@clear-capabilities/agentic-security-scanner 0.80.0 → 0.86.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/dist/178.index.js +1 -1
  2. package/dist/384.index.js +1 -1
  3. package/dist/637.index.js +1 -1
  4. package/dist/838.index.js +1 -1
  5. package/dist/839.index.js +170 -0
  6. package/dist/985.index.js +51 -1
  7. package/dist/agentic-security.mjs +83 -83
  8. package/dist/agentic-security.mjs.sha256 +1 -1
  9. package/package.json +3 -3
  10. package/src/.agentic-security/findings.json +21283 -8189
  11. package/src/.agentic-security/last-scan.json +21283 -8189
  12. package/src/.agentic-security/last-scan.json.sig +1 -1
  13. package/src/.agentic-security/scan-history.json +512 -128
  14. package/src/.agentic-security/streak.json +3 -3
  15. package/src/engine.js +41 -0
  16. package/src/mcp/.agentic-security/findings.json +4 -4
  17. package/src/mcp/.agentic-security/last-scan.json +4 -4
  18. package/src/mcp/.agentic-security/last-scan.json.sig +1 -1
  19. package/src/mcp/.agentic-security/scan-history.json +188 -0
  20. package/src/mcp/.agentic-security/streak.json +5 -5
  21. package/src/mcp/tools.js +51 -1
  22. package/src/posture/.agentic-security/dpia.md +26 -0
  23. package/src/posture/.agentic-security/findings.json +17234 -4057
  24. package/src/posture/.agentic-security/last-scan.json +17234 -4057
  25. package/src/posture/.agentic-security/last-scan.json.sig +1 -1
  26. package/src/posture/.agentic-security/pqc-migration-plan.json +65 -0
  27. package/src/posture/.agentic-security/pqc-migration-plan.md +30 -0
  28. package/src/posture/.agentic-security/sbom-history/7d45b5e03804aac084b4a2b4dc8c6f10107d2005.json +6 -0
  29. package/src/posture/.agentic-security/scan-history.json +1942 -200
  30. package/src/posture/.agentic-security/streak.json +3 -3
  31. package/src/posture/.agentic-security/threat-model.json +2038 -0
  32. package/src/posture/.agentic-security/threat-model.md +73 -0
  33. package/src/posture/auditor-walkthrough.js +252 -0
  34. package/src/posture/claude-authorship.js +197 -0
  35. package/src/posture/compliance-frameworks/.agentic-security/findings.json +80 -0
  36. package/src/posture/compliance-frameworks/.agentic-security/last-scan.json +80 -0
  37. package/src/posture/compliance-frameworks/.agentic-security/last-scan.json.sig +1 -0
  38. package/src/posture/compliance-frameworks/.agentic-security/scan-history.json +90 -0
  39. package/src/posture/compliance-frameworks/.agentic-security/streak.json +22 -0
  40. package/src/posture/compliance-frameworks/ccpa.json +32 -0
  41. package/src/posture/compliance-frameworks/eu-ai-act.json +51 -0
  42. package/src/posture/compliance-frameworks/gdpr.json +45 -0
  43. package/src/posture/compliance-frameworks/hipaa-security-rule.json +56 -0
  44. package/src/posture/compliance-frameworks/nist-ai-600-1.json +51 -0
  45. package/src/posture/compliance-frameworks/nist-csf-2.json +73 -0
  46. package/src/posture/compliance-frameworks/owasp-asvs-5.json +79 -0
  47. package/src/posture/compliance-frameworks/owasp-llm-top-10.json +69 -0
  48. package/src/posture/cross-repo-memory.js +180 -0
  49. package/src/posture/dep-add-guard.js +197 -0
  50. package/src/posture/findings-memory.js +152 -0
  51. package/src/posture/fix-style-mirror.js +118 -0
  52. package/src/posture/git-history.js +141 -0
  53. package/src/posture/intent-context.js +175 -0
  54. package/src/posture/model-rescan.js +76 -0
  55. package/src/posture/pattern-propagation.js +39 -0
  56. package/src/posture/pr-augment.js +234 -0
  57. package/src/posture/risk-dollars.js +158 -0
  58. package/src/posture/router.js +4 -4
  59. package/src/posture/threat-model-grounding.js +169 -0
  60. package/src/posture/time-to-fix.js +129 -0
  61. package/src/posture/triage-memory.js +151 -0
  62. package/src/posture/triage.js +15 -1
  63. package/src/posture/watch-mode.js +171 -0
  64. package/src/posture/workflow-installer.js +231 -0
  65. package/src/report/.agentic-security/sbom-history/7d45b5e03804aac084b4a2b4dc8c6f10107d2005.json +6 -0
  66. package/src/report/.agentic-security/threat-model.json +7 -0
  67. package/src/report/.agentic-security/threat-model.md +22 -0
  68. package/src/report/index.js +1 -1
package/dist/agentic-security.mjs.sha256 CHANGED
@@ -1 +1 @@
1
- 56b473cb441c2d751ce3c3e55fd8eb8f607f8e571c59d0c67d891a016c15c8fe agentic-security.mjs
1
+ 3bcd69ed73117d5a5954acfd240bd0f870ade6ca6fab6ce6ff255fbc3ce340aa agentic-security.mjs
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@clear-capabilities/agentic-security-scanner",
3
- "version": "0.80.0",
3
+ "version": "0.86.0",
4
4
  "description": "Scanner engine for the agentic-security Claude Code plugin \u2014 SAST, SCA (function-level reachability + CISA KEV), secrets, IaC, prompt-injection, MCP/agent-tool audit, auth/authZ deep analysis, attack chains, PoC generation, business logic, toxic-combinations scoring, SBOM, SARIF ingest, pipeline integrity, compliance attestation, and more.",
5
5
  "type": "module",
6
6
  "main": "src/index.js",
@@ -55,12 +55,12 @@
55
55
  "test": "npm run test:smoke && npm run test:sast && npm run test:posture && npm run test:dataflow && npm run test:mcp && npm run test:report && npm run test:bench-modules && npm run test:lifecycle && AGENTIC_SECURITY_CPP_DATAFLOW=1 node --test test/cpp-dataflow.test.js",
56
56
  "test:smoke": "node --test test/smoke.test.js",
57
57
  "test:sast": "node --test test/llm.test.js test/llm-owasp.test.js test/logic.test.js test/authz.test.js test/model-load.test.js test/prompt-template.test.js test/business-logic.test.js test/python-sinks.test.js test/phase1-detectors.test.js test/phase2-detectors.test.js test/phase3-v3.test.js test/phase7-extensions.test.js test/phase8-extensions.test.js test/new-cwe-detectors.test.js test/llmsecops-detectors.test.js test/db-taint.test.js test/dart-swift.test.js test/redos-nfa.test.js test/weak-randomness.test.js test/csharp-pipeline.test.js test/post-quantum-crypto.test.js test/web3-advanced.test.js test/cloud-iam-k8s.test.js test/crypto-protocol.test.js test/ml-supply-chain.test.js",
58
- "test:posture": "node --test test/material-change.test.js test/drift.test.js test/scorecard.test.js test/mttr.test.js test/license-policy.test.js test/aibom.test.js test/sbom.test.js test/api-inventory.test.js test/iam-policy.test.js test/container.test.js test/container-runtime.test.js test/kev.test.js test/dep-confusion.test.js test/sca-deprecated.test.js test/sca-batch.test.js test/composite-risk.test.js test/sca-coverage.test.js test/sca-route-reachable.test.js test/sca-policy.test.js test/sca-linked-findings.test.js test/packs.test.js test/flow-narration.test.js test/regression-test-gen.test.js test/rule-synthesis.test.js test/policy-gate.test.js test/agents-memory.test.js test/cve-lookup.test.js test/cve-alert-daemon.test.js test/fix-verify-loop.test.js test/exploitability-probability.test.js test/history-scan.test.js test/viral-features.test.js test/viral-v074.test.js test/state-dir.test.js test/license-graph.test.js test/attack-taxonomy.test.js",
58
+ "test:posture": "node --test test/material-change.test.js test/drift.test.js test/scorecard.test.js test/mttr.test.js test/license-policy.test.js test/aibom.test.js test/sbom.test.js test/api-inventory.test.js test/iam-policy.test.js test/container.test.js test/container-runtime.test.js test/kev.test.js test/dep-confusion.test.js test/sca-deprecated.test.js test/sca-batch.test.js test/composite-risk.test.js test/sca-coverage.test.js test/sca-route-reachable.test.js test/sca-policy.test.js test/sca-linked-findings.test.js test/packs.test.js test/flow-narration.test.js test/regression-test-gen.test.js test/rule-synthesis.test.js test/policy-gate.test.js test/agents-memory.test.js test/cve-lookup.test.js test/cve-alert-daemon.test.js test/fix-verify-loop.test.js test/exploitability-probability.test.js test/history-scan.test.js test/viral-features.test.js test/viral-v074.test.js test/state-dir.test.js test/license-graph.test.js test/attack-taxonomy.test.js test/triage-memory.test.js test/pr-augment.test.js test/chat-batch2.test.js test/chat-batch3.test.js test/chat-batch4.test.js test/chat-batch5.test.js test/chat-batch6.test.js",
59
59
  "test:dataflow": "node --test test/fn-reach.test.js test/deep-taint.test.js test/calibration.test.js test/holdout-eval.test.js test/cross-lang-meta.test.js test/cross-lang-queues.test.js test/phase5-xlang.test.js test/phase5-coverage.test.js test/phase6-taint.test.js test/llm-validator-consistency.test.js test/llm-validator-default-on.test.js test/parser-py-cst.test.js test/parser-cs-kt.test.js test/parser-go.test.js test/parser-php-rb.test.js test/interproc-k2.test.js test/proven-clean.test.js test/backward-default.test.js test/incremental-cache.test.js test/string-regex-lattice.test.js test/closure-capture.test.js test/points-to.test.js test/type-stubs.test.js test/soft-taint.test.js test/ifds.test.js test/symbolic-exec-proof.test.js test/ifds-summary-edges.test.js test/stub-aware-filter.test.js test/cross-repo.test.js",
60
60
  "test:mcp": "node --test test/mcp.test.js test/mcp-audit.test.js test/audit-cli.test.js test/mcp-scratchpad.test.js test/mcp-offload.test.js test/sca-upgrade.test.js",
61
61
  "test:report": "node --test test/sarif-ingest.test.js test/junit.test.js test/ci.test.js test/poc-generator.test.js test/verifier.test.js test/verifier-target.test.js test/annotator-errors.test.js test/grader-calibration.test.js",
62
62
  "test:bench-modules": "node --test test/phase4-harness.test.js test/pipeline.test.js",
63
- "test:lifecycle": "node --test test/dead-code.test.js test/no-dead-modules.test.js test/stop-hook.test.js test/plugin-self-check.test.js test/skills-registry.test.js && node ../scripts/lint-command-descriptions.mjs",
63
+ "test:lifecycle": "node --test test/dead-code.test.js test/no-dead-modules.test.js test/stop-hook.test.js test/plugin-self-check.test.js test/skills-registry.test.js test/bodyguard.test.js && node ../scripts/lint-command-descriptions.mjs",
64
64
  "smoke": "node bin/agentic-security.js scan test/fixtures/vulnerable-js",
65
65
  "prebench": "npm run build",
66
66
  "bench": "node test/benchmark/bench.js",