@indicated/vibeguard 1.5.3 → 1.7.0

package/.claude/hooks/agentspace-notify.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+# AgentSpace hook — posts Claude Code activity
+# Auto-generated by AgentSpace connect. Re-run the connect command to update.
+
+API_KEY="1PrB_oCCtbm5ghzSNQ2VmL2HN0Asi1xE2m6RgjjxVl0"
+API_URL="https://agentspace-efp3.vercel.app/api/spaces/boys/events"
+AGENT_NAME="VibeGuard"
+
+if [ -z "$API_KEY" ]; then
+  exit 0
+fi
+
+# Read hook input from stdin
+INPUT=$(cat)
+
+EVENT=$(echo "$INPUT" | jq -r '.hook_event_name // "unknown"')
+TOOL=$(echo "$INPUT" | jq -r '.tool_name // ""')
+
+# Privacy-first project label: include only directory basename.
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
+PROJECT_NAME=$(basename "$PROJECT_DIR" 2>/dev/null || echo "current")
+if [ -z "$PROJECT_NAME" ] || [ "$PROJECT_NAME" = "/" ] || [ "$PROJECT_NAME" = "." ]; then
+  PROJECT_NAME="current"
+fi
+PROJECT_TASK="Working in ${PROJECT_NAME} project"
+
+# Map hook events to coarse, non-sensitive activity categories.
+case "$EVENT" in
+  SessionStart)
+    STATUS="working"
+    TYPE="session_start"
+    CONTENT="Session started"
+    TASK="$PROJECT_TASK"
+    ;;
+  PostToolUse)
+    STATUS="working"
+    case "$TOOL" in
+      Bash)
+        TYPE="running_terminal"
+        CONTENT="Running checks"
+        TASK="$PROJECT_TASK"
+        ;;
+      Read|Write|Edit|MultiEdit)
+        TYPE="coding"
+        CONTENT="Coding"
+        TASK="$PROJECT_TASK"
+        ;;
+      Grep)
+        TYPE="searching_code"
+        CONTENT="Searching code"
+        TASK="$PROJECT_TASK"
+        ;;
+      Glob)
+        TYPE="searching_file"
+        CONTENT="Searching for files"
+        TASK="$PROJECT_TASK"
+        ;;
+      WebFetch|WebSearch)
+        TYPE="searching_web"
+        CONTENT="Researching online"
+        STATUS="thinking"
+        TASK="$PROJECT_TASK"
+        ;;
+      Task)
+        TYPE="delegating"
+        CONTENT="Delegating work"
+        STATUS="thinking"
+        TASK="$PROJECT_TASK"
+        ;;
+      *)
+        TYPE="activity"
+        CONTENT="Working"
+        TASK="$PROJECT_TASK"
+        ;;
+    esac
+    ;;
+  Stop)
+    STATUS="offline"
+    TYPE="session_end"
+    CONTENT="Session ended"
+    TASK="$PROJECT_TASK"
+    ;;
+  *)
+    exit 0
+    ;;
+esac
+
+PAYLOAD=$(jq -n \
+  --arg agentName "$AGENT_NAME" \
+  --arg content "$CONTENT" \
+  --arg status "$STATUS" \
+  --arg task "$TASK" \
+  --arg type "$TYPE" \
+  '{agentName: $agentName, content: $content, status: $status, task: $task, type: $type}')
+
+# POST to AgentSpace
+curl -s -X POST "$API_URL" \
+  -H "Content-Type: application/json" \
+  -H "Authorization: Bearer $API_KEY" \
+  -d "$PAYLOAD" \
+  -o /dev/null 2>/dev/null
+
+exit 0

package/.claude/settings.local.json

@@ -1,5 +1,44 @@
 {
   "enabledMcpjsonServers": [
     "vibeguard"
-  ]
+  ],
+  "hooks": {
+    "PostToolUse": [
+      {
+        "matcher": ".*",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/agentspace-notify.sh",
+            "timeout": 10,
+            "async": true
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/agentspace-notify.sh",
+            "timeout": 10,
+            "async": true
+          }
+        ]
+      }
+    ],
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "$CLAUDE_PROJECT_DIR/.claude/hooks/agentspace-notify.sh",
+            "timeout": 10,
+            "async": true
+          }
+        ]
+      }
+    ]
+  }
 }

package/README.md

@@ -143,12 +143,22 @@ Create a `.vibeguardrc.json` in your project root:
 - TypeScript (.ts, .tsx)
 - Python (.py)
 
-## Security Rules
+## Security Rules (74 checks)
 
 ### Critical
 - **hardcoded-secret**: Detects hardcoded API keys, tokens, and passwords
 - **sql-injection**: Detects SQL injection vulnerabilities
 - **eval-usage**: Detects dangerous eval() usage
+- **command-injection**: User input passed to shell commands
+- **insecure-deserialization**: Unsafe deserialization of untrusted data
+- **insecure-randomness**: Math.random()/random module used for security tokens
+- **weak-cryptography**: MD5/SHA1 used for passwords or security hashing
+- **nosql-injection**: User input passed directly to MongoDB/NoSQL queries
+- **password-plaintext-storage**: Passwords stored in database without hashing
+- **django-debug-true**: Django DEBUG=True in production
+- **django-secret-key-exposed**: Django SECRET_KEY hardcoded
+- **django-raw-sql**: Django raw SQL with string formatting
+- **flask-secret-key-exposed**: Flask SECRET_KEY hardcoded
 
 ### High
 - **missing-auth-route**: API routes without authentication
@@ -157,15 +167,53 @@ Create a `.vibeguardrc.json` in your project root:
 - **supabase-no-rls**: Supabase queries without RLS
 - **firebase-no-rules**: Firebase without security rules
 - **idor-vulnerability**: Potential IDOR vulnerabilities
+- **path-traversal**: User input in file paths
+- **ssrf-vulnerability**: Server-side request forgery
+- **open-redirect**: Redirecting to user-supplied URLs
+- **insecure-cookie**: Cookies without security flags
+- **missing-csrf**: Forms without CSRF tokens
+- **disabled-tls-verification**: SSL/TLS certificate verification disabled
+- **unsafe-regex-construction**: User input in RegExp constructor (ReDoS)
+- **postmessage-no-origin**: postMessage listener without origin check
+- **hardcoded-db-credentials**: Database connection strings with embedded passwords
+- **ssti-vulnerability**: Server-side template injection
+- **unvalidated-file-upload**: File uploads without type/size validation
+- **electron-insecure-config**: nodeIntegration/contextIsolation misconfiguration
+- **prisma-raw-query**: Prisma raw queries with user input
+- **nextjs-exposed-server-action**: Next.js server actions without auth
+- **nextjs-api-route-no-auth**: Next.js API routes without auth
+- **express-session-insecure**: Express session without secure flags
+- **jwt-missing-exp**: JWT tokens signed without expiration
+- **jwt-weak-secret**: JWT signed with short hardcoded secret
+- **cors-credentials-wildcard**: CORS wildcard origin with credentials enabled
+- **password-hash-weak**: Passwords hashed with MD5/SHA1/raw SHA256 instead of KDF
+- **zip-slip**: Archive extraction without path validation
+- **s3-public-read**: S3 bucket with public access policy
 
 ### Medium
 - **permissive-cors**: Overly permissive CORS configuration
 - **http-not-https**: HTTP instead of HTTPS
 - **weak-password**: Weak password requirements
+- **hardcoded-ip**: Hardcoded IP addresses
+- **xxe-vulnerability**: XML External Entity injection
+- **jwt-none-algorithm**: JWT accepting "none" algorithm
+- **insecure-websocket**: ws:// instead of wss://
+- **timing-attack**: Non-constant-time secret comparison
+- **graphql-introspection-enabled**: GraphQL schema exposed in production
+- **mass-assignment**: User input passed directly to ORM create/update
+- **log-injection**: User input in log messages (CRLF injection)
+- **python-assert-security**: Assert used for security checks (stripped with -O)
+- **unsafe-tempfile**: tempfile.mktemp() race condition
+- **missing-security-headers**: Express app without security headers (CSP, HSTS, X-Frame-Options)
+- **csp-unsafe-inline**: CSP policy allows unsafe-inline or unsafe-eval
+- **http-client-no-timeout**: Outbound HTTP requests without timeout
 
 ### Low
 - **verbose-errors**: Detailed errors exposed to clients
 - **missing-rate-limit**: Missing rate limiting on sensitive endpoints
+- **console-log-sensitive**: Logging passwords/tokens/secrets
+- **debug-mode-enabled**: Debug mode enabled in production
+- **prototype-pollution**: Deep merging user input
 
 ## Exit Codes
 

package/SECURITY_GAPS.md

@@ -0,0 +1,160 @@
+# VibeGuard Security Gaps and Rule Backlog
+
+This document summarizes what VibeGuard currently covers and the most important missing security areas. It also proposes a concrete backlog of new rules (with severity, tier, detection approach, and test ideas) to close the highest-impact gaps.
+
+## Current Coverage Summary
+
+VibeGuard currently focuses on code-level issues via regex and limited AST checks across JS/TS/Python. It includes secrets detection, injections (SQL/NoSQL/command), XSS via innerHTML, SSRF, IDOR, CSRF, insecure cookies, TLS verification disabled, weak crypto/random, path traversal, open redirects, prototype pollution, and several framework-specific rules.
+
+## Highest-Impact Missing Areas (Prioritized)
+
+1) Dependency and supply-chain security
+- No dependency vulnerability scanning (SCA), lockfile parsing, or SBOM output.
+- No license compliance checks.
+
+2) Dataflow/taint analysis
+- Most detections are syntactic. There is no inter-procedural or cross-file dataflow tracking.
+- This leads to false positives and misses for real-world flows (user input -> sanitizer -> sink).
+
+3) Infrastructure and deployment misconfiguration
+- No IaC scanning for Terraform/CloudFormation/Kubernetes/Dockerfile.
+- No cloud provider checks (S3 public buckets, overly permissive IAM, SGs, etc.).
+
+4) Web security coverage gaps
+- Missing checks for CSP/HSTS/X-Frame-Options/Referrer-Policy.
+- Limited DOM XSS sink coverage (innerHTML only).
+- Limited session/JWT hardening checks (missing exp, weak signing key, alg confusion beyond none, missing audience/issuer checks).
+
+5) AuthN/AuthZ hardening
+- Missing checks for weak password hashing (bcrypt cost, scrypt/argon2), plaintext storage.
+- No MFA/2FA requirements detection (hard to do via static scanning, but common expectations).
+
+6) File handling edge cases
+- No archive extraction (zip slip) checks.
+- No content-based validation for uploads (magic bytes).
+
+## Proposed Rule Backlog (Concrete)
+
+Each rule includes a pragmatic detection approach designed to fit the current regex/AST model, plus test ideas. These are scoped for low false positives.
+
+### 1) jwt-missing-exp
+- Severity: high
+- Tier: free
+- Languages: javascript, typescript, python
+- Detect: JWT sign/encode without `exp` claim, or verification that explicitly ignores expiration.
+- Patterns:
+  - JS: `jwt.sign(` without `expiresIn` in options.
+  - Python: `jwt.encode(` without `exp` in payload.
+- Tests:
+  - Positive: `jwt.sign(payload, secret)`
+  - Negative: `jwt.sign(payload, secret, { expiresIn: '1h' })`
+
+### 2) jwt-weak-secret
+- Severity: high
+- Tier: free
+- Languages: javascript, typescript, python
+- Detect: JWT signing secret hardcoded and short (e.g., < 16 chars).
+- Patterns:
+  - JS: `jwt.sign(..., 'shortsecret'`)
+  - Python: `jwt.encode(..., 'shortsecret', algorithm='HS256')`
+- Tests:
+  - Positive: `jwt.sign(payload, 'secret')`
+  - Negative: `jwt.sign(payload, process.env.JWT_SECRET)`
+
+### 3) missing-security-headers
+- Severity: medium
+- Tier: free
+- Languages: javascript, typescript
+- Detect: Express apps missing a basic security headers setup when `express()` is instantiated.
+- Approach: similar to `express-helmet-missing` but broaden to check manual header config (CSP/HSTS/X-Frame-Options) as alternatives.
+- Tests:
+  - Positive: `const app = express();` with no helmet or header setup
+  - Negative: `app.use(helmet())` or `res.setHeader('Content-Security-Policy', ...)`
+
+### 4) csp-unsafe-inline
+- Severity: medium
+- Tier: pro
+- Languages: javascript, typescript
+- Detect: CSP allows `unsafe-inline` or `unsafe-eval`.
+- Patterns:
+  - `Content-Security-Policy` containing `unsafe-inline` or `unsafe-eval`.
+- Tests:
+  - Positive: `res.setHeader('Content-Security-Policy', "default-src 'self'; script-src 'unsafe-inline'")`
+  - Negative: `script-src 'self' 'nonce-...'
+
+### 5) cors-credentials-wildcard
+- Severity: high
+- Tier: free
+- Languages: javascript, typescript, python
+- Detect: `Access-Control-Allow-Origin: *` with `credentials: true` or `allow_credentials=True`.
+- Patterns:
+  - Express: `cors({ origin: '*', credentials: true })`
+  - FastAPI: `allow_origins=['*'], allow_credentials=True`
+- Tests:
+  - Positive: `cors({ origin: '*', credentials: true })`
+  - Negative: `cors({ origin: ['https://app.example.com'], credentials: true })`
+
+### 6) password-hash-weak
+- Severity: high
+- Tier: free
+- Languages: javascript, typescript, python
+- Detect: password hashing with md5/sha1 or raw sha256 without salt or KDF for passwords.
+- Patterns:
+  - JS: `crypto.createHash('sha256').update(password)`
+  - Python: `hashlib.sha256(password.encode())`
+- Tests:
+  - Positive: `hashlib.sha256(password.encode()).hexdigest()`
+  - Negative: `bcrypt.hash(password, 12)`
+
+### 7) password-plaintext-storage
+- Severity: critical
+- Tier: free
+- Languages: javascript, typescript, python
+- Detect: `password` field stored directly in DB create/update without hashing function present nearby.
+- Approach: regex heuristic for `.create({ ... password: req.body.password ... })` without `hash`/`bcrypt` in same line.
+- Tests:
+  - Positive: `User.create({ email, password: req.body.password })`
+  - Negative: `User.create({ email, password: await bcrypt.hash(req.body.password, 12) })`
+
+### 8) zip-slip
+- Severity: high
+- Tier: pro
+- Languages: javascript, typescript, python
+- Detect: archive extraction without path validation.
+- Patterns:
+  - JS: `extract` or `tar.x` with user-controlled path and no `path.resolve`/`path.normalize` checks.
+  - Python: `ZipFile.extractall(` with user path and no safe path check.
+- Tests:
+  - Positive: `zipfile.ZipFile(file).extractall(upload_dir)`
+  - Negative: custom safe extraction that checks `os.path.abspath` and prefix
+
+### 9) http-client-no-timeout
+- Severity: medium
+- Tier: free
+- Languages: javascript, typescript, python
+- Detect: outbound HTTP calls without timeout, which can be abused for resource exhaustion.
+- Patterns:
+  - JS: `fetch(` without `timeout` or `AbortController` usage nearby.
+  - Python: `requests.get(` without `timeout=`
+- Tests:
+  - Positive: `requests.get(url)`
+  - Negative: `requests.get(url, timeout=5)`
+
+### 10) s3-public-read
+- Severity: high
+- Tier: pro
+- Languages: javascript, typescript, python
+- Detect: S3 bucket policy or ACL that grants public read/write.
+- Patterns:
+  - JSON strings containing `"Principal": "*"` with `s3:GetObject` or `s3:*`.
+- Tests:
+  - Positive: policy with `"Principal": "*"` and `"s3:GetObject"`
+  - Negative: policy limited to specific IAM roles
+
+## Recommendations Beyond New Rules
+
+- Add optional dependency scanning with `npm audit` / `pip-audit` integration (CLI opt-in).
+- Add a simple taint engine for JS/TS to track user input through common sanitizers to sinks.
+- Add SARIF output for GitHub/GitLab security reporting.
+- Expand test fixtures to include full sample apps for end-to-end validation.
+

package/dist/mcp/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AA0TA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CA+OpD"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAojBA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CA+OpD"}

package/dist/mcp/server.js

@@ -256,6 +256,244 @@ function analyzeContext(finding, cwd) {
             }
             question = 'Is this a public key (anon/publishable) or an actual secret? Supabase anon keys are safe to expose.';
             break;
+        case 'insecure-randomness':
+            // Check if used for non-security purposes
+            if (finding.code.includes('color') || finding.code.includes('animation') ||
+                finding.code.includes('shuffle') || finding.code.includes('sample') ||
+                finding.code.includes('placeholder') || finding.code.includes('display')) {
+                signals.push({ signal: 'Appears to be used for non-security purposes (UI/display)', type: 'positive' });
+                confidence = 'low';
+            }
+            if (finding.code.includes('token') || finding.code.includes('secret') ||
+                finding.code.includes('password') || finding.code.includes('session') ||
+                finding.code.includes('nonce') || finding.code.includes('otp')) {
+                signals.push({ signal: 'Used for security-sensitive value generation', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is Math.random()/random used for security tokens or just UI/cosmetic purposes?';
+            break;
+        case 'weak-cryptography':
+            // Check if used for password hashing vs checksums
+            if (finding.code.includes('password') || finding.code.includes('secret') ||
+                finding.code.includes('token') || finding.code.includes('auth')) {
+                signals.push({ signal: 'Weak hash used for security-sensitive data', type: 'negative' });
+                confidence = 'high';
+            }
+            if (finding.code.includes('checksum') || finding.code.includes('etag') ||
+                finding.code.includes('cache') || finding.code.includes('fingerprint')) {
+                signals.push({ signal: 'May be used for non-security checksum/cache key', type: 'positive' });
+                confidence = 'low';
+            }
+            question = 'Is MD5/SHA1 used for security (bad) or for checksums/cache keys (acceptable)?';
+            break;
+        case 'nosql-injection':
+            // Check for input sanitization
+            if (fileContent.includes('mongo-sanitize') || fileContent.includes('express-mongo-sanitize') ||
+                fileContent.includes('sanitize') || fileContent.includes('validator')) {
+                signals.push({ signal: 'File uses input sanitization library', type: 'positive' });
+                confidence = 'low';
+            }
+            if (finding.code.includes('req.body') || finding.code.includes('req.query')) {
+                signals.push({ signal: 'User input passed directly to query', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is user input sanitized before being used in the NoSQL query?';
+            break;
+        case 'disabled-tls-verification':
+            if (fileContent.includes('development') || fileContent.includes('dev') ||
+                fileContent.includes('node_env') || fileContent.includes('test')) {
+                signals.push({ signal: 'May be conditionally enabled for development only', type: 'positive' });
+                confidence = 'medium';
+            }
+            else {
+                signals.push({ signal: 'TLS verification unconditionally disabled', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is TLS verification only disabled in development, or also in production?';
+            break;
+        case 'unsafe-regex-construction':
+            if (fileContent.includes('escaperegex') || fileContent.includes('escape-string-regexp') ||
+                fileContent.includes('escaperegexp') || fileContent.includes('lodash') && fileContent.includes('escaperegexp')) {
+                signals.push({ signal: 'File imports regex escaping utility', type: 'positive' });
+                confidence = 'low';
+            }
+            if (finding.code.includes('req.') || finding.code.includes('query.') ||
+                finding.code.includes('params.') || finding.code.includes('body.')) {
+                signals.push({ signal: 'User input used directly in RegExp constructor', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is the user input escaped before being used in the RegExp constructor?';
+            break;
+        case 'postmessage-no-origin':
+            if (fileContent.includes('event.origin') || fileContent.includes('e.origin') ||
+                fileContent.includes('msg.origin')) {
+                signals.push({ signal: 'File checks origin elsewhere (may not be in handler)', type: 'positive' });
+                confidence = 'medium';
+            }
+            else {
+                signals.push({ signal: 'No origin check found in file', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Does the message event handler validate event.origin before processing data?';
+            break;
+        case 'hardcoded-db-credentials':
+            if (finding.code.includes('localhost') || finding.code.includes('127.0.0.1') ||
+                finding.code.includes('example.com') || finding.code.includes('test')) {
+                signals.push({ signal: 'Connection string points to localhost/test (likely development)', type: 'positive' });
+                confidence = 'low';
+            }
+            if (finding.code.includes('.env') || fileContent.includes('process.env') ||
+                fileContent.includes('os.environ')) {
+                signals.push({ signal: 'File also uses environment variables (may be fallback)', type: 'positive' });
+                confidence = 'medium';
+            }
+            question = 'Is this a development-only connection string, or does it contain production credentials?';
+            break;
+        case 'ssti-vulnerability':
+            signals.push({ signal: 'User-controlled template rendering is almost always dangerous', type: 'negative' });
+            confidence = 'high';
+            question = 'Is user input being rendered as a template? This is nearly always a critical vulnerability.';
+            break;
+        case 'timing-attack':
+            if (finding.code.includes('timingsafeequal') || finding.code.includes('compare_digest') ||
+                fileContent.includes('timingsafeequal') || fileContent.includes('compare_digest')) {
+                signals.push({ signal: 'File uses constant-time comparison elsewhere', type: 'positive' });
+                confidence = 'low';
+            }
+            if (finding.code.includes('===') && (finding.code.includes('token') || finding.code.includes('secret'))) {
+                signals.push({ signal: 'Direct === comparison of secret values', type: 'negative' });
+                confidence = 'medium';
+            }
+            question = 'Is this comparing secrets/tokens? If so, use constant-time comparison.';
+            break;
+        case 'electron-insecure-config':
+            if (finding.code.includes('nodeIntegration') && finding.code.includes('true')) {
+                signals.push({ signal: 'nodeIntegration enabled exposes Node.js APIs to web content', type: 'negative' });
+                confidence = 'high';
+            }
+            if (finding.code.includes('contextIsolation') && finding.code.includes('false')) {
+                signals.push({ signal: 'contextIsolation disabled allows prototype pollution from web content', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Are these Electron security settings intentionally relaxed? This is dangerous for apps loading remote content.';
+            break;
+        case 'mass-assignment':
+            if (fileContent.includes('whitelist') || fileContent.includes('allowedfields') ||
+                fileContent.includes('pick') || fileContent.includes('only')) {
+                signals.push({ signal: 'File may use field whitelisting', type: 'positive' });
+                confidence = 'medium';
+            }
+            if (finding.code.includes('req.body') || finding.code.includes('request.data')) {
+                signals.push({ signal: 'Full request body passed to ORM operation', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is the user input filtered/whitelisted before being passed to the ORM create/update?';
+            break;
+        case 'jwt-missing-exp':
+            if (fileContent.includes('expiresIn') || fileContent.includes('exp:') || fileContent.includes("'exp'")) {
+                signals.push({ signal: 'File sets expiration elsewhere', type: 'positive' });
+                confidence = 'low';
+            }
+            else {
+                signals.push({ signal: 'No expiration configuration found in file', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Does the JWT payload include an exp claim, or is expiresIn set elsewhere?';
+            break;
+        case 'jwt-weak-secret':
+            if (finding.code.includes('process.env') || finding.code.includes('os.environ') ||
+                finding.code.includes('config.')) {
+                signals.push({ signal: 'Secret loaded from environment/config', type: 'positive' });
+                confidence = 'low';
+            }
+            if (/['"`][^'"`]{1,15}['"`]/.test(finding.code)) {
+                signals.push({ signal: 'Short hardcoded string used as signing secret', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is the JWT signing secret loaded from environment variables or hardcoded?';
+            break;
+        case 'csp-unsafe-inline':
+            if (fileContent.includes('nonce') || fileContent.includes('hash-')) {
+                signals.push({ signal: 'File uses nonce or hash-based CSP (may be transitioning)', type: 'positive' });
+                confidence = 'medium';
+            }
+            if (finding.code.includes('unsafe-eval')) {
+                signals.push({ signal: 'unsafe-eval allows arbitrary script execution', type: 'negative' });
+                confidence = 'high';
+            }
+            if (finding.code.includes('unsafe-inline')) {
+                signals.push({ signal: 'unsafe-inline defeats XSS protection from CSP', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is unsafe-inline/unsafe-eval required for third-party scripts, or can nonces/hashes be used instead?';
+            break;
+        case 'cors-credentials-wildcard':
+            signals.push({ signal: 'Wildcard origin with credentials allows any site to make authenticated requests', type: 'negative' });
+            confidence = 'high';
+            question = 'Should this API be accessible from any origin with credentials? Restrict to specific trusted origins.';
+            break;
+        case 'password-hash-weak':
+            if (fileContent.includes('bcrypt') || fileContent.includes('scrypt') || fileContent.includes('argon2')) {
+                signals.push({ signal: 'File also uses a proper KDF (may be migrating)', type: 'positive' });
+                confidence = 'medium';
+            }
+            else {
+                signals.push({ signal: 'No proper password KDF found in file', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is this hashing passwords for storage? Use bcrypt/scrypt/argon2 instead of raw hash functions.';
+            break;
+        case 'password-plaintext-storage':
+            if (fileContent.includes('bcrypt') || fileContent.includes('hash') ||
+                fileContent.includes('scrypt') || fileContent.includes('argon2')) {
+                signals.push({ signal: 'File contains hashing logic (may be applied before this line)', type: 'positive' });
+                confidence = 'medium';
+            }
+            else {
+                signals.push({ signal: 'No password hashing found in file', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is the password hashed before being stored? Check if bcrypt.hash() or similar is called upstream.';
+            break;
+        case 'zip-slip':
+            if (fileContent.includes('path.resolve') || fileContent.includes('path.normalize') ||
+                fileContent.includes('os.path.abspath') || fileContent.includes('startswith')) {
+                signals.push({ signal: 'File has path validation logic', type: 'positive' });
+                confidence = 'low';
+            }
+            else {
+                signals.push({ signal: 'No path validation found before extraction', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Are extracted file paths validated to prevent writing outside the target directory?';
+            break;
+        case 'http-client-no-timeout':
+            if (fileContent.includes('timeout') || fileContent.includes('AbortController') ||
+                fileContent.includes('signal')) {
+                signals.push({ signal: 'File configures timeout elsewhere (may be set globally)', type: 'positive' });
+                confidence = 'low';
+            }
+            else {
+                signals.push({ signal: 'No timeout configuration found in file', type: 'negative' });
+                confidence = 'medium';
+            }
+            question = 'Is a timeout configured globally (e.g., via session defaults) or should one be added per-request?';
+            break;
+        case 's3-public-read':
+            if (relativePath.includes('test') || relativePath.includes('example') || relativePath.includes('sample')) {
+                signals.push({ signal: 'File appears to be test/example code', type: 'positive' });
+                confidence = 'low';
+            }
+            if (fileContent.includes('public') && (fileContent.includes('static') || fileContent.includes('assets') || fileContent.includes('cdn'))) {
+                signals.push({ signal: 'May be intentional public bucket for static assets/CDN', type: 'positive' });
+                confidence = 'medium';
+            }
+            else {
+                signals.push({ signal: 'S3 bucket with public access policy', type: 'negative' });
+                confidence = 'high';
+            }
+            question = 'Is this S3 bucket intentionally public (static assets/CDN) or should access be restricted?';
+            break;
         default:
             question = `Verify if this ${finding.rule.name} finding is a real security issue in your specific context.`;
     }