js:39",
-      "toctou-fs:cve-alert-daemon.js:271",
-      "toctou-fs:cve-alert-daemon.js:289",
-      "toctou-fs:cve-lookup.js:32",
-      "toctou-fs:deterministic.js:53",
-      "toctou-fs:epss.js:34",
-      "toctou-fs:exploitability-probability.js:142",
-      "toctou-fs:feature-flags.js:53",
-      "toctou-fs:fix-history.js:25",
-      "toctou-fs:fix-history.js:42",
-      "toctou-fs:fix-verify-loop.js:33",
-      "toctou-fs:grader-calibration.js:34",
-      "toctou-fs:harness-discovery.js:39",
-      "toctou-fs:holdout-eval.js:53",
-      "toctou-fs:integrity.js:43",
-      "toctou-fs:integrity.js:77",
-      "toctou-fs:learning.js:30",
-      "toctou-fs:license-policy.js:30",
-      "toctou-fs:network-policy-import.js:85",
-      "toctou-fs:policy-gate.js:154",
-      "toctou-fs:profile.js:45",
-      "toctou-fs:profile.js:78",
-      "toctou-fs:router.js:21",
-      "toctou-fs:rule-overrides.js:23",
-      "toctou-fs:rule-overrides.js:73",
-      "toctou-fs:rule-pack-signing.js:109",
-      "toctou-fs:rule-pack-signing.js:156",
-      "toctou-fs:rule-pack-signing.js:67",
-      "toctou-fs:rule-synthesis.js:24",
-      "toctou-fs:ruleset-version.js:36",
-      "toctou-fs:suppressions.js:26",
-      "toctou-fs:telemetry-ingest.js:41",
-      "toctou-fs:triage.js:18",
-      "toctou-fs:validator-metrics.js:35",
-      "toctou-fs:verifier-target.js:66",
-      "toctou-fs:version.js:43",
-      "toctou-fs:waf-ingest.js:138"
-    ]
-  }
-]