npm - agent-security-scanner-mcp - Versions diffs - 3.20.0 → 4.0.0 - Mend

agent-security-scanner-mcp 3.20.0 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/code-review-agent/dist/src/types/findings.d.ts ADDED Viewed

@@ -0,0 +1,236 @@
+import { z } from 'zod';
+export declare const SeveritySchema: z.ZodEnum<["critical", "high", "medium", "low", "info"]>;
+export type Severity = z.infer<typeof SeveritySchema>;
+export declare const CategorySchema: z.ZodEnum<["logic-bug", "security", "race-condition", "null-ref", "boundary", "type-error", "unhandled-exception", "other"]>;
+export type Category = z.infer<typeof CategorySchema>;
+export declare const IntentAlignmentSchema: z.ZodEnum<["violates-intent", "matches-intent", "unclear"]>;
+export type IntentAlignment = z.infer<typeof IntentAlignmentSchema>;
+export declare const RiskDomainSchema: z.ZodEnum<["web-api", "cli-tool", "library", "build-tool", "data-pipeline", "desktop-app", "unknown"]>;
+export type RiskDomain = z.infer<typeof RiskDomainSchema>;
+export declare const LocationSchema: z.ZodObject<{
+    file: z.ZodString;
+    startLine: z.ZodNumber;
+    endLine: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    file: string;
+    startLine: number;
+    endLine: number;
+}, {
+    file: string;
+    startLine: number;
+    endLine: number;
+}>;
+export declare const FindingSchema: z.ZodObject<{
+    title: z.ZodString;
+    severity: z.ZodEnum<["critical", "high", "medium", "low", "info"]>;
+    category: z.ZodEnum<["logic-bug", "security", "race-condition", "null-ref", "boundary", "type-error", "unhandled-exception", "other"]>;
+    location: z.ZodObject<{
+        file: z.ZodString;
+        startLine: z.ZodNumber;
+        endLine: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        file: string;
+        startLine: number;
+        endLine: number;
+    }, {
+        file: string;
+        startLine: number;
+        endLine: number;
+    }>;
+    reasoning: z.ZodString;
+    intentAlignment: z.ZodEnum<["violates-intent", "matches-intent", "unclear"]>;
+    confidence: z.ZodNumber;
+    suggestedAction: z.ZodString;
+    cwe: z.ZodOptional<z.ZodString>;
+    owasp: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    title: string;
+    severity: "critical" | "high" | "medium" | "low" | "info";
+    category: "logic-bug" | "security" | "race-condition" | "null-ref" | "boundary" | "type-error" | "unhandled-exception" | "other";
+    location: {
+        file: string;
+        startLine: number;
+        endLine: number;
+    };
+    reasoning: string;
+    intentAlignment: "violates-intent" | "matches-intent" | "unclear";
+    confidence: number;
+    suggestedAction: string;
+    cwe?: string | undefined;
+    owasp?: string | undefined;
+}, {
+    title: string;
+    severity: "critical" | "high" | "medium" | "low" | "info";
+    category: "logic-bug" | "security" | "race-condition" | "null-ref" | "boundary" | "type-error" | "unhandled-exception" | "other";
+    location: {
+        file: string;
+        startLine: number;
+        endLine: number;
+    };
+    reasoning: string;
+    intentAlignment: "violates-intent" | "matches-intent" | "unclear";
+    confidence: number;
+    suggestedAction: string;
+    cwe?: string | undefined;
+    owasp?: string | undefined;
+}>;
+export type Finding = z.infer<typeof FindingSchema>;
+export declare const FileAnalysisResponseSchema: z.ZodObject<{
+    findings: z.ZodArray<z.ZodObject<{
+        title: z.ZodString;
+        severity: z.ZodEnum<["critical", "high", "medium", "low", "info"]>;
+        category: z.ZodEnum<["logic-bug", "security", "race-condition", "null-ref", "boundary", "type-error", "unhandled-exception", "other"]>;
+        location: z.ZodObject<{
+            file: z.ZodString;
+            startLine: z.ZodNumber;
+            endLine: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            file: string;
+            startLine: number;
+            endLine: number;
+        }, {
+            file: string;
+            startLine: number;
+            endLine: number;
+        }>;
+        reasoning: z.ZodString;
+        intentAlignment: z.ZodEnum<["violates-intent", "matches-intent", "unclear"]>;
+        confidence: z.ZodNumber;
+        suggestedAction: z.ZodString;
+        cwe: z.ZodOptional<z.ZodString>;
+        owasp: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        title: string;
+        severity: "critical" | "high" | "medium" | "low" | "info";
+        category: "logic-bug" | "security" | "race-condition" | "null-ref" | "boundary" | "type-error" | "unhandled-exception" | "other";
+        location: {
+            file: string;
+            startLine: number;
+            endLine: number;
+        };
+        reasoning: string;
+        intentAlignment: "violates-intent" | "matches-intent" | "unclear";
+        confidence: number;
+        suggestedAction: string;
+        cwe?: string | undefined;
+        owasp?: string | undefined;
+    }, {
+        title: string;
+        severity: "critical" | "high" | "medium" | "low" | "info";
+        category: "logic-bug" | "security" | "race-condition" | "null-ref" | "boundary" | "type-error" | "unhandled-exception" | "other";
+        location: {
+            file: string;
+            startLine: number;
+            endLine: number;
+        };
+        reasoning: string;
+        intentAlignment: "violates-intent" | "matches-intent" | "unclear";
+        confidence: number;
+        suggestedAction: string;
+        cwe?: string | undefined;
+        owasp?: string | undefined;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    findings: {
+        title: string;
+        severity: "critical" | "high" | "medium" | "low" | "info";
+        category: "logic-bug" | "security" | "race-condition" | "null-ref" | "boundary" | "type-error" | "unhandled-exception" | "other";
+        location: {
+            file: string;
+            startLine: number;
+            endLine: number;
+        };
+        reasoning: string;
+        intentAlignment: "violates-intent" | "matches-intent" | "unclear";
+        confidence: number;
+        suggestedAction: string;
+        cwe?: string | undefined;
+        owasp?: string | undefined;
+    }[];
+}, {
+    findings: {
+        title: string;
+        severity: "critical" | "high" | "medium" | "low" | "info";
+        category: "logic-bug" | "security" | "race-condition" | "null-ref" | "boundary" | "type-error" | "unhandled-exception" | "other";
+        location: {
+            file: string;
+            startLine: number;
+            endLine: number;
+        };
+        reasoning: string;
+        intentAlignment: "violates-intent" | "matches-intent" | "unclear";
+        confidence: number;
+        suggestedAction: string;
+        cwe?: string | undefined;
+        owasp?: string | undefined;
+    }[];
+}>;
+export type FileAnalysisResponse = z.infer<typeof FileAnalysisResponseSchema>;
+export declare const IntentProfileSchema: z.ZodObject<{
+    purpose: z.ZodString;
+    expectedBehaviors: z.ZodArray<z.ZodString, "many">;
+    unexpectedBehaviors: z.ZodArray<z.ZodString, "many">;
+    framework: z.ZodString;
+    riskDomain: z.ZodEnum<["web-api", "cli-tool", "library", "build-tool", "data-pipeline", "desktop-app", "unknown"]>;
+}, "strip", z.ZodTypeAny, {
+    purpose: string;
+    expectedBehaviors: string[];
+    unexpectedBehaviors: string[];
+    framework: string;
+    riskDomain: "web-api" | "cli-tool" | "library" | "build-tool" | "data-pipeline" | "desktop-app" | "unknown";
+}, {
+    purpose: string;
+    expectedBehaviors: string[];
+    unexpectedBehaviors: string[];
+    framework: string;
+    riskDomain: "web-api" | "cli-tool" | "library" | "build-tool" | "data-pipeline" | "desktop-app" | "unknown";
+}>;
+export type IntentProfile = z.infer<typeof IntentProfileSchema>;
+export declare const AreaOfInterestSchema: z.ZodObject<{
+    startLine: z.ZodNumber;
+    endLine: z.ZodNumber;
+    reason: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    startLine: number;
+    endLine: number;
+    reason: string;
+}, {
+    startLine: number;
+    endLine: number;
+    reason: string;
+}>;
+export declare const TriageDecisionSchema: z.ZodObject<{
+    action: z.ZodEnum<["analyze", "skip"]>;
+    reason: z.ZodString;
+    areasOfInterest: z.ZodArray<z.ZodObject<{
+        startLine: z.ZodNumber;
+        endLine: z.ZodNumber;
+        reason: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        startLine: number;
+        endLine: number;
+        reason: string;
+    }, {
+        startLine: number;
+        endLine: number;
+        reason: string;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    reason: string;
+    action: "analyze" | "skip";
+    areasOfInterest: {
+        startLine: number;
+        endLine: number;
+        reason: string;
+    }[];
+}, {
+    reason: string;
+    action: "analyze" | "skip";
+    areasOfInterest: {
+        startLine: number;
+        endLine: number;
+        reason: string;
+    }[];
+}>;
+export type TriageDecision = z.infer<typeof TriageDecisionSchema>;
+//# sourceMappingURL=findings.d.ts.map

package/code-review-agent/dist/src/types/findings.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"findings.d.ts","sourceRoot":"","sources":["../../../src/types/findings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,cAAc,0DAAwD,CAAC;AACpF,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD,eAAO,MAAM,cAAc,8HASzB,CAAC;AACH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD,eAAO,MAAM,qBAAqB,6DAIhC,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE,eAAO,MAAM,gBAAgB,wGAQ3B,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,eAAO,MAAM,cAAc;;;;;;;;;;;;EAIzB,CAAC;AAEH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWxB,CAAC;AACH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAErC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAE9E,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;EAM9B,CAAC;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,eAAO,MAAM,oBAAoB;;;;;;;;;;;;EAI/B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAI/B,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC"}

package/code-review-agent/dist/src/types/findings.js ADDED Viewed

@@ -0,0 +1,64 @@
+import { z } from 'zod';
+export const SeveritySchema = z.enum(['critical', 'high', 'medium', 'low', 'info']);
+export const CategorySchema = z.enum([
+    'logic-bug',
+    'security',
+    'race-condition',
+    'null-ref',
+    'boundary',
+    'type-error',
+    'unhandled-exception',
+    'other',
+]);
+export const IntentAlignmentSchema = z.enum([
+    'violates-intent',
+    'matches-intent',
+    'unclear',
+]);
+export const RiskDomainSchema = z.enum([
+    'web-api',
+    'cli-tool',
+    'library',
+    'build-tool',
+    'data-pipeline',
+    'desktop-app',
+    'unknown',
+]);
+export const LocationSchema = z.object({
+    file: z.string(),
+    startLine: z.number().int().min(1),
+    endLine: z.number().int().min(1),
+});
+export const FindingSchema = z.object({
+    title: z.string(),
+    severity: SeveritySchema,
+    category: CategorySchema,
+    location: LocationSchema,
+    reasoning: z.string(),
+    intentAlignment: IntentAlignmentSchema,
+    confidence: z.number().min(0).max(1),
+    suggestedAction: z.string(),
+    cwe: z.string().optional(),
+    owasp: z.string().optional(),
+});
+export const FileAnalysisResponseSchema = z.object({
+    findings: z.array(FindingSchema),
+});
+export const IntentProfileSchema = z.object({
+    purpose: z.string(),
+    expectedBehaviors: z.array(z.string()),
+    unexpectedBehaviors: z.array(z.string()),
+    framework: z.string(),
+    riskDomain: RiskDomainSchema,
+});
+export const AreaOfInterestSchema = z.object({
+    startLine: z.number(),
+    endLine: z.number(),
+    reason: z.string(),
+});
+export const TriageDecisionSchema = z.object({
+    action: z.enum(['analyze', 'skip']),
+    reason: z.string(),
+    areasOfInterest: z.array(AreaOfInterestSchema),
+});
+//# sourceMappingURL=findings.js.map

package/code-review-agent/dist/src/types/findings.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"findings.js","sourceRoot":"","sources":["../../../src/types/findings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAGpF,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC;IACnC,WAAW;IACX,UAAU;IACV,gBAAgB;IAChB,UAAU;IACV,UAAU;IACV,YAAY;IACZ,qBAAqB;IACrB,OAAO;CACR,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC1C,iBAAiB;IACjB,gBAAgB;IAChB,SAAS;CACV,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,IAAI,CAAC;IACrC,SAAS;IACT,UAAU;IACV,SAAS;IACT,YAAY;IACZ,eAAe;IACf,aAAa;IACb,SAAS;CACV,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,QAAQ,EAAE,cAAc;IACxB,QAAQ,EAAE,cAAc;IACxB,QAAQ,EAAE,cAAc;IACxB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,eAAe,EAAE,qBAAqB;IACtC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;IAC3B,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC;CACjC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,iBAAiB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACtC,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,UAAU,EAAE,gBAAgB;CAC7B,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC;CAC/C,CAAC,CAAC"}

package/code-review-agent/package.json ADDED Viewed

@@ -0,0 +1,36 @@
+{
+  "name": "code-review-agent",
+  "version": "0.1.0",
+  "description": "LLM-powered code review agent — context-aware semantic analysis, not rules-based scanning",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "cr-agent": "dist/bin/cr-agent.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx bin/cr-agent.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.39.0",
+    "@anthropic-ai/tokenizer": "^0.0.4",
+    "chalk": "^5.4.1",
+    "commander": "^13.1.0",
+    "openai": "^4.85.0",
+    "tiktoken": "^1.0.18",
+    "zod": "^3.24.2"
+  },
+  "devDependencies": {
+    "@types/node": "^22.13.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.3",
+    "vitest": "^3.0.5"
+  }
+}