@guava-parity/guard-scanner 13.0.0 → 16.0.0

package/docs/data/quality-contract.json

@@ -0,0 +1,36 @@
+{
+  "contract_version": "2026-03-13.quality-v1",
+  "benchmark_version": "2026-03-13.quality-v1",
+  "quality_targets": {
+    "precision_min": 0.9,
+    "recall_min": 0.9,
+    "false_positive_rate_max": 0.1,
+    "false_negative_rate_max": 0.1,
+    "explainability_completeness_rate_min": 1,
+    "runtime_check_latency_budget_ms": 5,
+    "false_positive_budget_by_category": {
+      "prompt-injection": 0.05,
+      "runtime-policy": 0.02,
+      "secret-detection": 0.08,
+      "supply-chain": 0.05,
+      "memory-poisoning": 0.03
+    }
+  },
+  "layers": [
+    {
+      "id": "layer_a",
+      "corpus": "test/fixtures/corpus/security-corpus.json",
+      "scanner_options": {}
+    },
+    {
+      "id": "layer_b",
+      "corpus": "test/fixtures/corpus/adversarial-corpus.json",
+      "scanner_options": {}
+    },
+    {
+      "id": "layer_c",
+      "corpus": "test/fixtures/corpus/ecosystem-corpus.json",
+      "scanner_options": {}
+    }
+  ]
+}

package/docs/generated/npm-audit-20260312.json

@@ -0,0 +1,96 @@
+{
+  "auditReportVersion": 2,
+  "vulnerabilities": {
+    "@buape/carbon": {
+      "name": "@buape/carbon",
+      "severity": "high",
+      "isDirect": false,
+      "via": [
+        "@hono/node-server"
+      ],
+      "effects": [
+        "openclaw"
+      ],
+      "range": "<=0.0.0-beta-20260306233624 || >=0.6.0",
+      "nodes": [
+        "node_modules/@buape/carbon"
+      ],
+      "fixAvailable": {
+        "name": "openclaw",
+        "version": "0.0.1",
+        "isSemVerMajor": true
+      }
+    },
+    "@hono/node-server": {
+      "name": "@hono/node-server",
+      "severity": "high",
+      "isDirect": false,
+      "via": [
+        {
+          "source": 1114170,
+          "name": "@hono/node-server",
+          "dependency": "@hono/node-server",
+          "title": "@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware",
+          "url": "https://github.com/advisories/GHSA-wc8c-qw6v-h7f6",
+          "severity": "high",
+          "cwe": [
+            "CWE-863"
+          ],
+          "cvss": {
+            "score": 7.5,
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+          },
+          "range": "<1.19.10"
+        }
+      ],
+      "effects": [
+        "@buape/carbon"
+      ],
+      "range": "<1.19.10",
+      "nodes": [
+        "node_modules/@hono/node-server"
+      ],
+      "fixAvailable": {
+        "name": "openclaw",
+        "version": "0.0.1",
+        "isSemVerMajor": true
+      }
+    },
+    "openclaw": {
+      "name": "openclaw",
+      "severity": "high",
+      "isDirect": true,
+      "via": [
+        "@buape/carbon"
+      ],
+      "effects": [],
+      "range": ">=2026.1.29-beta.1",
+      "nodes": [
+        "node_modules/openclaw"
+      ],
+      "fixAvailable": {
+        "name": "openclaw",
+        "version": "0.0.1",
+        "isSemVerMajor": true
+      }
+    }
+  },
+  "metadata": {
+    "vulnerabilities": {
+      "info": 0,
+      "low": 0,
+      "moderate": 0,
+      "high": 3,
+      "critical": 0,
+      "total": 3
+    },
+    "dependencies": {
+      "prod": 2,
+      "dev": 741,
+      "optional": 109,
+      "peer": 126,
+      "peerOptional": 0,
+      "total": 742
+    }
+  }
+}

package/docs/generated/openclaw-upstream-status.json

@@ -0,0 +1,25 @@
+{
+  "checkedAt": "2026-03-13T13:54:07.403Z",
+  "pinnedVersion": "2026.3.12",
+  "latestVersion": "2026.3.12",
+  "latestPublishedAt": "2026-03-13T04:13:28.358Z",
+  "registryModifiedAt": "2026-03-13T04:29:39.807Z",
+  "githubLatestVersion": "2026.3.12",
+  "githubPublishedAt": "2026-03-13T04:26:46Z",
+  "githubUrl": "https://github.com/openclaw/openclaw/releases/tag/v2026.3.12",
+  "sourceParity": {
+    "npmLatestVersion": "2026.3.12",
+    "githubLatestVersion": "2026.3.12",
+    "inParity": true
+  },
+  "source": "npm",
+  "status": {
+    "pinnedVersion": "2026.3.12",
+    "latestVersion": "2026.3.12",
+    "latestPublishedAt": "2026-03-13T04:13:28.358Z",
+    "source": "npm",
+    "upToDate": true,
+    "ahead": false,
+    "behind": false
+  }
+}

package/docs/glossary.md

@@ -0,0 +1,46 @@
+# Guard-Scanner Glossary
+
+Security terms used in guard-scanner, with standard equivalents.
+
+## Agent-Native Terms
+
+| Term | Standard Equivalent | Description |
+|------|---------------------|-------------|
+| SOUL.md | Identity / persistent-memory control file | A configuration file that defines an AI agent's persistent behavior, personality, and rules. Overwriting it can hijack the agent's identity. |
+| ClawHavoc | Agent skill supply-chain attack | An attack vector where malicious packages in a skill marketplace (e.g., ClawHub, npm) target AI agents, similar to typosquatting in package managers. |
+| ZombieAgent | Persistent rogue agent | An agent process that persists beyond its intended lifecycle, maintaining unauthorized access or executing hidden tasks. |
+| Soul Hijack | Agent identity takeover | An attack that overwrites an agent's identity file to change its behavior, bypass safety rules, or impersonate another agent. |
+| Moltbook | Third-party agent marketplace (ClawHub/npm) | External skill registries where users can discover and install agent capabilities. These are supply-chain attack surfaces. |
+| GuavaSuite | Agent runtime ecosystem | The full stack of tools, memory layers, and security infrastructure used by the Guava AI agent. |
+
+## Threat Categories (OWASP-Aligned)
+
+| Category ID | Description | OWASP Mapping |
+|-------------|-------------|---------------|
+| prompt-injection | Attempts to override system instructions | ASI01 — Agent Goal Hijack |
+| reverse-shell | Remote shell access attempts | ASI05 — Remote Code Execution |
+| data-exfiltration | Unauthorized data transfer to external servers | ASI05 — RCE / ASI04 — Supply Chain |
+| social-engineering | Trust exploitation and human manipulation | ASI09 — Human-Trust Exploitation |
+| malicious-code | Known malicious patterns (eval, exec, etc.) | ASI05 — RCE |
+| soul-lock | Identity file tampering attempts | ASI03 — Identity Abuse |
+| memory-poisoning | Attempts to corrupt agent memory/context | ASI06 — Memory Poisoning |
+| tool-shadowing | MCP tool description containing hidden instructions | ASI02 — Tool Misuse |
+| context-crush | Prompt overstuffing to push instructions out of context | ASI01 — Agent Goal Hijack |
+
+## Severity Levels
+
+| Level | Risk Weight | Meaning |
+|-------|------------|---------|
+| CRITICAL | 40 | Immediate threat — active exploitation attempt |
+| HIGH | 15 | Dangerous pattern — likely malicious |
+| MEDIUM | 5 | Suspicious pattern — needs review |
+| LOW | 2 | Informational — minor concern |
+
+## Verdicts
+
+| Verdict | Risk Range | Action |
+|---------|-----------|--------|
+| CLEAN | 0 | No threats detected |
+| SAFE | 1-19 | Low risk, safe to use |
+| SUSPICIOUS | 20-79 | Review recommended |
+| MALICIOUS | 80+ | Block / quarantine |