@clear-capabilities/agentic-security-scanner 0.78.0 → 0.79.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/bin/.agentic-security/findings.json +16 -16
  2. package/bin/.agentic-security/last-scan.json +16 -16
  3. package/bin/.agentic-security/last-scan.json.sig +1 -1
  4. package/bin/.agentic-security/scan-history.json +51 -0
  5. package/bin/.agentic-security/streak.json +5 -5
  6. package/bin/agentic-security.js +22 -7
  7. package/dist/178.index.js +1 -1
  8. package/dist/384.index.js +1 -1
  9. package/dist/476.index.js +5 -5
  10. package/dist/637.index.js +1 -1
  11. package/dist/700.index.js +138 -0
  12. package/dist/718.index.js +53 -0
  13. package/dist/838.index.js +1 -1
  14. package/dist/985.index.js +5 -0
  15. package/dist/agentic-security.mjs +1 -1
  16. package/dist/agentic-security.mjs.sha256 +1 -1
  17. package/package.json +2 -2
  18. package/src/dataflow/engine.js +52 -8
  19. package/src/engine.js +107 -6
  20. package/src/integrations/index.js +2 -1
  21. package/src/ir/callgraph.js +27 -7
  22. package/src/llm-validator/index.js +7 -5
  23. package/src/mcp/audit.js +5 -0
  24. package/src/posture/calibration-drift.js +2 -1
  25. package/src/posture/calibration.js +3 -2
  26. package/src/posture/fix-history.js +8 -2
  27. package/src/posture/profile.js +4 -5
  28. package/src/posture/rule-overrides.js +2 -3
  29. package/src/posture/rule-pack-signing.js +2 -3
  30. package/src/posture/rule-synthesis.js +5 -6
  31. package/src/posture/security-trend.js +4 -7
  32. package/src/posture/state-dir.js +124 -0
  33. package/src/posture/streak.js +3 -0
  34. package/src/posture/suppressions.js +5 -8
  35. package/src/posture/triage.js +3 -5
  36. package/src/posture/validator-metrics.js +3 -6
  37. package/src/sast/db-taint.js +24 -0
  38. package/src/sast/rust.js +26 -0
  39. package/src/sca/binary-metadata.js +124 -0
  40. package/src/sca/py-package-functions.js +118 -0
  41. package/src/sca/vendor-detect.js +53 -0
  42. package/src/.agentic-security/findings.json +0 -82642
  43. package/src/.agentic-security/last-scan.json +0 -82642
  44. package/src/.agentic-security/last-scan.json.sig +0 -1
  45. package/src/.agentic-security/scan-history.json +0 -10054
  46. package/src/.agentic-security/streak.json +0 -21
  47. package/src/dataflow/.agentic-security/findings.json +0 -3515
  48. package/src/dataflow/.agentic-security/last-scan.json +0 -3515
  49. package/src/dataflow/.agentic-security/last-scan.json.sig +0 -1
  50. package/src/dataflow/.agentic-security/scan-history.json +0 -702
  51. package/src/dataflow/.agentic-security/streak.json +0 -22
  52. package/src/ir/.agentic-security/findings.json +0 -3777
  53. package/src/ir/.agentic-security/last-scan.json +0 -3777
  54. package/src/ir/.agentic-security/last-scan.json.sig +0 -1
  55. package/src/ir/.agentic-security/scan-history.json +0 -771
  56. package/src/ir/.agentic-security/streak.json +0 -21
  57. package/src/posture/.agentic-security/findings.json +0 -51562
  58. package/src/posture/.agentic-security/last-scan.json +0 -51562
  59. package/src/posture/.agentic-security/last-scan.json.sig +0 -1
  60. package/src/posture/.agentic-security/scan-history.json +0 -650
  61. package/src/posture/.agentic-security/streak.json +0 -20
  62. package/src/report/.agentic-security/findings.json +0 -80
  63. package/src/report/.agentic-security/last-scan.json +0 -80
  64. package/src/report/.agentic-security/last-scan.json.sig +0 -1
  65. package/src/report/.agentic-security/scan-history.json +0 -35
  66. package/src/report/.agentic-security/streak.json +0 -22
  67. package/src/sast/.agentic-security/findings.json +0 -5190
  68. package/src/sast/.agentic-security/last-scan.json +0 -5190
  69. package/src/sast/.agentic-security/last-scan.json.sig +0 -1
  70. package/src/sast/.agentic-security/scan-history.json +0 -408
  71. package/src/sast/.agentic-security/streak.json +0 -20
  72. package/src/sca/.agentic-security/findings.json +0 -1587
  73. package/src/sca/.agentic-security/last-scan.json +0 -1587
  74. package/src/sca/.agentic-security/last-scan.json.sig +0 -1
  75. package/src/sca/.agentic-security/scan-history.json +0 -36
  76. package/src/sca/.agentic-security/streak.json +0 -21
package/src/posture/.agentic-security/streak.json DELETED
@@ -1,20 +0,0 @@
1
- {
2
- "firstScanDate": "2026-05-27T11:16:44.741Z",
3
- "lastScanDate": "2026-05-27T11:19:53.871Z",
4
- "totalScans": 3,
5
- "daysCleanCritical": 0,
6
- "lastCleanDate": null,
7
- "lastCriticalDate": "2026-05-27",
8
- "hasEverHadCritical": true,
9
- "bestDaysCleanCritical": 0,
10
- "totalFindingsAtFirstScan": 257,
11
- "totalFindingsAtLastScan": 257,
12
- "totalFixesInferred": 0,
13
- "lastGrade": "C",
14
- "bestGrade": "C",
15
- "launchCheckPassedAt": null,
16
- "achievements": [
17
- "first-scan"
18
- ],
19
- "previousGrade": "C"
20
- }
package/src/report/.agentic-security/findings.json DELETED
@@ -1,80 +0,0 @@
1
- {
2
- "scanId": "db8e3115-87e6-4e90-8041-31f9921c7b54",
3
- "startedAt": "2026-05-27T11:09:28.873Z",
4
- "durationMs": 183,
5
- "scanned": {
6
- "files": 2,
7
- "lines": 0
8
- },
9
- "findings": [],
10
- "bundles": [],
11
- "routes": [],
12
- "components": [],
13
- "suppressedCount": 0,
14
- "blastRadiusSignals": {
15
- "industry": "generic",
16
- "industryConfidence": "low",
17
- "jurisdictions": [],
18
- "controls": [],
19
- "estimatedUsers": 50,
20
- "revenueIndicator": "pre-revenue",
21
- "hasStripe": false,
22
- "hasAuth": false,
23
- "hasUserTable": false,
24
- "hasPII": false,
25
- "hasPHI": false,
26
- "hasS3": false
27
- },
28
- "_v3": {
29
- "counterfactual": {
30
- "spofControls": [],
31
- "controlsDetected": 174
32
- },
33
- "threatModel": {
34
- "summary": {
35
- "assetCount": 0,
36
- "boundaryCount": 0,
37
- "strideCounts": {
38
- "spoofing": 0,
39
- "tampering": 0,
40
- "repudiation": 0,
41
- "informationDisclosure": 0,
42
- "denialOfService": 0,
43
- "elevationOfPrivilege": 0
44
- }
45
- },
46
- "assets": [],
47
- "trustBoundaries": [],
48
- "stride": {
49
- "spoofing": [],
50
- "tampering": [],
51
- "repudiation": [],
52
- "informationDisclosure": [],
53
- "denialOfService": [],
54
- "elevationOfPrivilege": []
55
- }
56
- },
57
- "trustBoundaryDiagram": {
58
- "mermaid": "flowchart LR\n INTERNET((Internet))\n APP[\"Application\"]\n classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n classDef sev_medium fill:#fff3cd,stroke:#a80;\n classDef sev_low fill:#e8eaf6,stroke:#557;",
59
- "nodes": [
60
- {
61
- "id": "INTERNET",
62
- "kind": "external",
63
- "label": "Internet"
64
- },
65
- {
66
- "id": "APP",
67
- "kind": "app",
68
- "label": "Application"
69
- }
70
- ],
71
- "edges": [],
72
- "decorations": []
73
- },
74
- "calibrationDrift": {
75
- "alarms": [],
76
- "note": "no-feedback-data"
77
- }
78
- },
79
- "annotatorErrors": []
80
- }
package/src/report/.agentic-security/last-scan.json DELETED
@@ -1,80 +0,0 @@
1
- {
2
- "scanId": "db8e3115-87e6-4e90-8041-31f9921c7b54",
3
- "startedAt": "2026-05-27T11:09:28.873Z",
4
- "durationMs": 183,
5
- "scanned": {
6
- "files": 2,
7
- "lines": 0
8
- },
9
- "findings": [],
10
- "bundles": [],
11
- "routes": [],
12
- "components": [],
13
- "suppressedCount": 0,
14
- "blastRadiusSignals": {
15
- "industry": "generic",
16
- "industryConfidence": "low",
17
- "jurisdictions": [],
18
- "controls": [],
19
- "estimatedUsers": 50,
20
- "revenueIndicator": "pre-revenue",
21
- "hasStripe": false,
22
- "hasAuth": false,
23
- "hasUserTable": false,
24
- "hasPII": false,
25
- "hasPHI": false,
26
- "hasS3": false
27
- },
28
- "_v3": {
29
- "counterfactual": {
30
- "spofControls": [],
31
- "controlsDetected": 174
32
- },
33
- "threatModel": {
34
- "summary": {
35
- "assetCount": 0,
36
- "boundaryCount": 0,
37
- "strideCounts": {
38
- "spoofing": 0,
39
- "tampering": 0,
40
- "repudiation": 0,
41
- "informationDisclosure": 0,
42
- "denialOfService": 0,
43
- "elevationOfPrivilege": 0
44
- }
45
- },
46
- "assets": [],
47
- "trustBoundaries": [],
48
- "stride": {
49
- "spoofing": [],
50
- "tampering": [],
51
- "repudiation": [],
52
- "informationDisclosure": [],
53
- "denialOfService": [],
54
- "elevationOfPrivilege": []
55
- }
56
- },
57
- "trustBoundaryDiagram": {
58
- "mermaid": "flowchart LR\n INTERNET((Internet))\n APP[\"Application\"]\n classDef sev_critical fill:#ffcccc,stroke:#a00,stroke-width:2px;\n classDef sev_high fill:#ffe0b2,stroke:#c60,stroke-width:2px;\n classDef sev_medium fill:#fff3cd,stroke:#a80;\n classDef sev_low fill:#e8eaf6,stroke:#557;",
59
- "nodes": [
60
- {
61
- "id": "INTERNET",
62
- "kind": "external",
63
- "label": "Internet"
64
- },
65
- {
66
- "id": "APP",
67
- "kind": "app",
68
- "label": "Application"
69
- }
70
- ],
71
- "edges": [],
72
- "decorations": []
73
- },
74
- "calibrationDrift": {
75
- "alarms": [],
76
- "note": "no-feedback-data"
77
- }
78
- },
79
- "annotatorErrors": []
80
- }
package/src/report/.agentic-security/last-scan.json.sig DELETED
@@ -1 +0,0 @@
1
- e3726a5fd5c2a4b763554484c083d9136dbb026f1f913a0c9b35e3455711b303
package/src/report/.agentic-security/scan-history.json DELETED
@@ -1,35 +0,0 @@
1
- [
2
- {
3
- "timestamp": "2026-05-27T11:06:13.261Z",
4
- "label": "scan",
5
- "total": 0,
6
- "critical": 0,
7
- "high": 0,
8
- "medium": 0,
9
- "low": 0,
10
- "kev": 0,
11
- "ids": []
12
- },
13
- {
14
- "timestamp": "2026-05-27T11:07:38.301Z",
15
- "label": "scan",
16
- "total": 0,
17
- "critical": 0,
18
- "high": 0,
19
- "medium": 0,
20
- "low": 0,
21
- "kev": 0,
22
- "ids": []
23
- },
24
- {
25
- "timestamp": "2026-05-27T11:09:29.055Z",
26
- "label": "scan",
27
- "total": 0,
28
- "critical": 0,
29
- "high": 0,
30
- "medium": 0,
31
- "low": 0,
32
- "kev": 0,
33
- "ids": []
34
- }
35
- ]
package/src/report/.agentic-security/streak.json DELETED
@@ -1,22 +0,0 @@
1
- {
2
- "firstScanDate": "2026-05-27T11:06:13.266Z",
3
- "lastScanDate": "2026-05-27T11:09:29.061Z",
4
- "totalScans": 3,
5
- "daysCleanCritical": 1,
6
- "lastCleanDate": "2026-05-27",
7
- "lastCriticalDate": null,
8
- "hasEverHadCritical": false,
9
- "bestDaysCleanCritical": 1,
10
- "totalFindingsAtFirstScan": 0,
11
- "totalFindingsAtLastScan": 0,
12
- "totalFixesInferred": 0,
13
- "lastGrade": "A+",
14
- "bestGrade": "A+",
15
- "launchCheckPassedAt": null,
16
- "achievements": [
17
- "first-scan",
18
- "grade-a",
19
- "grade-a-plus"
20
- ],
21
- "previousGrade": "A+"
22
- }