npm - @clear-capabilities/agentic-security-scanner - Versions diffs - 0.84.1 → 0.86.0 - Mend

@clear-capabilities/agentic-security-scanner 0.84.1 → 0.86.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/agentic-security.mjs.sha256 CHANGED Viewed

	@@ -1 +1 @@
1	- ~~d6b7d0e3b2bad322c0dff29963703601e98bd7d8205281544e7c839543191d73~~ agentic-security.mjs
1	+ 3bcd69ed73117d5a5954acfd240bd0f870ade6ca6fab6ce6ff255fbc3ce340aa agentic-security.mjs

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@clear-capabilities/agentic-security-scanner",
-  "version": "0.84.1",
+  "version": "0.86.0",
   "description": "Scanner engine for the agentic-security Claude Code plugin \u2014 SAST, SCA (function-level reachability + CISA KEV), secrets, IaC, prompt-injection, MCP/agent-tool audit, auth/authZ deep analysis, attack chains, PoC generation, business logic, toxic-combinations scoring, SBOM, SARIF ingest, pipeline integrity, compliance attestation, and more.",
   "type": "module",
   "main": "src/index.js",

package/src/posture/.agentic-security/dpia.md ADDED Viewed

@@ -0,0 +1,26 @@
+# Data Protection Impact Assessment (DPIA)
+Generated by agentic-security scanner on 2026-05-30.
+This is an automated DPIA scaffold derived from static analysis.
+It must be reviewed and completed by a privacy officer before use.
+## Data classes identified
+## Privacy-related findings
+| Severity | File:Line | Class → Sink | Description |
+|---|---|---|---|
+## Regulatory framework mapping
+- **GDPR Art. 35** — DPIA required when processing is likely to result in high risk to data subjects.
+- **CCPA §1798.130** — Notice + access rights for collected personal information.
+## Reviewer checklist
+- [ ] Confirm each PII field's collection has a documented lawful basis
+- [ ] Confirm retention period for each class is documented
+- [ ] Confirm DSAR (data subject access request) workflow exists
+- [ ] Confirm encryption at rest + in transit for each class
+- [ ] Confirm logging of PII access for audit (where applicable)

package/src/posture/.agentic-security/pqc-migration-plan.json ADDED Viewed

@@ -0,0 +1,65 @@
+{
+  "generatedAt": "2026-05-30T05:08:00.813Z",
+  "summary": {
+    "total": 1,
+    "hndlCritical": 0,
+    "standard": 1,
+    "filesAffected": 1,
+    "primitivesNeeded": [
+      "ML-DSA-65"
+    ]
+  },
+  "milestones": [
+    {
+      "id": "M1",
+      "title": "Inventory & policy",
+      "target": "90 days",
+      "owner": "security",
+      "items": [
+        "Confirm scanner findings against design docs",
+        "Adopt PQC migration policy (CNSA 2.0 / NIST IR 8547 alignment)",
+        "Establish KMS support for hybrid keys"
+      ]
+    },
+    {
+      "id": "M2",
+      "title": "HNDL-critical paths to PQ-hybrid",
+      "target": "180 days",
+      "owner": "platform",
+      "items": []
+    },
+    {
+      "id": "M3",
+      "title": "Standard signing/KEX migration",
+      "target": "12 months",
+      "owner": "platform",
+      "items": [
+        {
+          "finding": "pqc-ed25519:rule-pack-signing.js:187",
+          "file": "rule-pack-signing.js",
+          "line": 187,
+          "replacement": "ML-DSA-65"
+        }
+      ]
+    },
+    {
+      "id": "M4",
+      "title": "Deprecate classical primitives",
+      "target": "24 months",
+      "owner": "security",
+      "items": [
+        "Remove dual-stack libraries once peers are PQ-capable",
+        "Rotate root CA / long-lived signing keys to ML-DSA"
+      ]
+    }
+  ],
+  "perFile": {
+    "rule-pack-signing.js": {
+      "count": 1,
+      "subfamilies": [
+        "pqc-ed25519"
+      ],
+      "hndlCritical": false
+    }
+  }
+}

package/src/posture/.agentic-security/pqc-migration-plan.md ADDED Viewed

@@ -0,0 +1,30 @@
+# Post-quantum cryptography migration plan
+Generated 2026-05-30.
+**1** pre-quantum primitive sites across **1** files.
+HNDL-critical: **0** | Standard: **1**
+## Recommended PQ primitives
+- ML-DSA-65
+## M1 — Inventory & policy (target 90 days, owner security)
+- Confirm scanner findings against design docs
+- Adopt PQC migration policy (CNSA 2.0 / NIST IR 8547 alignment)
+- Establish KMS support for hybrid keys
+## M2 — HNDL-critical paths to PQ-hybrid (target 180 days, owner platform)
+## M3 — Standard signing/KEX migration (target 12 months, owner platform)
+- `rule-pack-signing.js:187` → ML-DSA-65
+## M4 — Deprecate classical primitives (target 24 months, owner security)
+- Remove dual-stack libraries once peers are PQ-capable
+- Rotate root CA / long-lived signing keys to ML-DSA
+## References
+- NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA)
+- NIST IR 8547 — Transition to Post-Quantum Cryptographic Standards
+- CNSA 2.0 — Commercial National Security Algorithm Suite, Sept 2022
+- RFC 9794 — X25519MLKEM768 hybrid key exchange for TLS 1.3
+- Open Quantum Safe project (liboqs, oqs-provider for OpenSSL 3)

package/src/posture/.agentic-security/sbom-history/7d45b5e03804aac084b4a2b4dc8c6f10107d2005.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "sha": "7d45b5e03804aac084b4a2b4dc8c6f10107d2005",
+  "ts": "2026-05-30T05:08:00.812Z",
+  "componentCount": 0,
+  "components": []
+}