@clear-capabilities/agentic-security-scanner 0.80.0 → 0.84.1

package/dist/178.index.js

@@ -13,7 +13,7 @@ export const modules = {
 /* harmony import */ var node_child_process__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1421);
 /* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(3024);
 /* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(6760);
-/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(9072);
+/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(2271);
 // Time-travel + counterfactual scanning (v0.68).
 //
 // Two new modes that exploit the pure-input shape of runFullScan:

package/dist/384.index.js

@@ -8,7 +8,7 @@ export const modules = {
 /* harmony export */ __webpack_require__.d(__webpack_exports__, {
 /* harmony export */   scanCredentials: () => (/* reexport safe */ _engine_js__WEBPACK_IMPORTED_MODULE_0__.Sv)
 /* harmony export */ });
-/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(9072);
+/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(2271);
 // Secrets submodule view of the engine — credential + entropy + TODO scanning.
 
 

package/dist/637.index.js

@@ -10,7 +10,7 @@ export const modules = {
 /* harmony export */   renderPrDeltaText: () => (/* binding */ renderPrDeltaText)
 /* harmony export */ });
 /* harmony import */ var node_child_process__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1421);
-/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(9072);
+/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(2271);
 // Shadowscan / security-DELTA on PR (v0.72).
 //
 // Most SAST PR-comment integrations show absolute counts — "12 findings

package/dist/838.index.js

@@ -14,7 +14,7 @@ __webpack_require__.r(__webpack_exports__);
 /* harmony import */ var node_child_process__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(1421);
 /* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(3024);
 /* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(6760);
-/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(9072);
+/* harmony import */ var _engine_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(2271);
 // Closed-loop /fix verification (Sentinel-parity FR-L4-4, FR-L4-5).
 //
 // Given a candidate patch (the new file content + the finding stableId being

package/dist/839.index.js

@@ -0,0 +1,170 @@
+export const id = 839;
+export const ids = [839];
+export const modules = {
+
+/***/ 3839:
+/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
+
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   queryFindingsMemory: () => (/* binding */ queryFindingsMemory)
+/* harmony export */ });
+/* unused harmony export _internals */
+/* harmony import */ var node_fs__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(3024);
+/* harmony import */ var node_path__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(6760);
+// Findings memory — natural-language Q&A over the institutional knowledge
+// the scanner has accumulated. Backs the MCP query_findings_memory tool.
+//
+// Sources searched, in this order:
+//
+//   1. .agentic-security/last-scan.json          current findings
+//   2. .agentic-security/triage-memory.jsonl     past wont-fix / FP decisions
+//   3. .agentic-security/scan-history/*.json     prior scans
+//   4. .agentic-security/AGENTS.md               continual-learning narrative
+//
+// Naive keyword matching for v1. Each match has a `score` (count of query
+// terms matched) and a `source` ('finding' | 'triage' | 'history' |
+// 'agents-md'). Returns top-10 by score.
+
+
+
+
+const STATE = '.agentic-security';
+
+function _read(scanRoot, name) {
+  try { return node_fs__WEBPACK_IMPORTED_MODULE_0__.readFileSync(node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot, STATE, name), 'utf8'); } catch { return null; }
+}
+
+function _readJson(scanRoot, name) {
+  const raw = _read(scanRoot, name);
+  if (!raw) return null;
+  try { return JSON.parse(raw); } catch { return null; }
+}
+
+function _terms(query) {
+  return String(query || '').toLowerCase().split(/\s+/).filter(t => t.length >= 2);
+}
+
+function _score(haystack, terms) {
+  const lower = String(haystack || '').toLowerCase();
+  let s = 0;
+  for (const t of terms) if (lower.includes(t)) s++;
+  return s;
+}
+
+function _findingHaystack(f) {
+  return [f.vuln, f.family, f.file, f.severity, f.description, f.cwe, f.id]
+    .filter(Boolean).join(' | ');
+}
+
+function _truncate(s, n = 160) {
+  return String(s || '').replace(/\s+/g, ' ').slice(0, n);
+}
+
+/**
+ * Run a natural-language query over the scanner's accumulated memory.
+ */
+function queryFindingsMemory(scanRoot, query) {
+  const terms = _terms(query);
+  if (!terms.length) return { results: [], count: 0 };
+
+  const results = [];
+
+  // 1. Current findings.
+  const scan = _readJson(scanRoot, 'last-scan.json');
+  if (scan && Array.isArray(scan.findings)) {
+    for (const f of scan.findings) {
+      const hay = _findingHaystack(f);
+      const score = _score(hay, terms);
+      if (!score) continue;
+      results.push({
+        source: 'finding',
+        score,
+        finding_id: f.id || null,
+        severity: f.severity,
+        family: f.family,
+        file: f.file,
+        line: f.line,
+        snippet: _truncate(f.vuln || f.description || f.family),
+      });
+    }
+  }
+
+  // 2. Triage memory (past decisions).
+  const triageRaw = _read(scanRoot, 'triage-memory.jsonl');
+  if (triageRaw) {
+    const lines = triageRaw.split('\n').filter(Boolean);
+    for (const ln of lines) {
+      let entry; try { entry = JSON.parse(ln); } catch { continue; }
+      const hay = [entry.decision, entry.reason, entry.family, entry.vuln, entry.file].join(' ');
+      const score = _score(hay, terms);
+      if (!score) continue;
+      results.push({
+        source: 'triage',
+        score,
+        decision: entry.decision,
+        at: entry.at,
+        family: entry.family,
+        snippet: _truncate(entry.reason || entry.vuln),
+        bucket: entry.bucket,
+      });
+    }
+  }
+
+  // 3. Scan history.
+  try {
+    const histDir = node_path__WEBPACK_IMPORTED_MODULE_1__.join(scanRoot, STATE, 'scan-history');
+    if (node_fs__WEBPACK_IMPORTED_MODULE_0__.existsSync(histDir)) {
+      const files = node_fs__WEBPACK_IMPORTED_MODULE_0__.readdirSync(histDir).filter(f => f.endsWith('.json')).slice(-10);
+      for (const f of files) {
+        try {
+          const hist = JSON.parse(node_fs__WEBPACK_IMPORTED_MODULE_0__.readFileSync(node_path__WEBPACK_IMPORTED_MODULE_1__.join(histDir, f), 'utf8'));
+          if (!Array.isArray(hist.findings)) continue;
+          for (const x of hist.findings.slice(0, 50)) {
+            const hay = _findingHaystack(x);
+            const score = _score(hay, terms);
+            if (!score) continue;
+            results.push({
+              source: 'history',
+              score,
+              from: f.replace(/\.json$/, ''),
+              severity: x.severity,
+              family: x.family,
+              file: x.file,
+              snippet: _truncate(x.vuln || x.description),
+            });
+          }
+        } catch {}
+      }
+    }
+  } catch {}
+
+  // 4. AGENTS.md narrative.
+  const agents = _read(scanRoot, 'AGENTS.md');
+  if (agents) {
+    const sections = agents.split(/^##\s+/m);
+    for (const sec of sections) {
+      const score = _score(sec, terms);
+      if (!score) continue;
+      const title = sec.split('\n')[0] || '';
+      results.push({
+        source: 'agents-md',
+        score,
+        title: _truncate(title, 80),
+        snippet: _truncate(sec.replace(title, ''), 200),
+      });
+    }
+  }
+
+  // Top-10 by score, ties broken by source priority (finding > triage >
+  // history > agents-md so live data wins).
+  const PRI = { finding: 4, triage: 3, history: 2, 'agents-md': 1 };
+  results.sort((a, b) => (b.score - a.score) || (PRI[b.source] - PRI[a.source]));
+  return { results: results.slice(0, 10), count: results.length };
+}
+
+const _internals = { _terms, _score, _findingHaystack };
+
+
+/***/ })
+
+};

package/dist/985.index.js

@@ -1321,6 +1321,56 @@ const read_agents_memory = {
   },
 };
 
+// ─── query_triage_memory ───────────────────────────────────────────────────
+// Natural-language Q&A over past triage decisions (wont-fix / false-positive
+// markings + reasons). Backed by .agentic-security/triage-memory.jsonl, which
+// is auto-populated by triage.transition(). Returns at most 10 most-relevant
+// past decisions.
+
+const query_triage_memory = {
+  name: 'query_triage_memory',
+  description: 'Search past triage decisions (wont-fix / false-positive) by natural-language query. Returns up to 10 most-relevant past decisions with their reasons. Use when you see a new finding and want to know "did we already decide on something like this?" — answers in seconds without re-reading the full AGENTS.md narrative.',
+  inputSchema: {
+    type: 'object',
+    additionalProperties: false,
+    properties: {
+      query: { type: 'string', description: 'Free-text terms to match against past reasons / vuln text / file paths / family names.' },
+    },
+  },
+  async handler({ query }, ctx) {
+    const { queryMemory } = await Promise.resolve(/* import() */).then(__webpack_require__.bind(__webpack_require__, 1905));
+    const results = queryMemory(ctx.sessionRoot, query || '');
+    return {
+      _meta: META,
+      count: results.length,
+      results,
+    };
+  },
+};
+
+// ─── query_findings_memory ─────────────────────────────────────────────────
+// Natural-language Q&A across the scanner's accumulated institutional
+// memory: current findings + past triage decisions + scan history +
+// AGENTS.md narrative. Use to answer "have we seen something like this
+// before?" without reading multiple files.
+
+const query_findings_memory = {
+  name: 'query_findings_memory',
+  description: 'Search the scanner accumulated memory (current scan findings + past wont-fix/false-positive decisions + scan history + AGENTS.md narrative) by natural-language terms. Returns top-10 results scored by term-match count and ranked finding > triage > history > AGENTS.md.',
+  inputSchema: {
+    type: 'object',
+    additionalProperties: false,
+    properties: {
+      query: { type: 'string', description: 'Natural-language search terms (2+ chars each).' },
+    },
+    required: ['query'],
+  },
+  async handler({ query }, ctx) {
+    const { queryFindingsMemory } = await __webpack_require__.e(/* import() */ 839).then(__webpack_require__.bind(__webpack_require__, 3839));
+    return { _meta: META, ...queryFindingsMemory(ctx.sessionRoot, query || '') };
+  },
+};
+
 // ─── lookup_cve ────────────────────────────────────────────────────────────
 // LangChain harness-anatomy #8: bridge the knowledge-cutoff gap by exposing
 // the local OSV / KEV / EPSS cache as a structured tool. Read-only — never
@@ -1416,7 +1466,7 @@ const apply_sca_upgrade = {
   },
 };
 
-const ALL_TOOLS = [scan_diff, query_taint, explain_finding, apply_fix, verify_fix, synthesize_fix, find_rule_module, append_scratchpad, read_scratchpad, append_agents_memory, read_agents_memory, lookup_cve, synthesize_sca_upgrade, apply_sca_upgrade];
+const ALL_TOOLS = [scan_diff, query_taint, explain_finding, apply_fix, verify_fix, synthesize_fix, find_rule_module, append_scratchpad, read_scratchpad, append_agents_memory, read_agents_memory, lookup_cve, synthesize_sca_upgrade, apply_sca_upgrade, query_triage_memory, query_findings_memory];
 
 ;// CONCATENATED MODULE: ./src/mcp/validate.js
 // Minimal JSON Schema validator — just the subset our tool schemas use.