agent-security-scanner-mcp 3.4.0 → 3.5.1

package/README.md

@@ -5,6 +5,8 @@ Security scanner for AI coding agents and autonomous assistants. Scans code for
 [![npm downloads](https://img.shields.io/npm/dt/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
 [![npm version](https://img.shields.io/npm/v/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Benchmark: 97.7% precision](https://img.shields.io/badge/precision-97.7%25-brightgreen.svg)](benchmarks/RESULTS.md)
+[![CI](https://github.com/sinewaveai/agent-security-scanner-mcp/actions/workflows/test.yml/badge.svg)](https://github.com/sinewaveai/agent-security-scanner-mcp/actions/workflows/test.yml)
 
 > **New in v3.3.0:** Full [OpenClaw](https://openclaw.ai) integration with 30+ rules targeting autonomous AI threats — data exfiltration, credential theft, messaging abuse, and unsafe automation. [See OpenClaw setup](#openclaw-integration).
 
@@ -917,4 +919,4 @@ npm install -g agent-security-scanner-mcp-full
 
 ## License
 
-MIT
+MIT

package/analyzer.py

@@ -11,7 +11,6 @@ import sys
 import json
 import os
 import re
-import argparse
 from typing import List, Dict, Any
 
 # Add the directory containing this script to the path
@@ -92,7 +91,6 @@ def analyze_file_regex(file_path):
                                 'column': match.start() + col_offset,
                                 'length': match.end() - match.start(),
                                 'severity': rule['severity'],
-                                'confidence': rule.get('metadata', {}).get('confidence', 'MEDIUM'),
                                 'metadata': rule.get('metadata', {}),
                                 'engine': 'regex'
                             })
@@ -193,7 +191,6 @@ def analyze_file_ast(file_path):
                 'column': f.column,
                 'length': length,
                 'severity': f.severity,
-                'confidence': f.metadata.get('confidence', getattr(f, 'confidence', 'MEDIUM')),
                 'metadata': f.metadata,
                 'engine': 'taint' if is_taint else 'ast',
             })
@@ -232,30 +229,16 @@ def analyze_file(file_path):
 
 
 def main():
-    parser = argparse.ArgumentParser(description='Security Analyzer - AST-based with regex fallback')
-    parser.add_argument('file_path', help='Path to the file to analyze')
-    parser.add_argument('--engine', choices=['auto', 'ast', 'regex'], default='auto',
-                        help='Analysis engine: auto (default), ast (tree-sitter only), regex (regex only)')
-    args = parser.parse_args()
+    if len(sys.argv) < 2:
+        print(json.dumps({'error': 'No file path provided'}))
+        sys.exit(1)
 
-    file_path = args.file_path
+    file_path = sys.argv[1]
     if not os.path.exists(file_path):
         print(json.dumps({'error': f'File not found: {file_path}'}))
         sys.exit(1)
 
-    engine = args.engine
-
-    if engine == 'regex':
-        results = analyze_file_regex(file_path)
-    elif engine == 'ast':
-        if not HAS_AST_ENGINE:
-            print(json.dumps({'error': 'AST engine requested but tree-sitter is not available. Install dependencies: python3 -m pip install -r requirements.txt'}))
-            sys.exit(1)
-        results = analyze_file_ast(file_path)
-    else:
-        # auto: use AST if available, otherwise regex
-        results = analyze_file(file_path)
-
+    results = analyze_file(file_path)
     print(json.dumps(results))
 
 

package/index.js

@@ -17,12 +17,9 @@ import { fixSecuritySchema, fixSecurity } from './src/tools/fix-security.js';
 import { loadPackageLists, checkPackageSchema, checkPackage, getPackageStats } from './src/tools/check-package.js';
 import { scanPackagesSchema, scanPackages } from './src/tools/scan-packages.js';
 import { scanAgentPromptSchema, scanAgentPrompt } from './src/tools/scan-prompt.js';
-import { scanDiffSchema, scanDiff } from './src/tools/scan-diff.js';
-import { scanProjectSchema, scanProject } from './src/tools/scan-project.js';
 import { runInit } from './src/cli/init.js';
 import { runDoctor } from './src/cli/doctor.js';
 import { runDemo } from './src/cli/demo.js';
-import { runInitHooks } from './src/cli/init-hooks.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -137,22 +134,6 @@ server.tool(
   scanAgentPrompt
 );
 
-// Register scan_git_diff tool
-server.tool(
-  "scan_git_diff",
-  "Scan git diff for new security vulnerabilities. Only reports issues on changed lines. Use for PR reviews.",
-  scanDiffSchema,
-  scanDiff
-);
-
-// Register scan_project tool
-server.tool(
-  "scan_project",
-  "Scan an entire directory for security vulnerabilities with .gitignore support and security grading. Use verbosity='minimal' for grade + counts, 'compact' (default) for top issues, 'full' for all details.",
-  scanProjectSchema,
-  scanProject
-);
-
 // ===========================================
 // CLI COMMANDS - Extracted to src/cli/
 // ===========================================
@@ -175,187 +156,17 @@ if (cliArgs[0] === 'init') {
     console.error(`  Error: ${err.message}\n`);
     process.exit(1);
   });
-} else if (cliArgs[0] === 'init-hooks') {
-  runInitHooks(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
-    console.error(`  Error: ${err.message}\n`);
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-prompt') {
-  // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
-  const text = cliArgs[1];
-  if (!text) {
-    console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-
-  loadPackageLists();
-  scanAgentPrompt({ prompt_text: text, verbosity }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.action === 'BLOCK' ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-security') {
-  // CLI mode: scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]
-  const filePath = cliArgs[1];
-  if (!filePath) {
-    console.error('Usage: agent-security-scanner-mcp scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-  const formatIdx = cliArgs.indexOf('--format');
-  const outputFormat = formatIdx !== -1 ? cliArgs[formatIdx + 1] : 'json';
-
-  loadPackageLists();
-  scanSecurity({ file_path: filePath, verbosity, output_format: outputFormat }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'check-package') {
-  // CLI mode: check-package <name> <ecosystem>
-  const packageName = cliArgs[1];
-  const ecosystem = cliArgs[2];
-  if (!packageName || !ecosystem) {
-    console.error('Usage: agent-security-scanner-mcp check-package <name> <ecosystem>');
-    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
-    process.exit(1);
-  }
-
-  loadPackageLists();
-  checkPackage({ package_name: packageName, ecosystem }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.legitimate ? 0 : 1);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-packages') {
-  // CLI mode: scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]
-  const filePath = cliArgs[1];
-  const ecosystem = cliArgs[2];
-  if (!filePath || !ecosystem) {
-    console.error('Usage: agent-security-scanner-mcp scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]');
-    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-
-  loadPackageLists();
-  scanPackages({ file_path: filePath, ecosystem, verbosity }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.hallucinated_count > 0 ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-project') {
-  // CLI mode: scan-project <dir> [--recursive] [--diff-only] [--cross-file] [--include '*.py'] [--exclude '*.test.js'] [--verbosity minimal|compact|full]
-  const dirPath = cliArgs[1];
-  if (!dirPath || dirPath.startsWith('--')) {
-    console.error('Usage: agent-security-scanner-mcp scan-project <directory> [--recursive] [--diff-only] [--cross-file] [--include <pattern>] [--exclude <pattern>] [--verbosity minimal|compact|full]');
-    process.exit(1);
-  }
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-  const recursive = !cliArgs.includes('--no-recursive');
-  const diffOnly = cliArgs.includes('--diff-only');
-  const crossFile = cliArgs.includes('--cross-file');
-  const includeIdx = cliArgs.indexOf('--include');
-  const includePatterns = includeIdx !== -1 ? [cliArgs[includeIdx + 1]] : undefined;
-  const excludeIdx = cliArgs.indexOf('--exclude');
-  const excludePatterns = excludeIdx !== -1 ? [cliArgs[excludeIdx + 1]] : undefined;
-
-  scanProject({ directory_path: dirPath, recursive, diff_only: diffOnly, cross_file: crossFile, include_patterns: includePatterns, exclude_patterns: excludePatterns, verbosity }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    const total = output.issues_count || output.total || 0;
-    process.exit(total > 0 ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'scan-diff') {
-  // CLI mode: scan-diff [base] [target] [--verbosity minimal|compact|full]
-  // Parse positional args, skipping flag values
-  const verbosityIdx = cliArgs.indexOf('--verbosity');
-  const flagValueIndices = new Set(verbosityIdx !== -1 ? [verbosityIdx, verbosityIdx + 1] : []);
-  const positionalArgs = cliArgs.slice(1).filter((arg, idx) => !arg.startsWith('--') && !flagValueIndices.has(idx + 1));
-  const baseRef = positionalArgs[0];
-  const targetRef = positionalArgs[1];
-  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
-
-  scanDiff({ base_ref: baseRef, target_ref: targetRef, verbosity }).then(result => {
-    const output = JSON.parse(result.content[0].text);
-    console.log(JSON.stringify(output, null, 2));
-    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
-  }).catch(err => {
-    console.error(JSON.stringify({ error: err.message }));
-    process.exit(1);
-  });
-} else if (cliArgs[0] === 'benchmark') {
-  // CLI mode: benchmark [--save] [--json-only] [--compare-latest] [--corpus <path>]
-  const benchmarkPath = join(__dirname, 'benchmarks', 'benchmark_runner.py');
-  const benchArgs = [benchmarkPath];
-
-  // Pass through supported flags
-  for (let i = 1; i < cliArgs.length; i++) {
-    if (['--save', '--json-only', '--compare-latest'].includes(cliArgs[i])) {
-      benchArgs.push(cliArgs[i]);
-    } else if (cliArgs[i] === '--corpus' && cliArgs[i + 1]) {
-      benchArgs.push('--corpus', cliArgs[i + 1]);
-      i++;
-    }
-  }
-
-  try {
-    execFileSync('python3', benchArgs, { stdio: 'inherit', timeout: 300000 });
-  } catch (err) {
-    if (err.status) process.exit(err.status);
-    console.error(`Benchmark error: ${err.message}`);
-    process.exit(1);
-  }
-  process.exit(0);
 } else if (cliArgs[0] === '--help' || cliArgs[0] === '-h' || cliArgs[0] === 'help') {
   console.log('\n  agent-security-scanner-mcp\n');
   console.log('  Commands:');
   console.log('    init [client]        Set up MCP config for a client');
-  console.log('    init-hooks           Install Claude Code hooks for auto-scanning');
   console.log('    doctor [--fix]       Check environment & client configs');
   console.log('    demo [--lang js]     Generate vulnerable file + scan it');
-  console.log('    benchmark [flags]      Run accuracy benchmarks\n');
-  console.log('  CLI Tools (for scripts & OpenClaw):');
-  console.log('    scan-prompt <text>   Scan prompt for injection attacks');
-  console.log('    scan-security <file> Scan file for vulnerabilities');
-  console.log('    check-package <n> <e> Check if package exists in ecosystem');
-  console.log('    scan-packages <f> <e> Scan file imports for hallucinated packages');
-  console.log('    scan-project <dir>   Scan directory for vulnerabilities with grading');
-  console.log('    scan-diff [base] [target] Scan git diff for new vulnerabilities\n');
   console.log('    (no args)            Start MCP server on stdio\n');
-  console.log('  Options:');
-  console.log('    --verbosity <level>  minimal|compact|full (default: compact)');
-  console.log('    --format <type>      json|sarif (scan-security only)');
-  console.log('    --include <pattern>  Include only matching files (scan-project)');
-  console.log('    --exclude <pattern>  Exclude matching files (scan-project)\n');
   console.log('  Examples:');
   console.log('    npx agent-security-scanner-mcp init');
-  console.log('    npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
-  console.log('    npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
-  console.log('    npx agent-security-scanner-mcp check-package flask pypi');
-  console.log('    npx agent-security-scanner-mcp scan-project ./src --verbosity minimal');
-  console.log('    npx agent-security-scanner-mcp scan-diff HEAD~1');
-  console.log('    npx agent-security-scanner-mcp benchmark --save --compare-latest\n');
+  console.log('    npx agent-security-scanner-mcp doctor --fix');
+  console.log('    npx agent-security-scanner-mcp demo --lang py\n');
   process.exit(0);
 } else {
   // Normal MCP server mode

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.4.0",
+  "version": "3.5.1",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
-  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
+  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline.",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -10,11 +10,9 @@
   },
   "scripts": {
     "start": "node index.js",
-    "postinstall": "node scripts/postinstall.js",
     "test": "vitest run",
     "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage",
-    "benchmark": "python3 benchmarks/benchmark_runner.py --save --compare-latest"
+    "test:coverage": "vitest run --coverage"
   },
   "keywords": [
     "mcp",
@@ -54,9 +52,7 @@
     "zed",
     "prompt-firewall",
     "auto-fix",
-    "hallucination",
-    "openclaw",
-    "clawdbot"
+    "hallucination"
   ],
   "author": "Sinewave AI <divya@sinewave.ai>",
   "license": "MIT",
@@ -84,9 +80,6 @@
     "src/cli/*.js",
     "src/fix-patterns.js",
     "src/utils.js",
-    "src/dedup.js",
-    "src/context.js",
-    "src/config.js",
     "analyzer.py",
     "ast_parser.py",
     "generic_ast.py",
@@ -96,10 +89,7 @@
     "taint_analyzer.py",
     "requirements.txt",
     "rules/**",
-    "packages/**",
-    "skills/**",
-    "scripts/postinstall.js",
-    "cross_file_analyzer.py"
+    "packages/**"
   ],
   "devDependencies": {
     "all-the-package-names": "^2.0.2349",

package/pattern_matcher.py

@@ -430,7 +430,6 @@ class Finding:
     end_column: int = 0
     metavariables: Dict[str, str] = field(default_factory=dict)
     metadata: Dict[str, Any] = field(default_factory=dict)
-    confidence: str = "MEDIUM"
 
 
 class RuleEngine:

package/regex_fallback.py

@@ -9,207 +9,10 @@ from typing import List, Dict, Optional
 import re
 
 
-# Severity classification by vulnerability class
-SEVERITY_MAP = {
-    # ERROR - exploitable vulnerabilities (injection, RCE, deserialization)
-    'sql-injection': 'error',
-    'sql-injection-query': 'error',
-    'sql-injection-sprintf': 'error',
-    'sql-injection-where': 'error',
-    'sql-injection-order': 'error',
-    'sql-injection-raw': 'error',
-    'sql-injection-db-cursor': 'error',
-    'sql-injection-using-sqlalchemy': 'error',
-    'sql-injection-sqlcommand': 'error',
-    'sql-injection-sqlquery': 'error',
-    'sql-injection-concat': 'error',
-    'command-injection': 'error',
-    'command-injection-exec': 'error',
-    'command-injection-system': 'error',
-    'command-injection-open': 'error',
-    'command-injection-process-start': 'error',
-    'child-process-exec': 'error',
-    'spawn-shell': 'error',
-    'dangerous-subprocess-use': 'error',
-    'dangerous-system-call': 'error',
-    'eval-detected': 'error',
-    'eval-usage': 'error',
-    'exec-detected': 'error',
-    'pickle-load': 'error',
-    'unsafe-unserialize': 'error',
-    'unsafe-yaml-load': 'error',
-    'unsafe-marshal': 'error',
-    'yaml-load': 'error',
-    'file-inclusion': 'error',
-    'path-traversal': 'error',
-    'xss-echo': 'error',
-    'xss-raw': 'error',
-    'ssrf': 'error',
-    'open-redirect': 'error',
-    'backticks-exec': 'error',
-    'preg-code-exec': 'error',
-    'assert-usage': 'error',
-    'insecure-deserialization-binaryformatter': 'error',
-    'insecure-deserialization-xmlserializer': 'error',
-    'libc-system-call': 'error',
-    'format-string-printf': 'error',
-    'format-string-syslog': 'error',
-    'xss-innerhtml': 'error',
-    'xss-response-write': 'error',
-    'path-traversal-directory-delete': 'error',
-    'path-traversal-file-delete': 'error',
-    'path-traversal-file-read': 'error',
-
-    # WARNING - risky patterns requiring attention
-    'innerHTML': 'warning',
-    'outerHTML': 'warning',
-    'document-write': 'warning',
-    'insertAdjacentHTML': 'warning',
-    'dangerouslySetInnerHTML': 'warning',
-    'function-constructor': 'warning',
-    'setTimeout-string': 'warning',
-    'strcpy-usage': 'warning',
-    'strcat-usage': 'warning',
-    'sprintf-usage': 'warning',
-    'vsprintf-usage': 'warning',
-    'gets-usage': 'warning',
-    'system-usage': 'warning',
-    'popen-usage': 'warning',
-    'hardcoded-password': 'warning',
-    'hardcoded-secret': 'warning',
-    'hardcoded-api-key': 'warning',
-    'hardcoded-connection-string': 'warning',
-    'session-secret-hardcoded': 'warning',
-    'ssl-verify-disabled': 'warning',
-    'curl-ssl-disabled': 'warning',
-    'csrf-disabled': 'warning',
-    'mass-assignment-permit-all': 'warning',
-    'constantize': 'warning',
-    'render-inline': 'warning',
-    'privileged-container': 'warning',
-    'run-as-root': 'warning',
-    'allow-privilege-escalation': 'warning',
-    'host-network': 'warning',
-    'host-pid': 'warning',
-    'host-path': 'warning',
-    'secrets-in-env': 'warning',
-    'cluster-admin-binding': 'warning',
-    'capabilities-add': 'warning',
-    'no-readonly-root': 'warning',
-    'wildcard-rbac': 'warning',
-    's3-public-read': 'warning',
-    'security-group-open-ingress': 'warning',
-    'rds-public-access': 'warning',
-    'rds-encryption-disabled': 'warning',
-    'rds-deletion-protection': 'warning',
-    'cloudtrail-disabled': 'warning',
-    'kms-key-rotation': 'warning',
-    'ebs-encryption-disabled': 'warning',
-    'ec2-imdsv1': 'warning',
-    'phpinfo-exposure': 'warning',
-    'error-display': 'warning',
-    'permissive-cors': 'warning',
-    'mcrypt-deprecated': 'warning',
-    'aws-access-key-id': 'warning',
-    'aws-secret-access-key': 'warning',
-    'github-pat': 'warning',
-    'stripe-api-key': 'warning',
-    'private-key-rsa': 'warning',
-    'database-url': 'warning',
-    'jwt-token': 'warning',
-    'openai-api-key': 'warning',
-    'python.lang.security.audit.hardcoded-password': 'warning',
-    'python.lang.security.audit.hardcoded-api-key': 'warning',
-    'generic.secrets.security.hardcoded-password': 'warning',
-    'generic.secrets.security.hardcoded-api-key': 'warning',
-
-    # INFO - informational / hygiene / low-risk patterns
-    'weak-hash-md5': 'info',
-    'weak-hash-sha1': 'info',
-    'weak-hash': 'info',
-    'weak-cipher': 'info',
-    'weak-cipher-des': 'info',
-    'ecb-mode': 'info',
-    'weak-random': 'info',
-    'insecure-random': 'info',
-    'insecure-hash-md5': 'info',
-    'insecure-hash-sha1': 'info',
-    'insecure-memset': 'info',
-    'strtok-usage': 'info',
-    'insecure-tempfile': 'info',
-    'unchecked-return': 'info',
-    'unsafe-block': 'info',
-    'unwrap-usage': 'info',
-    'raw-pointer-deref': 'info',
-    'panic-usage': 'info',
-    'compile-detected': 'info',
-    'scanf-usage': 'info',
-}
-
-# Confidence classification by rule ID
-CONFIDENCE_MAP = {
-    # HIGH - very specific patterns, low false-positive rate
-    'sql-injection-db-cursor': 'HIGH',
-    'sql-injection-using-sqlalchemy': 'HIGH',
-    'sql-injection-sqlcommand': 'HIGH',
-    'sql-injection-sqlquery': 'HIGH',
-    'sql-injection-concat': 'HIGH',
-    'format-string-printf': 'HIGH',
-    'format-string-syslog': 'HIGH',
-    'pickle-load': 'HIGH',
-    'eval-detected': 'HIGH',
-    'eval-usage': 'HIGH',
-    'exec-detected': 'HIGH',
-    'child-process-exec': 'HIGH',
-    'dangerous-subprocess-use': 'HIGH',
-    'dangerous-system-call': 'HIGH',
-    'hardcoded-password': 'HIGH',
-    'hardcoded-connection-string': 'HIGH',
-    'aws-access-key-id': 'HIGH',
-    'github-pat': 'HIGH',
-    'stripe-api-key': 'HIGH',
-    'private-key-rsa': 'HIGH',
-    'openai-api-key': 'HIGH',
-    'unsafe-unserialize': 'HIGH',
-    'backticks-exec': 'HIGH',
-    'preg-code-exec': 'HIGH',
-    'file-inclusion': 'HIGH',
-    'gets-usage': 'HIGH',
-    'insecure-deserialization-binaryformatter': 'HIGH',
-    'insecure-deserialization-xmlserializer': 'HIGH',
-
-    # LOW - broad patterns with high false-positive rate
-    'compile-detected': 'LOW',
-    'unsafe-block': 'LOW',
-    'unwrap-usage': 'LOW',
-    'insecure-memset': 'LOW',
-    'strtok-usage': 'LOW',
-    'unchecked-return': 'LOW',
-    'scanf-usage': 'LOW',
-    'panic-usage': 'LOW',
-    'raw-pointer-deref': 'LOW',
-    'insecure-random': 'LOW',
-    'weak-random': 'LOW',
-    'insecure-hash-md5': 'LOW',
-    'insecure-hash-sha1': 'LOW',
-    'weak-hash-md5': 'LOW',
-    'weak-hash-sha1': 'LOW',
-    'weak-hash': 'LOW',
-    'database-url': 'LOW',
-
-    # Everything else defaults to MEDIUM
-}
-
-
 def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, col_end: Optional[int] = None,
-                  message: Optional[str] = None, severity: Optional[str] = None,
-                  confidence: Optional[str] = None) -> Dict:
+                  message: Optional[str] = None, severity: str = "warning") -> Dict:
     if col_end is None:
         col_end = max(col_start + 1, len(line.rstrip("\n")))
-    if severity is None:
-        severity = SEVERITY_MAP.get(rule_id, "warning")
-    if confidence is None:
-        confidence = CONFIDENCE_MAP.get(rule_id, "MEDIUM")
     return {
         "ruleId": rule_id,
         "message": message or f"[Regex] {rule_id}",
@@ -219,7 +22,6 @@ def _make_finding(rule_id: str, line_idx: int, line: str, col_start: int = 0, co
         "endColumn": col_end,
         "length": max(0, col_end - col_start),
         "severity": severity,
-        "confidence": confidence,
         "metadata": {"source": "regex-fallback"},
         "metavariables": {},
     }