@clear-capabilities/agentic-security-scanner 0.80.0 → 0.84.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/dist/178.index.js +1 -1
  2. package/dist/384.index.js +1 -1
  3. package/dist/637.index.js +1 -1
  4. package/dist/838.index.js +1 -1
  5. package/dist/839.index.js +170 -0
  6. package/dist/985.index.js +51 -1
  7. package/dist/agentic-security.mjs +83 -83
  8. package/dist/agentic-security.mjs.sha256 +1 -1
  9. package/package.json +3 -3
  10. package/src/.agentic-security/findings.json +21283 -8189
  11. package/src/.agentic-security/last-scan.json +21283 -8189
  12. package/src/.agentic-security/last-scan.json.sig +1 -1
  13. package/src/.agentic-security/scan-history.json +512 -128
  14. package/src/.agentic-security/streak.json +3 -3
  15. package/src/engine.js +41 -0
  16. package/src/mcp/.agentic-security/findings.json +4 -4
  17. package/src/mcp/.agentic-security/last-scan.json +4 -4
  18. package/src/mcp/.agentic-security/last-scan.json.sig +1 -1
  19. package/src/mcp/.agentic-security/scan-history.json +188 -0
  20. package/src/mcp/.agentic-security/streak.json +5 -5
  21. package/src/mcp/tools.js +51 -1
  22. package/src/posture/.agentic-security/findings.json +17234 -4057
  23. package/src/posture/.agentic-security/last-scan.json +17234 -4057
  24. package/src/posture/.agentic-security/last-scan.json.sig +1 -1
  25. package/src/posture/.agentic-security/scan-history.json +1942 -200
  26. package/src/posture/.agentic-security/streak.json +3 -3
  27. package/src/posture/auditor-walkthrough.js +252 -0
  28. package/src/posture/claude-authorship.js +197 -0
  29. package/src/posture/compliance-frameworks/.agentic-security/findings.json +80 -0
  30. package/src/posture/compliance-frameworks/.agentic-security/last-scan.json +80 -0
  31. package/src/posture/compliance-frameworks/.agentic-security/last-scan.json.sig +1 -0
  32. package/src/posture/compliance-frameworks/.agentic-security/scan-history.json +90 -0
  33. package/src/posture/compliance-frameworks/.agentic-security/streak.json +22 -0
  34. package/src/posture/compliance-frameworks/ccpa.json +32 -0
  35. package/src/posture/compliance-frameworks/eu-ai-act.json +51 -0
  36. package/src/posture/compliance-frameworks/gdpr.json +45 -0
  37. package/src/posture/compliance-frameworks/hipaa-security-rule.json +56 -0
  38. package/src/posture/compliance-frameworks/nist-ai-600-1.json +51 -0
  39. package/src/posture/compliance-frameworks/nist-csf-2.json +73 -0
  40. package/src/posture/compliance-frameworks/owasp-asvs-5.json +79 -0
  41. package/src/posture/compliance-frameworks/owasp-llm-top-10.json +69 -0
  42. package/src/posture/cross-repo-memory.js +180 -0
  43. package/src/posture/dep-add-guard.js +197 -0
  44. package/src/posture/findings-memory.js +152 -0
  45. package/src/posture/fix-style-mirror.js +118 -0
  46. package/src/posture/git-history.js +141 -0
  47. package/src/posture/intent-context.js +175 -0
  48. package/src/posture/model-rescan.js +76 -0
  49. package/src/posture/pattern-propagation.js +39 -0
  50. package/src/posture/pr-augment.js +234 -0
  51. package/src/posture/risk-dollars.js +158 -0
  52. package/src/posture/threat-model-grounding.js +169 -0
  53. package/src/posture/time-to-fix.js +129 -0
  54. package/src/posture/triage-memory.js +151 -0
  55. package/src/posture/triage.js +15 -1
  56. package/src/posture/watch-mode.js +171 -0
  57. package/src/posture/workflow-installer.js +231 -0
package/dist/agentic-security.mjs.sha256 CHANGED
@@ -1 +1 @@
1
- 56b473cb441c2d751ce3c3e55fd8eb8f607f8e571c59d0c67d891a016c15c8fe agentic-security.mjs
1
+ d6b7d0e3b2bad322c0dff29963703601e98bd7d8205281544e7c839543191d73 agentic-security.mjs
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@clear-capabilities/agentic-security-scanner",
3
- "version": "0.80.0",
3
+ "version": "0.84.1",
4
4
  "description": "Scanner engine for the agentic-security Claude Code plugin \u2014 SAST, SCA (function-level reachability + CISA KEV), secrets, IaC, prompt-injection, MCP/agent-tool audit, auth/authZ deep analysis, attack chains, PoC generation, business logic, toxic-combinations scoring, SBOM, SARIF ingest, pipeline integrity, compliance attestation, and more.",
5
5
  "type": "module",
6
6
  "main": "src/index.js",
@@ -55,12 +55,12 @@
55
55
  "test": "npm run test:smoke && npm run test:sast && npm run test:posture && npm run test:dataflow && npm run test:mcp && npm run test:report && npm run test:bench-modules && npm run test:lifecycle && AGENTIC_SECURITY_CPP_DATAFLOW=1 node --test test/cpp-dataflow.test.js",
56
56
  "test:smoke": "node --test test/smoke.test.js",
57
57
  "test:sast": "node --test test/llm.test.js test/llm-owasp.test.js test/logic.test.js test/authz.test.js test/model-load.test.js test/prompt-template.test.js test/business-logic.test.js test/python-sinks.test.js test/phase1-detectors.test.js test/phase2-detectors.test.js test/phase3-v3.test.js test/phase7-extensions.test.js test/phase8-extensions.test.js test/new-cwe-detectors.test.js test/llmsecops-detectors.test.js test/db-taint.test.js test/dart-swift.test.js test/redos-nfa.test.js test/weak-randomness.test.js test/csharp-pipeline.test.js test/post-quantum-crypto.test.js test/web3-advanced.test.js test/cloud-iam-k8s.test.js test/crypto-protocol.test.js test/ml-supply-chain.test.js",
58
- "test:posture": "node --test test/material-change.test.js test/drift.test.js test/scorecard.test.js test/mttr.test.js test/license-policy.test.js test/aibom.test.js test/sbom.test.js test/api-inventory.test.js test/iam-policy.test.js test/container.test.js test/container-runtime.test.js test/kev.test.js test/dep-confusion.test.js test/sca-deprecated.test.js test/sca-batch.test.js test/composite-risk.test.js test/sca-coverage.test.js test/sca-route-reachable.test.js test/sca-policy.test.js test/sca-linked-findings.test.js test/packs.test.js test/flow-narration.test.js test/regression-test-gen.test.js test/rule-synthesis.test.js test/policy-gate.test.js test/agents-memory.test.js test/cve-lookup.test.js test/cve-alert-daemon.test.js test/fix-verify-loop.test.js test/exploitability-probability.test.js test/history-scan.test.js test/viral-features.test.js test/viral-v074.test.js test/state-dir.test.js test/license-graph.test.js test/attack-taxonomy.test.js",
58
+ "test:posture": "node --test test/material-change.test.js test/drift.test.js test/scorecard.test.js test/mttr.test.js test/license-policy.test.js test/aibom.test.js test/sbom.test.js test/api-inventory.test.js test/iam-policy.test.js test/container.test.js test/container-runtime.test.js test/kev.test.js test/dep-confusion.test.js test/sca-deprecated.test.js test/sca-batch.test.js test/composite-risk.test.js test/sca-coverage.test.js test/sca-route-reachable.test.js test/sca-policy.test.js test/sca-linked-findings.test.js test/packs.test.js test/flow-narration.test.js test/regression-test-gen.test.js test/rule-synthesis.test.js test/policy-gate.test.js test/agents-memory.test.js test/cve-lookup.test.js test/cve-alert-daemon.test.js test/fix-verify-loop.test.js test/exploitability-probability.test.js test/history-scan.test.js test/viral-features.test.js test/viral-v074.test.js test/state-dir.test.js test/license-graph.test.js test/attack-taxonomy.test.js test/triage-memory.test.js test/pr-augment.test.js test/chat-batch2.test.js test/chat-batch3.test.js test/chat-batch4.test.js test/chat-batch5.test.js test/chat-batch6.test.js",
59
59
  "test:dataflow": "node --test test/fn-reach.test.js test/deep-taint.test.js test/calibration.test.js test/holdout-eval.test.js test/cross-lang-meta.test.js test/cross-lang-queues.test.js test/phase5-xlang.test.js test/phase5-coverage.test.js test/phase6-taint.test.js test/llm-validator-consistency.test.js test/llm-validator-default-on.test.js test/parser-py-cst.test.js test/parser-cs-kt.test.js test/parser-go.test.js test/parser-php-rb.test.js test/interproc-k2.test.js test/proven-clean.test.js test/backward-default.test.js test/incremental-cache.test.js test/string-regex-lattice.test.js test/closure-capture.test.js test/points-to.test.js test/type-stubs.test.js test/soft-taint.test.js test/ifds.test.js test/symbolic-exec-proof.test.js test/ifds-summary-edges.test.js test/stub-aware-filter.test.js test/cross-repo.test.js",
60
60
  "test:mcp": "node --test test/mcp.test.js test/mcp-audit.test.js test/audit-cli.test.js test/mcp-scratchpad.test.js test/mcp-offload.test.js test/sca-upgrade.test.js",
61
61
  "test:report": "node --test test/sarif-ingest.test.js test/junit.test.js test/ci.test.js test/poc-generator.test.js test/verifier.test.js test/verifier-target.test.js test/annotator-errors.test.js test/grader-calibration.test.js",
62
62
  "test:bench-modules": "node --test test/phase4-harness.test.js test/pipeline.test.js",
63
- "test:lifecycle": "node --test test/dead-code.test.js test/no-dead-modules.test.js test/stop-hook.test.js test/plugin-self-check.test.js test/skills-registry.test.js && node ../scripts/lint-command-descriptions.mjs",
63
+ "test:lifecycle": "node --test test/dead-code.test.js test/no-dead-modules.test.js test/stop-hook.test.js test/plugin-self-check.test.js test/skills-registry.test.js test/bodyguard.test.js && node ../scripts/lint-command-descriptions.mjs",
64
64
  "smoke": "node bin/agentic-security.js scan test/fixtures/vulnerable-js",
65
65
  "prebench": "npm run build",
66
66
  "bench": "node test/benchmark/bench.js",