@clear-capabilities/agentic-security-scanner 0.80.0 → 0.86.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/dist/178.index.js +1 -1
  2. package/dist/384.index.js +1 -1
  3. package/dist/637.index.js +1 -1
  4. package/dist/838.index.js +1 -1
  5. package/dist/839.index.js +170 -0
  6. package/dist/985.index.js +51 -1
  7. package/dist/agentic-security.mjs +83 -83
  8. package/dist/agentic-security.mjs.sha256 +1 -1
  9. package/package.json +3 -3
  10. package/src/.agentic-security/findings.json +21283 -8189
  11. package/src/.agentic-security/last-scan.json +21283 -8189
  12. package/src/.agentic-security/last-scan.json.sig +1 -1
  13. package/src/.agentic-security/scan-history.json +512 -128
  14. package/src/.agentic-security/streak.json +3 -3
  15. package/src/engine.js +41 -0
  16. package/src/mcp/.agentic-security/findings.json +4 -4
  17. package/src/mcp/.agentic-security/last-scan.json +4 -4
  18. package/src/mcp/.agentic-security/last-scan.json.sig +1 -1
  19. package/src/mcp/.agentic-security/scan-history.json +188 -0
  20. package/src/mcp/.agentic-security/streak.json +5 -5
  21. package/src/mcp/tools.js +51 -1
  22. package/src/posture/.agentic-security/dpia.md +26 -0
  23. package/src/posture/.agentic-security/findings.json +17234 -4057
  24. package/src/posture/.agentic-security/last-scan.json +17234 -4057
  25. package/src/posture/.agentic-security/last-scan.json.sig +1 -1
  26. package/src/posture/.agentic-security/pqc-migration-plan.json +65 -0
  27. package/src/posture/.agentic-security/pqc-migration-plan.md +30 -0
  28. package/src/posture/.agentic-security/sbom-history/7d45b5e03804aac084b4a2b4dc8c6f10107d2005.json +6 -0
  29. package/src/posture/.agentic-security/scan-history.json +1942 -200
  30. package/src/posture/.agentic-security/streak.json +3 -3
  31. package/src/posture/.agentic-security/threat-model.json +2038 -0
  32. package/src/posture/.agentic-security/threat-model.md +73 -0
  33. package/src/posture/auditor-walkthrough.js +252 -0
  34. package/src/posture/claude-authorship.js +197 -0
  35. package/src/posture/compliance-frameworks/.agentic-security/findings.json +80 -0
  36. package/src/posture/compliance-frameworks/.agentic-security/last-scan.json +80 -0
  37. package/src/posture/compliance-frameworks/.agentic-security/last-scan.json.sig +1 -0
  38. package/src/posture/compliance-frameworks/.agentic-security/scan-history.json +90 -0
  39. package/src/posture/compliance-frameworks/.agentic-security/streak.json +22 -0
  40. package/src/posture/compliance-frameworks/ccpa.json +32 -0
  41. package/src/posture/compliance-frameworks/eu-ai-act.json +51 -0
  42. package/src/posture/compliance-frameworks/gdpr.json +45 -0
  43. package/src/posture/compliance-frameworks/hipaa-security-rule.json +56 -0
  44. package/src/posture/compliance-frameworks/nist-ai-600-1.json +51 -0
  45. package/src/posture/compliance-frameworks/nist-csf-2.json +73 -0
  46. package/src/posture/compliance-frameworks/owasp-asvs-5.json +79 -0
  47. package/src/posture/compliance-frameworks/owasp-llm-top-10.json +69 -0
  48. package/src/posture/cross-repo-memory.js +180 -0
  49. package/src/posture/dep-add-guard.js +197 -0
  50. package/src/posture/findings-memory.js +152 -0
  51. package/src/posture/fix-style-mirror.js +118 -0
  52. package/src/posture/git-history.js +141 -0
  53. package/src/posture/intent-context.js +175 -0
  54. package/src/posture/model-rescan.js +76 -0
  55. package/src/posture/pattern-propagation.js +39 -0
  56. package/src/posture/pr-augment.js +234 -0
  57. package/src/posture/risk-dollars.js +158 -0
  58. package/src/posture/router.js +4 -4
  59. package/src/posture/threat-model-grounding.js +169 -0
  60. package/src/posture/time-to-fix.js +129 -0
  61. package/src/posture/triage-memory.js +151 -0
  62. package/src/posture/triage.js +15 -1
  63. package/src/posture/watch-mode.js +171 -0
  64. package/src/posture/workflow-installer.js +231 -0
  65. package/src/report/.agentic-security/sbom-history/7d45b5e03804aac084b4a2b4dc8c6f10107d2005.json +6 -0
  66. package/src/report/.agentic-security/threat-model.json +7 -0
  67. package/src/report/.agentic-security/threat-model.md +22 -0
  68. package/src/report/index.js +1 -1
package/src/posture/.agentic-security/last-scan.json.sig CHANGED
@@ -1 +1 @@
1
- 0919325c261eaa45c69db6fb89a2f7cb50e0fcc3ccc054359606823ec194693e
1
+ 39996421280552970646e4a1035a28ab4226d74f4ff8ed29cfeae2fa5c693ec8
package/src/posture/.agentic-security/pqc-migration-plan.json ADDED
@@ -0,0 +1,65 @@
1
+ {
2
+ "generatedAt": "2026-05-30T05:08:00.813Z",
3
+ "summary": {
4
+ "total": 1,
5
+ "hndlCritical": 0,
6
+ "standard": 1,
7
+ "filesAffected": 1,
8
+ "primitivesNeeded": [
9
+ "ML-DSA-65"
10
+ ]
11
+ },
12
+ "milestones": [
13
+ {
14
+ "id": "M1",
15
+ "title": "Inventory & policy",
16
+ "target": "90 days",
17
+ "owner": "security",
18
+ "items": [
19
+ "Confirm scanner findings against design docs",
20
+ "Adopt PQC migration policy (CNSA 2.0 / NIST IR 8547 alignment)",
21
+ "Establish KMS support for hybrid keys"
22
+ ]
23
+ },
24
+ {
25
+ "id": "M2",
26
+ "title": "HNDL-critical paths to PQ-hybrid",
27
+ "target": "180 days",
28
+ "owner": "platform",
29
+ "items": []
30
+ },
31
+ {
32
+ "id": "M3",
33
+ "title": "Standard signing/KEX migration",
34
+ "target": "12 months",
35
+ "owner": "platform",
36
+ "items": [
37
+ {
38
+ "finding": "pqc-ed25519:rule-pack-signing.js:187",
39
+ "file": "rule-pack-signing.js",
40
+ "line": 187,
41
+ "replacement": "ML-DSA-65"
42
+ }
43
+ ]
44
+ },
45
+ {
46
+ "id": "M4",
47
+ "title": "Deprecate classical primitives",
48
+ "target": "24 months",
49
+ "owner": "security",
50
+ "items": [
51
+ "Remove dual-stack libraries once peers are PQ-capable",
52
+ "Rotate root CA / long-lived signing keys to ML-DSA"
53
+ ]
54
+ }
55
+ ],
56
+ "perFile": {
57
+ "rule-pack-signing.js": {
58
+ "count": 1,
59
+ "subfamilies": [
60
+ "pqc-ed25519"
61
+ ],
62
+ "hndlCritical": false
63
+ }
64
+ }
65
+ }
package/src/posture/.agentic-security/pqc-migration-plan.md ADDED
@@ -0,0 +1,30 @@
1
+ # Post-quantum cryptography migration plan
2
+
3
+ Generated 2026-05-30.
4
+
5
+ **1** pre-quantum primitive sites across **1** files.
6
+ HNDL-critical: **0** | Standard: **1**
7
+
8
+ ## Recommended PQ primitives
9
+ - ML-DSA-65
10
+
11
+ ## M1 — Inventory & policy (target 90 days, owner security)
12
+ - Confirm scanner findings against design docs
13
+ - Adopt PQC migration policy (CNSA 2.0 / NIST IR 8547 alignment)
14
+ - Establish KMS support for hybrid keys
15
+
16
+ ## M2 — HNDL-critical paths to PQ-hybrid (target 180 days, owner platform)
17
+
18
+ ## M3 — Standard signing/KEX migration (target 12 months, owner platform)
19
+ - `rule-pack-signing.js:187` → ML-DSA-65
20
+
21
+ ## M4 — Deprecate classical primitives (target 24 months, owner security)
22
+ - Remove dual-stack libraries once peers are PQ-capable
23
+ - Rotate root CA / long-lived signing keys to ML-DSA
24
+
25
+ ## References
26
+ - NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA)
27
+ - NIST IR 8547 — Transition to Post-Quantum Cryptographic Standards
28
+ - CNSA 2.0 — Commercial National Security Algorithm Suite, Sept 2022
29
+ - RFC 9794 — X25519MLKEM768 hybrid key exchange for TLS 1.3
30
+ - Open Quantum Safe project (liboqs, oqs-provider for OpenSSL 3)
package/src/posture/.agentic-security/sbom-history/7d45b5e03804aac084b4a2b4dc8c6f10107d2005.json ADDED
@@ -0,0 +1,6 @@
1
+ {
2
+ "sha": "7d45b5e03804aac084b4a2b4dc8c6f10107d2005",
3
+ "ts": "2026-05-30T05:08:00.812Z",
4
+ "componentCount": 0,
5
+ "components": []
6
+ }