@cyclonedx/cdxgen 12.3.0 → 12.3.2

package/lib/stages/postgen/auditBom.poku.js

@@ -24,7 +24,12 @@ const WORKFLOWS_DIR = join(
   "workflows",
 );
 
-function makeBom(components = [], workflows = [], formulationComponents = []) {
+function makeBom(
+  components = [],
+  workflows = [],
+  formulationComponents = [],
+  services = [],
+) {
   const formulationEntry = {};
   if (formulationComponents.length) {
     formulationEntry.components = formulationComponents;
@@ -54,6 +59,7 @@ function makeBom(components = [], workflows = [], formulationComponents = []) {
       },
     },
     components,
+    services,
     formulation:
       workflows.length || formulationComponents.length
         ? [formulationEntry]
@@ -136,6 +142,10 @@ describe("loadRules", () => {
       containerRiskRules.length > 0,
       "Should have container risk rules",
     );
+    const mcpRules = rules.filter((r) => r.category === "mcp-server");
+    assert.ok(mcpRules.length > 0, "Should have MCP server rules");
+    const agentRules = rules.filter((r) => r.category === "ai-agent");
+    assert.ok(agentRules.length > 0, "Should have AI agent rules");
   });
 });
 
@@ -231,6 +241,418 @@ describe("evaluateRule", () => {
     assert.deepStrictEqual(findings[0].attackTechniques, ["T1528"]);
   });
 
+  it("should detect unauthenticated MCP tool exposure (MCP-001)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "MCP-001");
+    assert.ok(rule, "MCP-001 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [],
+      [
+        {
+          "bom-ref": "urn:service:mcp:unsafe-http:1.0.0",
+          name: "unsafe-http",
+          version: "1.0.0",
+          endpoints: ["/mcp-unsafe"],
+          authenticated: false,
+          properties: [
+            { name: "SrcFile", value: "src/unsafe.js" },
+            { name: "cdx:mcp:transport", value: "streamable-http" },
+            { name: "cdx:mcp:capabilities:tools", value: "true" },
+            { name: "cdx:mcp:toolCount", value: "1" },
+            { name: "cdx:mcp:officialSdk", value: "false" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect unauthenticated MCP tools");
+    assert.strictEqual(findings[0].severity, "critical");
+  });
+
+  it("should detect a network-exposed non-official MCP server (MCP-003)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "MCP-003");
+    assert.ok(rule, "MCP-003 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [],
+      [
+        {
+          "bom-ref": "urn:service:mcp:custom-wrapper:0.1.0",
+          name: "custom-wrapper",
+          version: "0.1.0",
+          endpoints: ["http://localhost:4000/mcp"],
+          authenticated: true,
+          properties: [
+            { name: "SrcFile", value: "src/custom.js" },
+            { name: "cdx:mcp:transport", value: "streamable-http" },
+            { name: "cdx:mcp:officialSdk", value: "false" },
+            { name: "cdx:mcp:toolCount", value: "2" },
+            { name: "cdx:mcp:sdkImports", value: "@acme/mcp-server" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect non-official MCP wrapper");
+    assert.strictEqual(findings[0].severity, "medium");
+  });
+
+  it("should detect hidden Unicode in AI agent files (AGT-001)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "AGT-001");
+    assert.ok(rule, "AGT-001 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [
+        {
+          "bom-ref": "file:/repo/AGENTS.md",
+          name: "AGENTS.md",
+          type: "file",
+          properties: [
+            { name: "SrcFile", value: "/repo/AGENTS.md" },
+            { name: "cdx:agent:inventorySource", value: "agent-file" },
+            { name: "cdx:file:hasHiddenUnicode", value: "true" },
+            { name: "cdx:file:hiddenUnicodeCodePoints", value: "U+200B" },
+            { name: "cdx:file:hiddenUnicodeLineNumbers", value: "4" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(
+      findings.length > 0,
+      "Should detect hidden Unicode in agent file",
+    );
+    assert.ok(findings[0].standards?.["owasp-ai-top-10"]?.length);
+  });
+
+  it("should detect public MCP endpoint references in AI agent files (AGT-002)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "AGT-002");
+    assert.ok(rule, "AGT-002 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [
+        {
+          "bom-ref": "file:/repo/.github/copilot-instructions.md",
+          name: "copilot-instructions.md",
+          type: "file",
+          properties: [
+            {
+              name: "SrcFile",
+              value: "/repo/.github/copilot-instructions.md",
+            },
+            { name: "cdx:agent:inventorySource", value: "agent-file" },
+            { name: "cdx:agent:hasPublicMcpEndpoint", value: "true" },
+            {
+              name: "cdx:agent:hiddenMcpUrls",
+              value: "https://demo.ngrok-free.app/mcp",
+            },
+            {
+              name: "cdx:agent:hiddenMcpHosts",
+              value: "demo.ngrok-free.app",
+            },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect public MCP endpoint risk");
+    assert.strictEqual(findings[0].severity, "high");
+  });
+
+  it("should detect undeclared MCP references in AI agent files (AGT-003)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "AGT-003");
+    assert.ok(rule, "AGT-003 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [
+        {
+          "bom-ref": "file:/repo/AGENTS.md",
+          name: "AGENTS.md",
+          type: "file",
+          properties: [
+            { name: "SrcFile", value: "/repo/AGENTS.md" },
+            { name: "cdx:agent:inventorySource", value: "agent-file" },
+            { name: "cdx:agent:hasMcpReferences", value: "true" },
+            {
+              name: "cdx:agent:mcpPackageRefs",
+              value: "@acme/mcp-server",
+            },
+            {
+              name: "cdx:agent:hiddenMcpUrls",
+              value: "http://localhost:3000/mcp",
+            },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect undeclared MCP references");
+  });
+
+  it("should detect tunneled MCP references in AI agent files (AGT-004)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "AGT-004");
+    assert.ok(rule, "AGT-004 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [
+        {
+          "bom-ref": "file:/repo/AGENTS.md",
+          name: "AGENTS.md",
+          type: "file",
+          properties: [
+            { name: "SrcFile", value: "/repo/AGENTS.md" },
+            { name: "cdx:agent:inventorySource", value: "agent-file" },
+            { name: "cdx:agent:hasTunnelReference", value: "true" },
+            {
+              name: "cdx:agent:hiddenMcpUrls",
+              value: "https://demo.ngrok-free.app/mcp",
+            },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect tunnel exposure");
+  });
+
+  it("should detect inline credentials in AI agent files (AGT-006)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "AGT-006");
+    assert.ok(rule, "AGT-006 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [
+        {
+          "bom-ref": "file:/repo/AGENTS.md",
+          name: "AGENTS.md",
+          type: "file",
+          properties: [
+            { name: "SrcFile", value: "/repo/AGENTS.md" },
+            { name: "cdx:agent:inventorySource", value: "agent-file" },
+            { name: "cdx:agent:credentialExposure", value: "true" },
+            {
+              name: "cdx:agent:credentialRiskIndicators",
+              value: "generic-secret,bearer-token",
+            },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect inline credentials");
+    assert.strictEqual(findings[0].severity, "critical");
+  });
+
+  it("should detect unauthenticated configured MCP endpoints (MCP-004)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "MCP-004");
+    assert.ok(rule, "MCP-004 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [],
+      [
+        {
+          "bom-ref": "urn:service:mcp:gateway:latest",
+          name: "gateway",
+          version: "latest",
+          endpoints: ["https://demo.ngrok-free.app/mcp"],
+          authenticated: false,
+          properties: [
+            { name: "SrcFile", value: "/repo/.vscode/mcp.json" },
+            { name: "cdx:mcp:inventorySource", value: "config-file" },
+            { name: "cdx:mcp:transport", value: "streamable-http" },
+            { name: "cdx:mcp:configFormat", value: "vscode" },
+            { name: "cdx:mcp:configKey", value: "mcpServers.gateway" },
+            { name: "cdx:mcp:trustProfile", value: "review-needed" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(
+      findings.length > 0,
+      "Should detect unauthenticated config endpoint",
+    );
+  });
+
+  it("should detect inline credential exposure in MCP config services (MCP-005)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "MCP-005");
+    assert.ok(rule, "MCP-005 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [],
+      [
+        {
+          "bom-ref": "urn:service:mcp:gateway:latest",
+          name: "gateway",
+          version: "latest",
+          properties: [
+            { name: "SrcFile", value: "/repo/.vscode/mcp.json" },
+            { name: "cdx:mcp:inventorySource", value: "config-file" },
+            { name: "cdx:mcp:credentialExposure", value: "true" },
+            {
+              name: "cdx:mcp:credentialExposureFieldCount",
+              value: "2",
+            },
+            {
+              name: "cdx:mcp:credentialIndicatorCount",
+              value: "2",
+            },
+            { name: "cdx:mcp:credentialReferenceCount", value: "1" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect config credential exposure");
+    assert.strictEqual(findings[0].severity, "critical");
+  });
+
+  it("should detect confused-deputy risk in MCP config services (MCP-006)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "MCP-006");
+    assert.ok(rule, "MCP-006 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [],
+      [
+        {
+          "bom-ref": "urn:service:mcp:gateway:latest",
+          name: "gateway",
+          version: "latest",
+          properties: [
+            { name: "SrcFile", value: "/repo/.vscode/mcp.json" },
+            { name: "cdx:mcp:inventorySource", value: "config-file" },
+            { name: "cdx:mcp:security:confusedDeputyRisk", value: "high" },
+            { name: "cdx:mcp:auth:supportsDCR", value: "true" },
+            { name: "cdx:mcp:authPosture", value: "oauth" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect confused-deputy risk");
+  });
+
+  it("should detect token passthrough risk in MCP config services (MCP-007)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "MCP-007");
+    assert.ok(rule, "MCP-007 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [],
+      [
+        {
+          "bom-ref": "urn:service:mcp:gateway:latest",
+          name: "gateway",
+          version: "latest",
+          properties: [
+            { name: "SrcFile", value: "/repo/.vscode/mcp.json" },
+            { name: "cdx:mcp:inventorySource", value: "config-file" },
+            { name: "cdx:mcp:security:tokenPassthroughRisk", value: "high" },
+            { name: "cdx:mcp:authPosture", value: "bearer" },
+            {
+              name: "cdx:mcp:trustProfile",
+              value: "official-sdk+networked+auth",
+            },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect token passthrough risk");
+  });
+
+  it("should flag shipped AI instruction files in build/post-build BOMs (AGT-007)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "AGT-007");
+    assert.ok(rule, "AGT-007 rule should exist");
+
+    const bom = makeBom([
+      {
+        "bom-ref": "file:/repo/CLAUDE.md",
+        name: "CLAUDE.md",
+        type: "file",
+        properties: [
+          { name: "SrcFile", value: "/repo/CLAUDE.md" },
+          { name: "cdx:file:kind", value: "agent-instructions" },
+          { name: "cdx:agent:inventorySource", value: "agent-file" },
+        ],
+      },
+    ]);
+    bom.metadata.lifecycles = [{ phase: "build" }, { phase: "post-build" }];
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect shipped AI instructions");
+    assert.strictEqual(findings[0].severity, "medium");
+  });
+
+  it("should flag shipped MCP config files in build/post-build BOMs (MCP-008)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "MCP-008");
+    assert.ok(rule, "MCP-008 rule should exist");
+
+    const bom = makeBom([
+      {
+        "bom-ref": "file:/repo/.vscode/mcp.json",
+        name: "mcp.json",
+        type: "file",
+        properties: [
+          { name: "SrcFile", value: "/repo/.vscode/mcp.json" },
+          { name: "cdx:file:kind", value: "mcp-config" },
+          { name: "cdx:mcp:configFormat", value: "vscode" },
+          { name: "cdx:mcp:configuredServiceCount", value: "1" },
+          { name: "cdx:mcp:configuredServiceNames", value: "releaseDocs" },
+        ],
+      },
+    ]);
+    bom.metadata.lifecycles = [{ phase: "build" }];
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect shipped MCP config");
+    assert.strictEqual(findings[0].severity, "medium");
+  });
+
   it("should detect npm name mismatch (INT-002)", async () => {
     const rules = await loadRules(RULES_DIR);
     const rule = rules.find((r) => r.id === "INT-002");
@@ -271,6 +693,216 @@ describe("evaluateRule", () => {
     assert.strictEqual(findings[0].severity, "high");
   });
 
+  it("should detect Cargo git dependency without immutable pin (PKG-007)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "PKG-007");
+    assert.ok(rule, "PKG-007 rule should exist");
+
+    const bom = makeBom([
+      {
+        type: "library",
+        name: "git-crate",
+        version: "git+https://example.com/git-crate",
+        purl: "pkg:cargo/git-crate@git+https://example.com/git-crate",
+        "bom-ref": "pkg:cargo/git-crate@git+https://example.com/git-crate",
+        properties: [
+          { name: "cdx:cargo:git", value: "https://example.com/git-crate" },
+          { name: "cdx:cargo:dependencyKind", value: "runtime" },
+        ],
+      },
+    ]);
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect mutable Cargo git source");
+    assert.strictEqual(findings[0].severity, "high");
+  });
+
+  it("should detect Cargo local path dependency (PKG-008)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "PKG-008");
+    assert.ok(rule, "PKG-008 rule should exist");
+
+    const bom = makeBom([
+      {
+        type: "library",
+        name: "path-crate",
+        version: "path+../path-crate",
+        purl: "pkg:cargo/path-crate@path+../path-crate",
+        "bom-ref": "pkg:cargo/path-crate@path+../path-crate",
+        properties: [
+          { name: "cdx:cargo:path", value: "../path-crate" },
+          { name: "cdx:cargo:dependencyKind", value: "build" },
+        ],
+      },
+    ]);
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect Cargo path dependency");
+    assert.strictEqual(findings[0].severity, "high");
+  });
+
+  it("should detect yanked Cargo crate (INT-010)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "INT-010");
+    assert.ok(rule, "INT-010 rule should exist");
+
+    const bom = makeBom([
+      {
+        type: "library",
+        name: "yanked-crate",
+        version: "1.2.3",
+        purl: "pkg:cargo/yanked-crate@1.2.3",
+        "bom-ref": "pkg:cargo/yanked-crate@1.2.3",
+        properties: [
+          { name: "cdx:cargo:yanked", value: "true" },
+          { name: "cdx:cargo:publisher", value: "publisher" },
+        ],
+      },
+    ]);
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect yanked Cargo crate");
+    assert.strictEqual(findings[0].severity, "high");
+  });
+
+  it("should detect native Cargo build surface in formulation (INT-011)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "INT-011");
+    assert.ok(rule, "INT-011 rule should exist");
+
+    const bom = makeBom(
+      [],
+      [],
+      [
+        {
+          type: "application",
+          name: "cargo-demo",
+          version: "config",
+          "bom-ref": "urn:cdxgen:formulation:cargo:test",
+          properties: [
+            { name: "SrcFile", value: "/tmp/Cargo.toml" },
+            { name: "cdx:rust:buildTool", value: "cargo" },
+            { name: "cdx:cargo:hasNativeBuild", value: "true" },
+            { name: "cdx:cargo:buildScript", value: "/tmp/build.rs" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(findings.length > 0, "Should detect native Cargo build surface");
+    assert.strictEqual(findings[0].severity, "medium");
+  });
+
+  it("should detect mutable Cargo toolchain setup for native builds (INT-012)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "INT-012");
+    assert.ok(rule, "INT-012 rule should exist");
+
+    const bom = makeBom(
+      [
+        {
+          type: "application",
+          name: "rust-toolchain",
+          version: "stable",
+          purl: "pkg:github/dtolnay/rust-toolchain@stable",
+          "bom-ref": "pkg:github/dtolnay/rust-toolchain@stable",
+          properties: [
+            { name: "cdx:github:action:ecosystem", value: "cargo" },
+            { name: "cdx:github:action:role", value: "toolchain" },
+            {
+              name: "cdx:github:action:versionPinningType",
+              value: "tag",
+            },
+            {
+              name: "cdx:github:action:uses",
+              value: "dtolnay/rust-toolchain@stable",
+            },
+          ],
+        },
+      ],
+      [],
+      [
+        {
+          type: "application",
+          name: "cargo-demo",
+          version: "config",
+          "bom-ref": "urn:cdxgen:formulation:cargo:int012",
+          properties: [
+            { name: "SrcFile", value: "/tmp/Cargo.toml" },
+            { name: "cdx:rust:buildTool", value: "cargo" },
+            { name: "cdx:cargo:hasNativeBuild", value: "true" },
+            { name: "cdx:cargo:buildScript", value: "/tmp/build.rs" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(
+      findings.length > 0,
+      "Should detect mutable Cargo toolchain setup for native builds",
+    );
+    assert.strictEqual(findings[0].severity, "medium");
+  });
+
+  it("should detect Cargo build workflow steps against native build surfaces (INT-013)", async () => {
+    const rules = await loadRules(RULES_DIR);
+    const rule = rules.find((r) => r.id === "INT-013");
+    assert.ok(rule, "INT-013 rule should exist");
+
+    const bom = makeBom(
+      [
+        {
+          type: "application",
+          name: "cargo build",
+          "bom-ref": "urn:cdxgen:workflow:cargo-build",
+          properties: [
+            { name: "cdx:github:step:type", value: "run" },
+            { name: "cdx:github:step:usesCargo", value: "true" },
+            {
+              name: "cdx:github:step:cargoSubcommands",
+              value: "build,test",
+            },
+            {
+              name: "cdx:github:step:command",
+              value: "cargo build --workspace && cargo test --workspace",
+            },
+          ],
+        },
+      ],
+      [],
+      [
+        {
+          type: "application",
+          name: "cargo-demo",
+          version: "config",
+          "bom-ref": "urn:cdxgen:formulation:cargo:int013",
+          properties: [
+            { name: "SrcFile", value: "/tmp/Cargo.toml" },
+            { name: "cdx:rust:buildTool", value: "cargo" },
+            { name: "cdx:cargo:hasNativeBuild", value: "true" },
+            {
+              name: "cdx:cargo:buildScriptCapabilities",
+              value: "process-execution, network-access",
+            },
+            {
+              name: "cdx:cargo:nativeBuildIndicators",
+              value: "bindgen, openssl-sys",
+            },
+          ],
+        },
+      ],
+    );
+
+    const findings = await evaluateRule(rule, bom);
+    assert.ok(
+      findings.length > 0,
+      "Should detect Cargo build workflow steps against native build surfaces",
+    );
+    assert.strictEqual(findings[0].severity, "medium");
+  });
+
   it("should detect broad host access extensions (CHE-001)", async () => {
     const rules = await loadRules(RULES_DIR);
     const rule = rules.find((r) => r.id === "CHE-001");
@@ -1720,6 +2352,62 @@ describe("auditBom", () => {
     }
   });
 
+  it("expands the ai-inventory category alias", async () => {
+    const bom = makeBom(
+      [],
+      [],
+      [
+        {
+          type: "application",
+          name: "agent-guide",
+          version: "latest",
+          "bom-ref": "file:/repo/AGENTS.md",
+          properties: [
+            { name: "SrcFile", value: "/repo/AGENTS.md" },
+            { name: "cdx:agent:inventorySource", value: "agent-file" },
+            { name: "cdx:file:kind", value: "agent-instructions" },
+            {
+              name: "cdx:agent:hasNonOfficialMcpReference",
+              value: "true",
+            },
+            { name: "cdx:agent:mcpPackageRefs", value: "@acme/mcp-server" },
+          ],
+        },
+      ],
+      [
+        {
+          "bom-ref": "urn:service:mcp:demo:1",
+          group: "mcp",
+          name: "demo-server",
+          authenticated: false,
+          endpoints: ["https://mcp.example.com/mcp"],
+          properties: [
+            { name: "cdx:mcp:transport", value: "streamable-http" },
+            { name: "cdx:mcp:serviceType", value: "inferred-endpoint" },
+            { name: "cdx:mcp:inventorySource", value: "agent-file" },
+            { name: "cdx:mcp:toolCount", value: "1" },
+            { name: "cdx:mcp:officialSdk", value: "false" },
+          ],
+        },
+      ],
+    );
+
+    const findings = await auditBom(bom, {
+      bomAuditCategories: "ai-inventory",
+    });
+    assert.ok(findings.some((finding) => finding.category === "ai-agent"));
+    assert.ok(findings.some((finding) => finding.category === "mcp-server"));
+  });
+
+  it("rejects unknown audit categories with valid choices", async () => {
+    await assert.rejects(
+      auditBom(makeBom([]), {
+        bomAuditCategories: "unknown-category",
+      }),
+      /Unknown BOM audit category: unknown-category\. Valid categories: .*ai-inventory \(alias for ai-agent,mcp-server\).*ci-permission.*mcp-server/,
+    );
+  });
+
   it("should filter by minimum severity", async () => {
     const bom = makeBom([
       makeComponent("actions/setup-node", "v3", [
@@ -1951,6 +2639,10 @@ describe("formatAnnotations", () => {
         mitigation: "Pin to SHA",
         attackTactics: ["TA0001", "TA0004"],
         attackTechniques: ["T1195.001"],
+        standards: {
+          "owasp-ai-top-10": ["LLM07: Insecure Plugin Design"],
+          "nist-ai-rmf": ["Manage"],
+        },
       },
     ];
     const annotations = formatAnnotations(findings, bom);
@@ -1961,6 +2653,7 @@ describe("formatAnnotations", () => {
     assert.match(annotations[0].text, /\| Property \| Value \|/);
     assert.match(annotations[0].text, /cdx:audit:attack:tactics/);
     assert.match(annotations[0].text, /cdx:audit:attack:techniques/);
+    assert.match(annotations[0].text, /cdx:audit:standards:owasp-ai-top-10/);
     assert.ok(
       annotations[0].annotator.component,
       "Annotation should have annotator component",