@rafter-security/cli 0.5.9 → 0.6.3

package/dist/commands/agent/audit.js

@@ -51,13 +51,17 @@ export function createAuditCommand() {
             if (entry.action?.riskLevel) {
                 console.log(`   Risk: ${entry.action.riskLevel}`);
             }
-            console.log(`   Check: ${entry.securityCheck.passed ? "PASSED" : "FAILED"}`);
-            if (entry.securityCheck.reason) {
-                console.log(`   Reason: ${entry.securityCheck.reason}`);
+            if (entry.securityCheck) {
+                console.log(`   Check: ${entry.securityCheck.passed ? "PASSED" : "FAILED"}`);
+                if (entry.securityCheck.reason) {
+                    console.log(`   Reason: ${entry.securityCheck.reason}`);
+                }
             }
-            console.log(`   Action: ${entry.resolution.actionTaken}`);
-            if (entry.resolution.overrideReason) {
-                console.log(`   Override: ${entry.resolution.overrideReason}`);
+            if (entry.resolution) {
+                console.log(`   Action: ${entry.resolution.actionTaken}`);
+                if (entry.resolution.overrideReason) {
+                    console.log(`   Override: ${entry.resolution.overrideReason}`);
+                }
             }
             console.log("");
         }
@@ -130,16 +134,16 @@ export function getRiskLevel(config) {
     return config?.agent?.riskLevel ?? "moderate";
 }
 export function formatShareDetail(entry) {
-    const action = entry.resolution.actionTaken;
+    const action = entry.resolution?.actionTaken ?? "unknown";
     const suffix = `[${action}]`;
     if (entry.eventType === "secret_detected") {
-        const reason = entry.securityCheck.reason ?? "";
+        const reason = entry.securityCheck?.reason ?? "";
         return `${reason} ${suffix}`;
     }
     if (entry.action?.command) {
         return `${truncateCommand(entry.action.command, 60)} ${suffix}`;
     }
-    if (entry.securityCheck.reason) {
+    if (entry.securityCheck?.reason) {
         return `${entry.securityCheck.reason} ${suffix}`;
     }
     return suffix;

package/dist/commands/agent/init.js

@@ -206,7 +206,7 @@ async function installClaudeCodeSkills() {
     // Install Backend Skill
     const backendSkillDir = path.join(claudeSkillsDir, "rafter");
     const backendSkillPath = path.join(backendSkillDir, "SKILL.md");
-    const backendTemplatePath = path.join(__dirname, "..", "..", "..", ".claude", "skills", "rafter", "SKILL.md");
+    const backendTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter", "SKILL.md");
     if (!fs.existsSync(backendSkillDir)) {
         fs.mkdirSync(backendSkillDir, { recursive: true });
     }
@@ -220,7 +220,7 @@ async function installClaudeCodeSkills() {
     // Install Agent Security Skill
     const agentSkillDir = path.join(claudeSkillsDir, "rafter-agent-security");
     const agentSkillPath = path.join(agentSkillDir, "SKILL.md");
-    const agentTemplatePath = path.join(__dirname, "..", "..", "..", ".claude", "skills", "rafter-agent-security", "SKILL.md");
+    const agentTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter-agent-security", "SKILL.md");
     if (!fs.existsSync(agentSkillDir)) {
         fs.mkdirSync(agentSkillDir, { recursive: true });
     }
@@ -238,7 +238,7 @@ function installCodexSkills() {
     // Install Backend Skill
     const backendDir = path.join(agentsSkillsDir, "rafter");
     const backendSkillPath = path.join(backendDir, "SKILL.md");
-    const backendTemplatePath = path.join(__dirname, "..", "..", "..", ".claude", "skills", "rafter", "SKILL.md");
+    const backendTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter", "SKILL.md");
     if (!fs.existsSync(backendDir)) {
         fs.mkdirSync(backendDir, { recursive: true });
     }
@@ -252,7 +252,7 @@ function installCodexSkills() {
     // Install Agent Security Skill
     const agentDir = path.join(agentsSkillsDir, "rafter-agent-security");
     const agentSkillPath = path.join(agentDir, "SKILL.md");
-    const agentTemplatePath = path.join(__dirname, "..", "..", "..", ".claude", "skills", "rafter-agent-security", "SKILL.md");
+    const agentTemplatePath = path.join(__dirname, "..", "..", "..", "resources", "skills", "rafter-agent-security", "SKILL.md");
     if (!fs.existsSync(agentDir)) {
         fs.mkdirSync(agentDir, { recursive: true });
     }

package/dist/commands/agent/scan.js

@@ -3,11 +3,14 @@ import { RegexScanner } from "../../scanners/regex-scanner.js";
 import { GitleaksScanner } from "../../scanners/gitleaks.js";
 import { ConfigManager } from "../../core/config-manager.js";
 import { AuditLogger } from "../../core/audit-logger.js";
-import { execSync, execFileSync } from "child_process";
+import { execFileSync } from "child_process";
 import fs from "fs";
 import os from "os";
 import path from "path";
 import { fmt } from "../../utils/formatter.js";
+import { createRequire } from "module";
+const _require = createRequire(import.meta.url);
+const { version: CLI_VERSION } = _require("../../../package.json");
 function loadBaselineEntries() {
     const baselinePath = path.join(os.homedir(), ".rafter", "baseline.json");
     if (!fs.existsSync(baselinePath))
@@ -72,12 +75,12 @@ export function createScanCommand() {
         const baselineEntries = opts.baseline ? loadBaselineEntries() : [];
         // Handle --diff flag
         if (opts.diff) {
-            await scanDiffFiles(opts.diff, opts, scanCfg, baselineEntries);
+            await scanDiffFiles(opts.diff, opts, scanCfg, baselineEntries, path.resolve(scanPath));
             return;
         }
         // Handle --staged flag
         if (opts.staged) {
-            await scanStagedFiles(opts, scanCfg, baselineEntries);
+            await scanStagedFiles(opts, scanCfg, baselineEntries, path.resolve(scanPath));
             return;
         }
         const resolvedPath = path.resolve(scanPath);
@@ -150,7 +153,7 @@ function outputSarif(results) {
                 tool: {
                     driver: {
                         name: "rafter",
-                        version: "0.5.7",
+                        version: CLI_VERSION,
                         informationUri: "https://rafter.so",
                         rules: Array.from(rules.values()),
                     },
@@ -227,10 +230,12 @@ function outputScanResults(results, opts, context, exitOnFindings = true) {
 /**
  * Scan files changed since a git ref
  */
-async function scanDiffFiles(ref, opts, scanCfg, baselineEntries = []) {
+async function scanDiffFiles(ref, opts, scanCfg, baselineEntries = [], scanPath) {
+    const cwd = scanPath && fs.existsSync(scanPath) && fs.statSync(scanPath).isDirectory() ? scanPath : undefined;
     try {
         const diffOutput = execFileSync("git", ["diff", "--name-only", "--diff-filter=ACM", ref], {
             encoding: "utf-8",
+            cwd,
             stdio: ["pipe", "pipe", "ignore"],
         }).trim();
         if (!diffOutput) {
@@ -243,6 +248,7 @@ async function scanDiffFiles(ref, opts, scanCfg, baselineEntries = []) {
         }
         const repoRoot = execFileSync("git", ["rev-parse", "--show-toplevel"], {
             encoding: "utf-8",
+            cwd,
             stdio: ["pipe", "pipe", "ignore"],
         }).trim();
         const engine = await selectEngine(opts.engine || "auto", opts.quiet || false);
@@ -270,10 +276,12 @@ async function scanDiffFiles(ref, opts, scanCfg, baselineEntries = []) {
 /**
  * Scan git staged files for secrets
  */
-async function scanStagedFiles(opts, scanCfg, baselineEntries = []) {
+async function scanStagedFiles(opts, scanCfg, baselineEntries = [], scanPath) {
+    const cwd = scanPath && fs.existsSync(scanPath) && fs.statSync(scanPath).isDirectory() ? scanPath : undefined;
     try {
-        const stagedFilesOutput = execSync("git diff --cached --name-only --diff-filter=ACM", {
+        const stagedFilesOutput = execFileSync("git", ["diff", "--cached", "--name-only", "--diff-filter=ACM"], {
             encoding: "utf-8",
+            cwd,
             stdio: ["pipe", "pipe", "ignore"]
         }).trim();
         if (!stagedFilesOutput) {
@@ -286,6 +294,7 @@ async function scanStagedFiles(opts, scanCfg, baselineEntries = []) {
         }
         const repoRoot = execFileSync("git", ["rev-parse", "--show-toplevel"], {
             encoding: "utf-8",
+            cwd,
             stdio: ["pipe", "pipe", "ignore"],
         }).trim();
         const engine = await selectEngine(opts.engine || "auto", opts.quiet || false);
@@ -406,7 +415,8 @@ async function watchAndScan(watchPath, opts, scanCfg) {
     const watcher = watch(watchPath, {
         ignoreInitial: true,
         persistent: true,
-        ignored: /(^|[/\\])\../,
+        ignored: [/(^|[/\\])\./, /node_modules/, /\.git/],
+        depth: 10,
     });
     watcher.on("change", async (filePath) => {
         const timestamp = new Date().toLocaleTimeString();

package/dist/commands/backend/run.js

@@ -2,7 +2,7 @@ import { Command } from "commander";
 import axios from "axios";
 import ora from "ora";
 import { detectRepo } from "../../utils/git.js";
-import { API, resolveKey, EXIT_GENERAL_ERROR, EXIT_QUOTA_EXHAUSTED } from "../../utils/api.js";
+import { API, resolveKey, EXIT_GENERAL_ERROR, EXIT_QUOTA_EXHAUSTED, EXIT_INSUFFICIENT_SCOPE, handleScopeError } from "../../utils/api.js";
 import { handleScanStatus } from "./scan-status.js";
 /**
  * Shared handler for the remote backend scan (used by both `rafter run` and `rafter scan` / `rafter scan remote`).
@@ -25,7 +25,7 @@ export async function runRemoteScan(opts) {
     if (!opts.quiet) {
         const spinner = ora("Submitting scan").start();
         try {
-            const { data } = await axios.post(`${API}/static/scan`, { repository_name: repo, branch_name: branch }, { headers: { "x-api-key": key } });
+            const { data } = await axios.post(`${API}/static/scan`, { repository_name: repo, branch_name: branch, scan_mode: opts.mode ?? "fast" }, { headers: { "x-api-key": key } });
             spinner.succeed(`Scan ID: ${data.scan_id}`);
             if (opts.skipInteractive)
                 return;
@@ -34,7 +34,10 @@ export async function runRemoteScan(opts) {
         }
         catch (e) {
             spinner.fail("Request failed");
-            if (e.response?.status === 429) {
+            if (handleScopeError(e)) {
+                process.exit(EXIT_INSUFFICIENT_SCOPE);
+            }
+            else if (e.response?.status === 429) {
                 console.error("Quota exhausted");
                 process.exit(EXIT_QUOTA_EXHAUSTED);
             }
@@ -52,14 +55,17 @@ export async function runRemoteScan(opts) {
     }
     else {
         try {
-            const { data } = await axios.post(`${API}/static/scan`, { repository_name: repo, branch_name: branch }, { headers: { "x-api-key": key } });
+            const { data } = await axios.post(`${API}/static/scan`, { repository_name: repo, branch_name: branch, scan_mode: opts.mode ?? "fast" }, { headers: { "x-api-key": key } });
             if (opts.skipInteractive)
                 return;
             const exitCode = await handleScanStatus(data.scan_id, { "x-api-key": key }, opts.format ?? "md", opts.quiet);
             process.exit(exitCode);
         }
         catch (e) {
-            if (e.response?.status === 429) {
+            if (handleScopeError(e)) {
+                process.exit(EXIT_INSUFFICIENT_SCOPE);
+            }
+            else if (e.response?.status === 429) {
                 process.exit(EXIT_QUOTA_EXHAUSTED);
             }
             else if (e.response?.data) {
@@ -81,6 +87,7 @@ function addRunOptions(cmd) {
         .option("-b, --branch <branch>", "branch (default: current else main)")
         .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
         .option("-f, --format <format>", "json | md", "md")
+        .option("-m, --mode <mode>", "scan mode: fast | plus", "fast")
         .option("--skip-interactive", "do not wait for scan to complete")
         .option("--quiet", "suppress status messages");
 }

package/dist/commands/mcp/server.js

@@ -7,6 +7,9 @@ import { GitleaksScanner } from "../../scanners/gitleaks.js";
 import { CommandInterceptor } from "../../core/command-interceptor.js";
 import { AuditLogger } from "../../core/audit-logger.js";
 import { ConfigManager } from "../../core/config-manager.js";
+import { createRequire } from "module";
+const _require = createRequire(import.meta.url);
+const { version: CLI_VERSION } = _require("../../../package.json");
 function formatScanResults(results) {
     return results.map(r => ({
         file: r.file,
@@ -25,7 +28,7 @@ function errorResult(message) {
     return { content: [{ type: "text", text: JSON.stringify({ error: message }) }], isError: true };
 }
 function createServer() {
-    const server = new Server({ name: "rafter", version: "0.5.0" }, { capabilities: { tools: {}, resources: {} } });
+    const server = new Server({ name: "rafter", version: CLI_VERSION }, { capabilities: { tools: {}, resources: {} } });
     // ── Tools ───────────────────────────────────────────────────────────
     server.setRequestHandler(ListToolsRequestSchema, async () => ({
         tools: [

package/dist/commands/scan/index.js

@@ -20,6 +20,7 @@ export function createScanGroupCommand() {
         .option("-b, --branch <branch>", "branch (default: current else main)")
         .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
         .option("-f, --format <format>", "json | md", "md")
+        .option("-m, --mode <mode>", "scan mode: fast | plus", "fast")
         .option("--skip-interactive", "do not wait for scan to complete")
         .option("--quiet", "suppress status messages")
         .action(async (opts) => {
@@ -28,10 +29,12 @@ export function createScanGroupCommand() {
     // Root scan group — default action is remote backend scan
     const scanGroup = new Command("scan")
         .description("Scan for security issues. Default: remote backend scan. Use 'scan local' for local secret scanning.")
+        .enablePositionalOptions()
         .option("-r, --repo <repo>", "org/repo (default: current)")
         .option("-b, --branch <branch>", "branch (default: current else main)")
         .option("-k, --api-key <key>", "API key or RAFTER_API_KEY env var")
         .option("-f, --format <format>", "json | md", "md")
+        .option("-m, --mode <mode>", "scan mode: fast | plus", "fast")
         .option("--skip-interactive", "do not wait for scan to complete")
         .option("--quiet", "suppress status messages");
     scanGroup.addCommand(localCmd);

package/dist/core/audit-logger.js

@@ -1,8 +1,104 @@
+import { randomBytes } from "crypto";
+import dns from "dns/promises";
 import fs from "fs";
+import net from "net";
 import path from "path";
 import { getAuditLogPath } from "./config-defaults.js";
 import { ConfigManager } from "./config-manager.js";
 import { assessCommandRisk } from "./risk-rules.js";
+/**
+ * Validate a webhook URL to prevent SSRF attacks.
+ * Rejects non-HTTP(S) schemes and URLs that resolve to private/internal IPs.
+ */
+export async function validateWebhookUrl(rawUrl) {
+    let parsed;
+    try {
+        parsed = new URL(rawUrl);
+    }
+    catch {
+        throw new Error(`Invalid webhook URL: ${rawUrl}`);
+    }
+    if (parsed.protocol !== "https:" && parsed.protocol !== "http:") {
+        throw new Error(`Webhook URL must use http or https, got ${parsed.protocol}`);
+    }
+    // URL.hostname keeps brackets for IPv6 (e.g. "[::1]") — strip them
+    let hostname = parsed.hostname;
+    if (hostname.startsWith("[") && hostname.endsWith("]")) {
+        hostname = hostname.slice(1, -1);
+    }
+    // If the hostname is already an IP, check it directly
+    if (net.isIP(hostname)) {
+        if (isPrivateIp(hostname)) {
+            throw new Error(`Webhook URL must not point to a private/internal address: ${hostname}`);
+        }
+        return;
+    }
+    // Resolve hostname and check all resulting IPs
+    let addresses;
+    try {
+        const results = await dns.resolve(hostname);
+        addresses = results;
+    }
+    catch {
+        throw new Error(`Could not resolve webhook hostname: ${hostname}`);
+    }
+    for (const addr of addresses) {
+        if (isPrivateIp(addr)) {
+            throw new Error(`Webhook URL must not point to a private/internal address: ${hostname} resolved to ${addr}`);
+        }
+    }
+}
+/**
+ * Check if an IP address belongs to a private, loopback, link-local, or
+ * cloud-metadata range.
+ */
+function isPrivateIp(ip) {
+    // IPv4 checks
+    if (net.isIPv4(ip)) {
+        const parts = ip.split(".").map(Number);
+        const [a, b] = parts;
+        // 127.0.0.0/8 — loopback
+        if (a === 127)
+            return true;
+        // 10.0.0.0/8 — private
+        if (a === 10)
+            return true;
+        // 172.16.0.0/12 — private
+        if (a === 172 && b >= 16 && b <= 31)
+            return true;
+        // 192.168.0.0/16 — private
+        if (a === 192 && b === 168)
+            return true;
+        // 169.254.0.0/16 — link-local / cloud metadata
+        if (a === 169 && b === 254)
+            return true;
+        // 0.0.0.0
+        if (a === 0)
+            return true;
+        return false;
+    }
+    // IPv6 checks
+    const lower = ip.toLowerCase();
+    // ::1 — loopback
+    if (lower === "::1")
+        return true;
+    // :: — unspecified
+    if (lower === "::")
+        return true;
+    // fe80::/10 — link-local
+    if (lower.startsWith("fe80:"))
+        return true;
+    // fc00::/7 — unique local (ULA)
+    if (lower.startsWith("fc") || lower.startsWith("fd"))
+        return true;
+    // ::ffff:127.0.0.1 etc — IPv4-mapped IPv6
+    if (lower.startsWith("::ffff:")) {
+        const mapped = lower.slice(7);
+        if (net.isIPv4(mapped))
+            return isPrivateIp(mapped);
+    }
+    return false;
+}
 export const RISK_SEVERITY = {
     low: 0,
     medium: 1,
@@ -17,7 +113,7 @@ export class AuditLogger {
         // Ensure log directory exists
         const dir = path.dirname(this.logPath);
         if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, { recursive: true });
+            fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
         }
     }
     /**
@@ -36,7 +132,7 @@ export class AuditLogger {
         };
         // Append to log file
         const line = JSON.stringify(fullEntry) + "\n";
-        fs.appendFileSync(this.logPath, line, "utf-8");
+        fs.appendFileSync(this.logPath, line, { encoding: "utf-8", mode: 0o600 });
         // Send webhook notification if configured and risk meets threshold
         this.sendNotification(fullEntry, config);
     }
@@ -64,13 +160,16 @@ export class AuditLogger {
             content: `[rafter] ${eventRisk}-risk event: ${entry.eventType}${entry.action?.command ? ` — ${entry.action.command}` : ""}`,
         };
         // Fire-and-forget POST — never block audit logging
-        fetch(webhookUrl, {
+        // Validate URL to prevent SSRF before making the request
+        validateWebhookUrl(webhookUrl)
+            .then(() => fetch(webhookUrl, {
             method: "POST",
             headers: { "Content-Type": "application/json" },
             body: JSON.stringify(payload),
             signal: AbortSignal.timeout(5000),
-        }).catch(() => {
-            // Silently ignore webhook failures
+        }))
+            .catch(() => {
+            // Silently ignore webhook failures (including validation rejections)
         });
     }
     /**
@@ -196,13 +295,13 @@ export class AuditLogger {
         const filtered = entries.filter(e => new Date(e.timestamp) >= cutoffDate);
         // Rewrite log file with only retained entries
         const content = filtered.map(e => JSON.stringify(e)).join("\n") + "\n";
-        fs.writeFileSync(this.logPath, content, "utf-8");
+        fs.writeFileSync(this.logPath, content, { encoding: "utf-8", mode: 0o600 });
     }
     /**
      * Generate a unique session ID
      */
     generateSessionId() {
-        return `${Date.now()}-${Math.random().toString(36).substring(7)}`;
+        return `${Date.now()}-${randomBytes(8).toString("hex")}`;
     }
     /**
      * Assess risk level of a command

package/dist/core/config-manager.js

@@ -2,6 +2,101 @@ import fs from "fs";
 import path from "path";
 import { getDefaultConfig, getConfigPath, getRafterDir, CONFIG_VERSION } from "./config-defaults.js";
 import { loadPolicy } from "./policy-loader.js";
+const VALID_RISK_LEVELS = new Set(["minimal", "moderate", "aggressive"]);
+const VALID_COMMAND_MODES = new Set(["allow-all", "approve-dangerous", "deny-list"]);
+const VALID_LOG_LEVELS = new Set(["debug", "info", "warn", "error"]);
+/**
+ * Validate a parsed config JSON object, warning and falling back to defaults for invalid fields.
+ */
+function validateConfig(raw) {
+    if (!raw || typeof raw !== "object") {
+        console.error("Warning: config file is not a JSON object — using defaults.");
+        return getDefaultConfig();
+    }
+    const defaults = getDefaultConfig();
+    // Top-level scalars
+    if (raw.version !== undefined && typeof raw.version !== "string") {
+        console.error('Warning: config "version" must be a string — using default.');
+        raw.version = defaults.version;
+    }
+    if (raw.initialized !== undefined && typeof raw.initialized !== "string") {
+        console.error('Warning: config "initialized" must be a string — using default.');
+        raw.initialized = defaults.initialized;
+    }
+    const agent = raw.agent;
+    if (agent && typeof agent === "object") {
+        // riskLevel
+        if (agent.riskLevel !== undefined && !VALID_RISK_LEVELS.has(agent.riskLevel)) {
+            console.error(`Warning: config "agent.riskLevel" must be one of: minimal, moderate, aggressive — using default.`);
+            agent.riskLevel = defaults.agent.riskLevel;
+        }
+        // commandPolicy
+        const cp = agent.commandPolicy;
+        if (cp && typeof cp === "object") {
+            if (cp.mode !== undefined && !VALID_COMMAND_MODES.has(cp.mode)) {
+                console.error(`Warning: config "agent.commandPolicy.mode" must be one of: allow-all, approve-dangerous, deny-list — using default.`);
+                cp.mode = defaults.agent.commandPolicy.mode;
+            }
+            if (cp.blockedPatterns !== undefined && (!Array.isArray(cp.blockedPatterns) || !cp.blockedPatterns.every((v) => typeof v === "string"))) {
+                console.error('Warning: config "agent.commandPolicy.blockedPatterns" must be an array of strings — using default.');
+                cp.blockedPatterns = [...defaults.agent.commandPolicy.blockedPatterns];
+            }
+            if (cp.requireApproval !== undefined && (!Array.isArray(cp.requireApproval) || !cp.requireApproval.every((v) => typeof v === "string"))) {
+                console.error('Warning: config "agent.commandPolicy.requireApproval" must be an array of strings — using default.');
+                cp.requireApproval = [...defaults.agent.commandPolicy.requireApproval];
+            }
+        }
+        // audit
+        const audit = agent.audit;
+        if (audit && typeof audit === "object") {
+            if (audit.retentionDays !== undefined && (typeof audit.retentionDays !== "number" || isNaN(audit.retentionDays))) {
+                console.error('Warning: config "agent.audit.retentionDays" must be a number — using default.');
+                audit.retentionDays = defaults.agent.audit.retentionDays;
+            }
+            if (audit.logLevel !== undefined && !VALID_LOG_LEVELS.has(audit.logLevel)) {
+                console.error(`Warning: config "agent.audit.logLevel" must be one of: debug, info, warn, error — using default.`);
+                audit.logLevel = defaults.agent.audit.logLevel;
+            }
+        }
+        // outputFiltering
+        const of = agent.outputFiltering;
+        if (of && typeof of === "object") {
+            if (of.redactSecrets !== undefined && typeof of.redactSecrets !== "boolean") {
+                console.error('Warning: config "agent.outputFiltering.redactSecrets" must be a boolean — using default.');
+                of.redactSecrets = defaults.agent.outputFiltering.redactSecrets;
+            }
+            if (of.blockPatterns !== undefined && typeof of.blockPatterns !== "boolean") {
+                console.error('Warning: config "agent.outputFiltering.blockPatterns" must be a boolean — using default.');
+                of.blockPatterns = defaults.agent.outputFiltering.blockPatterns;
+            }
+        }
+        // scan.customPatterns — validate regex compilation
+        const scan = agent.scan;
+        if (scan && typeof scan === "object") {
+            if (scan.excludePaths !== undefined && (!Array.isArray(scan.excludePaths) || !scan.excludePaths.every((v) => typeof v === "string"))) {
+                console.error('Warning: config "agent.scan.excludePaths" must be an array of strings — using default.');
+                delete scan.excludePaths;
+            }
+            if (Array.isArray(scan.customPatterns)) {
+                scan.customPatterns = scan.customPatterns.filter((p) => {
+                    if (!p || typeof p !== "object" || typeof p.name !== "string" || !p.name || typeof p.regex !== "string" || !p.regex) {
+                        console.error(`Warning: skipping malformed scan.customPatterns entry — must have name and regex.`);
+                        return false;
+                    }
+                    try {
+                        new RegExp(p.regex);
+                    }
+                    catch {
+                        console.error(`Warning: skipping custom pattern "${p.name}" — invalid regex.`);
+                        return false;
+                    }
+                    return true;
+                });
+            }
+        }
+    }
+    return raw;
+}
 export class ConfigManager {
     constructor(configPath) {
         this.configPath = configPath || getConfigPath();
@@ -15,7 +110,8 @@ export class ConfigManager {
         }
         try {
             const content = fs.readFileSync(this.configPath, "utf-8");
-            const config = JSON.parse(content);
+            const parsed = JSON.parse(content);
+            const config = validateConfig(parsed);
             // Migrate config if needed
             return this.migrate(config);
         }

package/dist/core/custom-patterns.js

@@ -4,6 +4,7 @@
  */
 import fs from "fs";
 import path from "path";
+import { minimatch } from "minimatch";
 import { getRafterDir } from "./config-defaults.js";
 // ---------------------------------------------------------------------------
 // Custom pattern loading
@@ -69,12 +70,24 @@ function loadJsonPatterns(file) {
             return [];
         const patterns = [];
         for (const entry of data) {
-            if (typeof entry.pattern !== "string")
+            if (typeof entry.pattern !== "string" || !entry.pattern)
                 continue;
+            try {
+                new RegExp(entry.pattern);
+            }
+            catch {
+                console.error(`Warning: skipping custom pattern in ${path.basename(file)} — invalid regex: ${entry.pattern}`);
+                continue;
+            }
+            const severity = entry.severity ?? "high";
+            if (!["low", "medium", "high", "critical"].includes(severity)) {
+                console.error(`Warning: skipping custom pattern in ${path.basename(file)} — invalid severity: ${severity}`);
+                continue;
+            }
             patterns.push({
                 name: entry.name ?? `Custom (${path.basename(file, ".json")})`,
                 regex: entry.pattern,
-                severity: entry.severity ?? "high",
+                severity: severity,
                 description: entry.description,
             });
         }
@@ -135,23 +148,13 @@ export function isSuppressed(filePath, patternName, suppressions) {
     return false;
 }
 /**
- * Minimal glob matcher: supports * (within segment) and ** (cross-segment).
- * Not full micromatch — covers the 90% case for .rafterignore.
+ * Match a file path against a glob pattern using minimatch.
+ *
+ * Uses `matchBase` so bare patterns like "*.env" match against the basename
+ * (e.g. "config/.env"), and `dot` so dotfiles are included.
  */
 function matchGlob(glob, filePath) {
-    // Normalise separators
     const g = glob.replace(/\\/g, "/");
     const f = filePath.replace(/\\/g, "/");
-    // Escape regex special chars except * which we handle specially
-    const escaped = g
-        .replace(/[.+^${}()|[\]\\]/g, "\\$&")
-        .replace(/\*\*/g, "\x00") // placeholder for **
-        .replace(/\*/g, "[^/]*") // * = anything within one segment
-        .replace(/\x00/g, ".*"); // ** = anything including /
-    try {
-        return new RegExp(`(^|/)${escaped}(/|$)`).test(f);
-    }
-    catch {
-        return false;
-    }
+    return minimatch(f, g, { dot: true, matchBase: true });
 }

package/dist/core/policy-loader.js

@@ -136,10 +136,33 @@ function validatePolicy(policy, raw) {
             }
         }
         if (policy.scan.customPatterns !== undefined) {
-            if (!Array.isArray(policy.scan.customPatterns) || !policy.scan.customPatterns.every((v) => v && typeof v === "object" && typeof v.name === "string" && v.name !== "" && typeof v.regex === "string" && v.regex !== "" && typeof v.severity === "string")) {
-                console.error(`Warning: "scan.custom_patterns" must be an array of objects with name, regex, severity — ignoring.`);
+            if (!Array.isArray(policy.scan.customPatterns)) {
+                console.error(`Warning: "scan.custom_patterns" must be an array — ignoring.`);
                 delete policy.scan.customPatterns;
             }
+            else {
+                const valid = [];
+                for (const v of policy.scan.customPatterns) {
+                    if (!v || typeof v !== "object" || typeof v.name !== "string" || !v.name || typeof v.regex !== "string" || !v.regex || typeof v.severity !== "string") {
+                        console.error(`Warning: skipping malformed custom_patterns entry — must have name, regex, severity.`);
+                        continue;
+                    }
+                    try {
+                        new RegExp(v.regex);
+                    }
+                    catch {
+                        console.error(`Warning: skipping custom pattern "${v.name}" — invalid regex.`);
+                        continue;
+                    }
+                    valid.push(v);
+                }
+                if (valid.length > 0) {
+                    policy.scan.customPatterns = valid;
+                }
+                else {
+                    delete policy.scan.customPatterns;
+                }
+            }
         }
     }
     if (policy.audit) {