@guava-parity/guard-scanner 13.0.0 → 16.0.0

package/docs/rules/obfuscation.md

@@ -0,0 +1,60 @@
+# Threat Category: obfuscation
+
+This document provides explainability for all rules in the `obfuscation` category.
+
+## Rule: `OBF_HEX`
+- **Severity**: HIGH
+- **Description**: Hex-encoded string (5+ bytes)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `OBF_BASE64_EXEC`
+- **Severity**: CRITICAL
+- **Description**: Base64 decode → execute chain
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `OBF_BASE64`
+- **Severity**: MEDIUM
+- **Description**: Base64 decoding
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `OBF_CHARCODE`
+- **Severity**: HIGH
+- **Description**: Character code construction (4+ chars)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `OBF_CONCAT`
+- **Severity**: MEDIUM
+- **Description**: Array join obfuscation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `OBF_BASE64_BASH`
+- **Severity**: CRITICAL
+- **Description**: Base64 decode piped to shell
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `LLM_SCANNER_EVASION`
+- **Severity**: HIGH
+- **Description**: LLM scanner evasion: adversarial comment claiming code is safe
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+

package/docs/rules/persistence.md

@@ -0,0 +1,108 @@
+# Threat Category: persistence
+
+This document provides explainability for all rules in the `persistence` category.
+
+## Rule: `PERSIST_CRON`
+- **Severity**: HIGH
+- **Description**: Persistence: scheduled task creation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_STARTUP`
+- **Severity**: HIGH
+- **Description**: Persistence: startup execution
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_LAUNCHD`
+- **Severity**: HIGH
+- **Description**: OS-level persistence mechanism
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_CRONTAB_INJECT`
+- **Severity**: HIGH
+- **Description**: Persistence: crontab manipulation for scheduled execution
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_LAUNCHD_PLIST`
+- **Severity**: HIGH
+- **Description**: Persistence: macOS LaunchAgent/Daemon installation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_REGISTRY_RUN`
+- **Severity**: HIGH
+- **Description**: Persistence: Windows registry Run key modification
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_BASHRC_INJECT`
+- **Severity**: HIGH
+- **Description**: Persistence: shell profile injection (~/.bashrc, ~/.zshrc)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_SSH_AUTHORIZED`
+- **Severity**: CRITICAL
+- **Description**: Persistence: SSH authorized_keys modification for backdoor access
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PERSIST_SYSTEMD_SERVICE`
+- **Severity**: HIGH
+- **Description**: Persistence: systemd service installation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `EVASION_FILELESS`
+- **Severity**: CRITICAL
+- **Description**: Evasion: fileless execution via memory-backed file descriptors
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `EVASION_LOG_TAMPER`
+- **Severity**: HIGH
+- **Description**: Evasion: shell history clearing to hide activity
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `EVASION_TIMESTAMP_STOMP`
+- **Severity**: HIGH
+- **Description**: Evasion: file timestamp manipulation (timestomping)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `EVASION_PACKED_PAYLOAD`
+- **Severity**: HIGH
+- **Description**: Evasion: packed/protected binary to evade analysis
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+

package/docs/rules/pii-exposure.md

@@ -0,0 +1,116 @@
+# Threat Category: pii-exposure
+
+This document provides explainability for all rules in the `pii-exposure` category.
+
+## Rule: `PII_MY_NUMBER`
+- **Severity**: CRITICAL
+- **Description**: Potential My Number (個人番号)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_HARDCODED_CC`
+- **Severity**: CRITICAL
+- **Description**: Hardcoded credit card number
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_HARDCODED_SSN`
+- **Severity**: CRITICAL
+- **Description**: Hardcoded SSN/tax ID
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_HARDCODED_PHONE`
+- **Severity**: HIGH
+- **Description**: Hardcoded phone number
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_HARDCODED_EMAIL`
+- **Severity**: HIGH
+- **Description**: Hardcoded email address
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_LOG_SENSITIVE`
+- **Severity**: HIGH
+- **Description**: PII variable logged to console
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_SEND_NETWORK`
+- **Severity**: CRITICAL
+- **Description**: PII variable sent over network
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_STORE_PLAINTEXT`
+- **Severity**: HIGH
+- **Description**: PII stored in plaintext file
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SHADOW_AI_OPENAI`
+- **Severity**: HIGH
+- **Description**: Shadow AI: OpenAI API call
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SHADOW_AI_ANTHROPIC`
+- **Severity**: HIGH
+- **Description**: Shadow AI: Anthropic API call
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SHADOW_AI_GENERIC`
+- **Severity**: MEDIUM
+- **Description**: Shadow AI: generic LLM API endpoint
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_ASK_ADDRESS`
+- **Severity**: HIGH
+- **Description**: PII collection: home address
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_ASK_DOB`
+- **Severity**: HIGH
+- **Description**: PII collection: date of birth
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PII_ASK_GOV_ID`
+- **Severity**: CRITICAL
+- **Description**: PII collection: government ID
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+

package/docs/rules/prompt-injection.md

@@ -0,0 +1,148 @@
+# Threat Category: prompt-injection
+
+This document provides explainability for all rules in the `prompt-injection` category.
+
+## Rule: `PI_IGNORE`
+- **Severity**: CRITICAL
+- **Description**: Prompt injection: ignore instructions
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_ROLE`
+- **Severity**: CRITICAL
+- **Description**: Prompt injection: role override
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_SYSTEM`
+- **Severity**: CRITICAL
+- **Description**: Prompt injection: system message impersonation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_ZWSP`
+- **Severity**: CRITICAL
+- **Description**: Zero-width Unicode (hidden text)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_BIDI`
+- **Severity**: CRITICAL
+- **Description**: Unicode BiDi control character (text direction attack)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_INVISIBLE`
+- **Severity**: HIGH
+- **Description**: Invisible/formatting Unicode character
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_HOMOGLYPH`
+- **Severity**: HIGH
+- **Description**: Cyrillic/Latin homoglyph mixing
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_HOMOGLYPH_GREEK`
+- **Severity**: HIGH
+- **Description**: Greek/Latin homoglyph mixing
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_HOMOGLYPH_MATH`
+- **Severity**: HIGH
+- **Description**: Mathematical symbol homoglyphs (𝐀-𝟿)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_TAG_INJECTION`
+- **Severity**: CRITICAL
+- **Description**: XML/tag-based prompt injection
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_BASE64_MD`
+- **Severity**: CRITICAL
+- **Description**: Base64 execution instruction in docs
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `MOLTBOOK_REVERSE_PI`
+- **Severity**: CRITICAL
+- **Description**: Moltbook Reverse Prompt Injection
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `AUTO_REFINE_A2A_IDPI`
+- **Severity**: CRITICAL
+- **Description**: A2A Contagion Indirect Prompt Injection (IDPI)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `A2A_SEMANTIC_CONTAGION`
+- **Severity**: CRITICAL
+- **Description**: A2A Semantic Contagion passing downstream payload overrides
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_TOKEN_SPLIT`
+- **Severity**: HIGH
+- **Description**: Token-splitting PI: fragmented "ignore" across delimiters
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `PI_FULLWIDTH_EVASION`
+- **Severity**: HIGH
+- **Description**: Fullwidth Latin evasion (NFKC bypass)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `MOLTBOOK_INDIRECT_PI`
+- **Severity**: CRITICAL
+- **Description**: Moltbook Bot-to-Bot payload: hidden system instruction
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SNYK_AGENT_GUARD_EVASION`
+- **Severity**: CRITICAL
+- **Description**: Snyk Agent Guard evasion using Cyrillic/Homoglyphs
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+

package/docs/rules/prompt-worm.md

@@ -0,0 +1,44 @@
+# Threat Category: prompt-worm
+
+This document provides explainability for all rules in the `prompt-worm` category.
+
+## Rule: `WORM_SELF_REPLICATE`
+- **Severity**: CRITICAL
+- **Description**: Prompt worm: self-replication
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `WORM_SPREAD`
+- **Severity**: CRITICAL
+- **Description**: Prompt worm: agent-to-agent propagation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `WORM_HIDDEN_INSTRUCT`
+- **Severity**: CRITICAL
+- **Description**: Prompt worm: hidden instruction embedding
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `WORM_CSS_HIDE`
+- **Severity**: HIGH
+- **Description**: CSS-hidden content (invisible to humans)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `AUTO_REFINE_ZERO_WIDTH`
+- **Severity**: CRITICAL
+- **Description**: Zero-Width Prompt Injection Worm
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+

package/docs/rules/safeguard-bypass.md

@@ -0,0 +1,44 @@
+# Threat Category: safeguard-bypass
+
+This document provides explainability for all rules in the `safeguard-bypass` category.
+
+## Rule: `REPROMPT_URL_PI`
+- **Severity**: CRITICAL
+- **Description**: URL parameter prompt injection
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `REPROMPT_DOUBLE`
+- **Severity**: HIGH
+- **Description**: Double-execution safeguard bypass
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `REPROMPT_RETRY`
+- **Severity**: HIGH
+- **Description**: Retry-on-block safeguard bypass
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `BYPASS_REPHRASE`
+- **Severity**: CRITICAL
+- **Description**: Instruction to rephrase to avoid filters
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `CLAUDE_SEC_SCAN_SUPPRESS`
+- **Severity**: HIGH
+- **Description**: Claude Code Security scan result suppression or bypass
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+

package/docs/rules/sandbox-escape.md

@@ -0,0 +1,100 @@
+# Threat Category: sandbox-escape
+
+This document provides explainability for all rules in the `sandbox-escape` category.
+
+## Rule: `SANDBOX_PROC_MOUNT`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: /proc/self access for container breakout
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_CHROOT_BREAK`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: chroot/namespace manipulation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_DOCKER_SOCK`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: Docker socket access or privileged exec
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_SYMLINK_RACE`
+- **Severity**: HIGH
+- **Description**: Sandbox escape: symlink race condition to access restricted paths
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_PTRACE`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: ptrace-based process injection
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_RLIMIT_BYPASS`
+- **Severity**: HIGH
+- **Description**: Sandbox escape: resource limit bypass
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_MOUNT_NS`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: filesystem mount in restricted namespace
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_DBUS_ESCAPE`
+- **Severity**: HIGH
+- **Description**: Sandbox escape: D-Bus IPC exploitation (Flatpak/Snap)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_SECCOMP_BYPASS`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: seccomp filter manipulation
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_CGROUP_ESCAPE`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: cgroup breakout via release_agent (CVE-2022-0492 variant)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_K8S_SA_TOKEN`
+- **Severity**: CRITICAL
+- **Description**: Sandbox escape: Kubernetes service account token theft
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SANDBOX_WASM_ESCAPE`
+- **Severity**: HIGH
+- **Description**: WASM sandbox escape: WASI filesystem escape via mapped directories
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+

package/docs/rules/secret-detection.md

@@ -0,0 +1,44 @@
+# Threat Category: secret-detection
+
+This document provides explainability for all rules in the `secret-detection` category.
+
+## Rule: `SECRET_HARDCODED_KEY`
+- **Severity**: HIGH
+- **Description**: Hardcoded API key/secret
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SECRET_PRIVATE_KEY`
+- **Severity**: CRITICAL
+- **Description**: Embedded private key
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SECRET_GITHUB_TOKEN`
+- **Severity**: CRITICAL
+- **Description**: GitHub token
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `MOLTBOOK_SUPABASE_LEAK`
+- **Severity**: CRITICAL
+- **Description**: Supabase API Key (Moltbook 1.5M Leak pattern)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+
+## Rule: `SECRET_ANTHROPIC_KEY_V2`
+- **Severity**: CRITICAL
+- **Description**: Anthropic API key v2 (sk-ant-api/msg/adm prefix)
+- **Rationale**: Explains why this pattern is considered dangerous.
+- **Exploit Precondition**: What an attacker needs to trigger this.
+- **Likely False Positives**: Scenarios where this might trigger safely.
+- **Remediation Hint**: How to fix or mitigate the finding.
+