@guava-parity/guard-scanner 9.1.0 → 15.0.0

package/src/scanner.js

@@ -13,7 +13,7 @@
  *
  * Based on GuavaGuard v9.0.0 (OSS extraction)
  * 20 threat categories • Snyk ToxicSkills + OWASP MCP Top 10
- * Zero dependencies • CLI + JSON + SARIF + HTML output
+ * Lightweight runtime footprint • CLI + JSON + SARIF + HTML output
  * Plugin API for custom detection rules
  *
  * Born from a real 3-day agent identity hijack (2026-02-12)
@@ -24,30 +24,24 @@
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
-const crypto = require('crypto');
 
 const { PATTERNS } = require('./patterns.js');
 const { KNOWN_MALICIOUS } = require('./ioc-db.js');
-const { generateHTML } = require('./html-template.js');
+const { RuleRegistry } = require('./core/rule-registry.js');
+const { loadIgnoreFile, loadTextFile } = require('./core/content-loader.js');
+const { classifyFile, CODE_EXTENSIONS, BINARY_EXTENSIONS, isSelfNoisePath, isSelfThreatCorpus, getFiles, listSkills } = require('./core/inventory.js');
+const { calculateRisk, getVerdict, SEVERITY_WEIGHTS } = require('./core/risk-engine.js');
+const { applySemanticValidators, checkASTValidation } = require('./core/semantic-validators.js');
+const { toJSONReport, toSARIFReport, toHTMLReport, printSummary } = require('./core/report-adapters.js');
 
 // ===== CONFIGURATION =====
-const VERSION = '8.0.0';
+const { version: VERSION } = require('../package.json');
 
 const THRESHOLDS = {
     normal: { suspicious: 30, malicious: 80 },
     strict: { suspicious: 20, malicious: 60 },
 };
 
-// File classification
-const CODE_EXTENSIONS = new Set(['.js', '.ts', '.mjs', '.cjs', '.py', '.sh', '.bash', '.ps1', '.rb', '.go', '.rs', '.php', '.pl']);
-const DOC_EXTENSIONS = new Set(['.md', '.txt', '.rst', '.adoc']);
-const DATA_EXTENSIONS = new Set(['.json', '.yaml', '.yml', '.toml', '.xml', '.csv']);
-const BINARY_EXTENSIONS = new Set(['.png', '.jpg', '.jpeg', '.gif', '.ico', '.woff', '.woff2', '.ttf', '.eot', '.wasm', '.wav', '.mp3', '.mp4', '.webm', '.ogg', '.pdf', '.zip', '.tar', '.gz', '.bz2', '.7z', '.exe', '.dll', '.so', '.dylib']);
-const GENERATED_REPORT_FILES = new Set(['guard-scanner-report.json', 'guard-scanner-report.html', 'guard-scanner.sarif']);
-
-// Severity weights for risk scoring
-const SEVERITY_WEIGHTS = { CRITICAL: 40, HIGH: 15, MEDIUM: 5, LOW: 2 };
-
 class GuardScanner {
     constructor(options = {}) {
         this.verbose = options.verbose || false;
@@ -76,6 +70,8 @@ class GuardScanner {
         if (options.rulesFile) {
             this.loadCustomRules(options.rulesFile);
         }
+
+        this.ruleRegistry = new RuleRegistry(PATTERNS, this.customRules);
     }
 
     // Plugin API: load a plugin module
@@ -91,6 +87,7 @@ class GuardScanner {
                 if (!this.summaryOnly) {
                     console.log(`🔌 Plugin loaded: ${plugin.name || pluginPath} (${plugin.patterns.length} rule(s))`);
                 }
+                this.ruleRegistry = new RuleRegistry(PATTERNS, this.customRules);
             }
         } catch (e) {
             console.error(`⚠️  Failed to load plugin ${pluginPath}: ${e.message}`);
@@ -130,6 +127,7 @@ class GuardScanner {
             if (!this.summaryOnly && this.customRules.length > 0) {
                 console.log(`📏 Loaded ${this.customRules.length} custom rule(s) from ${rulesFile}`);
             }
+            this.ruleRegistry = new RuleRegistry(PATTERNS, this.customRules);
         } catch (e) {
             console.error(`⚠️  Failed to load custom rules: ${e.message}`);
         }
@@ -137,41 +135,47 @@ class GuardScanner {
 
     // Load .guava-guard-ignore / .guard-scanner-ignore from scan directory
     loadIgnoreFile(scanDir) {
-        const ignorePaths = [
-            path.join(scanDir, '.guard-scanner-ignore'),
-            path.join(scanDir, '.guava-guard-ignore'),
-        ];
-        for (const ignorePath of ignorePaths) {
-            if (!fs.existsSync(ignorePath)) continue;
-            const lines = fs.readFileSync(ignorePath, 'utf-8').split('\n');
-            for (const line of lines) {
-                const trimmed = line.trim();
-                if (!trimmed || trimmed.startsWith('#')) continue;
-                if (trimmed.startsWith('pattern:')) {
-                    this.ignoredPatterns.add(trimmed.replace('pattern:', '').trim());
-                } else {
-                    this.ignoredSkills.add(trimmed);
-                }
-            }
-            if (this.verbose && (this.ignoredSkills.size || this.ignoredPatterns.size)) {
-                console.log(`📋 Loaded ignore file: ${this.ignoredSkills.size} skills, ${this.ignoredPatterns.size} patterns`);
-            }
-            break; // use first found
+        const ignored = loadIgnoreFile(scanDir);
+        this.ignoredSkills = ignored.ignoredSkills;
+        this.ignoredPatterns = ignored.ignoredPatterns;
+        if (this.verbose && (this.ignoredSkills.size || this.ignoredPatterns.size)) {
+            console.log(`📋 Loaded ignore file: ${this.ignoredSkills.size} skills, ${this.ignoredPatterns.size} patterns`);
         }
     }
 
+    /**
+     * Scan raw text for threats (used for Discord incoming messages, etc.)
+     * @param {string} text - Raw text to scan
+     * @returns {{ safe: boolean, risk: number, detections: Array }}
+     */
+    scanText(text) {
+        const findings = [];
+        this.checkIoCs(text, 'raw_text', findings);
+        this.checkPatterns(text, 'raw_text', 'code', findings); // use 'code' to run all patterns
+        if (this.customRules.length > 0) {
+            this.checkPatterns(text, 'raw_text', 'code', findings, this.customRules);
+        }
+        applySemanticValidators(text, 'raw_text', findings);
+        
+        // Filter ignored patterns
+        const filteredFindings = findings.filter(f => !this.ignoredPatterns.has(f.id));
+        const risk = this.calculateRisk(filteredFindings);
+        
+        return {
+            safe: risk < this.thresholds.suspicious,
+            risk,
+            detections: filteredFindings
+        };
+    }
+
     scanDirectory(dir) {
         if (!fs.existsSync(dir)) {
-            console.error(`❌ Directory not found: ${dir}`);
-            process.exit(2);
+            throw new Error(`Directory not found: ${dir}`);
         }
 
         this.loadIgnoreFile(dir);
 
-        const skills = fs.readdirSync(dir).filter(f => {
-            const p = path.join(dir, f);
-            return fs.statSync(p).isDirectory();
-        });
+        const skills = listSkills(dir);
 
         if (!this.quiet) {
             console.log(`\n🛡️  guard-scanner v${VERSION}`);
@@ -204,6 +208,13 @@ class GuardScanner {
         return this.findings;
     }
 
+    scanTarget(targetPath) {
+        this.findings = [];
+        this.stats = { scanned: 0, clean: 0, low: 0, suspicious: 0, malicious: 0 };
+        this.scanDirectory(targetPath);
+        return this.toJSON();
+    }
+
     scanSkill(skillPath, skillName) {
         this.stats.scanned++;
         const skillFindings = [];
@@ -228,9 +239,8 @@ class GuardScanner {
             if (BINARY_EXTENSIONS.has(ext)) continue;
             if (this.isSelfNoisePath(skillName, relFile)) continue;
 
-            let content;
-            try { content = fs.readFileSync(file, 'utf-8'); } catch { continue; }
-            if (content.length > 500000) continue;
+            const content = loadTextFile(file);
+            if (content === null) continue;
 
             const fileType = this.classifyFile(ext, relFile);
 
@@ -260,6 +270,7 @@ class GuardScanner {
             if ((ext === '.js' || ext === '.mjs' || ext === '.cjs' || ext === '.ts') && content.length < 200000) {
                 this.checkJSDataFlow(content, relFile, skillFindings);
             }
+            applySemanticValidators(content, relFile, skillFindings);
         }
 
         // Check 3: Structural checks
@@ -320,27 +331,15 @@ class GuardScanner {
     }
 
     classifyFile(ext, relFile) {
-        if (CODE_EXTENSIONS.has(ext)) return 'code';
-        if (DOC_EXTENSIONS.has(ext)) return 'doc';
-        if (DATA_EXTENSIONS.has(ext)) return 'data';
-        const base = path.basename(relFile).toLowerCase();
-        if (base === 'skill.md' || base === 'readme.md') return 'skill-doc';
-        return 'other';
+        return classifyFile(ext, relFile);
     }
 
     isSelfNoisePath(skillName, relFile) {
-        if (skillName !== 'guard-scanner') return false;
-        return /^test\//.test(relFile)
-            || /^dist\/__tests__\//.test(relFile)
-            || /^ts-src\/__tests__\//.test(relFile)
-            || /^docs\//.test(relFile)
-            || relFile === 'ROADMAP-RESEARCH.md'
-            || relFile === 'CHANGELOG.md';
+        return isSelfNoisePath(skillName, relFile);
     }
 
     isSelfThreatCorpus(skillName, relFile) {
-        if (skillName !== 'guard-scanner') return false;
-        return /(^|\/)(ioc-db|patterns)\.(js|ts)$/.test(relFile);
+        return isSelfThreatCorpus(skillName, relFile);
     }
 
     checkIoCs(content, relFile, findings) {
@@ -378,21 +377,48 @@ class GuardScanner {
         }
     }
 
-    checkPatterns(content, relFile, fileType, findings, patterns = PATTERNS) {
-        for (const pattern of patterns) {
+    checkPatterns(content, relFile, fileType, findings, patterns = null) {
+        const activePatterns = patterns || this.ruleRegistry.getRulesForFileType(fileType);
+        // v9: Payload Unfurling (Base64 / Hex Decoders)
+        let unfurledContent = content;
+
+        // Unfurl Buffer.from('...', 'base64') and atob('...')
+        const b64Regex = /(?:Buffer\.from\(\s*['"]([^'"]+)['"]\s*,\s*['"]base64['"]\)|atob\(\s*['"]([^'"]+)['"]\))/g;
+        unfurledContent = unfurledContent.replace(b64Regex, (match, g1, g2) => {
+            try {
+                const b64 = g1 || g2;
+                return Buffer.from(b64, 'base64').toString('utf8');
+            } catch { return match; }
+        });
+
+        // Unfurl hex escaped strings like \x63\x61\x74 -> cat
+        unfurledContent = unfurledContent.replace(/\\x([0-9a-fA-F]{2})/g, (match, hex) => {
+            return String.fromCharCode(parseInt(hex, 16));
+        });
+
+        for (const pattern of activePatterns) {
             // Soul Lock: skip identity-hijack/memory-poisoning patterns unless --soul-lock is enabled
             if (pattern.soulLock && !this.soulLock) continue;
             if (pattern.codeOnly && fileType !== 'code') continue;
             if (pattern.docOnly && fileType !== 'doc' && fileType !== 'skill-doc') continue;
-            if (!pattern.all && !pattern.codeOnly && !pattern.docOnly) continue;
+            if (!pattern.all && !pattern.codeOnly && !pattern.docOnly && pattern.scope !== 'skill-doc') continue;
 
             pattern.regex.lastIndex = 0;
-            const matches = content.match(pattern.regex);
+            let matches = content.match(pattern.regex);
+            let targetContent = content;
+
+            // If no match on raw content, try unfurled content
+            if (!matches && unfurledContent !== content) {
+                pattern.regex.lastIndex = 0;
+                matches = unfurledContent.match(pattern.regex);
+                targetContent = unfurledContent;
+            }
+
             if (!matches) continue;
 
             pattern.regex.lastIndex = 0;
-            const idx = content.search(pattern.regex);
-            const lineNum = idx >= 0 ? content.substring(0, idx).split('\n').length : null;
+            const idx = targetContent.search(pattern.regex);
+            const lineNum = idx >= 0 ? targetContent.substring(0, idx).split('\n').length : null;
 
             let adjustedSeverity = pattern.severity;
             if ((fileType === 'doc' || fileType === 'skill-doc') && pattern.all && !pattern.docOnly) {
@@ -403,8 +429,8 @@ class GuardScanner {
             findings.push({
                 severity: adjustedSeverity,
                 id: pattern.id,
-                cat: pattern.cat,
-                desc: pattern.desc,
+                cat: pattern.cat || pattern.category,
+                desc: pattern.desc || pattern.description,
                 file: relFile,
                 line: lineNum,
                 matchCount: matches.length,
@@ -751,36 +777,98 @@ class GuardScanner {
     }
 
     checkJSDataFlow(content, relFile, findings) {
-        const lines = content.split('\n');
+        // v9: Pseudo-AST Semantic Unfurling & Alias Tracking
+        // 1. Resolve string concatenations (e.g., '"f" + "etch"' -> '"fetch"')
+        let unfurledContent = content.replace(/(["'`])([^"'`]*)\1\s*\+\s*(["'`])([^"'`]*)\3/g, '$1$2$4$1');
+        for (let i = 0; i < 3; i++) { // Deep unfurl (up to 3 concats)
+            unfurledContent = unfurledContent.replace(/(["'`])([^"'`]*)\1\s*\+\s*(["'`])([^"'`]*)\3/g, '$1$2$4$1');
+        }
+
+        const lines = unfurledContent.split('\n');
         const imports = new Map();
         const sensitiveReads = [];
         const networkCalls = [];
         const execCalls = [];
 
+        // Alias Tracker for Sinks & Vars
+        const activeAliases = {
+            network: ['fetch', 'axios', 'request', 'http.request', 'https.request', 'got'],
+            exec: ['exec', 'execSync', 'spawn', 'spawnSync', 'execFile', "require('child_process').execSync"],
+            fsRead: ['readFileSync', 'readFile', 'fs.readFileSync', 'fs.readFile', "require('fs').readFileSync"]
+        };
+        const stringVars = new Map();
+
+        const registerAlias = (alias, target) => {
+            if (!alias || !target) return;
+            for (const [key, sinks] of Object.entries(activeAliases)) {
+                if (sinks.some(s => target.includes(s) || s.includes(target))) {
+                    activeAliases[key].push(alias);
+                }
+            }
+        };
+
+        // Pass 1: Extract Context & Aliases & Values
         for (let i = 0; i < lines.length; i++) {
             const line = lines[i];
-            const lineNum = i + 1;
 
+            // Standard variable assignment: const getRemote = fetch;
+            const aliasMatch = line.match(/(?:const|let|var)\s+([a-zA-Z0-9_$]+)\s*=\s*([a-zA-Z0-9_$.]+(?:\([^)]*\))?)\s*;/);
+            if (aliasMatch) {
+                registerAlias(aliasMatch[1], aliasMatch[2]);
+            }
+
+            // String literals: const target = ".env";
+            const strMatch = line.match(/(?:const|let|var)\s+([a-zA-Z0-9_$]+)\s*=\s*(["'`])([^"'`]+)\2/);
+            if (strMatch) {
+                stringVars.set(strMatch[1], strMatch[3]); // target -> .env
+            }
+
+            // Require assignments: const fs = require('fs')
             const reqMatch = line.match(/(?:const|let|var)\s+(?:{[^}]+}|\w+)\s*=\s*require\s*\(\s*['"]([^'"]+)['"]\s*\)/);
             if (reqMatch) {
                 const varMatch = line.match(/(?:const|let|var)\s+({[^}]+}|\w+)/);
-                if (varMatch) imports.set(varMatch[1].trim(), reqMatch[1]);
+                if (varMatch) {
+                    const aliasName = varMatch[1].trim();
+                    imports.set(aliasName, reqMatch[1]);
+                    registerAlias(`${aliasName}.readFileSync`, 'readFileSync'); // Link fs methods
+                    registerAlias(`${aliasName}.readFile`, 'readFile');
+                    registerAlias(`${aliasName}.exec`, 'exec');
+                    registerAlias(`${aliasName}.execSync`, 'execSync');
+                }
+            }
+        }
+
+        // Helper to create safe regex from dynamic aliases
+        const escapeRegex = (arr) => arr.map(a => a.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&')).join('|');
+
+        // Pass 2: Data Flow Matching with Interpolation
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+
+            // Pseudo-AST: substitute known literal vars into the line to reveal logic
+            let resolvedLine = line;
+            for (const [k, v] of stringVars.entries()) {
+                // replace var usage but only for whole words
+                resolvedLine = resolvedLine.replace(new RegExp(`\\b${k}\\b`, 'g'), `"${v}"`);
             }
 
-            if (/(?:readFileSync|readFile)\s*\([^)]*(?:\.env|\.ssh|id_rsa|\.clawdbot|\.openclaw(?!\/workspace))/i.test(line)) {
-                sensitiveReads.push({ line: lineNum, text: line.trim() });
+            const fsPattern = new RegExp(`(?:${escapeRegex(activeAliases.fsRead)})\\s*\\([^)]*(?:\\.env|\\.ssh|id_rsa|\\.clawdbot|\\.openclaw(?!\\/workspace))`, 'i');
+            if (fsPattern.test(resolvedLine)) {
+                sensitiveReads.push({ line: lineNum, text: resolvedLine.trim() });
             }
-            if (/process\.env\.[A-Z_]*(?:KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)/i.test(line)) {
-                sensitiveReads.push({ line: lineNum, text: line.trim() });
+            if (/process\.env\.[A-Z_]*(?:KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)/i.test(resolvedLine)) {
+                sensitiveReads.push({ line: lineNum, text: resolvedLine.trim() });
             }
 
-            if (/(?:fetch|axios|request|http\.request|https\.request|got)\s*\(/i.test(line) ||
-                /\.post\s*\(|\.put\s*\(|\.patch\s*\(/i.test(line)) {
-                networkCalls.push({ line: lineNum, text: line.trim() });
+            const netPattern = new RegExp(`(?:${escapeRegex(activeAliases.network)})\\s*\\(`, 'i');
+            if (netPattern.test(resolvedLine) || /\.post\s*\(|\.put\s*\(|\.patch\s*\(/.test(resolvedLine)) {
+                networkCalls.push({ line: lineNum, text: resolvedLine.trim() });
             }
 
-            if (/(?:exec|execSync|spawn|spawnSync|execFile)\s*\(/i.test(line)) {
-                execCalls.push({ line: lineNum, text: line.trim() });
+            const execPattern = new RegExp(`(?:${escapeRegex(activeAliases.exec)})\\s*\\(`, 'i');
+            if (execPattern.test(resolvedLine)) {
+                execCalls.push({ line: lineNum, text: resolvedLine.trim() });
             }
         }
 
@@ -863,181 +951,90 @@ class GuardScanner {
     }
 
     calculateRisk(findings) {
-        if (findings.length === 0) return 0;
-
-        let score = 0;
-        for (const f of findings) {
-            score += SEVERITY_WEIGHTS[f.severity] || 0;
-        }
-
-        const ids = new Set(findings.map(f => f.id));
-        const cats = new Set(findings.map(f => f.cat));
-
-        if (cats.has('credential-handling') && cats.has('exfiltration')) score = Math.round(score * 2);
-        if (cats.has('credential-handling') && findings.some(f => f.id === 'MAL_CHILD' || f.id === 'MAL_EXEC')) score = Math.round(score * 1.5);
-        if (cats.has('obfuscation') && (cats.has('malicious-code') || cats.has('credential-handling'))) score = Math.round(score * 2);
-        if (ids.has('DEP_LIFECYCLE_EXEC')) score = Math.round(score * 2);
-        if (ids.has('PI_BIDI') && findings.length > 1) score = Math.round(score * 1.5);
-        if (cats.has('leaky-skills') && (cats.has('exfiltration') || cats.has('malicious-code'))) score = Math.round(score * 2);
-        if (cats.has('memory-poisoning')) score = Math.round(score * 1.5);
-        if (cats.has('prompt-worm')) score = Math.round(score * 2);
-        if (cats.has('cve-patterns')) score = Math.max(score, 70);
-        if (cats.has('persistence') && (cats.has('malicious-code') || cats.has('credential-handling') || cats.has('memory-poisoning'))) score = Math.round(score * 1.5);
-        if (cats.has('identity-hijack')) score = Math.round(score * 2);
-        if (cats.has('identity-hijack') && (cats.has('persistence') || cats.has('memory-poisoning'))) score = Math.max(score, 90);
-        if (ids.has('IOC_IP') || ids.has('IOC_URL') || ids.has('KNOWN_TYPOSQUAT')) score = 100;
-
-        // v1.1 categories
-        if (cats.has('config-impact')) score = Math.round(score * 2);
-        if (cats.has('config-impact') && cats.has('sandbox-validation')) score = Math.max(score, 70);
-        if (cats.has('complexity') && (cats.has('malicious-code') || cats.has('obfuscation'))) score = Math.round(score * 1.5);
-
-        // v2.1 PII exposure amplifiers
-        if (cats.has('pii-exposure') && cats.has('exfiltration')) score = Math.round(score * 3);
-        if (cats.has('pii-exposure') && (ids.has('SHADOW_AI_OPENAI') || ids.has('SHADOW_AI_ANTHROPIC') || ids.has('SHADOW_AI_GENERIC'))) score = Math.round(score * 2.5);
-        if (cats.has('pii-exposure') && cats.has('credential-handling')) score = Math.round(score * 2);
-
-        return Math.min(100, score);
+        return calculateRisk(findings);
     }
 
     getVerdict(risk) {
-        if (risk >= this.thresholds.malicious) return { icon: '🔴', label: 'MALICIOUS', stat: 'malicious' };
-        if (risk >= this.thresholds.suspicious) return { icon: '🟡', label: 'SUSPICIOUS', stat: 'suspicious' };
-        if (risk > 0) return { icon: '🟢', label: 'LOW RISK', stat: 'low' };
-        return { icon: '🟢', label: 'CLEAN', stat: 'clean' };
+        return getVerdict(risk, this.thresholds);
     }
 
     getFiles(dir) {
-        const results = [];
-        try {
-            const entries = fs.readdirSync(dir, { withFileTypes: true });
-            for (const entry of entries) {
-                const fullPath = path.join(dir, entry.name);
-                if (entry.isDirectory()) {
-                    if (entry.name === '.git' || entry.name === 'node_modules') continue;
-                    results.push(...this.getFiles(fullPath));
-                } else {
-                    const baseName = entry.name.toLowerCase();
-                    if (GENERATED_REPORT_FILES.has(baseName)) continue;
-                    results.push(fullPath);
-                }
-            }
-        } catch { }
-        return results;
+        return getFiles(dir);
     }
 
     printSummary() {
-        const total = this.stats.scanned;
-        const safe = this.stats.clean + this.stats.low;
-        console.log(`\n${'═'.repeat(54)}`);
-        console.log(`📊 guard-scanner v${VERSION} Scan Summary`);
-        console.log(`${'─'.repeat(54)}`);
-        console.log(`   Scanned:      ${total}`);
-        console.log(`   🟢 Clean:       ${this.stats.clean}`);
-        console.log(`   🟢 Low Risk:    ${this.stats.low}`);
-        console.log(`   🟡 Suspicious:  ${this.stats.suspicious}`);
-        console.log(`   🔴 Malicious:   ${this.stats.malicious}`);
-        console.log(`   Safety Rate:  ${total ? Math.round(safe / total * 100) : 0}%`);
-        console.log(`${'═'.repeat(54)}`);
-
-        if (this.stats.malicious > 0) {
-            console.log(`\n⚠️  CRITICAL: ${this.stats.malicious} malicious skill(s) detected!`);
-            console.log(`   Review findings with --verbose and remove if confirmed.`);
-        } else if (this.stats.suspicious > 0) {
-            console.log(`\n⚡ ${this.stats.suspicious} suspicious skill(s) found — review recommended.`);
-        } else {
-            console.log(`\n✅ All clear! No threats detected.`);
-        }
+        return printSummary(this.stats, VERSION);
     }
 
     toJSON() {
-        const recommendations = [];
-        for (const skillResult of this.findings) {
-            const skillRecs = [];
-            const cats = new Set(skillResult.findings.map(f => f.cat));
-
-            if (cats.has('prompt-injection')) skillRecs.push('🛑 Contains prompt injection patterns.');
-            if (cats.has('malicious-code')) skillRecs.push('🛑 Contains potentially malicious code.');
-            if (cats.has('credential-handling') && cats.has('exfiltration')) skillRecs.push('💀 CRITICAL: Credential access + exfiltration. DO NOT INSTALL.');
-            if (cats.has('dependency-chain')) skillRecs.push('📦 Suspicious dependency chain.');
-            if (cats.has('obfuscation')) skillRecs.push('🔍 Code obfuscation detected.');
-            if (cats.has('secret-detection')) skillRecs.push('🔑 Possible hardcoded secrets.');
-            if (cats.has('leaky-skills')) skillRecs.push('💧 LEAKY SKILL: Secrets pass through LLM context.');
-            if (cats.has('memory-poisoning')) skillRecs.push('🧠 MEMORY POISONING: Agent memory modification attempt.');
-            if (cats.has('prompt-worm')) skillRecs.push('🪱 PROMPT WORM: Self-replicating instructions.');
-            if (cats.has('data-flow')) skillRecs.push('🔀 Suspicious data flow patterns.');
-            if (cats.has('persistence')) skillRecs.push('⏰ PERSISTENCE: Creates scheduled tasks.');
-            if (cats.has('cve-patterns')) skillRecs.push('🚨 CVE PATTERN: Matches known exploits.');
-            if (cats.has('identity-hijack')) skillRecs.push('🔒 IDENTITY HIJACK: Agent soul file tampering. DO NOT INSTALL.');
-            if (cats.has('sandbox-validation')) skillRecs.push('🔒 SANDBOX: Skill requests dangerous capabilities.');
-            if (cats.has('complexity')) skillRecs.push('🧩 COMPLEXITY: Excessive code complexity may hide malicious behavior.');
-            if (cats.has('config-impact')) skillRecs.push('⚙️ CONFIG IMPACT: Modifies OpenClaw configuration. DO NOT INSTALL.');
-            if (cats.has('pii-exposure')) skillRecs.push('🆔 PII EXPOSURE: Handles personally identifiable information. Review data handling.');
-
-            if (skillRecs.length > 0) recommendations.push({ skill: skillResult.skill, actions: skillRecs });
-        }
-
-        return {
-            timestamp: new Date().toISOString(),
-            scanner: `guard-scanner v${VERSION}`,
-            mode: this.strict ? 'strict' : 'normal',
-            stats: this.stats,
-            thresholds: this.thresholds,
-            findings: this.findings,
-            recommendations,
-            iocVersion: '2026-02-12',
-        };
+        return toJSONReport(this, VERSION);
     }
 
     toSARIF(scanDir) {
-        const rules = [];
-        const ruleIndex = {};
-        const results = [];
-
-        for (const skillResult of this.findings) {
-            for (const f of skillResult.findings) {
-                if (!ruleIndex[f.id]) {
-                    ruleIndex[f.id] = rules.length;
-                    rules.push({
-                        id: f.id, name: f.id,
-                        shortDescription: { text: f.desc },
-                        defaultConfiguration: { level: f.severity === 'CRITICAL' ? 'error' : f.severity === 'HIGH' ? 'error' : f.severity === 'MEDIUM' ? 'warning' : 'note' },
-                        properties: { tags: ['security', f.cat], 'security-severity': f.severity === 'CRITICAL' ? '9.0' : f.severity === 'HIGH' ? '7.0' : f.severity === 'MEDIUM' ? '4.0' : '1.0' }
-                    });
-                }
-                const normalizedFile = String(f.file || '')
-                    .replaceAll('\\', '/')
-                    .replace(/^\/+/, '');
-                const artifactUri = `${skillResult.skill}/${normalizedFile}`;
-                const fingerprintSeed = `${f.id}|${artifactUri}|${f.line || 0}|${(f.sample || '').slice(0, 200)}`;
-                const lineHash = crypto.createHash('sha256').update(fingerprintSeed).digest('hex').slice(0, 24);
-
-                results.push({
-                    ruleId: f.id, ruleIndex: ruleIndex[f.id],
-                    level: f.severity === 'CRITICAL' ? 'error' : f.severity === 'HIGH' ? 'error' : f.severity === 'MEDIUM' ? 'warning' : 'note',
-                    message: { text: `[${skillResult.skill}] ${f.desc}${f.sample ? ` — "${f.sample}"` : ''}` },
-                    partialFingerprints: {
-                        primaryLocationLineHash: lineHash
-                    },
-                    locations: [{ physicalLocation: { artifactLocation: { uri: artifactUri, uriBaseId: '%SRCROOT%' }, region: f.line ? { startLine: f.line } : undefined } }]
-                });
+        return toSARIFReport(this, VERSION, scanDir);
+    }
+
+    toHTML() {
+        return toHTMLReport(this, VERSION);
+    }
+
+    /**
+     * Generate a Threat Model based on the scan findings.
+     * @param {Array<Object>} findings - The array of findings from the scan.
+     * @returns {Object} The generated threat model.
+     */
+
+    /**
+     * Check AST for contextual validation of high-risk chains.
+     * Separates heuristic-only matches from validated chains.
+     */
+    checkASTValidation(content, relFile, findings) {
+        return checkASTValidation(content, relFile, findings);
+    }
+
+    generateThreatModel(findings) {
+        const surface = {
+            network: false,
+            file_system: false,
+            code_execution: false,
+            credential_exposure: false,
+            external_ingestion: false,
+            persistence: false
+        };
+
+        for (const f of findings) {
+            // Map pattern IDs or categories to capability surfaces
+            const id = f.id || '';
+            const cat = f.cat || '';
+            const desc = (f.desc || '').toLowerCase();
+            
+            if (id.includes('FETCH') || id.includes('CURL') || id.includes('SSRF') || id.includes('NETWORK') || id.includes('EXFIL') || id.includes('TRUST_WEB_EXEC') || desc.includes('fetch') || desc.includes('network') || desc.includes('web content')) {
+                surface.network = true;
+            }
+            if (id.includes('FS_') || id.includes('WRITE') || id.includes('READ') || id.includes('FILE') || id.includes('TRUST_WEB_EXEC') || desc.includes('file system') || desc.includes('readfilesync') || desc.includes('fs.read')) {
+                surface.file_system = true;
+            }
+            if (id.includes('EXEC') || id.includes('EVAL') || id.includes('SHELL') || id.includes('SPAWN') || id.includes('RCE') || desc.includes('exec') || desc.includes('shell')) {
+                surface.code_execution = true;
+            }
+            if (id.includes('CRED') || id.includes('KEY') || id.includes('SECRET') || id.includes('TOKEN') || cat.includes('credential') || desc.includes('credential') || desc.includes('trust boundary')) {
+                surface.credential_exposure = true;
+            }
+            if (id.includes('PI_') || id.includes('PROMPT_INJECT') || id.includes('POISON') || id.includes('TRUST_WEB_EXEC') || cat.includes('prompt-injection') || desc.includes('ignore all')) {
+                surface.external_ingestion = true;
+            }
+            if (id.includes('PERSIST') || id.includes('CRON') || id.includes('STARTUP') || cat.includes('persistence') || desc.includes('cron') || id.includes('DEPS_PHANTOM_IMPORT')) {
+                surface.persistence = true;
             }
         }
 
         return {
-            version: '2.1.0',
-            $schema: 'https://json.schemastore.org/sarif-2.1.0.json',
-            runs: [{
-                tool: { driver: { name: 'guard-scanner', version: VERSION, informationUri: 'https://github.com/koatora20/guard-scanner', rules } },
-                results,
-                invocations: [{ executionSuccessful: true, endTimeUtc: new Date().toISOString() }]
-            }]
+            timestamp: new Date().toISOString(),
+            surface,
+            summary: Object.keys(surface).filter(k => surface[k]).join(', ') || 'none'
         };
     }
 
-    toHTML() {
-        return generateHTML(VERSION, this.stats, this.findings);
-    }
 }
 
 const { scanToolCall, RUNTIME_CHECKS, getCheckStats, LAYER_NAMES } = require('./runtime-guard.js');