@nerviq/cli 1.29.0 → 1.30.0

package/src/shallow-risk/patterns/agent-config-script-not-in-package-json.js

@@ -0,0 +1,108 @@
+'use strict';
+
+const path = require('path');
+const {
+  SHALLOW_RISK_DOC_URL,
+  fileExists,
+  getAgentConfigEntries,
+  getScannableLines,
+} = require('../shared');
+
+// Match common JS package-manager script invocations:
+//   npm test
+//   npm run <name>
+//   pnpm <name>           (pnpm <script> is shorthand for pnpm run <script>)
+//   pnpm run <name>
+//   yarn <name>           (yarn <script> is shorthand)
+//   yarn run <name>
+//   bun run <name>
+//   bunx <name>           (bunx is similar to npx — out of scope; we don't flag this)
+const SCRIPT_INVOCATION_RE = /\b(npm|pnpm|yarn|bun)(?:\s+run)?\s+([A-Za-z][\w:-]*)\b/g;
+
+// Built-in npm/yarn/pnpm/bun lifecycle scripts that don't need to exist in
+// `scripts`. `npm test` will run a default echo if no `test` script exists,
+// but we still flag missing `test` because agent guidance to "run npm test"
+// when no script exists IS actionable repo-guidance drift.
+// We exclude only commands that are truly built-in package-manager verbs
+// without script-name semantics (install, ci, audit, ls, etc.).
+const PACKAGE_MANAGER_BUILTINS = new Set([
+  'install', 'i', 'ci', 'add', 'remove', 'rm', 'update', 'up', 'upgrade',
+  'audit', 'ls', 'list', 'outdated', 'init', 'pack', 'publish', 'unpublish',
+  'view', 'info', 'help', 'version', 'config', 'login', 'logout', 'whoami',
+  'link', 'unlink', 'prefix', 'doctor', 'exec', 'create', 'dlx',
+  // Common in pnpm/yarn-only:
+  'why', 'fund', 'workspace', 'workspaces', 'recursive', 'r',
+  // bun-only verbs:
+  'add', 'remove', 'install',
+]);
+
+function readPackageJsonScripts(ctx) {
+  if (ctx.__nerviqPackageJsonScripts !== undefined) {
+    return ctx.__nerviqPackageJsonScripts;
+  }
+  if (!fileExists(ctx, 'package.json')) {
+    ctx.__nerviqPackageJsonScripts = null;
+    return null;
+  }
+  const raw = ctx.fileContent('package.json');
+  if (!raw) {
+    ctx.__nerviqPackageJsonScripts = null;
+    return null;
+  }
+  try {
+    const pkg = JSON.parse(raw);
+    const scripts = (pkg && pkg.scripts && typeof pkg.scripts === 'object') ? pkg.scripts : {};
+    const set = new Set(Object.keys(scripts));
+    ctx.__nerviqPackageJsonScripts = set;
+    return set;
+  } catch {
+    ctx.__nerviqPackageJsonScripts = null;
+    return null;
+  }
+}
+
+module.exports = {
+  key: 'agent-config-script-not-in-package-json',
+  name: 'Agent config references npm script that does not exist',
+  severity: 'high',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  owaspTags: ['agentic-top-10:tool-instruction-integrity'],
+  run(ctx) {
+    const scripts = readPackageJsonScripts(ctx);
+    if (!scripts) return [];
+
+    const findings = [];
+    const seenPerFile = new Map();
+
+    for (const entry of getAgentConfigEntries(ctx)) {
+      const lines = getScannableLines(entry.content);
+      for (const { lineNumber, text } of lines) {
+        SCRIPT_INVOCATION_RE.lastIndex = 0;
+        let match;
+        while ((match = SCRIPT_INVOCATION_RE.exec(text)) !== null) {
+          const scriptName = match[2];
+          if (!scriptName) continue;
+          if (PACKAGE_MANAGER_BUILTINS.has(scriptName.toLowerCase())) continue;
+          if (scripts.has(scriptName)) continue;
+          // Skip if the agent doc explicitly notes the script is missing
+          // (e.g., a corrective note like "(does NOT define `npm test`...)")
+          if (/\b(?:does\s+not|doesn['’]t|don['’]t)\s+(?:define|have|exist)/i.test(text)) continue;
+          if (/\bdo NOT define\b/i.test(text)) continue;
+
+          const dedupeKey = `${entry.path}|${scriptName}`;
+          if (seenPerFile.has(dedupeKey)) continue;
+          seenPerFile.set(dedupeKey, true);
+
+          findings.push({
+            file: entry.path,
+            line: lineNumber,
+            fix: `${entry.path} tells the agent to run \`${match[1]} ${scriptName === 'test' || scriptName === 'start' ? scriptName : `run ${scriptName}`}\`, but \`scripts.${scriptName}\` is not defined in package.json. Either add the script to package.json, or rewrite the agent guidance to reflect what actually exists.`,
+          });
+        }
+      }
+    }
+
+    return findings;
+  },
+};

package/src/shallow-risk/patterns/agent-config-secret-literal.js

@@ -1,49 +1,52 @@
-'use strict';
-
-const { SHALLOW_RISK_DOC_URL, getAgentConfigEntries } = require('../shared');
-
-const SECRET_PATTERNS = [
-  { label: 'AWS access key', pattern: /\bAKIA[0-9A-Z]{16}\b/g },
-  { label: 'Stripe live key', pattern: /\bsk_live_[A-Za-z0-9]{24,}\b/g },
-  { label: 'GitHub personal access token', pattern: /\bghp_[A-Za-z0-9]{36}\b/g },
-  { label: 'SSH private key header', pattern: /-----BEGIN (?:OPENSSH|RSA|DSA|EC) PRIVATE KEY-----/g },
-];
-
-function looksLikePlaceholder(line, matchText) {
-  return /\b(example|sample|placeholder|replace[-_ ]?me|your[_-]?key|fake|dummy)\b/i.test(line) ||
-    /\bEXAMPLE\b/.test(matchText);
-}
-
-module.exports = {
-  key: 'agent-config-secret-literal',
-  name: 'Agent config contains secret literal',
-  severity: 'critical',
-  layer: 'shallow-risk',
-  sourceUrl: SHALLOW_RISK_DOC_URL,
-  run(ctx) {
-    const findings = [];
-
-    for (const entry of getAgentConfigEntries(ctx)) {
-      const lines = entry.content.split(/\r?\n/);
-      for (let index = 0; index < lines.length; index++) {
-        const line = lines[index];
-        for (const secret of SECRET_PATTERNS) {
-          secret.pattern.lastIndex = 0;
-          let match = secret.pattern.exec(line);
-          while (match) {
-            if (!looksLikePlaceholder(line, match[0])) {
-              findings.push({
-                file: entry.path,
-                line: index + 1,
-                fix: `${entry.path} contains a ${secret.label} shape. Rotate the secret, remove it from the agent config, and scrub it from git history if it was real.`,
-              });
-            }
-            match = secret.pattern.exec(line);
-          }
-        }
-      }
-    }
-
-    return findings;
-  },
-};
+'use strict';
+
+const { SHALLOW_RISK_DOC_URL, getAgentConfigEntries } = require('../shared');
+
+const SECRET_PATTERNS = [
+  { label: 'AWS access key', pattern: /\bAKIA[0-9A-Z]{16}\b/g },
+  { label: 'Stripe live key', pattern: /\bsk_live_[A-Za-z0-9]{24,}\b/g },
+  { label: 'GitHub personal access token', pattern: /\bghp_[A-Za-z0-9]{36}\b/g },
+  { label: 'SSH private key header', pattern: /-----BEGIN (?:OPENSSH|RSA|DSA|EC) PRIVATE KEY-----/g },
+];
+
+function looksLikePlaceholder(line, matchText) {
+  return /\b(example|sample|placeholder|replace[-_ ]?me|your[_-]?key|fake|dummy)\b/i.test(line) ||
+    /\bEXAMPLE\b/.test(matchText);
+}
+
+module.exports = {
+  key: 'agent-config-secret-literal',
+  name: 'Agent config contains secret literal',
+  severity: 'critical',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  // POS-01a: machine-readable OWASP cross-walk tags. See
+  // research/pos-01-owasp-vocabulary-mapping-2026-04-28.md.
+  owaspTags: ['agentic-top-10:insecure-agent-instructions', 'mcp-top-10:credential-leak'],
+  run(ctx) {
+    const findings = [];
+
+    for (const entry of getAgentConfigEntries(ctx)) {
+      const lines = entry.content.split(/\r?\n/);
+      for (let index = 0; index < lines.length; index++) {
+        const line = lines[index];
+        for (const secret of SECRET_PATTERNS) {
+          secret.pattern.lastIndex = 0;
+          let match = secret.pattern.exec(line);
+          while (match) {
+            if (!looksLikePlaceholder(line, match[0])) {
+              findings.push({
+                file: entry.path,
+                line: index + 1,
+                fix: `${entry.path} contains a ${secret.label} shape. Rotate the secret, remove it from the agent config, and scrub it from git history if it was real.`,
+              });
+            }
+            match = secret.pattern.exec(line);
+          }
+        }
+      }
+    }
+
+    return findings;
+  },
+};

package/src/shallow-risk/patterns/agent-config-stack-contradiction.js

@@ -1,34 +1,35 @@
-'use strict';
-
-const {
-  SHALLOW_RISK_DOC_URL,
-  collectStackClaims,
-  findFirstStackEvidence,
-  getDetectedStackEvidence,
-} = require('../shared');
-
-module.exports = {
-  key: 'agent-config-stack-contradiction',
-  name: 'Agent config contradicts actual stack',
-  severity: 'high',
-  layer: 'shallow-risk',
-  sourceUrl: SHALLOW_RISK_DOC_URL,
-  run(ctx) {
-    const claims = collectStackClaims(ctx);
-    const distinctClaims = [...new Set(claims.map((claim) => claim.key))];
-    if (distinctClaims.length !== 1) return [];
-
-    const declared = claims[0];
-    const hasDeclaredEvidence = declared.stackKeys.some((stackKey) => Boolean(findFirstStackEvidence(ctx, stackKey)));
-    if (hasDeclaredEvidence) return [];
-
-    const actual = getDetectedStackEvidence(ctx).find((item) => !declared.stackKeys.includes(item.key));
-    if (!actual) return [];
-
-    return [{
-      file: declared.file,
-      line: declared.line,
-      fix: `${declared.file} declares the primary stack as "${declared.label}", but the repo shows ${actual.label} signals (${actual.file}) and no ${declared.label} evidence. Align the agent guidance with the actual stack or document a real migration plan.`,
-    }];
-  },
-};
+'use strict';
+
+const {
+  SHALLOW_RISK_DOC_URL,
+  collectStackClaims,
+  findFirstStackEvidence,
+  getDetectedStackEvidence,
+} = require('../shared');
+
+module.exports = {
+  key: 'agent-config-stack-contradiction',
+  name: 'Agent config contradicts actual stack',
+  severity: 'high',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  owaspTags: ['agentic-top-10:tool-instruction-integrity'],
+  run(ctx) {
+    const claims = collectStackClaims(ctx);
+    const distinctClaims = [...new Set(claims.map((claim) => claim.key))];
+    if (distinctClaims.length !== 1) return [];
+
+    const declared = claims[0];
+    const hasDeclaredEvidence = declared.stackKeys.some((stackKey) => Boolean(findFirstStackEvidence(ctx, stackKey)));
+    if (hasDeclaredEvidence) return [];
+
+    const actual = getDetectedStackEvidence(ctx).find((item) => !declared.stackKeys.includes(item.key));
+    if (!actual) return [];
+
+    return [{
+      file: declared.file,
+      line: declared.line,
+      fix: `${declared.file} declares the primary stack as "${declared.label}", but the repo shows ${actual.label} signals (${actual.file}) and no ${declared.label} evidence. Align the agent guidance with the actual stack or document a real migration plan.`,
+    }];
+  },
+};

package/src/shallow-risk/patterns/hook-script-missing.js

@@ -1,70 +1,71 @@
-'use strict';
-
-const {
-  SHALLOW_RISK_DOC_URL,
-  escapeRegExp,
-  getHookCommandPath,
-  resolveRepoPath,
-} = require('../shared');
-
-const HOOK_EVENTS = new Set([
-  'PreToolUse',
-  'PostToolUse',
-  'Stop',
-  'UserPromptSubmit',
-  'SessionStart',
-]);
-
-function collectHookCommands(node, output = []) {
-  if (Array.isArray(node)) {
-    for (const item of node) collectHookCommands(item, output);
-    return output;
-  }
-
-  if (!node || typeof node !== 'object') {
-    return output;
-  }
-
-  if (node.type === 'command' && typeof node.command === 'string') {
-    output.push(node.command);
-  }
-
-  for (const value of Object.values(node)) {
-    collectHookCommands(value, output);
-  }
-
-  return output;
-}
-
-module.exports = {
-  key: 'hook-script-missing',
-  name: 'Configured hook script is missing',
-  severity: 'high',
-  layer: 'shallow-risk',
-  sourceUrl: SHALLOW_RISK_DOC_URL,
-  run(ctx) {
-    const file = '.claude/settings.json';
-    const config = ctx.jsonFile(file);
-    if (!config || !config.hooks || typeof config.hooks !== 'object') {
-      return [];
-    }
-
-    const findings = [];
-    for (const [eventName, entries] of Object.entries(config.hooks)) {
-      if (!HOOK_EVENTS.has(eventName)) continue;
-      for (const command of collectHookCommands(entries)) {
-        const scriptPath = getHookCommandPath(command);
-        if (!scriptPath) continue;
-        const resolvedPath = resolveRepoPath(ctx, file, scriptPath, 'repo-root');
-        if (!resolvedPath || ctx.fileContent(resolvedPath) !== null) continue;
-        findings.push({
-          file,
-          line: ctx.lineNumber(file, new RegExp(escapeRegExp(command))) || ctx.lineNumber(file, new RegExp(`"${escapeRegExp(eventName)}"`)) || 1,
-          fix: `${file} declares a ${eventName} hook at \`${resolvedPath}\`, but the script is missing. Create the hook file or remove the dead hook reference.`,
-        });
-      }
-    }
-
-    return findings;
-  },
-};
+'use strict';
+
+const {
+  SHALLOW_RISK_DOC_URL,
+  escapeRegExp,
+  getHookCommandPath,
+  resolveRepoPath,
+} = require('../shared');
+
+const HOOK_EVENTS = new Set([
+  'PreToolUse',
+  'PostToolUse',
+  'Stop',
+  'UserPromptSubmit',
+  'SessionStart',
+]);
+
+function collectHookCommands(node, output = []) {
+  if (Array.isArray(node)) {
+    for (const item of node) collectHookCommands(item, output);
+    return output;
+  }
+
+  if (!node || typeof node !== 'object') {
+    return output;
+  }
+
+  if (node.type === 'command' && typeof node.command === 'string') {
+    output.push(node.command);
+  }
+
+  for (const value of Object.values(node)) {
+    collectHookCommands(value, output);
+  }
+
+  return output;
+}
+
+module.exports = {
+  key: 'hook-script-missing',
+  name: 'Configured hook script is missing',
+  severity: 'high',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  owaspTags: ['agentic-skills-top-10:skill-supply-chain', 'agentic-top-10:tool-instruction-integrity'],
+  run(ctx) {
+    const file = '.claude/settings.json';
+    const config = ctx.jsonFile(file);
+    if (!config || !config.hooks || typeof config.hooks !== 'object') {
+      return [];
+    }
+
+    const findings = [];
+    for (const [eventName, entries] of Object.entries(config.hooks)) {
+      if (!HOOK_EVENTS.has(eventName)) continue;
+      for (const command of collectHookCommands(entries)) {
+        const scriptPath = getHookCommandPath(command);
+        if (!scriptPath) continue;
+        const resolvedPath = resolveRepoPath(ctx, file, scriptPath, 'repo-root');
+        if (!resolvedPath || ctx.fileContent(resolvedPath) !== null) continue;
+        findings.push({
+          file,
+          line: ctx.lineNumber(file, new RegExp(escapeRegExp(command))) || ctx.lineNumber(file, new RegExp(`"${escapeRegExp(eventName)}"`)) || 1,
+          fix: `${file} declares a ${eventName} hook at \`${resolvedPath}\`, but the script is missing. Create the hook file or remove the dead hook reference.`,
+        });
+      }
+    }
+
+    return findings;
+  },
+};

package/src/shallow-risk/patterns/mcp-server-no-allowlist.js

@@ -1,52 +1,53 @@
-'use strict';
-
-const {
-  SHALLOW_RISK_DOC_URL,
-  escapeRegExp,
-  isClearlyLocalMcpBinary,
-} = require('../shared');
-
-function hasBroadOpenPermissions(server) {
-  if (!server || typeof server !== 'object') return false;
-  if (Array.isArray(server.permissions) && server.permissions.length === 0) return true;
-  if (server.allow === '*') return true;
-  if (Array.isArray(server.allow) && server.allow.includes('*')) return true;
-  if (server.permissions && typeof server.permissions === 'object') {
-    if (server.permissions.allow === '*') return true;
-    if (Array.isArray(server.permissions.allow) && server.permissions.allow.includes('*')) return true;
-  }
-  return false;
-}
-
-module.exports = {
-  key: 'mcp-server-no-allowlist',
-  name: 'MCP server has no allowlist',
-  severity: 'critical',
-  layer: 'shallow-risk',
-  sourceUrl: SHALLOW_RISK_DOC_URL,
-  run(ctx) {
-    const findings = [];
-    const candidates = ['.claude/settings.json', '.mcp.json'];
-
-    for (const file of candidates) {
-      const config = ctx.jsonFile(file);
-      const servers = config && config.mcpServers && typeof config.mcpServers === 'object'
-        ? config.mcpServers
-        : null;
-      if (!servers) continue;
-
-      for (const [serverName, server] of Object.entries(servers)) {
-        if (!hasBroadOpenPermissions(server)) continue;
-        const command = typeof server.command === 'string' ? server.command : '';
-        findings.push({
-          severity: isClearlyLocalMcpBinary(command) ? 'high' : 'critical',
-          file,
-          line: ctx.lineNumber(file, new RegExp(`"${escapeRegExp(serverName)}"`)) || 1,
-          fix: `MCP server "${serverName}" in ${file} has broad access without an allowlist. Add a narrow allow/permissions list before relying on it in CI or production repos.`,
-        });
-      }
-    }
-
-    return findings;
-  },
-};
+'use strict';
+
+const {
+  SHALLOW_RISK_DOC_URL,
+  escapeRegExp,
+  isClearlyLocalMcpBinary,
+} = require('../shared');
+
+function hasBroadOpenPermissions(server) {
+  if (!server || typeof server !== 'object') return false;
+  if (Array.isArray(server.permissions) && server.permissions.length === 0) return true;
+  if (server.allow === '*') return true;
+  if (Array.isArray(server.allow) && server.allow.includes('*')) return true;
+  if (server.permissions && typeof server.permissions === 'object') {
+    if (server.permissions.allow === '*') return true;
+    if (Array.isArray(server.permissions.allow) && server.permissions.allow.includes('*')) return true;
+  }
+  return false;
+}
+
+module.exports = {
+  key: 'mcp-server-no-allowlist',
+  name: 'MCP server has no allowlist',
+  severity: 'critical',
+  layer: 'shallow-risk',
+  sourceUrl: SHALLOW_RISK_DOC_URL,
+  owaspTags: ['mcp-top-10:server-allowlist', 'mcp-top-10:tool-poisoning', 'agentic-top-10:excessive-agency'],
+  run(ctx) {
+    const findings = [];
+    const candidates = ['.claude/settings.json', '.mcp.json'];
+
+    for (const file of candidates) {
+      const config = ctx.jsonFile(file);
+      const servers = config && config.mcpServers && typeof config.mcpServers === 'object'
+        ? config.mcpServers
+        : null;
+      if (!servers) continue;
+
+      for (const [serverName, server] of Object.entries(servers)) {
+        if (!hasBroadOpenPermissions(server)) continue;
+        const command = typeof server.command === 'string' ? server.command : '';
+        findings.push({
+          severity: isClearlyLocalMcpBinary(command) ? 'high' : 'critical',
+          file,
+          line: ctx.lineNumber(file, new RegExp(`"${escapeRegExp(serverName)}"`)) || 1,
+          fix: `MCP server "${serverName}" in ${file} has broad access without an allowlist. Add a narrow allow/permissions list before relying on it in CI or production repos.`,
+        });
+      }
+    }
+
+    return findings;
+  },
+};