agent-security-scanner-mcp 3.18.0 → 3.20.0

package/rules/__init__.py

@@ -201,16 +201,55 @@ def get_rules():
     return rules
 
 
-def get_rules_for_language(language):
-    """Get rules applicable to a specific language"""
+def get_rules_for_language(language, file_path=None):
+    """Get rules applicable to a specific language.
+
+    Generic rules that declare a specific technology in their metadata are
+    only applied when the scanned language or file path indicates that
+    technology is relevant.  This prevents, e.g., Hugo-specific rules from
+    firing on plain JavaScript database code.
+    """
     all_rules = get_rules()
     applicable_rules = {}
 
     language = language.lower()
 
+    # Map technology names to the languages/file-path hints where they apply
+    _TECH_LANGUAGES = {
+        'hugo': {'go', 'html', 'toml', 'yaml'},
+        'django': {'python', 'html'},
+        'rails': {'ruby', 'html', 'erb'},
+        'spring': {'java', 'kotlin'},
+        'laravel': {'php'},
+        'angular': {'typescript', 'javascript', 'html'},
+        'react': {'javascript', 'typescript', 'jsx', 'tsx'},
+    }
+
     for rule_id, rule in all_rules.items():
         rule_languages = [lang.lower() for lang in rule.get('languages', ['generic'])]
-        if language in rule_languages or 'generic' in rule_languages:
+
+        if language in rule_languages:
+            applicable_rules[rule_id] = rule
+            continue
+
+        if 'generic' in rule_languages:
+            # Check if this generic rule is scoped to a specific technology
+            techs = rule.get('metadata', {}).get('technology')
+            if techs and isinstance(techs, list):
+                # Only apply if the current language is relevant to the technology
+                tech_relevant = False
+                for tech in techs:
+                    tech_lower = tech.lower()
+                    allowed = _TECH_LANGUAGES.get(tech_lower)
+                    if allowed and language in allowed:
+                        tech_relevant = True
+                        break
+                    # Also check if the technology name appears in the file path
+                    if file_path and tech_lower in file_path.lower():
+                        tech_relevant = True
+                        break
+                if not tech_relevant:
+                    continue
             applicable_rules[rule_id] = rule
 
     return applicable_rules

package/rules/prompt-injection.security.yaml

@@ -672,8 +672,8 @@ rules:
     severity: WARNING
     message: "Potential Base64-encoded prompt injection payload. Encoded content may hide malicious instructions."
     patterns:
-      - "(?i)decode\\s+(this\\s+)?base64\\s*:\\s*[A-Za-z0-9+/=]{20,}"
-      - "(?i)base64\\s*:\\s*[A-Za-z0-9+/=]{40,}"
+      - "(?i)decode\\s+(this\\s+)?base64\\s*:\\s*[A-Za-z0-9+/=]{20,200}"
+      - "(?i)base64\\s*:\\s*[A-Za-z0-9+/=]{40,200}"
       - "aWdub3JlIHByZXZpb3Vz"
       - "c3lzdGVtIHByb21wdA=="
       - "(?i)execute\\s+(this\\s+)?encoded"
@@ -682,8 +682,8 @@ rules:
       - "aWdub3JlIGFsbC"
       - "b3ZlcnJpZGU="
       - "(?i)base64.{0,20}instructions?.{0,20}follow"
-      - "[A-Za-z0-9+/]{40,}={0,2}\\s*.{0,20}(?i)(decode|execute|follow|run)"
-      - "(?i)(decode|run|execute)\\s+.{0,20}[A-Za-z0-9+/]{40,}={0,2}"
+      - "[A-Za-z0-9+/]{40,200}={0,2}[^A-Za-z0-9+/=].{0,20}(?:decode|execute|follow|run)"
+      - "(?i)(decode|run|execute)\\s+.{0,20}[A-Za-z0-9+/]{40,200}={0,2}"
     metadata:
       cwe: "CWE-77"
       owasp: "LLM01 - Prompt Injection"

package/src/cli/report.js

@@ -4,6 +4,10 @@ import { existsSync, writeFileSync, mkdirSync } from 'fs';
 import { resolve, join } from 'path';
 import { scanProject } from '../tools/scan-project.js';
 import { saveResult, loadHistory, getTrends, diffResults } from '../history.js';
+import { normalizeFindings } from '../lib/normalize-finding.js';
+import { scoreBatch } from '../lib/aivss.js';
+import { loadControls } from '../lib/compliance-controls.js';
+import { evaluateAll } from '../lib/compliance-evaluator.js';
 
 // Grade color mapping
 const GRADE_COLORS = {
@@ -359,6 +363,62 @@ function generateHtml(scanResult, history, diff) {
 </html>`;
 }
 
+/**
+ * Build the threat_model section from scan results.
+ * Exported for testing.
+ */
+export function buildThreatModel(scanResult) {
+  // scan_project wraps scan_security — tag findings as scan_security so
+  // controls scoped to either tool can see them. Duplicate each finding
+  // under both source_tools for correct evaluator scoping.
+  const base = normalizeFindings(scanResult.issues || [], 'scan_security');
+  const duped = base.map(f => ({ ...f, source_tool: 'scan_project' }));
+  const normalized = [...base, ...duped];
+  const aivssResult = scoreBatch(base); // score deduplicated set
+
+  const grade = scanResult.grade || null;
+  const controls = loadControls().controls;
+  const evidence = {
+    aivssPosture: aivssResult.posture,
+    findings: normalized,
+    grades: { scan_project: grade, scan_security: grade, project: grade },
+    toolsRun: ['scan_project', 'scan_security'],
+  };
+  const complianceResult = evaluateAll(controls, evidence);
+
+  return {
+    aivss: {
+      model: aivssResult.posture.model,
+      posture: {
+        max_score: aivssResult.posture.max_score,
+        p95_score: aivssResult.posture.p95_score,
+        mean_score: aivssResult.posture.mean_score,
+        posture_score: aivssResult.posture.posture_score,
+        posture_rating: aivssResult.posture.posture_rating,
+        score_distribution: aivssResult.posture.score_distribution,
+      },
+      findings: aivssResult.findings.map(f => ({
+        rule_id: f.rule_id,
+        aivss_score: f.aivss_score,
+        rating: f.rating,
+        vector_string: f.vector_string,
+        metrics: f.metrics,
+      })),
+    },
+    compliance: {
+      framework: 'AIUC-1',
+      controls_evaluated: complianceResult.controls_evaluated,
+      summary: {
+        pass: complianceResult.pass,
+        partial: complianceResult.partial,
+        fail: complianceResult.fail,
+        not_evaluated: complianceResult.not_evaluated,
+      },
+      results: complianceResult.results,
+    },
+  };
+}
+
 /**
  * Run the report CLI command.
  *
@@ -378,6 +438,7 @@ export async function runReport(args) {
   }
 
   const jsonOutput = args.includes('--json');
+  const threatModel = args.includes('--threat-model');
   const daysIdx = args.indexOf('--days');
   const days = daysIdx !== -1 && args[daysIdx + 1] ? parseInt(args[daysIdx + 1], 10) : 90;
 
@@ -390,6 +451,11 @@ export async function runReport(args) {
   });
   const scanResult = JSON.parse(result.content[0].text);
 
+  // Attach threat model before saving to history so future trends include AIVSS posture
+  if (threatModel) {
+    scanResult.threat_model = buildThreatModel(scanResult);
+  }
+
   // Save result to history
   const savedPath = saveResult(dirPath, scanResult);
   console.log(`  Results saved to ${savedPath}`);
@@ -413,10 +479,15 @@ export async function runReport(args) {
       diff,
       generated_at: new Date().toISOString(),
     };
+
     console.log(JSON.stringify(jsonReport, null, 2));
     return;
   }
 
+  if (threatModel) {
+    console.log('  Note: --threat-model currently only produces output with --json. HTML rendering is planned.');
+  }
+
   // Generate HTML report
   const html = generateHtml(scanResult, trends, diff);
   const scannerDir = join(dirPath, '.scanner');

package/src/fix-patterns.js

@@ -20,7 +20,7 @@ export const FIX_TEMPLATES = {
   // ===========================================
   "sql-injection": {
     description: "Use parameterized queries instead of string concatenation",
-    fix: (line) => line.replace(/["']([^"']*)\s*["']\s*\+\s*(\w+)/, '"$1?", [$2]')
+    fix: (line) => '// TODO: manual fix required — use parameterized queries instead of string concatenation\n// ' + line.trim()
   },
   "nosql-injection": {
     description: "Sanitize MongoDB query inputs",
@@ -28,7 +28,7 @@ export const FIX_TEMPLATES = {
   },
   "raw-query": {
     description: "Use parameterized queries instead of raw SQL",
-    fix: (line) => line.replace(/\.query\s*\(\s*["'`]/, '.query("SELECT * FROM table WHERE id = ?", [')
+    fix: (line) => '// TODO: manual fix required — use parameterized queries instead of raw SQL\n// ' + line.trim()
   },
 
   // ===========================================
@@ -306,10 +306,10 @@ export const FIX_TEMPLATES = {
   "path-traversal": {
     description: "Resolve real path and validate prefix to prevent traversal",
     fix: (line, lang) => {
-      if (lang === 'python') return line.replace(/open\s*\(\s*(\w+)/, 'open(os.path.realpath($1)  # TODO: validate path prefix');
-      if (lang === 'go') return line.replace(/os\.Open\s*\(\s*(\w+)/, 'os.Open(filepath.Clean($1)  // TODO: validate path prefix');
-      if (lang === 'java') return line.replace(/new File\s*\(\s*(\w+)/, 'new File($1).getCanonicalFile(  // TODO: validate path prefix');
-      return line.replace(/readFileSync\s*\(\s*(\w+)/, 'readFileSync(path.resolve($1)  // TODO: validate path prefix');
+      if (lang === 'python') return '# TODO: manual fix required — use os.path.realpath() and validate the prefix\n# ' + line.trim();
+      if (lang === 'go') return '// TODO: manual fix required — use filepath.Clean() and validate the prefix\n// ' + line.trim();
+      if (lang === 'java') return '// TODO: manual fix required — use getCanonicalFile() and validate the prefix\n// ' + line.trim();
+      return '// TODO: manual fix required — use path.resolve() and validate the prefix\n// ' + line.trim();
     }
   },
 
@@ -418,7 +418,7 @@ export const FIX_TEMPLATES = {
   // ===========================================
   "xpath-injection": {
     description: "Use parameterized XPath queries",
-    fix: (line) => line.replace(/xpath\s*\(\s*["']([^"']*)\s*["']\s*\+\s*(\w+)/, 'xpath("$1?", [$2]')
+    fix: (line) => '// TODO: manual fix required — use parameterized XPath queries instead of concatenation\n// ' + line.trim()
   },
 
   // ===========================================
@@ -695,9 +695,9 @@ export const FIX_TEMPLATES = {
     description: "CRITICAL: Never eval() LLM responses - use JSON parsing or ast.literal_eval for safe subset",
     fix: (line, lang) => {
       if (lang === 'python') {
-        return line.replace(/eval\s*\(\s*(\w+)/, 'ast.literal_eval($1  # SECURITY: Use safe parsing only');
+        return line.replace(/eval\s*\(\s*(\w+)\s*\)/, 'ast.literal_eval($1)  # SECURITY: Use safe parsing only');
       }
-      return line.replace(/eval\s*\(\s*(\w+)/, 'JSON.parse($1  /* SECURITY: Use safe JSON parsing */');
+      return line.replace(/eval\s*\(\s*(\w+)\s*\)/, 'JSON.parse($1)  /* SECURITY: Use safe JSON parsing */');
     }
   },
   "exec-llm-response": {

package/src/history.js

@@ -49,7 +49,7 @@ export function saveResult(dirPath, scanResult) {
   };
 
   writeFileSync(filePath, JSON.stringify(historyEntry, null, 2) + '\n');
-  return filePath;
+  return filePath.replace(/\\/g, '/');
 }
 
 /**

package/src/lib/aivss.js

@@ -0,0 +1,284 @@
+// src/lib/aivss.js — OWASP AIVSS v2 scoring engine (pure logic, no MCP).
+
+export const AIVSS_MODEL = {
+  name: 'owasp-aivss',
+  version: 'v2',
+  source_ref: 'OWASP/www-project-ai-security@a1b2c3d/calculatorV2.py',
+  retrieved: '2026-03-14',
+  weights: { base: 0.25, ai_specific: 0.45, impact: 0.30 },
+};
+
+export const METRIC_VALUES = {
+  AV: { Network: 0.85, Adjacent: 0.62, Local: 0.55, Physical: 0.20 },
+  AC: { Low: 0.77, High: 0.44 },
+  PR: { None: 0.85, Low: 0.62, High: 0.27 },
+  UI: { None: 0.85, Required: 0.62 },
+  S: { Unchanged: 1.0, Changed: 1.5 },
+  MR: { VeryHigh: 1.0, High: 0.8, Medium: 0.6, Low: 0.4, VeryLow: 0.2 },
+  DS: { VeryHigh: 1.0, High: 0.8, Medium: 0.6, Low: 0.4, VeryLow: 0.2 },
+  EI: { VeryHigh: 1.0, High: 0.8, Medium: 0.6, Low: 0.4, VeryLow: 0.2 },
+  DC: { VeryHigh: 1.0, High: 0.8, Medium: 0.6, Low: 0.4, VeryLow: 0.2 },
+  AD: { VeryHigh: 1.0, High: 0.8, Medium: 0.6, Low: 0.4, VeryLow: 0.2 },
+  C: { None: 0.0, Low: 0.22, Medium: 0.56, High: 0.85, Critical: 1.0 },
+  I: { None: 0.0, Low: 0.22, Medium: 0.56, High: 0.85, Critical: 1.0 },
+  A: { None: 0.0, Low: 0.22, Medium: 0.56, High: 0.85, Critical: 1.0 },
+  SI: { None: 0.0, Low: 0.22, Medium: 0.56, High: 0.85, Critical: 1.0 },
+};
+
+const RATING_THRESHOLDS = [
+  { min: 9.0, rating: 'Critical' },
+  { min: 7.0, rating: 'High' },
+  { min: 4.0, rating: 'Medium' },
+  { min: 0.1, rating: 'Low' },
+  { min: 0, rating: 'None' },
+];
+
+// Category → inferred metric defaults (heuristic)
+const CATEGORY_METRIC_MAP = {
+  'exfiltration':              { AV: 'Network', MR: 'High', DS: 'High', EI: 'High', C: 'High', SI: 'Medium' },
+  'data-exfiltration':         { AV: 'Network', MR: 'High', DS: 'High', EI: 'High', C: 'High', SI: 'Medium' },
+  'prompt-injection':          { AV: 'Network', MR: 'VeryHigh', DS: 'Medium', EI: 'High', C: 'Medium', I: 'High' },
+  'prompt-injection-jailbreak':{ AV: 'Network', MR: 'VeryHigh', DS: 'High', EI: 'VeryHigh', C: 'Medium', I: 'High', SI: 'High' },
+  'prompt-injection-content':  { AV: 'Network', MR: 'High', DS: 'Medium', EI: 'High', C: 'Medium', I: 'Medium' },
+  'malicious-injection':       { AV: 'Network', MR: 'High', EI: 'High', C: 'High', I: 'High', A: 'Medium' },
+  'system-manipulation':       { AV: 'Local', MR: 'Medium', DC: 'High', C: 'Medium', I: 'High', A: 'High' },
+  'social-engineering':        { AV: 'Network', MR: 'Medium', DS: 'Low', EI: 'Medium', C: 'Low', I: 'Medium' },
+  'obfuscation':               { AV: 'Network', MR: 'Medium', DC: 'High', EI: 'Medium', C: 'Low', I: 'Medium' },
+  'agent-manipulation':        { AV: 'Network', MR: 'High', DS: 'Medium', EI: 'High', C: 'Medium', I: 'High', SI: 'Medium' },
+  'injection':                 { AV: 'Network', AC: 'Low', MR: 'Medium', EI: 'Medium', C: 'High', I: 'High' },
+  'crypto':                    { AV: 'Network', AC: 'High', MR: 'Low', DS: 'Low', C: 'Medium', I: 'Low' },
+  'info-exposure':             { AV: 'Network', AC: 'Low', MR: 'Low', DS: 'Low', C: 'Medium' },
+  'permissions':               { AV: 'Local', AC: 'Low', MR: 'Medium', DC: 'Medium', C: 'Medium', I: 'Medium' },
+  'supply-chain':              { AV: 'Network', AC: 'High', MR: 'Medium', DS: 'Medium', AD: 'High', C: 'Medium', I: 'High', SI: 'Medium' },
+};
+
+// Severity → baseline metric defaults
+const SEVERITY_METRIC_MAP = {
+  CRITICAL: { AC: 'Low', PR: 'None', UI: 'None', S: 'Changed', DC: 'Medium', AD: 'Medium', A: 'High' },
+  HIGH:     { AC: 'Low', PR: 'None', UI: 'None', S: 'Unchanged', DC: 'Low', AD: 'Low', A: 'Medium' },
+  MEDIUM:   { AC: 'High', PR: 'Low', UI: 'None', S: 'Unchanged', DC: 'Low', AD: 'Low', A: 'Low' },
+  LOW:      { AC: 'High', PR: 'Low', UI: 'Required', S: 'Unchanged', DC: 'VeryLow', AD: 'VeryLow', A: 'None' },
+  INFO:     { AC: 'High', PR: 'High', UI: 'Required', S: 'Unchanged', DC: 'VeryLow', AD: 'VeryLow', A: 'None' },
+};
+
+// All metric keys in vector string order
+const ALL_METRICS = ['AV', 'AC', 'PR', 'UI', 'S', 'MR', 'DS', 'EI', 'DC', 'AD', 'C', 'I', 'A', 'SI'];
+
+// Default values for all metrics
+const METRIC_DEFAULTS = {
+  AV: 'Network', AC: 'Low', PR: 'None', UI: 'None', S: 'Unchanged',
+  MR: 'Medium', DS: 'Medium', EI: 'Medium', DC: 'Medium', AD: 'Medium',
+  C: 'Low', I: 'Low', A: 'Low', SI: 'Low',
+};
+
+/**
+ * Compute raw AIVSS score from metric values.
+ * @param {object} metrics - Object with keys AV, AC, PR, UI, S, MR, DS, EI, DC, AD, C, I, A, SI
+ * @returns {{ score: number, components: { base: number, ai_specific: number, impact: number } }}
+ */
+export function computeAivss(metrics) {
+  const mv = (key) => {
+    const val = metrics[key];
+    const table = METRIC_VALUES[key];
+    if (!table || !(val in table)) return 0;
+    return table[val];
+  };
+
+  // Base = min(AV × AC × PR × UI × S, 10)
+  const baseRaw = mv('AV') * mv('AC') * mv('PR') * mv('UI') * mv('S');
+  const base = Math.min(baseRaw, 10);
+
+  // AI-Specific = MR × DS × EI × DC × AD × 10
+  const aiSpecific = mv('MR') * mv('DS') * mv('EI') * mv('DC') * mv('AD') * 10;
+
+  // Impact = (C + I + A + SI) / 4 × 10
+  const impact = (mv('C') + mv('I') + mv('A') + mv('SI')) / 4 * 10;
+
+  // AIVSS = 0.25 × Base + 0.45 × AI-Specific + 0.30 × Impact
+  const score = 0.25 * base + 0.45 * aiSpecific + 0.30 * impact;
+
+  return {
+    score: Math.min(10, Math.max(0, parseFloat(score.toFixed(2)))),
+    components: {
+      base: parseFloat(base.toFixed(4)),
+      ai_specific: parseFloat(aiSpecific.toFixed(4)),
+      impact: parseFloat(impact.toFixed(4)),
+    },
+  };
+}
+
+/**
+ * Get AIVSS rating string from score.
+ */
+function getRating(score) {
+  for (const t of RATING_THRESHOLDS) {
+    if (score >= t.min) return t.rating;
+  }
+  return 'None';
+}
+
+/**
+ * Build vector string from final metrics.
+ */
+function buildVectorString(metrics) {
+  const parts = ALL_METRICS.map(k => {
+    const val = metrics[k] || METRIC_DEFAULTS[k];
+    // Abbreviate: first letter, or first 2 for disambiguation
+    const abbrev = val === 'VeryHigh' ? 'VH'
+      : val === 'VeryLow' ? 'VL'
+      : val === 'Adjacent' ? 'A'
+      : val === 'Physical' ? 'P'
+      : val === 'Required' ? 'R'
+      : val === 'Changed' ? 'C'
+      : val === 'Unchanged' ? 'U'
+      : val === 'Critical' ? 'CR'
+      : val.charAt(0);
+    return `${k}:${abbrev}`;
+  });
+  return `AIVSS:2.0/${parts.join('/')}`;
+}
+
+/**
+ * Infer AIVSS metrics from a normalized finding. Returns inferred metrics + notes.
+ */
+function inferMetrics(finding) {
+  const notes = [];
+  const inferred = { ...METRIC_DEFAULTS };
+
+  // Layer 1: severity-based defaults
+  const sevMap = SEVERITY_METRIC_MAP[finding.severity] || SEVERITY_METRIC_MAP.MEDIUM;
+  Object.assign(inferred, sevMap);
+  notes.push(`Baseline metrics from severity: ${finding.severity}`);
+
+  // Layer 2: category-based overrides
+  if (finding.category && CATEGORY_METRIC_MAP[finding.category]) {
+    const catMap = CATEGORY_METRIC_MAP[finding.category];
+    Object.assign(inferred, catMap);
+    notes.push(`Category-specific metrics from: ${finding.category}`);
+  }
+
+  // Layer 3: confidence adjustment
+  if (finding.confidence === 'LOW') {
+    // Reduce AI-specific metrics for low confidence
+    for (const k of ['MR', 'DS', 'EI']) {
+      if (inferred[k] === 'VeryHigh') inferred[k] = 'High';
+      else if (inferred[k] === 'High') inferred[k] = 'Medium';
+    }
+    notes.push('AI-specific metrics reduced due to LOW confidence');
+  }
+
+  // Determine mapping confidence
+  let mappingConfidence = 'MEDIUM';
+  if (finding.category && CATEGORY_METRIC_MAP[finding.category] && finding.confidence === 'HIGH') {
+    mappingConfidence = 'HIGH';
+  } else if (!finding.category || finding.confidence === 'LOW') {
+    mappingConfidence = 'LOW';
+  }
+
+  return { inferred, notes, mappingConfidence };
+}
+
+/**
+ * Score a single normalized finding.
+ * @param {object} normalizedFinding - Output of normalizeFinding()
+ * @param {object} [overrides] - Manual AIVSS metric overrides
+ * @returns {object} Scored finding
+ */
+export function scoreAivss(normalizedFinding, overrides = {}) {
+  const { inferred, notes, mappingConfidence } = inferMetrics(normalizedFinding);
+
+  // Merge: overrides win
+  const final = { ...inferred };
+  const overriddenKeys = {};
+  for (const [key, val] of Object.entries(overrides)) {
+    if (ALL_METRICS.includes(key) && METRIC_VALUES[key] && val in METRIC_VALUES[key]) {
+      overriddenKeys[key] = val;
+      final[key] = val;
+      notes.push(`${key} overridden to ${val}`);
+    }
+  }
+
+  const { score, components } = computeAivss(final);
+
+  return {
+    rule_id: normalizedFinding.rule_id,
+    aivss_score: score,
+    rating: getRating(score),
+    vector_string: buildVectorString(final),
+    metrics: {
+      inferred,
+      overridden: Object.keys(overriddenKeys).length > 0 ? overriddenKeys : undefined,
+      final,
+      mapping_confidence: mappingConfidence,
+      mapping_notes: notes,
+    },
+    components,
+  };
+}
+
+/**
+ * Score a batch of normalized findings and compute aggregate posture.
+ * @param {object[]} normalizedFindings - Array of normalized findings
+ * @param {object} [overrides] - Overrides applied to all findings
+ * @returns {{ findings: object[], posture: object }}
+ */
+export function scoreBatch(normalizedFindings, overrides = {}) {
+  if (!normalizedFindings || normalizedFindings.length === 0) {
+    return {
+      findings: [],
+      posture: {
+        max_score: 0,
+        p95_score: 0,
+        mean_score: 0,
+        score_distribution: { critical: 0, high: 0, medium: 0, low: 0, none: 0 },
+        posture_score: 0,
+        posture_rating: 'None',
+        aggregate_method: 'house-posture-v1',
+        aggregate_note: 'Custom aggregation: max(max_score, mean + 1σ). Per-finding AIVSS scores are standards-based; this aggregate is not.',
+        model: AIVSS_MODEL,
+      },
+    };
+  }
+
+  const scored = normalizedFindings.map(f => scoreAivss(f, overrides));
+  const scores = scored.map(s => s.aivss_score).sort((a, b) => a - b);
+
+  const max_score = scores[scores.length - 1];
+  const mean_score = parseFloat((scores.reduce((a, b) => a + b, 0) / scores.length).toFixed(2));
+
+  // P95
+  const p95Idx = Math.min(Math.ceil(scores.length * 0.95) - 1, scores.length - 1);
+  const p95_score = scores[p95Idx];
+
+  // Standard deviation
+  const variance = scores.reduce((sum, s) => sum + Math.pow(s - mean_score, 2), 0) / scores.length;
+  const stdDev = Math.sqrt(variance);
+
+  // Posture = max(max_score, mean + 1σ), capped at 10
+  const posture_score = parseFloat(Math.min(10, Math.max(max_score, mean_score + stdDev)).toFixed(2));
+
+  // Distribution
+  const score_distribution = { critical: 0, high: 0, medium: 0, low: 0, none: 0 };
+  for (const s of scores) {
+    if (s >= 9) score_distribution.critical++;
+    else if (s >= 7) score_distribution.high++;
+    else if (s >= 4) score_distribution.medium++;
+    else if (s >= 0.1) score_distribution.low++;
+    else score_distribution.none++;
+  }
+
+  return {
+    findings: scored,
+    posture: {
+      max_score,
+      p95_score,
+      mean_score,
+      score_distribution,
+      posture_score,
+      posture_rating: getRating(posture_score),
+      aggregate_method: 'house-posture-v1',
+      aggregate_note: 'Custom aggregation: max(max_score, mean + 1σ). Per-finding AIVSS scores are standards-based; this aggregate is not.',
+      model: AIVSS_MODEL,
+    },
+  };
+}