@vigolium/piolium 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +117 -0
- package/agents/access-auditor.md +300 -0
- package/agents/assumption-breaker.md +154 -0
- package/agents/attack-designer.md +116 -0
- package/agents/code-scanner.md +139 -0
- package/agents/concurrency-auditor.md +238 -0
- package/agents/confirm-writer.md +257 -0
- package/agents/context-reviewer.md +274 -0
- package/agents/cross-verifier.md +165 -0
- package/agents/cve-scout.md +381 -0
- package/agents/env-builder.md +282 -0
- package/agents/env-profiler.md +205 -0
- package/agents/evidence-collector.md +140 -0
- package/agents/finding-grader.md +142 -0
- package/agents/finding-writer.md +148 -0
- package/agents/flow-tracer.md +106 -0
- package/agents/goal-backtracer.md +146 -0
- package/agents/history-miner.md +467 -0
- package/agents/independent-verifier.md +118 -0
- package/agents/intent-mapper.md +183 -0
- package/agents/longshot-collector.md +128 -0
- package/agents/longshot-prober.md +126 -0
- package/agents/patch-auditor.md +73 -0
- package/agents/poc-author.md +124 -0
- package/agents/poc-runner.md +194 -0
- package/agents/probe-lead.md +269 -0
- package/agents/red-challenger.md +101 -0
- package/agents/report-composer.md +208 -0
- package/agents/review-adjudicator.md +216 -0
- package/agents/spec-auditor.md +155 -0
- package/agents/taint-tracer.md +265 -0
- package/agents/test-locator.md +209 -0
- package/agents/threat-modeler.md +132 -0
- package/agents/variant-scanner.md +108 -0
- package/agents/variant-spotter.md +110 -0
- package/bin/piolium.mjs +376 -0
- package/extensions/piolium/_vendor/yaml.bundle.d.mts +6 -0
- package/extensions/piolium/_vendor/yaml.bundle.mjs +139 -0
- package/extensions/piolium/agent-runner.ts +322 -0
- package/extensions/piolium/agents.ts +266 -0
- package/extensions/piolium/audit-state.ts +522 -0
- package/extensions/piolium/bundled-resources.ts +97 -0
- package/extensions/piolium/candidate-scan.ts +966 -0
- package/extensions/piolium/command-target.ts +177 -0
- package/extensions/piolium/console-stream.ts +57 -0
- package/extensions/piolium/export-results.ts +380 -0
- package/extensions/piolium/findings.ts +448 -0
- package/extensions/piolium/heartbeat.ts +182 -0
- package/extensions/piolium/help.ts +234 -0
- package/extensions/piolium/index.ts +1865 -0
- package/extensions/piolium/longshot.ts +530 -0
- package/extensions/piolium/matcher-suggestions.ts +196 -0
- package/extensions/piolium/matcher-utils.ts +83 -0
- package/extensions/piolium/modes/balanced.ts +750 -0
- package/extensions/piolium/modes/confirm-bootstrap.ts +186 -0
- package/extensions/piolium/modes/confirm.ts +697 -0
- package/extensions/piolium/modes/deep.ts +917 -0
- package/extensions/piolium/modes/diff.ts +177 -0
- package/extensions/piolium/modes/lite.ts +540 -0
- package/extensions/piolium/modes/longshot.ts +595 -0
- package/extensions/piolium/modes/merge.ts +204 -0
- package/extensions/piolium/modes/phase-runner.ts +267 -0
- package/extensions/piolium/modes/reinvest.ts +546 -0
- package/extensions/piolium/modes/revisit.ts +279 -0
- package/extensions/piolium/modes.ts +48 -0
- package/extensions/piolium/phase-labels.ts +123 -0
- package/extensions/piolium/phase-status-strip.ts +92 -0
- package/extensions/piolium/prompt-prefix-editor.ts +39 -0
- package/extensions/piolium/providers/anthropic-vertex.ts +836 -0
- package/extensions/piolium/recon.ts +409 -0
- package/extensions/piolium/result-stats.ts +105 -0
- package/extensions/piolium/retry.ts +120 -0
- package/extensions/piolium/scheduler.ts +212 -0
- package/extensions/piolium/secrets.ts +368 -0
- package/extensions/piolium/tools/web-tools.ts +148 -0
- package/package.json +77 -0
- package/skills/agentic-actions-auditor/SKILL.md +327 -0
- package/skills/agentic-actions-auditor/references/action-profiles.md +186 -0
- package/skills/agentic-actions-auditor/references/cross-file-resolution.md +209 -0
- package/skills/agentic-actions-auditor/references/foundations.md +94 -0
- package/skills/agentic-actions-auditor/references/vector-a-env-var-intermediary.md +77 -0
- package/skills/agentic-actions-auditor/references/vector-b-direct-expression-injection.md +83 -0
- package/skills/agentic-actions-auditor/references/vector-c-cli-data-fetch.md +83 -0
- package/skills/agentic-actions-auditor/references/vector-d-pr-target-checkout.md +88 -0
- package/skills/agentic-actions-auditor/references/vector-e-error-log-injection.md +88 -0
- package/skills/agentic-actions-auditor/references/vector-f-subshell-expansion.md +82 -0
- package/skills/agentic-actions-auditor/references/vector-g-eval-of-ai-output.md +91 -0
- package/skills/agentic-actions-auditor/references/vector-h-dangerous-sandbox-configs.md +102 -0
- package/skills/agentic-actions-auditor/references/vector-i-wildcard-allowlists.md +88 -0
- package/skills/audit/SKILL.md +562 -0
- package/skills/audit/assets/icon.svg +7 -0
- package/skills/audit/hooks/scripts/validate_phase_output.py +550 -0
- package/skills/audit/references/adversarial-review.md +148 -0
- package/skills/audit/references/architecture-aware-sast.md +306 -0
- package/skills/audit/references/audit-workflow.md +737 -0
- package/skills/audit/references/chamber-protocol.md +384 -0
- package/skills/audit/references/creative-attack-modes.md +221 -0
- package/skills/audit/references/deep-analysis.md +273 -0
- package/skills/audit/references/domain-attack-playbooks.md +1129 -0
- package/skills/audit/references/knowledge-base-template.md +513 -0
- package/skills/audit/references/real-env-validation.md +191 -0
- package/skills/audit/references/report-templates.md +417 -0
- package/skills/audit/references/triage-and-prereqs.md +134 -0
- package/skills/audit/scripts/consolidate_drafts.py +554 -0
- package/skills/audit/scripts/partition_findings.py +152 -0
- package/skills/audit/scripts/rg-hotspots.sh +121 -0
- package/skills/audit/scripts/stamp_file_state.py +349 -0
- package/skills/code-reviewer/SKILL.md +65 -0
- package/skills/codeql/SKILL.md +281 -0
- package/skills/codeql/references/build-fixes.md +90 -0
- package/skills/codeql/references/diagnostic-query-templates.md +339 -0
- package/skills/codeql/references/extension-yaml-format.md +209 -0
- package/skills/codeql/references/important-only-suite.md +153 -0
- package/skills/codeql/references/language-details.md +207 -0
- package/skills/codeql/references/macos-arm64e-workaround.md +179 -0
- package/skills/codeql/references/performance-tuning.md +111 -0
- package/skills/codeql/references/quality-assessment.md +172 -0
- package/skills/codeql/references/ruleset-catalog.md +63 -0
- package/skills/codeql/references/run-all-suite.md +92 -0
- package/skills/codeql/references/sarif-processing.md +79 -0
- package/skills/codeql/references/threat-models.md +51 -0
- package/skills/codeql/workflows/build-database.md +280 -0
- package/skills/codeql/workflows/create-data-extensions.md +261 -0
- package/skills/codeql/workflows/run-analysis.md +301 -0
- package/skills/differential-review/SKILL.md +220 -0
- package/skills/differential-review/adversarial.md +203 -0
- package/skills/differential-review/methodology.md +234 -0
- package/skills/differential-review/patterns.md +300 -0
- package/skills/differential-review/reporting.md +369 -0
- package/skills/fp-check/SKILL.md +125 -0
- package/skills/fp-check/references/bug-class-verification.md +114 -0
- package/skills/fp-check/references/deep-verification.md +143 -0
- package/skills/fp-check/references/evidence-templates.md +91 -0
- package/skills/fp-check/references/false-positive-patterns.md +115 -0
- package/skills/fp-check/references/gate-reviews.md +27 -0
- package/skills/fp-check/references/standard-verification.md +78 -0
- package/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/last30days/SKILL.md +444 -0
- package/skills/sarif-parsing/SKILL.md +483 -0
- package/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/security-threat-model/LICENSE.txt +201 -0
- package/skills/security-threat-model/SKILL.md +81 -0
- package/skills/security-threat-model/agents/openai.yaml +4 -0
- package/skills/security-threat-model/references/prompt-template.md +255 -0
- package/skills/security-threat-model/references/security-controls-and-assets.md +32 -0
- package/skills/semgrep/SKILL.md +212 -0
- package/skills/semgrep/references/rulesets.md +162 -0
- package/skills/semgrep/references/scan-modes.md +110 -0
- package/skills/semgrep/references/scanner-task-prompt.md +140 -0
- package/skills/semgrep/scripts/merge_sarif.py +203 -0
- package/skills/semgrep/workflows/scan-workflow.md +311 -0
- package/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/references/quick-reference.md +202 -0
- package/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/spec-to-code-compliance/SKILL.md +357 -0
- package/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/supply-chain-risk-auditor/SKILL.md +67 -0
- package/skills/supply-chain-risk-auditor/resources/results-template.md +41 -0
- package/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/vuln-report/SKILL.md +137 -0
- package/skills/vuln-report/agents/openai.yaml +4 -0
- package/skills/vuln-report/references/report-template.md +135 -0
- package/skills/wooyun-legacy/SKILL.md +367 -0
- package/skills/wooyun-legacy/references/bank-penetration.md +222 -0
- package/skills/wooyun-legacy/references/checklists/command-execution-checklist.md +119 -0
- package/skills/wooyun-legacy/references/checklists/csrf-checklist.md +74 -0
- package/skills/wooyun-legacy/references/checklists/file-upload-checklist.md +108 -0
- package/skills/wooyun-legacy/references/checklists/info-disclosure-checklist.md +114 -0
- package/skills/wooyun-legacy/references/checklists/logic-flaws-checklist.md +95 -0
- package/skills/wooyun-legacy/references/checklists/misconfig-checklist.md +124 -0
- package/skills/wooyun-legacy/references/checklists/path-traversal-checklist.md +87 -0
- package/skills/wooyun-legacy/references/checklists/rce-checklist.md +93 -0
- package/skills/wooyun-legacy/references/checklists/sql-injection-checklist.md +97 -0
- package/skills/wooyun-legacy/references/checklists/ssrf-checklist.md +99 -0
- package/skills/wooyun-legacy/references/checklists/unauthorized-access-checklist.md +89 -0
- package/skills/wooyun-legacy/references/checklists/weak-password-checklist.md +115 -0
- package/skills/wooyun-legacy/references/checklists/xss-checklist.md +103 -0
- package/skills/wooyun-legacy/references/checklists/xxe-checklist.md +130 -0
- package/skills/wooyun-legacy/references/info-disclosure.md +975 -0
- package/skills/wooyun-legacy/references/logic-flaws.md +721 -0
- package/skills/wooyun-legacy/references/path-traversal.md +1191 -0
- package/skills/wooyun-legacy/references/telecom-penetration.md +156 -0
- package/skills/wooyun-legacy/references/unauthorized-access.md +980 -0
- package/skills/wooyun-legacy/references/xss.md +746 -0
- package/skills/zeroize-audit/SKILL.md +371 -0
- package/skills/zeroize-audit/configs/c.yaml +21 -0
- package/skills/zeroize-audit/configs/default.yaml +128 -0
- package/skills/zeroize-audit/configs/rust.yaml +83 -0
- package/skills/zeroize-audit/prompts/report_template.md +238 -0
- package/skills/zeroize-audit/prompts/system.md +163 -0
- package/skills/zeroize-audit/prompts/task.md +97 -0
- package/skills/zeroize-audit/references/compile-commands.md +231 -0
- package/skills/zeroize-audit/references/detection-strategy.md +191 -0
- package/skills/zeroize-audit/references/ir-analysis.md +252 -0
- package/skills/zeroize-audit/references/mcp-analysis.md +221 -0
- package/skills/zeroize-audit/references/poc-generation.md +470 -0
- package/skills/zeroize-audit/references/rust-zeroization-patterns.md +867 -0
- package/skills/zeroize-audit/schemas/input.json +83 -0
- package/skills/zeroize-audit/schemas/output.json +140 -0
- package/skills/zeroize-audit/tools/analyze_asm.sh +202 -0
- package/skills/zeroize-audit/tools/analyze_cfg.py +381 -0
- package/skills/zeroize-audit/tools/analyze_heap.sh +211 -0
- package/skills/zeroize-audit/tools/analyze_ir_semantic.py +429 -0
- package/skills/zeroize-audit/tools/diff_ir.sh +135 -0
- package/skills/zeroize-audit/tools/diff_rust_mir.sh +189 -0
- package/skills/zeroize-audit/tools/emit_asm.sh +67 -0
- package/skills/zeroize-audit/tools/emit_ir.sh +77 -0
- package/skills/zeroize-audit/tools/emit_rust_asm.sh +178 -0
- package/skills/zeroize-audit/tools/emit_rust_ir.sh +150 -0
- package/skills/zeroize-audit/tools/emit_rust_mir.sh +158 -0
- package/skills/zeroize-audit/tools/extract_compile_flags.py +284 -0
- package/skills/zeroize-audit/tools/generate_poc.py +1329 -0
- package/skills/zeroize-audit/tools/mcp/apply_confidence_gates.py +113 -0
- package/skills/zeroize-audit/tools/mcp/check_mcp.sh +68 -0
- package/skills/zeroize-audit/tools/mcp/normalize_mcp_evidence.py +125 -0
- package/skills/zeroize-audit/tools/scripts/check_llvm_patterns.py +481 -0
- package/skills/zeroize-audit/tools/scripts/check_mir_patterns.py +554 -0
- package/skills/zeroize-audit/tools/scripts/check_rust_asm.py +424 -0
- package/skills/zeroize-audit/tools/scripts/check_rust_asm_aarch64.py +300 -0
- package/skills/zeroize-audit/tools/scripts/check_rust_asm_x86.py +283 -0
- package/skills/zeroize-audit/tools/scripts/find_dangerous_apis.py +375 -0
- package/skills/zeroize-audit/tools/scripts/semantic_audit.py +923 -0
- package/skills/zeroize-audit/tools/track_dataflow.sh +196 -0
- package/skills/zeroize-audit/tools/validate_rust_toolchain.sh +298 -0
- package/skills/zeroize-audit/workflows/phase-0-preflight.md +150 -0
- package/skills/zeroize-audit/workflows/phase-1-source-analysis.md +144 -0
- package/skills/zeroize-audit/workflows/phase-2-compiler-analysis.md +139 -0
- package/skills/zeroize-audit/workflows/phase-3-interim-report.md +46 -0
- package/skills/zeroize-audit/workflows/phase-4-poc-generation.md +46 -0
- package/skills/zeroize-audit/workflows/phase-5-poc-validation.md +136 -0
- package/skills/zeroize-audit/workflows/phase-6-final-report.md +44 -0
- package/skills/zeroize-audit/workflows/phase-7-test-generation.md +42 -0
- package/themes/piolium-srcery.json +94 -0
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
# /// script
|
|
3
|
+
# requires-python = ">=3.11"
|
|
4
|
+
# dependencies = []
|
|
5
|
+
# ///
|
|
6
|
+
"""
|
|
7
|
+
Apply strict confidence gates to zeroize-audit findings.
|
|
8
|
+
"""
|
|
9
|
+
|
|
10
|
+
import argparse
|
|
11
|
+
import json
|
|
12
|
+
import sys
|
|
13
|
+
from pathlib import Path
|
|
14
|
+
from typing import Any
|
|
15
|
+
|
|
16
|
+
ADVANCED_MCP_CATEGORIES = {
|
|
17
|
+
"SECRET_COPY",
|
|
18
|
+
"MISSING_ON_ERROR_PATH",
|
|
19
|
+
"NOT_DOMINATING_EXITS",
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
ASM_REQUIRED_CATEGORIES = {
|
|
23
|
+
"STACK_RETENTION",
|
|
24
|
+
"REGISTER_SPILL",
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
def _has_compiler_evidence(finding: dict[str, Any]) -> bool:
|
|
29
|
+
ce = finding.get("compiler_evidence")
|
|
30
|
+
if not isinstance(ce, dict):
|
|
31
|
+
return False
|
|
32
|
+
return any(ce.get(key) for key in ("o0", "o2", "diff_summary"))
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
def _has_marker(text: str, marker: str) -> bool:
|
|
36
|
+
return marker in text.lower()
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
def apply_gates(
|
|
40
|
+
report: dict[str, Any],
|
|
41
|
+
mcp_available: bool,
|
|
42
|
+
require_mcp_for_advanced: bool,
|
|
43
|
+
) -> dict[str, Any]:
|
|
44
|
+
findings: list[dict[str, Any]] = report.get("findings", [])
|
|
45
|
+
|
|
46
|
+
for finding in findings:
|
|
47
|
+
category = finding.get("category")
|
|
48
|
+
evidence = (finding.get("evidence") or "").lower()
|
|
49
|
+
|
|
50
|
+
if category in {"OPTIMIZED_AWAY_ZEROIZE"} and not _has_compiler_evidence(finding):
|
|
51
|
+
finding["needs_review"] = True
|
|
52
|
+
finding["evidence"] = (
|
|
53
|
+
finding.get("evidence", "")
|
|
54
|
+
+ " [gated: missing IR/ASM evidence for optimized-away claim]"
|
|
55
|
+
).strip()
|
|
56
|
+
|
|
57
|
+
if category in ASM_REQUIRED_CATEGORIES and not _has_marker(evidence, "asm"):
|
|
58
|
+
finding["needs_review"] = True
|
|
59
|
+
finding["evidence"] = (
|
|
60
|
+
finding.get("evidence", "") + " [gated: missing assembly evidence]"
|
|
61
|
+
).strip()
|
|
62
|
+
|
|
63
|
+
if require_mcp_for_advanced and not mcp_available and category in ADVANCED_MCP_CATEGORIES:
|
|
64
|
+
finding["needs_review"] = True
|
|
65
|
+
finding["evidence"] = (
|
|
66
|
+
finding.get("evidence", "")
|
|
67
|
+
+ " [gated: MCP unavailable for advanced semantic finding]"
|
|
68
|
+
).strip()
|
|
69
|
+
|
|
70
|
+
summary = report.get("summary", {})
|
|
71
|
+
if isinstance(summary, dict):
|
|
72
|
+
summary["issues_found"] = len(findings)
|
|
73
|
+
|
|
74
|
+
return report
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
def main() -> None:
|
|
78
|
+
parser = argparse.ArgumentParser(description="Apply zeroize-audit confidence gates")
|
|
79
|
+
parser.add_argument("--input", required=True, help="Input output.json path")
|
|
80
|
+
parser.add_argument("--out", required=True, help="Output path")
|
|
81
|
+
parser.add_argument(
|
|
82
|
+
"--mcp-available",
|
|
83
|
+
action="store_true",
|
|
84
|
+
help="Set when MCP semantic evidence is available",
|
|
85
|
+
)
|
|
86
|
+
parser.add_argument(
|
|
87
|
+
"--require-mcp-for-advanced",
|
|
88
|
+
action="store_true",
|
|
89
|
+
help="Downgrade advanced findings when MCP is unavailable",
|
|
90
|
+
)
|
|
91
|
+
args = parser.parse_args()
|
|
92
|
+
|
|
93
|
+
report = json.loads(Path(args.input).read_text())
|
|
94
|
+
if not isinstance(report, dict):
|
|
95
|
+
print(
|
|
96
|
+
f"Error: expected JSON object in {args.input}, got {type(report).__name__}",
|
|
97
|
+
file=sys.stderr,
|
|
98
|
+
)
|
|
99
|
+
sys.exit(1)
|
|
100
|
+
updated = apply_gates(
|
|
101
|
+
report=report,
|
|
102
|
+
mcp_available=args.mcp_available,
|
|
103
|
+
require_mcp_for_advanced=args.require_mcp_for_advanced,
|
|
104
|
+
)
|
|
105
|
+
|
|
106
|
+
out_path = Path(args.out)
|
|
107
|
+
out_path.parent.mkdir(parents=True, exist_ok=True)
|
|
108
|
+
out_path.write_text(json.dumps(updated, indent=2) + "\n")
|
|
109
|
+
print(f"OK: wrote gated report to {out_path}")
|
|
110
|
+
|
|
111
|
+
|
|
112
|
+
if __name__ == "__main__":
|
|
113
|
+
main()
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
#!/usr/bin/env bash
|
|
2
|
+
set -euo pipefail
|
|
3
|
+
|
|
4
|
+
# Probe for Serena MCP server availability.
|
|
5
|
+
#
|
|
6
|
+
# Usage:
|
|
7
|
+
# check_mcp.sh
|
|
8
|
+
# check_mcp.sh --compile-db compile_commands.json
|
|
9
|
+
|
|
10
|
+
usage() {
|
|
11
|
+
echo "Usage: $0 [--compile-db compile_commands.json]" >&2
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
COMPILE_DB=""
|
|
15
|
+
|
|
16
|
+
while [[ $# -gt 0 ]]; do
|
|
17
|
+
case "$1" in
|
|
18
|
+
--compile-db)
|
|
19
|
+
COMPILE_DB="$2"
|
|
20
|
+
shift 2
|
|
21
|
+
;;
|
|
22
|
+
*)
|
|
23
|
+
echo "Unknown arg: $1" >&2
|
|
24
|
+
usage
|
|
25
|
+
exit 2
|
|
26
|
+
;;
|
|
27
|
+
esac
|
|
28
|
+
done
|
|
29
|
+
|
|
30
|
+
missing=()
|
|
31
|
+
if ! command -v "uvx" >/dev/null 2>&1; then
|
|
32
|
+
missing+=("uvx")
|
|
33
|
+
fi
|
|
34
|
+
|
|
35
|
+
compile_db_status="not_checked"
|
|
36
|
+
if [[ -n "$COMPILE_DB" ]]; then
|
|
37
|
+
if [[ -f "$COMPILE_DB" ]]; then
|
|
38
|
+
compile_db_status="present"
|
|
39
|
+
else
|
|
40
|
+
compile_db_status="missing"
|
|
41
|
+
fi
|
|
42
|
+
fi
|
|
43
|
+
|
|
44
|
+
if [[ ${#missing[@]} -eq 0 ]]; then
|
|
45
|
+
cat <<EOF
|
|
46
|
+
{
|
|
47
|
+
"mcp_available": true,
|
|
48
|
+
"mcp_server": "serena",
|
|
49
|
+
"uvx_present": true,
|
|
50
|
+
"compile_db_status": "${compile_db_status}",
|
|
51
|
+
"missing_tools": []
|
|
52
|
+
}
|
|
53
|
+
EOF
|
|
54
|
+
exit 0
|
|
55
|
+
fi
|
|
56
|
+
|
|
57
|
+
missing_json=$(printf '"%s",' "${missing[@]}" | sed 's/,$//')
|
|
58
|
+
|
|
59
|
+
cat <<EOF
|
|
60
|
+
{
|
|
61
|
+
"mcp_available": false,
|
|
62
|
+
"mcp_server": "serena",
|
|
63
|
+
"compile_db_status": "${compile_db_status}",
|
|
64
|
+
"missing_tools": [${missing_json}],
|
|
65
|
+
"message": "Serena MCP server unavailable (uvx not found); advanced findings must be downgraded to needs_review."
|
|
66
|
+
}
|
|
67
|
+
EOF
|
|
68
|
+
exit 1
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
# /// script
|
|
3
|
+
# requires-python = ">=3.11"
|
|
4
|
+
# dependencies = []
|
|
5
|
+
# ///
|
|
6
|
+
"""
|
|
7
|
+
Normalize Serena MCP semantic-analysis output into consistent evidence records.
|
|
8
|
+
|
|
9
|
+
Serena returns structured results with file, line, symbol, and kind fields.
|
|
10
|
+
This normalizer produces a consistent schema consumed by the zeroize-audit
|
|
11
|
+
confidence gating and evidence scoring pipeline.
|
|
12
|
+
"""
|
|
13
|
+
|
|
14
|
+
import argparse
|
|
15
|
+
import json
|
|
16
|
+
import sys
|
|
17
|
+
from collections import Counter
|
|
18
|
+
from pathlib import Path
|
|
19
|
+
from typing import Any
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
def _load_payload(input_path: str) -> Any:
|
|
23
|
+
if input_path:
|
|
24
|
+
try:
|
|
25
|
+
return json.loads(Path(input_path).read_text(encoding="utf-8"))
|
|
26
|
+
except (OSError, json.JSONDecodeError) as e:
|
|
27
|
+
print(f"Error reading {input_path}: {e}", file=sys.stderr)
|
|
28
|
+
sys.exit(1)
|
|
29
|
+
if sys.stdin.isatty():
|
|
30
|
+
print("Error: no --input specified and stdin is a terminal", file=sys.stderr)
|
|
31
|
+
sys.exit(2)
|
|
32
|
+
try:
|
|
33
|
+
return json.load(sys.stdin)
|
|
34
|
+
except json.JSONDecodeError as e:
|
|
35
|
+
print(f"Error: invalid JSON on stdin: {e}", file=sys.stderr)
|
|
36
|
+
sys.exit(1)
|
|
37
|
+
|
|
38
|
+
|
|
39
|
+
def _as_results(payload: Any) -> list[dict[str, Any]]:
|
|
40
|
+
if isinstance(payload, list):
|
|
41
|
+
return [item for item in payload if isinstance(item, dict)]
|
|
42
|
+
if isinstance(payload, dict):
|
|
43
|
+
if isinstance(payload.get("results"), list):
|
|
44
|
+
return [item for item in payload["results"] if isinstance(item, dict)]
|
|
45
|
+
return [payload]
|
|
46
|
+
return []
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
def _normalize_item(result: dict[str, Any], item: dict[str, Any]) -> dict[str, Any]:
|
|
50
|
+
file_path = item.get("file") or item.get("uri") or result.get("target") or ""
|
|
51
|
+
line = item.get("line")
|
|
52
|
+
if isinstance(line, str) and line.isdigit():
|
|
53
|
+
line = int(line)
|
|
54
|
+
|
|
55
|
+
symbol = item.get("symbol") or item.get("name") or result.get("query") or ""
|
|
56
|
+
kind = item.get("kind") or result.get("tool") or "mcp_result"
|
|
57
|
+
detail = item.get("detail") or item.get("snippet") or ""
|
|
58
|
+
|
|
59
|
+
confidence = item.get("confidence") if item.get("confidence") is not None else "medium"
|
|
60
|
+
|
|
61
|
+
return {
|
|
62
|
+
"file": file_path,
|
|
63
|
+
"line": line,
|
|
64
|
+
"symbol": symbol,
|
|
65
|
+
"kind": kind,
|
|
66
|
+
"detail": detail,
|
|
67
|
+
"source": result.get("tool", "mcp"),
|
|
68
|
+
"confidence": confidence,
|
|
69
|
+
"metadata": {
|
|
70
|
+
"query": result.get("query"),
|
|
71
|
+
"target": result.get("target"),
|
|
72
|
+
"raw_item": item,
|
|
73
|
+
},
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
|
|
77
|
+
def normalize(payload: Any) -> dict[str, Any]:
|
|
78
|
+
results = _as_results(payload)
|
|
79
|
+
normalized: list[dict[str, Any]] = []
|
|
80
|
+
tools = Counter()
|
|
81
|
+
kinds = Counter()
|
|
82
|
+
|
|
83
|
+
for result in results:
|
|
84
|
+
tool_name = result.get("tool", "mcp")
|
|
85
|
+
tools[tool_name] += 1
|
|
86
|
+
|
|
87
|
+
items = result.get("items")
|
|
88
|
+
if not isinstance(items, list):
|
|
89
|
+
items = [result]
|
|
90
|
+
|
|
91
|
+
for raw_item in items:
|
|
92
|
+
if not isinstance(raw_item, dict):
|
|
93
|
+
continue
|
|
94
|
+
entry = _normalize_item(result, raw_item)
|
|
95
|
+
normalized.append(entry)
|
|
96
|
+
kinds[entry["kind"]] += 1
|
|
97
|
+
|
|
98
|
+
return {
|
|
99
|
+
"mcp_available": len(normalized) > 0,
|
|
100
|
+
"evidence_count": len(normalized),
|
|
101
|
+
"evidence": normalized,
|
|
102
|
+
"coverage": {
|
|
103
|
+
"by_tool": dict(tools),
|
|
104
|
+
"by_kind": dict(kinds),
|
|
105
|
+
},
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
|
|
109
|
+
def main() -> None:
|
|
110
|
+
parser = argparse.ArgumentParser(description="Normalize MCP evidence JSON")
|
|
111
|
+
parser.add_argument("--input", help="Input JSON file path; defaults to stdin")
|
|
112
|
+
parser.add_argument("--out", required=True, help="Output JSON path")
|
|
113
|
+
args = parser.parse_args()
|
|
114
|
+
|
|
115
|
+
payload = _load_payload(args.input)
|
|
116
|
+
output = normalize(payload)
|
|
117
|
+
|
|
118
|
+
out_path = Path(args.out)
|
|
119
|
+
out_path.parent.mkdir(parents=True, exist_ok=True)
|
|
120
|
+
out_path.write_text(json.dumps(output, indent=2) + "\n", encoding="utf-8")
|
|
121
|
+
print(f"OK: wrote normalized MCP evidence to {out_path}")
|
|
122
|
+
|
|
123
|
+
|
|
124
|
+
if __name__ == "__main__":
|
|
125
|
+
main()
|