@clear-capabilities/agentic-security-scanner 0.78.0 → 0.80.0

package/src/engine.js

@@ -55,7 +55,7 @@ import { scanCpp } from './sast/cpp.js';
 import { scanJulietShape, applyJulietJavaSuppressions, applyJulietCsSuppressions } from './sast/juliet-shape.js';
 import { scanCppDataflow, _parseErrorCount as _cppDataflowParseErrors } from './sast/cpp-dataflow.js';
 import { scanSolidity } from './sast/solidity.js';
-import { scanRust } from './sast/rust.js';
+import { scanRust, extractRustImportMap } from './sast/rust.js';
 import { scanGoExtended } from './sast/go-extended.js';
 import { scanDatabaseRLS } from './sast/db-rls.js';
 import { scanRateLimit } from './sast/rate-limit.js';
@@ -68,6 +68,7 @@ import { scanLlmRedteam } from './posture/llm-redteam.js';
 import { scanContainer } from './sca/container.js';
 import { detectDepConfusion } from './sca/dep-confusion.js';
 import { loadLicensePolicy, evaluateLicensePolicy } from './posture/license-policy.js';
+import { loadScaPolicy, applyScaPolicy } from './posture/sca-policy.js';
 import { scanDeployPlatform } from './posture/deploy-platform.js';
 import { runStackPlaybook } from './posture/stack-playbook.js';
 // Phase 1 (Sentinel-parity PRD) — new detection modules.
@@ -92,6 +93,7 @@ import { scanDeserializationGadgets, _detectGadgets } from './sast/deserializati
 import { scanKotlin } from './sast/kotlin.js';
 import { scanRuby } from './sast/ruby.js';
 import { scanPhp } from './sast/php.js';
+import { classifySecretCandidate as _entropyClassifySecret } from './sast/_secret-entropy.js';
 // Phase 1 — precision-engineering posture modules.
 import { annotateConfidence } from './posture/confidence.js';
 import { backfillFindingDefaults } from './posture/finding-defaults.js';
@@ -126,6 +128,37 @@ import { annotateCrownJewelScores } from './posture/crown-jewels.js';
 import { annotateFeatureFlagGating } from './posture/feature-flags.js';
 import { annotatePersonaScores } from './posture/persona-prioritization.js';
 import { annotateMitigationComposite } from './posture/mitigation-composite.js';
+import { annotateCompositeRisk } from './posture/composite-risk.js';
+
+// ── Integration block: world-class scaffolded modules ──────────────────────
+// Each module is opt-in via its own env var so partial adoption is safe.
+// AGENTIC_SECURITY_NO_INTEGRATION=1 disables the entire block (for CI bench
+// runs that need bit-identical baselines).
+import { scanLlmApp } from './sast/llm-app.js';
+import { scanMobile } from './sast/mobile.js';
+import { scanPqc } from './sast/post-quantum-crypto.js';
+import { scanWeb3Advanced } from './sast/web3-advanced.js';
+import { scanDappFrontend } from './sast/dapp-frontend.js';
+import { scanCloudIam } from './sast/cloud-iam.js';
+import { scanK8sAdmission } from './sast/k8s-admission.js';
+import { scanCryptoProtocol } from './sast/crypto-protocol.js';
+import { scanMlSupplyChain } from './sast/ml-supply-chain.js';
+import { runCrossServiceTaint } from './dataflow/cross-service-taint.js';
+import { annotateRuntimeCorrelation } from './posture/runtime-correlation.js';
+import { applyLearnedCalibration } from './posture/triage-learning.js';
+import { annotateFormalVerification } from './dataflow/formal-verify.js';
+import { annotatePathFeasibility } from './dataflow/smt-feasibility.js';
+import { annotatePrivacyTaint, emitDpiaArtifact } from './dataflow/privacy-taint.js';
+import { buildThreatModel as buildAutoThreatModel, persistThreatModel as persistAutoThreatModel } from './posture/threat-model-auto.js';
+import { runApiContractScan } from './posture/api-contract.js';
+import { annotateProvenance } from './sca/sigstore-verify.js';
+import { runSbomDiff } from './posture/sbom-diff.js';
+import { loadPolicy as loadCompliancePolicy, verifyPolicy as verifyCompliancePolicy, emitEvidenceJsonLd as emitComplianceJsonLd, emitEvidenceMarkdown as emitComplianceMarkdown } from './posture/compliance-policy.js';
+import { generateBundles as generateExploitBundles } from './posture/exploit-bundle.js';
+import { buildMigrationPlan as buildPqcPlan, persistMigrationPlan as persistPqcPlan } from './posture/pqc-migration-plan.js';
+import { analyzeLicenseGraph, loadLicenseGraphPolicy } from './posture/license-graph.js';
+import { generateAttributions, persistAttributions } from './posture/license-attributions.js';
+import { annotateAttackTaxonomy, summarizeTaxonomy } from './posture/attack-taxonomy.js';
 import { annotateTypeNarrowing } from './posture/type-narrowing.js';
 import { annotateWhyFired } from './posture/why-fired.js';
 import { scanSpecificationDrift } from './posture/specification-mining.js';
@@ -2049,6 +2082,13 @@ function _isFalsePositiveCredential(fp, snippet, fullMatch){
   const val = valM ? valM[1] : '';
   if (val.length < 8) return {skip:true, reason:'value-too-short'};
   if (_CRED_PLACEHOLDER_VAL_RE.test(val)) return {skip:true, reason:'placeholder-value'};
+  // Shannon-entropy + dictionary-word filter (Recommendation #1 from the
+  // SCA/SAST improvement plan). The Juliet Java hardcoded-secret detector
+  // was producing 468 FPs / 1 TP because test fixtures use short
+  // dictionary words ("hello", "password", "todo") as fake credentials.
+  // Real secrets score ≥3.5 bits/char and aren't dictionary words.
+  const entropyVerdict = _entropyClassifySecret(val);
+  if (entropyVerdict.skip) return { skip: true, reason: `entropy-filter:${entropyVerdict.reason}` };
   // Non-ASCII content with i18n-shaped variable name → translation string
   if (_CRED_I18N_VAL_RE.test(val) && /(?:label|message|text|title|description|placeholder)/i.test(varName)) {
     return {skip:true, reason:'i18n-text'};
@@ -2713,7 +2753,16 @@ const JAVA_FAMILY_RULES = [
     // Generic verbs (update / insert / delete / count / query) removed — they
     // misfire on hash.update, list.insert/delete/count, etc. JdbcTemplate's
     // verb-based methods still match via batchUpdate / queryForObject etc.
-    sinkRe: /\.\s*(?:executeQuery|executeUpdate|execute|executeBatch|prepareStatement|prepareCall|createQuery|createNativeQuery|createSQLQuery|createCriteriaQuery|createSqlQuery|addBatch|queryForObject|queryForList|queryForMap|queryForLong|queryForInt|queryForRowSet|batchUpdate|find_by_sql)\s*\(/,
+    //
+    // Recommendation #4 of the SCA/SAST improvement plan: expanded sink list.
+    // Added: NamedParameterJdbcTemplate.{query,queryForObject,…} (Spring),
+    // EntityManager.createQuery+createNativeQuery (JPA),
+    // Session.createNativeQuery + createSQLQuery (Hibernate native),
+    // Criteria.add(Restrictions.sqlRestriction(…)) (Hibernate criteria),
+    // SqlSession.{selectList,selectOne,selectMap,update,insert,delete} (MyBatis),
+    // JdbcTemplate.{queryForStream,queryForRowSet}, R2DBC DatabaseClient.sql,
+    // JdbcOperations / JdbcAggregateOperations.* (Spring Data JDBC).
+    sinkRe: /\.\s*(?:executeQuery|executeUpdate|execute|executeBatch|prepareStatement|prepareCall|createQuery|createNativeQuery|createSQLQuery|createCriteriaQuery|createSqlQuery|createStatement|addBatch|queryForObject|queryForList|queryForMap|queryForLong|queryForInt|queryForRowSet|queryForStream|batchUpdate|find_by_sql|sqlRestriction|selectList|selectOne|selectMap|selectCursor|sql)\s*\(/,
     sanitizerRe: null,
     useTaint: true,
   },
@@ -4563,10 +4612,14 @@ function scanMiddlewareOrdering(fp, raw){
     if (isAuth && line < firstAuthAt) firstAuthAt = line;
     if (mountPath) mounts.push({ line, mountPath, handlerArgs, isAuth });
   }
+  let firstRateLimitAt = Infinity;
+  for (const mt of mounts) {
+    if (/rateLimit|rate.?limit|throttle|slowDown/i.test(mt.handlerArgs) && mt.line < firstRateLimitAt) firstRateLimitAt = mt.line;
+  }
   for (const mt of mounts) {
     if (mt.isAuth) continue;
     if (!_SENSITIVE_PATH_RE.test(mt.mountPath)) continue;
-    if (mt.line >= firstAuthAt) continue;     // mounted after auth — fine
+    if (mt.line >= firstAuthAt) continue;
     findings.push({
       vuln: `Sensitive Route Mounted Before Auth Middleware (${mt.mountPath})`,
       severity: 'high', cwe: 'CWE-285', stride: 'Elevation of Privilege',
@@ -4574,6 +4627,27 @@ function scanMiddlewareOrdering(fp, raw){
       fix: `Register your auth middleware before mounting ${mt.mountPath}. Either move app.use(authMiddleware) above this line, or pass authMiddleware directly: app.use('${mt.mountPath}', authMiddleware, router).`,
     });
   }
+  // Check rate-limiting before auth (auth endpoints should be rate-limited)
+  if (firstAuthAt < Infinity && firstRateLimitAt > firstAuthAt) {
+    findings.push({
+      vuln: 'Rate Limiting After Auth Middleware — brute-force attacks bypass rate limits',
+      severity: 'medium', cwe: 'CWE-307', stride: 'Denial of Service',
+      file: fp, line: firstAuthAt, snippet: lines[firstAuthAt - 1]?.trim() || '',
+      fix: 'Register rate-limiting middleware BEFORE auth middleware so brute-force login attempts are throttled: app.use(rateLimit({...})); app.use(authMiddleware);',
+    });
+  }
+  // Check for method-level auth on sensitive routes
+  const routeRe = /\b(?:app|router)\.(get|post|put|patch|delete)\s*\(\s*['"]([^'"]*(?:admin|user|account|settings|profile|payment|billing|dashboard)[^'"]*)['"]\s*,\s*(?!.*(?:auth|protect|verify|guard))/gi;
+  for (const rm of cleaned.matchAll(routeRe)) {
+    const routeLine = lineAt(cleaned, rm.index);
+    if (routeLine >= firstAuthAt) continue;
+    findings.push({
+      vuln: `Sensitive Route Without Auth — ${rm[1].toUpperCase()} ${rm[2]}`,
+      severity: 'high', cwe: 'CWE-306', stride: 'Elevation of Privilege',
+      file: fp, line: routeLine, snippet: lines[routeLine - 1]?.trim() || '',
+      fix: `Add auth middleware to this route: router.${rm[1]}('${rm[2]}', authMiddleware, handler). Or ensure app.use(authMiddleware) appears before this route definition.`,
+    });
+  }
   return findings;
 }
 
@@ -5507,17 +5581,50 @@ const VULN_FUNCTION_HINTS = {
   ...(typeof _VULN_FUNCTION_HINTS_GENERATED === 'object' && !Array.isArray(_VULN_FUNCTION_HINTS_GENERATED) ? Object.fromEntries(Object.entries(_VULN_FUNCTION_HINTS_GENERATED).filter(([k])=>!k.startsWith('_'))) : {}),
   ...(typeof _VULN_FUNCTION_HINTS_DATA === 'object' && !Array.isArray(_VULN_FUNCTION_HINTS_DATA) ? Object.fromEntries(Object.entries(_VULN_FUNCTION_HINTS_DATA).filter(([k])=>!k.startsWith('_'))) : {}),
 };
+function _semverSatisfies(ver,range){
+  if(!ver||!range)return false;
+  const parse=v=>{const m=(v||'').match(/^[=v]*(\d+)\.(\d+)\.(\d+)/);return m?[+m[1],+m[2],+m[3]]:null;};
+  const cmp=(a,b)=>{for(let i=0;i<3;i++){if(a[i]!==b[i])return a[i]-b[i];}return 0;};
+  const v=parse(ver);if(!v)return false;
+  for(const part of range.split(/\s*\|\|\s*/)){
+    let ok=true;
+    for(const cond of part.split(/\s+/).filter(Boolean)){
+      const m=cond.match(/^([<>=!]+)(.+)$/);if(!m)continue;
+      const t=parse(m[2]);if(!t){ok=false;break;}
+      const c=cmp(v,t);const op=m[1];
+      if(op==='>='&&c<0){ok=false;break;}
+      if(op==='>'&&c<=0){ok=false;break;}
+      if(op==='<='&&c>0){ok=false;break;}
+      if(op==='<'&&c>=0){ok=false;break;}
+      if(op==='='&&c!==0){ok=false;break;}
+      if(op==='!='&&c===0){ok=false;break;}
+    }
+    if(ok)return true;
+  }
+  return false;
+}
 function markUsedVulnFunctions(supplyChain,fc){
   const used={};
   const perFile={};
   for(const[fp,content] of Object.entries(fc)){
     const lines=content.split('\n');
+    // Rust import-aware matching: build import map for .rs files
+    let _rustImports=null;
+    if(/\.rs$/i.test(fp)){try{_rustImports=extractRustImportMap(content);}catch(_){}}
     for(const[pkg,fns] of Object.entries(VULN_FUNCTION_HINTS)){
       if(!perFile[pkg])perFile[pkg]=[];
       for(const fn of fns){
         const re=new RegExp(`\\b(?:${pkg.replace(/\W/g,'\\$&')}|_)\\.${fn}\\b`,'g');
+        // Rust: also match bare function calls if import map traces them to this package
+        const rustBareRe=_rustImports?new RegExp(`\\b${fn.replace(/\W/g,'\\$&')}\\s*[(<]`,'g'):null;
         for(let li=0;li<lines.length;li++){
-          if(re.test(lines[li])){
+          let matched=re.test(lines[li]);
+          re.lastIndex=0;
+          if(!matched&&rustBareRe){
+            if(rustBareRe.test(lines[li])&&(_rustImports.map.get(fn)===pkg||_rustImports.map.get(fn)===pkg.replace(/-/g,'_')||_rustImports.globs.has(pkg)||_rustImports.globs.has(pkg.replace(/-/g,'_')))){matched=true;}
+            rustBareRe.lastIndex=0;
+          }
+          if(matched){
             perFile[pkg].push({pkg,fn,file:fp,line:li+1});
             if(!used[pkg])used[pkg]=new Set();
             used[pkg].add(fn);
@@ -5529,10 +5636,20 @@ function markUsedVulnFunctions(supplyChain,fc){
   }
   for(const sc of supplyChain||[]){
     if(sc.type!=='vulnerable_dep')continue;
-    // Merge hints: hardcoded → OSV ecosystem_specific → skip if none
+    // Merge hints: versioned → hardcoded → OSV ecosystem_specific → skip if none
     const hardcoded=VULN_FUNCTION_HINTS[sc.name]||[];
+    // Version-scoped hints: check pkg@range keys
+    const versionedFns=[];
+    for(const[hk,hv] of Object.entries(VULN_FUNCTION_HINTS)){
+      if(!hk.includes('@'))continue;
+      const atIdx=hk.indexOf('@');
+      const hPkg=hk.slice(0,atIdx);
+      const hRange=hk.slice(atIdx+1);
+      if(hPkg!==sc.name)continue;
+      try{if(_semverSatisfies(sc.version,hRange))versionedFns.push(...hv);}catch(_){}
+    }
     const osvFns=Array.isArray(sc.osvVulnFunctions)?sc.osvVulnFunctions.map(f=>{const d=f.lastIndexOf('.');return d>0?f.slice(d+1):f;}):[];
-    const allFns=[...new Set([...hardcoded,...osvFns])];
+    const allFns=[...new Set([...versionedFns,...hardcoded,...osvFns])];
     if(!allFns.length){sc.functionReachable='unknown';sc.noKnownCallSite=true;sc._hintSource='none';continue;}
     sc._hintSource=osvFns.length?(hardcoded.length?'hardcoded+osv':'osv'):'hardcoded';
     // Search codebase for these functions (if not already searched via VULN_FUNCTION_HINTS)
@@ -5564,41 +5681,125 @@ function markUsedVulnFunctions(supplyChain,fc){
 }
 
 // Annotate each supplyChain finding with `functionReachable` ∈ {'reachable','unreachable','unknown'}.
-// The CVE only matters if the developer's code actually calls the vulnerable function
-// AND that call site sits in code reachable from a route handler.
-function _annotateFunctionReachability(supplyChain, routes, callGraph, fc){
-  for(const sc of (supplyChain||[])){
-    if(sc.type!=='vulnerable_dep')continue;
-    const sites=sc.vulnerableFunctionCallSites||[];
-    if(!sites.length){sc.functionReachable='unknown';continue;}
-    let reachable=false;
-    for(const site of sites){
-      // Classifier 1: site is inline inside a route handler (within 25 lines of the route def)
-      const fileRoutes=(routes||[]).filter(r=>r.file===site.file);
-      for(const route of fileRoutes){
-        if(site.line>=route.line&&site.line<=route.line+25){
-          // Make sure no function declaration intervenes
-          const fileLines=(fc[site.file]||'').split('\n');
-          const between=fileLines.slice(route.line,site.line-1).join('\n');
-          if(!/function\s+\w+\s*\(/.test(between)){reachable=true;break;}
+// The CVE only matters if the developer's code actually calls the vulnerable
+// function. The question is HOW reachable: is the call inline in a route
+// handler (definitely user-input-reachable), called by some caller eventually
+// reached from a route (transitively reachable), or called by code that no
+// route ever touches (function-reachable but not route-reachable)?
+//
+// Phase 2 / Item 4 of the SCA improvement plan: distinguish these tiers.
+// Sets two fields:
+//   sc.functionReachable: 'reachable' | 'unreachable' | 'unknown'
+//   sc.routeReachable:    true | false       (only meaningful when functionReachable === 'reachable')
+//
+// Used by the tier-assignment block downstream to label
+// `reachabilityTier: 'route-reachable-via-function'` (highest urgency) vs
+// `'function-reachable'` (called but not chained to a route).
+
+// Set of every (file, fnName) that *is* a route handler. The enclosing
+// function at a route's declaration line, mapped from the (file, line) pairs
+// the route scanner emitted.
+function _buildRouteHandlerSet(routes, fc){
+  const handlers = new Set(); // 'file::fnName'
+  for (const r of (routes || [])) {
+    const content = fc[r.file];
+    if (typeof content !== 'string') continue;
+    const fn = _enclosingFn(content, r.line);
+    if (fn) handlers.add(r.file + '::' + fn);
+    // Capture an anonymous handler too — many JS routes are
+    // `app.get('/x', (req, res) => { … })` where the route line itself IS
+    // the function body. The body's identifier is unstable but we can mark
+    // the file:line for the inline check.
+  }
+  return handlers;
+}
+
+// Reverse-BFS through the call graph: starting from `enclosingFn` in `file`,
+// find every function (anywhere in the program) that transitively calls it,
+// up to `maxDepth`. Returns the set of caller fnNames.
+function _reverseCallGraphReachable(callGraph, startFn, maxDepth){
+  if (!callGraph || typeof callGraph !== 'object') return new Set();
+  const visited = new Set([startFn]);
+  let frontier = new Set([startFn]);
+  for (let depth = 0; depth < maxDepth && frontier.size; depth++) {
+    const next = new Set();
+    for (const [file, fileFns] of Object.entries(callGraph)) {
+      if (!fileFns || typeof fileFns !== 'object') continue;
+      for (const [fn, info] of Object.entries(fileFns)) {
+        if (visited.has(file + '::' + fn) || visited.has(fn)) continue;
+        const calls = info && info.calls;
+        if (!calls) continue;
+        for (const target of frontier) {
+          const hit = calls.has?.(target) || (Array.isArray(calls) && calls.includes(target));
+          if (hit) {
+            next.add(fn);
+            // Track both qualified and unqualified — the route-handler set
+            // uses 'file::fn' but the call graph carries bare fn names.
+            visited.add(fn);
+            visited.add(file + '::' + fn);
+            break;
+          }
         }
       }
-      if(reachable)break;
-      // Classifier 2: enclosing function appears in another named function's calls (cross-fn reachability)
-      const enclosing=_enclosingFn(fc[site.file]||'',site.line);
-      if(enclosing){
-        // callGraph is {filePath: {fnName: {calls: Set, ...}}}
-        outer: for(const[,fileFns] of Object.entries(callGraph||{})){
-          if(typeof fileFns!=='object'||!fileFns)continue;
-          for(const[fn,info] of Object.entries(fileFns)){
-            const calls=info&&info.calls;
-            if(fn!==enclosing&&calls&&(calls.has?.(enclosing)||(Array.isArray(calls)&&calls.includes(enclosing)))){reachable=true;break outer;}
+    }
+    frontier = next;
+  }
+  return visited;
+}
+
+function _annotateFunctionReachability(supplyChain, routes, callGraph, fc){
+  const routeHandlers = _buildRouteHandlerSet(routes, fc);
+  // Pre-extract just the unqualified names too — the call-graph traversal
+  // matches on bare fnName when the qualified form isn't available.
+  const routeHandlerNames = new Set();
+  for (const k of routeHandlers) {
+    const fn = k.split('::')[1];
+    if (fn) routeHandlerNames.add(fn);
+  }
+
+  for (const sc of (supplyChain || [])) {
+    if (sc.type !== 'vulnerable_dep') continue;
+    const sites = sc.vulnerableFunctionCallSites || [];
+    if (!sites.length) { sc.functionReachable = 'unknown'; sc.routeReachable = false; continue; }
+    let functionReachable = false;
+    let routeReachable = false;
+    for (const site of sites) {
+      // Classifier 1: site is inline inside a route handler (within 25 lines
+      // of the route def, no intervening function declaration). This is the
+      // strongest signal — the vulnerable function is called directly from
+      // user-input handling code.
+      const fileRoutes = (routes || []).filter(r => r.file === site.file);
+      for (const route of fileRoutes) {
+        if (site.line >= route.line && site.line <= route.line + 25) {
+          const fileLines = (fc[site.file] || '').split('\n');
+          const between = fileLines.slice(route.line, site.line - 1).join('\n');
+          if (!/function\s+\w+\s*\(/.test(between)) {
+            functionReachable = true;
+            routeReachable = true;
+            break;
           }
         }
       }
-      if(reachable)break;
+      if (routeReachable) break;
+      // Classifier 2: walk reverse call graph from the enclosing function.
+      // If any caller-chain hits a known route-handler function, the site
+      // is route-reachable-via-function. If no caller at all, we keep
+      // functionReachable=false for this site.
+      const enclosing = _enclosingFn(fc[site.file] || '', site.line);
+      if (!enclosing) continue;
+      const callers = _reverseCallGraphReachable(callGraph, enclosing, 4);
+      if (callers.size > 1) functionReachable = true; // at least one caller exists
+      for (const callerFn of callers) {
+        if (routeHandlerNames.has(callerFn) || routeHandlers.has(site.file + '::' + callerFn)) {
+          routeReachable = true;
+          functionReachable = true;
+          break;
+        }
+      }
+      if (routeReachable) break;
     }
-    sc.functionReachable=reachable?'reachable':'unreachable';
+    sc.functionReachable = functionReachable ? 'reachable' : 'unreachable';
+    sc.routeReachable = routeReachable;
   }
 }
 function _enclosingFn(content,line){
@@ -5896,39 +6097,72 @@ function _osvCacheGet(key){try{const r=sessionStorage.getItem('osv_'+key);return
 function _osvCacheSet(key,val){try{sessionStorage.setItem('osv_'+key,JSON.stringify(val));}catch(_){}}
 
 // Feat-9: EPSS (community abuse-probability index) overlay. Fetches probability
-// of abuse in the next 30 days per CVE; caches on disk. When offline or
+// of abuse in the next 30 days; caches per-CVE on disk. When offline or
 // the API errors, falls back to null fields — never blocks the scan.
-async function _fetchEPSS(cveId){
-  if (!cveId || !/^CVE-\d{4}-\d+$/i.test(cveId)) return null;
-  if (process.env.AGENTIC_SECURITY_OFFLINE === '1') return null;
-  const cached = _osvCacheGet('epss:'+cveId);
-  if (cached !== null) return cached;
-  try {
-    const res = await fetch(`https://api.first.org/data/v1/epss?cve=${encodeURIComponent(cveId)}`, {
-      headers: { 'User-Agent': 'agentic-security/0.1' },
-    });
-    if (!res.ok) { _osvCacheSet('epss:'+cveId, false); return null; }
-    const j = await res.json();
-    const row = j.data?.[0];
-    const out = row ? { score: parseFloat(row.epss), percentile: parseFloat(row.percentile) } : null;
-    _osvCacheSet('epss:'+cveId, out || false);
-    return out;
-  } catch { return null; }
+//
+// Batched: api.first.org accepts up to ~100 CVEs per request via ?cve=A,B,C…
+// One HTTP round trip per 100 CVEs instead of one per CVE. Cache lookups
+// remain per-CVE so a partial cache-hit still benefits.
+const _EPSS_BATCH = 100;
+async function _fetchEPSSBatch(cveIds){
+  if (!cveIds || !cveIds.length) return new Map();
+  if (process.env.AGENTIC_SECURITY_OFFLINE === '1') return new Map();
+  const out = new Map();
+  // Filter to well-formed CVE ids only.
+  const fresh = cveIds.filter(c => /^CVE-\d{4}-\d+$/i.test(c));
+  for (let i = 0; i < fresh.length; i += _EPSS_BATCH){
+    const batch = fresh.slice(i, i + _EPSS_BATCH);
+    const url = `https://api.first.org/data/v1/epss?cve=${encodeURIComponent(batch.join(','))}`;
+    try {
+      const res = await fetch(url, { headers: { 'User-Agent': 'agentic-security/0.1' } });
+      if (!res.ok) {
+        // Mark every CVE in the batch as "tried and failed" so we don't refetch this scan.
+        for (const c of batch) _osvCacheSet('epss:'+c, false);
+        continue;
+      }
+      const j = await res.json();
+      const seen = new Set();
+      for (const row of (j.data || [])) {
+        const cve = (row.cve || '').toUpperCase();
+        if (!cve) continue;
+        const score = parseFloat(row.epss);
+        const percentile = parseFloat(row.percentile);
+        if (Number.isFinite(score) && Number.isFinite(percentile)) {
+          const v = { score, percentile };
+          out.set(cve, v);
+          _osvCacheSet('epss:'+cve, v);
+          seen.add(cve);
+        }
+      }
+      // CVEs in the batch that EPSS does not know — cache the negative so we
+      // don't retry within this scan run.
+      for (const c of batch) if (!seen.has(c.toUpperCase())) _osvCacheSet('epss:'+c, false);
+    } catch { /* network error → caller continues without enrichment */ }
+  }
+  return out;
 }
 
 async function _enrichWithEPSS(supplyChainResults){
   const out = supplyChainResults;
-  const cves = new Set();
-  for (const r of out) for (const a of (r.cveAliases || [])) if (/^CVE-/.test(a)) cves.add(a);
-  // Fetch in parallel, deduped per CVE
+  // Collect every unique CVE referenced by any SCA finding.
+  const allCves = new Set();
+  for (const r of out) for (const a of (r.cveAliases || [])) if (/^CVE-/.test(a)) allCves.add(a.toUpperCase());
+  if (!allCves.size) return out;
+  // Cache lookup pass: keep CVEs we already have, defer the rest to one batched fetch.
   const epssByCve = new Map();
-  await Promise.all([...cves].map(async (cve) => {
-    const epss = await _fetchEPSS(cve);
-    if (epss) epssByCve.set(cve, epss);
-  }));
+  const uncached = [];
+  for (const c of allCves) {
+    const hit = _osvCacheGet('epss:'+c);
+    if (hit === null) uncached.push(c);
+    else if (hit) epssByCve.set(c, hit);   // hit === false means "tried, no data" — leave unset
+  }
+  if (uncached.length) {
+    const fetched = await _fetchEPSSBatch(uncached);
+    for (const [cve, v] of fetched) epssByCve.set(cve, v);
+  }
   for (const r of out) {
     const cve = (r.cveAliases || []).find(a => /^CVE-/.test(a));
-    const epss = cve ? epssByCve.get(cve) : null;
+    const epss = cve ? epssByCve.get(cve.toUpperCase()) : null;
     if (epss) {
       r.epssScore = epss.score;
       r.epssPercentile = epss.percentile;
@@ -6180,22 +6414,131 @@ function _parseCargoLock(text,filePath){
   return out;
 }
 
-function _parsePomXml(text,filePath){
-  const out=[];
-  for(const block of text.matchAll(/<dependency>([\s\S]*?)<\/dependency>/g)){
-    const inner=block[1];
-    const gM=inner.match(/<groupId>([^<]+)<\/groupId>/);
-    const aM=inner.match(/<artifactId>([^<]+)<\/artifactId>/);
-    const vM=inner.match(/<version>([^<]+)<\/version>/);
-    const sM=inner.match(/<scope>([^<]+)<\/scope>/);
-    if(!gM||!aM)continue;
-    const group=gM[1].trim();const artifact=aM[1].trim();
-    const ver=vM?vM[1].trim().replace(/^\$\{[^}]+\}$/,'0.0.0'):'0.0.0';
-    const scope=sM&&(sM[1]==='test'||sM[1]==='provided')?'optional':'required';
-    out.push({name:`${group}:${artifact}`,version:ver,group,scope,
-      purl:_makePurl('maven',artifact,ver,group),ecosystem:'maven',filePath,
-      isUnpinned:ver==='0.0.0'||ver.startsWith('$')});
-  }return out;
+// Strip XML comments before tag-extraction so the regex doesn't accidentally
+// match a commented-out <dependency> block.
+function _stripPomXmlComments(text){
+  return text.replace(/<!--[\s\S]*?-->/g, '');
+}
+
+// Build a property table from <properties>...</properties> AND from common
+// child elements (<project.version>, etc.). Used to substitute ${propName}
+// version references. We do TWO passes so a property that references
+// another property (rare but legal — `${spring.boot.version}`) resolves.
+function _pomPropertyMap(text){
+  const props = new Map();
+  // <properties> block — the canonical place for user-defined properties.
+  const propsBlock = text.match(/<properties>([\s\S]*?)<\/properties>/);
+  if (propsBlock) {
+    for (const m of propsBlock[1].matchAll(/<([\w.-]+)>([^<]+)<\/\1>/g)) {
+      props.set(m[1].trim(), m[2].trim());
+    }
+  }
+  // Resolve cross-property references (one pass is sufficient for typical
+  // pom.xml shapes — chains deeper than 1 are vanishingly rare).
+  for (const [k, v] of props) {
+    if (v.includes('${')) {
+      const resolved = v.replace(/\$\{([^}]+)\}/g, (_, name) => props.get(name) ?? '');
+      props.set(k, resolved);
+    }
+  }
+  return props;
+}
+
+function _resolvePomVersion(raw, props){
+  if (!raw) return '0.0.0';
+  let v = raw.trim();
+  // Strip Maven's range/qualifier wrappers that aren't useful for SCA matching.
+  // `[1.0,2.0)` → take the lower bound.
+  const rangeMatch = v.match(/^[\[\(]\s*([^,\]\)]+)/);
+  if (rangeMatch) v = rangeMatch[1].trim();
+  // Substitute ${propName} references — return '0.0.0' so OSV knows it's
+  // unresolvable rather than silently dropping the dep.
+  v = v.replace(/\$\{([^}]+)\}/g, (_, name) => props.get(name) || '');
+  if (!v || v.startsWith('$')) return '0.0.0';
+  return v;
+}
+
+// Parse a single <dependency>…</dependency> block to a component shape.
+// Used by both the top-level <dependencies> walk and the
+// <dependencyManagement>/<dependencies>/<dependency> BOM-import walk.
+function _parsePomDependencyBlock(inner, filePath, props, source){
+  const gM = inner.match(/<groupId>([^<]+)<\/groupId>/);
+  const aM = inner.match(/<artifactId>([^<]+)<\/artifactId>/);
+  const vM = inner.match(/<version>([^<]+)<\/version>/);
+  const sM = inner.match(/<scope>([^<]+)<\/scope>/);
+  const tM = inner.match(/<type>([^<]+)<\/type>/);
+  if (!gM || !aM) return null;
+  const group = _resolvePomVersion(gM[1], props) || gM[1].trim();
+  const artifact = _resolvePomVersion(aM[1], props) || aM[1].trim();
+  const ver = _resolvePomVersion(vM ? vM[1] : '', props);
+  const scopeRaw = sM ? sM[1].trim() : '';
+  const scope = (scopeRaw === 'test' || scopeRaw === 'provided') ? 'optional' : 'required';
+  return {
+    name: `${group}:${artifact}`, version: ver, group, scope,
+    purl: _makePurl('maven', artifact, ver, group), ecosystem: 'maven', filePath,
+    isUnpinned: ver === '0.0.0' || ver.startsWith('$'),
+    isTransitive: false,
+    pomSource: source,                 // 'direct' | 'managed'
+    pomType: tM ? tM[1].trim() : null, // 'jar' (default) | 'pom' (BOM import) | etc.
+  };
+}
+
+function _parsePomXml(text, filePath){
+  const cleanText = _stripPomXmlComments(text);
+  const props = _pomPropertyMap(cleanText);
+  const out = [];
+  // Identify the <dependencyManagement> block once so we can label its
+  // contents as `pomSource: 'managed'` (BOM-imported) without doubly-emitting.
+  const mgmtBlock = cleanText.match(/<dependencyManagement>([\s\S]*?)<\/dependencyManagement>/);
+  const mgmtStart = mgmtBlock ? mgmtBlock.index : -1;
+  const mgmtEnd = mgmtBlock ? mgmtBlock.index + mgmtBlock[0].length : -1;
+  for (const block of cleanText.matchAll(/<dependency>([\s\S]*?)<\/dependency>/g)) {
+    const inBomImport = mgmtStart >= 0 && block.index >= mgmtStart && block.index < mgmtEnd;
+    const comp = _parsePomDependencyBlock(block[1], filePath, props, inBomImport ? 'managed' : 'direct');
+    if (comp) out.push(comp);
+  }
+  return out;
+}
+
+// Maven's `mvn dependency:tree -DoutputFile=target/dependency-tree.txt`
+// emits the FULL resolved transitive graph. When that file is present, we
+// ingest it for transitive coverage — pom.xml itself only declares direct
+// deps. Format (per dep, one line, with tree-drawing prefixes we strip):
+//   groupId:artifactId:type:version:scope
+//   +- groupId:artifactId:type:version:scope
+//   |  \- groupId:artifactId:type:version:scope
+// The first line is the project itself; we skip it.
+function _parseMavenDependencyTree(text, filePath){
+  const out = [];
+  let isFirstLine = true;
+  for (const rawLine of text.split('\n')) {
+    if (!rawLine.trim()) continue;
+    // Strip the tree-drawing prefix: spaces, pipes, dashes, plus signs, backslashes.
+    const stripped = rawLine.replace(/^[\s|+\\-]+/, '').trim();
+    if (!stripped) continue;
+    if (isFirstLine) { isFirstLine = false; continue; }
+    // Format: groupId:artifactId:type:version[:scope]
+    // type is typically `jar` but can be `pom`, `war`, `aar`. Some POMs include
+    // a classifier: groupId:artifactId:type:classifier:version[:scope] (5–6 parts).
+    const parts = stripped.split(':');
+    if (parts.length < 4) continue;
+    const group = parts[0];
+    const artifact = parts[1];
+    // type at [2]; classifier (optional) at [3] when length >= 6.
+    const hasClassifier = parts.length >= 6;
+    const ver = hasClassifier ? parts[4] : parts[3];
+    const scopeRaw = hasClassifier ? parts[5] : parts[4];
+    if (!group || !artifact || !ver) continue;
+    const scope = (scopeRaw === 'test' || scopeRaw === 'provided') ? 'optional' : 'required';
+    out.push({
+      name: `${group}:${artifact}`, version: ver, group, scope,
+      purl: _makePurl('maven', artifact, ver, group), ecosystem: 'maven', filePath,
+      isUnpinned: false,
+      isTransitive: rawLine.match(/^[\s|+\\-]/) ? true : false,
+      pomSource: 'dependency-tree',
+    });
+  }
+  return out;
 }
 
 function _parseBuildGradle(text,filePath){
@@ -6339,8 +6682,144 @@ function _parsePubspecLock(text,filePath){
   }return out;
 }
 
+const _APT_TO_LIB={'libssl-dev':'openssl','libssl3':'openssl','openssl':'openssl','zlib1g-dev':'zlib','zlib1g':'zlib','libcurl4-openssl-dev':'libcurl','libcurl4':'libcurl','libxml2-dev':'libxml2','libxml2':'libxml2','libpq-dev':'postgresql','libsqlite3-dev':'sqlite','libjpeg-dev':'libjpeg','libpng-dev':'libpng','libfreetype6-dev':'freetype','libexpat1-dev':'expat','libyaml-dev':'libyaml','libffi-dev':'libffi','libgmp-dev':'gmp','libncurses-dev':'ncurses','libreadline-dev':'readline'};
+function _parseCMakeLists(text,filePath){
+  const out=[];
+  for(const m of text.matchAll(/find_package\s*\(\s*(\w+)(?:\s+(\d+[\d.]*))?\s*(?:REQUIRED|COMPONENTS)?/gi)){
+    const name=m[1].toLowerCase();const ver=m[2]||'0.0.0';
+    out.push({name,version:ver,group:'',scope:'required',purl:`pkg:generic/${name}@${ver}`,ecosystem:'system',filePath,isUnpinned:!m[2]});
+  }
+  return out;
+}
+function _parseConanfile(text,filePath){
+  const out=[];
+  for(const m of text.matchAll(/(?:requires|build_requires)\s*[=(]\s*["']([^/]+)\/([^"'@]+)/g)){
+    out.push({name:m[1].toLowerCase(),version:m[2],group:'',scope:'required',purl:`pkg:generic/${m[1].toLowerCase()}@${m[2]}`,ecosystem:'system',filePath,isUnpinned:false});
+  }
+  return out;
+}
+function _parseVcpkgJson(text,filePath){
+  const out=[];try{const d=JSON.parse(text);
+    for(const dep of(d.dependencies||[])){
+      const name=typeof dep==='string'?dep:dep.name;
+      const ver=(typeof dep==='object'&&dep['version>='])?dep['version>=']:'0.0.0';
+      if(name)out.push({name:name.toLowerCase(),version:ver,group:'',scope:'required',purl:`pkg:generic/${name.toLowerCase()}@${ver}`,ecosystem:'system',filePath,isUnpinned:ver==='0.0.0'});
+    }
+  }catch(_){}return out;
+}
+
+// go.sum: the full resolved transitive dependency graph for a Go module.
+// go.mod only declares direct deps; go.sum is what `go mod download` resolved.
+// Format (two lines per module — one for the module, one for go.mod):
+//   github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+//   github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+// We extract the module-line variant (no `/go.mod` suffix) so each module
+// gets exactly one component. Empty go.sum (no deps) gracefully returns [].
+function _parseGoSum(text, filePath){
+  const out = [];
+  const seen = new Set();
+  for (const line of text.split('\n')) {
+    const t = line.trim();
+    if (!t || t.startsWith('//')) continue;
+    // Skip the /go.mod hash line — it would double-count each module.
+    if (t.includes('/go.mod ')) continue;
+    const m = t.match(/^(\S+)\s+v([^\s]+)\s+h1:/);
+    if (!m) continue;
+    const name = m[1];
+    // Strip +incompatible / -timestamp-sha suffixes that aren't useful for OSV matching.
+    const ver = m[2].replace(/\+incompatible$/, '').replace(/^v?/, '');
+    const dedupKey = `${name}@${ver}`;
+    if (seen.has(dedupKey)) continue;
+    seen.add(dedupKey);
+    out.push({
+      name, version: ver, group: '', scope: 'required',
+      purl: _makePurl('golang', name, ver, ''), ecosystem: 'golang', filePath,
+      isUnpinned: false,
+      isTransitive: true,  // every go.sum entry is a resolved (transitive or direct) dep
+    });
+  }
+  return out;
+}
+
+// conan.lock: the resolved Conan dependency lockfile. JSON format:
+//   { "version": "0.5", "graph_lock": { "nodes": { "0": {"ref": "openssl/3.0.0@..." }, "1": {...} } } }
+// or the newer Conan 2.x format with a flat list. Both supported here.
+function _parseConanLock(text, filePath){
+  const out = [];
+  let d;
+  try { d = JSON.parse(text); } catch { return out; }
+  const refs = new Set();
+  // Conan 1.x graph_lock format.
+  const nodes = d?.graph_lock?.nodes;
+  if (nodes && typeof nodes === 'object') {
+    for (const node of Object.values(nodes)) {
+      if (node && typeof node.ref === 'string') refs.add(node.ref);
+    }
+  }
+  // Conan 2.x lock format: arrays under requires / build_requires / python_requires.
+  for (const k of ['requires', 'build_requires', 'python_requires']) {
+    if (Array.isArray(d?.[k])) for (const r of d[k]) if (typeof r === 'string') refs.add(r);
+  }
+  for (const ref of refs) {
+    // Format: name/version[@user/channel][#revision]
+    const m = ref.match(/^([^/]+)\/([^@#\s]+)/);
+    if (!m) continue;
+    const name = m[1].toLowerCase();
+    const version = m[2];
+    out.push({
+      name, version, group: '', scope: 'required',
+      purl: `pkg:generic/${name}@${version}`, ecosystem: 'system', filePath,
+      isUnpinned: false,
+      isTransitive: true,
+    });
+  }
+  return out;
+}
+
+// vcpkg-configuration.json: overlay-ports config for vcpkg. Schema:
+//   { "default-registry": {...}, "registries": [{ "kind": "git", "packages": [...] }] }
+// We don't have version info here (vcpkg pins via baseline commit), so emit
+// each named package with version 0.0.0 so OSV at least sees the package
+// name. Useful for "are you using an EOL/known-malicious overlay registry?"
+function _parseVcpkgConfiguration(text, filePath){
+  const out = [];
+  let d;
+  try { d = JSON.parse(text); } catch { return out; }
+  const names = new Set();
+  if (Array.isArray(d?.registries)) {
+    for (const reg of d.registries) {
+      if (Array.isArray(reg?.packages)) for (const p of reg.packages) if (typeof p === 'string') names.add(p);
+    }
+  }
+  for (const name of names) {
+    out.push({
+      name: name.toLowerCase(), version: '0.0.0', group: '', scope: 'required',
+      purl: `pkg:generic/${name.toLowerCase()}@0.0.0`, ecosystem: 'system', filePath,
+      isUnpinned: true,
+    });
+  }
+  return out;
+}
 function parseManifests(allFileContents){
-  const PARSERS={'package.json':_parsePackageJson,'package-lock.json':_parsePackageLockJson,'yarn.lock':_parseYarnLock,'pnpm-lock.yaml':_parsePnpmLock,'requirements.txt':_parseRequirementsTxt,'pyproject.toml':_parsePyprojectToml,'poetry.lock':_parsePoetryLock,'Pipfile.lock':_parsePipfileLock,'composer.json':_parseComposerJson,'composer.lock':_parseComposerLock,'Gemfile':_parseGemfile,'Gemfile.lock':_parseGemfileLock,'go.mod':_parseGoMod,'Cargo.toml':_parseCargoToml,'Cargo.lock':_parseCargoLock,'pom.xml':_parsePomXml,'build.gradle':_parseBuildGradle,'build.gradle.kts':_parseBuildGradle,'pubspec.yaml':_parsePubspecYaml,'pubspec.lock':_parsePubspecLock};
+  const PARSERS={
+    'package.json':_parsePackageJson,'package-lock.json':_parsePackageLockJson,
+    'yarn.lock':_parseYarnLock,'pnpm-lock.yaml':_parsePnpmLock,
+    'requirements.txt':_parseRequirementsTxt,'pyproject.toml':_parsePyprojectToml,
+    'poetry.lock':_parsePoetryLock,'Pipfile.lock':_parsePipfileLock,
+    'composer.json':_parseComposerJson,'composer.lock':_parseComposerLock,
+    'Gemfile':_parseGemfile,'Gemfile.lock':_parseGemfileLock,
+    'go.mod':_parseGoMod,'go.sum':_parseGoSum,
+    'Cargo.toml':_parseCargoToml,'Cargo.lock':_parseCargoLock,
+    'pom.xml':_parsePomXml,'build.gradle':_parseBuildGradle,'build.gradle.kts':_parseBuildGradle,
+    'pubspec.yaml':_parsePubspecYaml,'pubspec.lock':_parsePubspecLock,
+    'CMakeLists.txt':_parseCMakeLists,
+    'conanfile.txt':_parseConanfile,'conan.lock':_parseConanLock,
+    'vcpkg.json':_parseVcpkgJson,'vcpkg-configuration.json':_parseVcpkgConfiguration,
+    // Maven dependency-tree output. The canonical path is
+    // `target/dependency-tree.txt` (per `mvn dependency:tree -DoutputFile=...`)
+    // but users sometimes commit it as `dependency-tree.txt` at repo root.
+    'dependency-tree.txt':_parseMavenDependencyTree,
+  };
   const out=[],seen=new Set();
   for(const[fp,content]of Object.entries(allFileContents)){
     const base=fp.split('/').pop();
@@ -6465,51 +6944,74 @@ async function queryOSV(components,allFileContents){
     }
   }
 
-  for(const[vid,affectedComps]of Object.entries(vulnAffects)){
-    let vuln=_osvCacheGet('vuln:'+vid);
-    if(!vuln){
-      try{
-        const resp=await fetch(`https://api.osv.dev/v1/vulns/${vid}`);
-        const d=await resp.json();
-        const fixedVersions=new Set();
-        const osvVulnFunctions=[];
-        for(const aff of(d.affected||[])){
-          for(const rng of(aff.ranges||[]))for(const ev of(rng.events||[]))if(ev.fixed)fixedVersions.add(ev.fixed);
-          const es=aff.ecosystem_specific||aff.database_specific||{};
-          if(Array.isArray(es.vulnerable_functions))osvVulnFunctions.push(...es.vulnerable_functions);
-          if(Array.isArray(es.imports))for(const imp of es.imports)if(Array.isArray(imp.symbols))osvVulnFunctions.push(...imp.symbols);
-        }
-        let severity='medium';
-        const db=d.database_specific||{};
-        if(db.severity)severity=db.severity.toLowerCase()==='moderate'?'medium':db.severity.toLowerCase();
-        let cvssVector=null;
-        for(const s of(d.severity||[]))if(s.type==='CVSS_V3'||s.type==='CVSS_V4'){cvssVector=s.score;break;}
-        // External-identifier exception (TOS compliance note):
-        // The domain fragments below are third-party PoC tracker domain names
-        // (exploit-db.com, packetstormsecurity.org). They are inputs we match
-        // against reference URLs returned by OSV — not output text we generate.
-        // Renaming them loses SCA detection of PoC-published CVEs.
-        const _KNOWN_PUBLIC_POC_DOMAINS = ['exploit-db','packetstorm','/poc','/0day'];
-        const hasKnownAttackRef=(d.references||[]).some(r=>_KNOWN_PUBLIC_POC_DOMAINS.some(x=>(r.url||'').toLowerCase().includes(x)));
-        vuln={id:vid,description:(d.summary||d.details||'No description.').slice(0,300),
-          fixedVersions:[...fixedVersions].sort(),
-          aliases:(d.aliases||[]).filter(a=>a.startsWith('CVE-')),
-          osvVulnFunctions:[...new Set(osvVulnFunctions)],
-          severity,cvssVector,hasKnownAttackRef};
-        _osvCacheSet('vuln:'+vid,vuln);
-      }catch(_){continue;}
-    }
-    for(const comp of affectedComps){
-      const cveStr=vuln.aliases.length?` (${vuln.aliases[0]})`:'';
-      const fixStr=vuln.fixedVersions.length?vuln.fixedVersions[0]:null;
-      results.push({type:'vulnerable_dep',name:comp.name,version:comp.version,ecosystem:comp.ecosystem,
-        purl:comp.purl,osvId:vid,cveAliases:vuln.aliases,description:vuln.description,
-        fixedVersions:vuln.fixedVersions,severity:vuln.severity,cvssVector:vuln.cvssVector,
-        hasKnownAttackRef:vuln.hasKnownAttackRef,osvVulnFunctions:vuln.osvVulnFunctions||[],reachable:comp.reachable,scope:comp.scope,
-        file:comp.filePath,
+  // External-identifier exception (TOS compliance note):
+  // The domain fragments below are third-party PoC tracker domain names.
+  // They are inputs we match against reference URLs returned by OSV — not
+  // output text we generate. Renaming them loses SCA detection of
+  // PoC-published CVEs.
+  const _KNOWN_PUBLIC_POC_DOMAINS = ['exploit-db','packetstorm','/poc','/0day'];
+  // Fetch missing vuln details in parallel with a concurrency cap so we don't
+  // open hundreds of sockets on a large dep tree. OSV has no batch endpoint
+  // for /v1/vulns/{id}, so this is the best we can do without API changes.
+  const _VULN_CONCURRENCY = 20;
+  const vulnEntries = Object.entries(vulnAffects);
+  const vulnDetails = new Map(); // vid → vuln object (from cache or fresh)
+  // First, drain cache hits with no network involvement.
+  const fetchQueue = [];
+  for (const [vid, _comps] of vulnEntries) {
+    const cached = _osvCacheGet('vuln:' + vid);
+    if (cached) vulnDetails.set(vid, cached);
+    else fetchQueue.push(vid);
+  }
+  // Then fetch uncached vulns with bounded concurrency.
+  async function _fetchOneVuln(vid){
+    try {
+      const resp = await fetch(`https://api.osv.dev/v1/vulns/${vid}`);
+      const d = await resp.json();
+      const fixedVersions = new Set();
+      const osvVulnFunctions = [];
+      for (const aff of (d.affected || [])) {
+        for (const rng of (aff.ranges || [])) for (const ev of (rng.events || [])) if (ev.fixed) fixedVersions.add(ev.fixed);
+        const es = aff.ecosystem_specific || aff.database_specific || {};
+        if (Array.isArray(es.vulnerable_functions)) osvVulnFunctions.push(...es.vulnerable_functions);
+        if (Array.isArray(es.imports)) for (const imp of es.imports) if (Array.isArray(imp.symbols)) osvVulnFunctions.push(...imp.symbols);
+      }
+      let severity = 'medium';
+      const db = d.database_specific || {};
+      if (db.severity) severity = db.severity.toLowerCase() === 'moderate' ? 'medium' : db.severity.toLowerCase();
+      let cvssVector = null;
+      for (const s of (d.severity || [])) if (s.type === 'CVSS_V3' || s.type === 'CVSS_V4') { cvssVector = s.score; break; }
+      const hasKnownAttackRef = (d.references || []).some(r => _KNOWN_PUBLIC_POC_DOMAINS.some(x => (r.url || '').toLowerCase().includes(x)));
+      const vuln = { id: vid,
+        description: (d.summary || d.details || 'No description.').slice(0, 300),
+        fixedVersions: [...fixedVersions].sort(),
+        aliases: (d.aliases || []).filter(a => a.startsWith('CVE-')),
+        osvVulnFunctions: [...new Set(osvVulnFunctions)],
+        severity, cvssVector, hasKnownAttackRef };
+      _osvCacheSet('vuln:' + vid, vuln);
+      return [vid, vuln];
+    } catch (_) { return null; }
+  }
+  for (let i = 0; i < fetchQueue.length; i += _VULN_CONCURRENCY) {
+    const batch = fetchQueue.slice(i, i + _VULN_CONCURRENCY);
+    const settled = await Promise.all(batch.map(_fetchOneVuln));
+    for (const r of settled) if (r) vulnDetails.set(r[0], r[1]);
+  }
+  // Materialize results in the original vulnAffects iteration order.
+  for (const [vid, affectedComps] of vulnEntries) {
+    const vuln = vulnDetails.get(vid);
+    if (!vuln) continue;
+    for (const comp of affectedComps) {
+      const cveStr = vuln.aliases.length ? ` (${vuln.aliases[0]})` : '';
+      const fixStr = vuln.fixedVersions.length ? vuln.fixedVersions[0] : null;
+      results.push({ type: 'vulnerable_dep', name: comp.name, version: comp.version, ecosystem: comp.ecosystem,
+        purl: comp.purl, osvId: vid, cveAliases: vuln.aliases, description: vuln.description,
+        fixedVersions: vuln.fixedVersions, severity: vuln.severity, cvssVector: vuln.cvssVector,
+        hasKnownAttackRef: vuln.hasKnownAttackRef, osvVulnFunctions: vuln.osvVulnFunctions || [], reachable: comp.reachable, scope: comp.scope,
+        file: comp.filePath,
         // kept for generateRecs() compat
-        advisory:`${vid}${cveStr}, ${vuln.description}`,
-        range:fixStr?`< ${fixStr}`:'see advisory'});
+        advisory: `${vid}${cveStr}, ${vuln.description}`,
+        range: fixStr ? `< ${fixStr}` : 'see advisory' });
     }
   }
 
@@ -6766,6 +7268,18 @@ async function runFullScan({fileContents={}, depFileContents={}, scanRoot=null},
       aF.push(...scanKotlin(p,c));
       aF.push(...scanRuby(p,c));
       aF.push(...scanPhp(p,c));
+      // Integration block: scaffolded SAST scanners. Gated by env var.
+      if (process.env.AGENTIC_SECURITY_NO_INTEGRATION !== '1') {
+        if (process.env.AGENTIC_SECURITY_NO_LLM_APP !== '1') aF.push(...scanLlmApp(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_MOBILE  !== '1') aF.push(...scanMobile(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_PQC     !== '1') aF.push(...scanPqc(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_WEB3_ADV!== '1') aF.push(...scanWeb3Advanced(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_DAPP    !== '1') aF.push(...scanDappFrontend(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_CLOUD_IAM!== '1') aF.push(...scanCloudIam(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_K8S_ADM !== '1') aF.push(...scanK8sAdmission(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_CRYPTO_PROTO !== '1') aF.push(...scanCryptoProtocol(p,c));
+        if (process.env.AGENTIC_SECURITY_NO_ML_SUPPLY    !== '1') aF.push(...scanMlSupplyChain(p,c));
+      }
       const _ftElapsed=Date.now()-_ft0;
       if(_ftElapsed>_perFileTimeoutMs){aF.push({id:`file-timeout:${p}`,file:p,line:0,vuln:`File analysis exceeded ${_perFileTimeoutMs}ms (${_ftElapsed}ms)`,severity:'info',parser:'ENGINE',confidence:0.5,_timeout:true});_filesTimedOut++;}
       _fileTimings.push({file:p,ms:_ftElapsed});
@@ -6931,6 +7445,8 @@ async function runFullScan({fileContents={}, depFileContents={}, scanRoot=null},
   // 0.10.0: enrich SCA findings with CISA KEV (CISA KEV catalog)
   try{supplyChain=await _enrichWithKEV(supplyChain);}catch(_){}
   try{markUsedVulnFunctions(supplyChain,fc);}catch(_){}
+  // Python AST-based function validation (deep mode only)
+  if(process.env.AGENTIC_SECURITY_DEEP==='1'){try{const{validateOsvFunctionsExist}=await import('./sca/py-package-functions.js');for(const sc of supplyChain){if(sc.type!=='vulnerable_dep'||sc.ecosystem!=='pypi')continue;if(!sc.osvVulnFunctions||!sc.osvVulnFunctions.length)continue;const{validated,missing}=validateOsvFunctionsExist(sc.name,sc.osvVulnFunctions,scanRoot);if(validated.length)sc._pyAstValidated=validated;if(missing.length)sc._pyAstMissing=missing;}}catch(_){}}
   // LLM-assisted function extraction for CVEs without hints (opt-in: AGENTIC_SECURITY_LLM_SCA=1)
   if(process.env.AGENTIC_SECURITY_LLM_SCA==='1'){try{const{extractVulnFunctionsViaLLM}=await import('./sca/llm-function-extract.js');const enriched=await extractVulnFunctionsViaLLM(supplyChain);if(enriched.length){markUsedVulnFunctions(supplyChain,fc);}}catch(_){}}
   setProgress({current:i,total:files.length,file:"Registry metadata...",phase:"SCA"});
@@ -6938,16 +7454,48 @@ async function runFullScan({fileContents={}, depFileContents={}, scanRoot=null},
   const dd=(a,k)=>[...new Map(a.map(x=>[k(x),x])).values()];
   // 0.6.0 Feat-1: annotate function-level reachability on SCA findings
   try { _annotateFunctionReachability(supplyChain,dd(aR,r=>`${r.method}:${r.path}:${r.file}:${r.line}`).map(r=>({...r})),callGraph,fc); } catch(_) {}
-  // Reachability tier classification for SCA findings
-  for(const sc of supplyChain||[]){
-    if(sc.type!=='vulnerable_dep')continue;
-    if(sc.functionReachable==='reachable')sc.reachabilityTier='function-reachable';
-    else if(sc.functionReachable==='unreachable')sc.reachabilityTier='unreachable';
-    else if(sc.reachable)sc.reachabilityTier='import-reachable';
-    else if(sc.isBuildOnly||sc.scope==='optional'&&!sc.reachable){sc.reachabilityTier='build-only';sc.isBuildOnly=true;if(sc.severity==='critical')sc.severity='medium';else if(sc.severity==='high')sc.severity='low';}
-    else if(sc.scope==='required')sc.reachabilityTier='manifest-only';
-    else sc.reachabilityTier='transitive-only';
-    if(sc.reachabilityTier==='transitive-only'){sc.unreachable=true;sc._reachabilityDemoted=true;}
+  // Reachability tier classification for SCA findings. Order matters —
+  // each tier represents a narrower (more certain) form of reachability,
+  // so we check from most-specific to least-specific.
+  //
+  // route-reachable-via-function (Phase 2 / Item 4): the vulnerable
+  //   function is called AND that call site is rooted in (or
+  //   transitively-called from) a route handler. Highest urgency.
+  // function-reachable: the vulnerable function is called, but the call
+  //   chain does not reach a route handler in <=4 hops. Real but lower
+  //   priority than route-reachable.
+  // unreachable: vulnerable function never called from the project.
+  // import-reachable: package is imported but no vulnerable function call
+  //   was identified (OSV may not list function-level data).
+  // build-only / manifest-only / transitive-only: progressively weaker
+  //   signals; the dep exists but we can't confirm any use of it.
+  for (const sc of supplyChain || []) {
+    if (sc.type !== 'vulnerable_dep') continue;
+    if (sc.functionReachable === 'reachable' && sc.routeReachable === true) {
+      sc.reachabilityTier = 'route-reachable-via-function';
+    } else if (sc.functionReachable === 'reachable') {
+      sc.reachabilityTier = 'function-reachable';
+    } else if (sc.functionReachable === 'unreachable') {
+      sc.reachabilityTier = 'unreachable';
+    } else if (sc.reachable) {
+      sc.reachabilityTier = 'import-reachable';
+    } else if (sc.isBuildOnly || (sc.scope === 'optional' && !sc.reachable)) {
+      sc.reachabilityTier = 'build-only';
+      sc.isBuildOnly = true;
+      if (sc.severity === 'critical') sc.severity = 'medium';
+      else if (sc.severity === 'high') sc.severity = 'low';
+    } else if (sc.scope === 'required') {
+      sc.reachabilityTier = 'manifest-only';
+    } else {
+      sc.reachabilityTier = 'transitive-only';
+    }
+    if (sc.reachabilityTier === 'transitive-only') { sc.unreachable = true; sc._reachabilityDemoted = true; }
+    // Mark as the strongest "vulnerable function actually invoked" signal so
+    // posture/reachability-filter can preserve full severity on this tier
+    // while demoting lower tiers.
+    if (sc.reachabilityTier === 'route-reachable-via-function') {
+      sc.routeReachableViaFunction = true;
+    }
   }
   // Early dedup: collapse duplicates BEFORE the annotation pipeline to reduce work.
   try{const _earlyMap=new Map();for(const f of aF){const k=`${f.file||''}:${f.line||0}:${f.vuln||''}`;if(!_earlyMap.has(k))_earlyMap.set(k,f);}aF.length=0;aF.push(..._earlyMap.values());}catch(_){}
@@ -6956,6 +7504,44 @@ async function runFullScan({fileContents={}, depFileContents={}, scanRoot=null},
   const vulnsByKey={};for(const sc of supplyChain.filter(s=>s.type==='vulnerable_dep')){const k=`${sc.ecosystem}:${sc.name}:${sc.version}`;if(!vulnsByKey[k])vulnsByKey[k]=[];vulnsByKey[k].push(sc);}
   const attackResult=computeAttackPathComponents(aF,components,reach.byFile);
   for(const[key,paths]of attackResult.pathsByKey){const[eco,name,...vp]=key.split(':');const ver=vp.join(':');for(const f of paths){if(!f.linkedComponents)f.linkedComponents=[];if(!f.linkedComponents.some(c=>c.name===name&&c.ecosystem===eco))f.linkedComponents.push({ecosystem:eco,name,version:ver});}}
+  // Phase 4 / Item 8 of the SCA improvement plan: reverse pointer.
+  // For each (component-key, sastFindings[]) pair from attackResult, find
+  // the matching supplyChain finding(s) and stamp linkedFindings[] on them
+  // — each entry pointing at the SAST finding that taint-flows to that
+  // dep. Also persist a one-line chain narrative so /show-findings
+  // --chains can consume it without re-invoking the synthesizer agent.
+  // Size-capped to MAX_LINKED_FINDINGS per SCA finding (premortem 3R-7
+  // — don't unbounded-grow last-scan.json on a noisy attack graph).
+  const MAX_LINKED_FINDINGS = 10;
+  for (const [key, paths] of attackResult.pathsByKey) {
+    const scaFindings = vulnsByKey[key] || [];
+    if (!scaFindings.length || !paths.length) continue;
+    for (const sc of scaFindings) {
+      if (!Array.isArray(sc.linkedFindings)) sc.linkedFindings = [];
+      if (!Array.isArray(sc.chainNarratives)) sc.chainNarratives = [];
+      for (const sastF of paths) {
+        if (sc.linkedFindings.length >= MAX_LINKED_FINDINGS) break;
+        const linkEntry = {
+          findingId: sastF.id || null,
+          vuln: sastF.vuln || sastF.title || null,
+          severity: sastF.severity || null,
+          file: sastF.file || sastF.sink?.file || null,
+          line: sastF.sink?.line ?? sastF.line ?? null,
+        };
+        // Dedupe by (findingId, file:line, vuln) so re-runs of this block
+        // (we hit it once per attack-graph traversal) don't grow the array.
+        const dedupeKey = `${linkEntry.findingId}|${linkEntry.file}:${linkEntry.line}|${linkEntry.vuln}`;
+        if (sc.linkedFindings.some(e => `${e.findingId}|${e.file}:${e.line}|${e.vuln}` === dedupeKey)) continue;
+        sc.linkedFindings.push(linkEntry);
+        // Narrative: short, human-readable. Avoids re-invoking the
+        // synthesizer agent for the common case where the chain is just
+        // "SAST X reaches vulnerable dep Y".
+        const narrative = `${linkEntry.vuln || 'sink'} on ${linkEntry.file || '?'}:${linkEntry.line || 0} → ${sc.name}@${sc.version} (${sc.osvId || (sc.cveAliases && sc.cveAliases[0]) || 'unknown CVE'})`;
+        if (!sc.chainNarratives.includes(narrative)) sc.chainNarratives.push(narrative);
+      }
+      sc.hasLinkedSastFindings = sc.linkedFindings.length > 0;
+    }
+  }
   const annotatedComponents=components.map(c=>{const key=`${c.ecosystem}:${c.name}:${c.version}`;const vulns=vulnsByKey[key]||[];const riKey=c.ecosystem==='maven'&&c.group?`maven:${c.group}/${c.name}`:`${c.ecosystem}:${c.name}`;const ri=registryInfo.get(riKey)||{};const latestVersion=ri.latestVersion||'';const vd=(ri.versions||{})[c.version]||{};const isDeprecated=typeof vd.deprecated==='string'&&vd.deprecated.length>0;const deprecationMessage=isDeprecated?vd.deprecated:'';const isOutdated=!isDeprecated&&typeof vd.outdated==='string'&&vd.outdated.length>0;const outdatedMessage=isOutdated?vd.outdated:'';const license=ri.license||vd.license||'';return{...c,vulns,hasVulns:vulns.length>0,hasAttackPath:attackResult.flagged.has(key),attackPaths:attackResult.pathsByKey.get(key)||[],latestVersion,isDeprecated,deprecationMessage,isOutdated,outdatedMessage,license};});
   try{aF.push(...scanDbTaintCrossFile(fc));}catch(_){}
   try{aF.push(...scanStoredPromptInjectionCrossFile(fc));}catch(_){}
@@ -7087,6 +7673,70 @@ async function runFullScan({fileContents={}, depFileContents={}, scanRoot=null},
   _runAnnotator("annotateFeatureFlagGating", () => { annotateFeatureFlagGating(finalFindings, fc, { scanRoot }); });
   // v3 next-gen: composite mitigation verdict consumes every prod signal above.
   _runAnnotator("annotateMitigationComposite", () => { annotateMitigationComposite(finalFindings); });
+  // Composite risk score (0..100 derived ordinal). Must run AFTER mitigation
+  // composite + exploitability + toxicityScore so it sees the final values.
+  // Used by agents and UI as the canonical sort key for "which finding first."
+  _runAnnotator("annotateCompositeRisk", () => { annotateCompositeRisk(finalFindings); });
+
+  // ── World-class integration block ─────────────────────────────────────
+  // Each annotator is opt-in via env var and try/catch wrapped. They run
+  // AFTER composite risk so they can read the canonical risk ordinal but
+  // BEFORE crown-jewel / persona scoring so demotions are honored.
+  if (process.env.AGENTIC_SECURITY_NO_INTEGRATION !== '1') {
+    // Cross-service taint annotation reads .agentic-security/services.yml
+    // and bumps severity on cross-service-reachable findings.
+    if (process.env.AGENTIC_SECURITY_NO_CROSS_SERVICE !== '1') {
+      _runAnnotator("runCrossServiceTaint", () => { runCrossServiceTaint(scanRoot, finalFindings); });
+    }
+    // Runtime correlation: demotes findings whose paths were unobserved
+    // in production eBPF traces (when a trace file is present).
+    if (process.env.AGENTIC_SECURITY_NO_RUNTIME_CORRELATION !== '1') {
+      _runAnnotator("annotateRuntimeCorrelation", async () => { await annotateRuntimeCorrelation(scanRoot, finalFindings); });
+    }
+    // Triage learning: applies per-(project, family, file-glob) calibration
+    // from prior wont-fix / false-positive decisions.
+    if (process.env.AGENTIC_SECURITY_NO_TRIAGE_LEARNING !== '1') {
+      _runAnnotator("applyLearnedCalibration", () => { applyLearnedCalibration(scanRoot, finalFindings); });
+    }
+    // Formal verification: CBMC for C/C++, MIRI for Rust. Opt-in via
+    // AGENTIC_SECURITY_FORMAL=1 (off by default — requires external tools).
+    if (process.env.AGENTIC_SECURITY_FORMAL === '1') {
+      _runAnnotator("annotateFormalVerification", async () => { await annotateFormalVerification(finalFindings, fc, {}); });
+    }
+    // SMT path feasibility: Z3-backed proof of reachability. Opt-in via
+    // AGENTIC_SECURITY_SMT_FEASIBILITY=1.
+    if (process.env.AGENTIC_SECURITY_SMT_FEASIBILITY === '1') {
+      _runAnnotator("annotatePathFeasibility", async () => { await annotatePathFeasibility(finalFindings, {}); });
+    }
+    // Privacy / PII taint: emits pii-exposure findings + DPIA artifact.
+    if (process.env.AGENTIC_SECURITY_NO_PRIVACY !== '1') {
+      _runAnnotator("annotatePrivacyTaint", () => {
+        // Build a minimal IR map from fc; the privacy taint module needs
+        // per-file content + a coarse decls/calls list. We construct it
+        // from existing finding sources rather than re-parsing every file.
+        const minimalIR = new Map();
+        for (const [fp, content] of Object.entries(fc || {})) {
+          if (typeof content !== 'string') continue;
+          minimalIR.set(fp, { _content: content, decls: [], calls: [] });
+        }
+        const r = annotatePrivacyTaint(minimalIR);
+        if (r && Array.isArray(r.findings)) finalFindings.push(...r.findings);
+        // Persist the DPIA scaffold for compliance review.
+        if (r && r.piiFields) {
+          try {
+            const dpia = emitDpiaArtifact(r.piiFields, r.findings || []);
+            fs.writeFileSync(path.join(scanRoot, '.agentic-security', 'dpia.md'), dpia);
+          } catch (_) {}
+        }
+      });
+    }
+    // Attack-taxonomy annotation: stamps each finding with MITRE ATT&CK,
+    // ATLAS, D3FEND, kill-chain stage, and CAPEC IDs so downstream SIEM /
+    // SOAR systems can correlate with existing detection rules.
+    if (process.env.AGENTIC_SECURITY_NO_ATTACK_TAX !== '1') {
+      _runAnnotator("annotateAttackTaxonomy", () => { annotateAttackTaxonomy(finalFindings); });
+    }
+  }
   // v3 next-gen: crown-jewel mapping (FR-PROD-5) — score each file/finding by
   // business impact. Must run before persona prioritization (which uses it).
   _runAnnotator("annotateCrownJewelScores", () => { annotateCrownJewelScores(finalFindings, fc); });
@@ -7315,11 +7965,25 @@ async function runFullScan({fileContents={}, depFileContents={}, scanRoot=null},
   const _toxCtx={routes:dd(aR,r=>`${r.method}:${r.path}:${r.file}:${r.line}`).map(r=>({...r})),supplyChain,hasCloudCreds:_hasCloudCreds};
   try{finalFindings.forEach(f=>scoreToxicity(f,_toxCtx));}catch(_){}
   for(const sc of supplyChain||[]){try{scoreToxicity(sc,_toxCtx);}catch(_){}}
+  // Composite risk for the supplyChain bucket too. The SAST pass at
+  // annotateCompositeRisk above runs before scoreToxicity (which only
+  // touches finalFindings in the same line), so this is the catch-up call
+  // for the SCA bucket — must happen after KEV / EPSS / scoreToxicity on
+  // supplyChain so it sees the populated signals.
+  try { annotateCompositeRisk(supplyChain); } catch (_) {}
+  // And re-annotate finalFindings here so they pick up the toxicityScore
+  // that was just set. Idempotent: composite-risk derives fresh from the
+  // current field values on each call.
+  try { annotateCompositeRisk(finalFindings); } catch (_) {}
   // 0.9.0 Feat-18: OSSF Scorecard enrichment (opt-in via AGENTIC_SECURITY_SCORECARD=1)
   try { await _enrichWithScorecard(annotatedComponents); }
   catch (e) { _annotatorErrors.push({ phase: '_enrichWithScorecard', err: String((e && e.message) || e) }); }
   // 0.8.0 Feat-10: license policy
   try{const lp=loadLicensePolicy(scanRoot);if(lp){const lv=evaluateLicensePolicy(annotatedComponents,lp);aLogic.push(...lv);}}catch(_){}
+  // Phase 4 / Item 7 of the SCA improvement plan: load sca-policy.yml and
+  // apply accept-risk / SLA / major-version-freeze rules. supplyChain
+  // findings get suppressed/tagged in place.
+  try { const sp = loadScaPolicy(scanRoot); if (sp && !sp._error) applyScaPolicy(supplyChain, sp); } catch (_) {}
   // 0.9.0 Feat-15: dep confusion
   try{const dc=detectDepConfusion(annotatedComponents,scanRoot);aF.push(...dc);}catch(_){}
   // Deployment-platform security checklist
@@ -7457,8 +8121,101 @@ async function runFullScan({fileContents={}, depFileContents={}, scanRoot=null},
   // v3 next-gen: why-fired provenance is captured LAST so it reflects the
   // final state of each finding after every other annotator has run.
   _runAnnotator("annotateWhyFired", () => { annotateWhyFired(finalFindings, {}); });
+  // SCA-SAST correlation: link SAST findings to SCA vulnerable packages
+  try{for(const f of finalFindings){if(!f.chain||!f.chain.length)continue;const src=f.chain[0]?.label||'';for(const sc of supplyChain){if(sc.type!=='vulnerable_dep')continue;if(src.includes(sc.name)||f.vuln?.toLowerCase().includes(sc.name)){f.scaCorrelation={osvId:sc.osvId,package:sc.name,version:sc.version,confirmed:true};sc.sastConfirmed=true;break;}}}}catch(_){}
+  // Multi-sink chain detection: group findings by source variable
+  try{const srcGroups=new Map();for(const f of finalFindings){const src=f.chain?.[0]?.label;if(!src)continue;if(!srcGroups.has(src))srcGroups.set(src,[]);srcGroups.get(src).push(f);}for(const[src,group]of srcGroups){if(group.length<2)continue;const groupId=`multi-sink:${src}:${group.length}`;for(const f of group)f._multiSinkGroupId=groupId;finalFindings.push({id:groupId,file:group[0].file,line:group[0].line,vuln:`Multi-Sink Taint Chain — ${src} reaches ${group.length} sinks`,severity:group.some(f=>f.severity==='critical')?'critical':'high',cwe:'CWE-20',parser:'MULTI-SINK',confidence:0.85,sinks:group.map(f=>({file:f.file,line:f.line,vuln:f.vuln})),_aggregated:true});}}catch(_){}
+  // SCA transitive dedup: collapse duplicate CVEs across dep chains
+  try{const osvGroups=new Map();for(const sc of supplyChain){if(sc.type!=='vulnerable_dep'||!sc.osvId)continue;if(!osvGroups.has(sc.osvId))osvGroups.set(sc.osvId,[]);osvGroups.get(sc.osvId).push(sc);}for(const[osvId,group]of osvGroups){if(group.length<=1)continue;const primary=group.find(s=>s.isDirect)||group[0];primary.dependents=group.filter(s=>s!==primary).map(s=>({name:s.name,version:s.version,depChain:s.depChain,isDirect:s.isDirect}));primary._transitiveDeduped=group.length-1;for(const dup of group){if(dup!==primary)dup._deduplicatedInto=primary.osvId;}supplyChain.splice(0,supplyChain.length,...supplyChain.filter(s=>!s._deduplicatedInto));}}catch(_){}
+  // ── World-class post-scan artifact emitters ──────────────────────────
+  // Each is opt-in via env var. They produce machine-readable artifacts
+  // (threat-model.json/.md, dpia.md, compliance-evidence.json/.md,
+  // sbom-history/<sha>.json, exploit-bundles/) under .agentic-security/.
+  let _threatModel = null, _apiContractFindings = [], _sbomDiff = null,
+      _complianceReport = null, _exploitBundles = null, _pqcPlan = null,
+      _licenseGraph = null, _attributions = null, _taxonomySummary = null;
+  if (process.env.AGENTIC_SECURITY_NO_INTEGRATION !== '1') {
+    // Threat model — STRIDE + entities + attack trees rooted in findings.
+    if (process.env.AGENTIC_SECURITY_NO_THREAT_MODEL !== '1') {
+      try {
+        _threatModel = buildAutoThreatModel({
+          findings: finalFindings, routes: aR, supplyChain,
+        });
+        persistAutoThreatModel(scanRoot, _threatModel);
+      } catch (_) {}
+    }
+    // API contract — undocumented endpoints / missing-auth flags.
+    if (process.env.AGENTIC_SECURITY_NO_API_CONTRACT !== '1') {
+      try { _apiContractFindings = runApiContractScan(scanRoot, aR) || []; finalFindings.push(..._apiContractFindings); } catch (_) {}
+    }
+    // SBOM diff — drift detection across releases.
+    if (process.env.AGENTIC_SECURITY_NO_SBOM_DIFF !== '1') {
+      try {
+        _sbomDiff = runSbomDiff(scanRoot, annotatedComponents || []);
+        if (_sbomDiff && Array.isArray(_sbomDiff.findings)) finalFindings.push(..._sbomDiff.findings);
+      } catch (_) {}
+    }
+    // Sigstore provenance — opt-in (requires network + flag).
+    if (process.env.AGENTIC_SECURITY_SIGSTORE === '1') {
+      try { /* fire-and-forget async — don't block scan completion */ annotateProvenance(supplyChain, annotatedComponents).catch(()=>{}); } catch (_) {}
+    }
+    // Compliance evidence — auto-generate from policy file if present.
+    if (process.env.AGENTIC_SECURITY_NO_COMPLIANCE !== '1') {
+      try {
+        const policy = loadCompliancePolicy(scanRoot);
+        if (policy && !policy._error) {
+          _complianceReport = verifyCompliancePolicy(policy, { scanRoot, findings: finalFindings });
+          emitComplianceJsonLd(_complianceReport, scanRoot);
+          emitComplianceMarkdown(_complianceReport, scanRoot);
+        }
+      } catch (_) {}
+    }
+    // License graph — transitive copyleft + distribution-mode + relicense.
+    if (process.env.AGENTIC_SECURITY_NO_LICENSE_GRAPH !== '1') {
+      try {
+        const lgPolicy = loadLicenseGraphPolicy(scanRoot);
+        _licenseGraph = analyzeLicenseGraph(annotatedComponents || [], lgPolicy);
+        if (_licenseGraph && Array.isArray(_licenseGraph.findings)) finalFindings.push(..._licenseGraph.findings);
+      } catch (_) {}
+    }
+    // Attributions: emit ATTRIBUTIONS.md (and NOTICE if Apache deps present).
+    if (process.env.AGENTIC_SECURITY_NO_ATTRIBUTIONS !== '1') {
+      try {
+        _attributions = generateAttributions(annotatedComponents || []);
+        if (_attributions && _attributions.componentCount) persistAttributions(scanRoot, _attributions);
+      } catch (_) {}
+    }
+    // Attack taxonomy summary — aggregates ATT&CK / ATLAS / kill-chain
+    // distribution over all findings for the report layer.
+    if (process.env.AGENTIC_SECURITY_NO_ATTACK_TAX !== '1') {
+      try { _taxonomySummary = summarizeTaxonomy(finalFindings); } catch (_) {}
+    }
+    // PQC migration plan — aggregates pqc-migration findings into a
+    // structured plan (.agentic-security/pqc-migration-plan.{json,md}).
+    if (process.env.AGENTIC_SECURITY_NO_PQC_PLAN !== '1') {
+      try {
+        _pqcPlan = buildPqcPlan(finalFindings);
+        if (_pqcPlan) persistPqcPlan(scanRoot, _pqcPlan);
+      } catch (_) {}
+    }
+    // Exploit bundles — per-family PoC + Jest + pytest + remediation for
+    // top-N critical/high findings.
+    if (process.env.AGENTIC_SECURITY_NO_EXPLOIT_BUNDLES !== '1') {
+      try {
+        const bundles = generateExploitBundles(finalFindings, { maxBundles: 25 });
+        if (bundles.size) {
+          _exploitBundles = {};
+          for (const [id, b] of bundles) _exploitBundles[id] = b;
+          const bundlePath = path.join(scanRoot, '.agentic-security', 'exploit-bundles.json');
+          try { fs.mkdirSync(path.dirname(bundlePath), { recursive: true }); } catch {}
+          try { fs.writeFileSync(bundlePath, JSON.stringify(_exploitBundles, null, 2)); } catch {}
+        }
+      } catch (_) {}
+    }
+  }
+
   const _scanMeta={filesScanned:files.length,filesSkipped:_filesSkipped,filesTimedOut:_filesTimedOut,fileTimings:_fileTimings.sort((a,b)=>b.ms-a.ms).slice(0,20),findingsBySeverity:{critical:finalFindings.filter(f=>f.severity==='critical').length,high:finalFindings.filter(f=>f.severity==='high').length,medium:finalFindings.filter(f=>f.severity==='medium').length,low:finalFindings.filter(f=>f.severity==='low').length,info:finalFindings.filter(f=>f.severity==='info').length}};
-  return{routes:dd(aR,r=>`${r.method}:${r.path}:${r.file}:${r.line}`),findings:finalFindings,sources:aSrc,sinks:aSink,sanitizers:aSan,filesScanned:files.length,crossFileCount:cf.length,logicVulns:aLogic,supplyChain,components:annotatedComponents,secrets:aSecrets,ciphers:{atRest:aCiphersRest,inTransit:aCiphersTransit},pfr,fc,suppressions:_getSuppressions(),_v3,_scanMeta,_engineErrors:{cppDataflowParseErrors:_cppDataflowParseErrors.value},annotatorErrors:_annotatorErrors};}
+  return{routes:dd(aR,r=>`${r.method}:${r.path}:${r.file}:${r.line}`),findings:finalFindings,sources:aSrc,sinks:aSink,sanitizers:aSan,filesScanned:files.length,crossFileCount:cf.length,logicVulns:aLogic,supplyChain,components:annotatedComponents,secrets:aSecrets,ciphers:{atRest:aCiphersRest,inTransit:aCiphersTransit},pfr,fc,suppressions:_getSuppressions(),_v3,_scanMeta,_engineErrors:{cppDataflowParseErrors:_cppDataflowParseErrors.value},annotatorErrors:_annotatorErrors,threatModel:_threatModel,sbomDiff:_sbomDiff,complianceReport:_complianceReport,exploitBundles:_exploitBundles,pqcPlan:_pqcPlan,licenseGraph:_licenseGraph,attributions:_attributions,attackTaxonomy:_taxonomySummary};}
 
 // Post-aggregation classification: every source becomes "unsafe"|"safe"; every sink becomes "confirmed"|"safe".
 // Orphans (no finding linkage) are bucketed by file-local heuristic so the UI shows binary states only.
@@ -7897,6 +8654,7 @@ export {
   queryOSV, queryRegistries, computeAttackPathComponents,
   markUsedVulnFunctions, dedupeFindingsWithEvidence, scoreTriage,
   _enrichWithScorecard, scoreToxicity, _enrichWithKEV, _loadKEVCatalog,
+  _enrichWithEPSS, _fetchEPSSBatch,
   classifyOrphans, classifyField, classifyEndpoint, shouldScan,
   _isFalsePositiveCredential, _detectSafeSinkShape,
   _loadCustomRules, _isCustomSuppressed, _isPathIgnored,