agentaudit 3.9.24 → 3.9.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cli.mjs +32 -2
- package/package.json +1 -1
package/cli.mjs
CHANGED
|
@@ -388,7 +388,14 @@ function banner() {
|
|
|
388
388
|
|
|
389
389
|
function slugFromUrl(url) {
|
|
390
390
|
const match = url.match(/github\.com\/([^/]+)\/([^/.\s]+)/);
|
|
391
|
-
if (match)
|
|
391
|
+
if (match) {
|
|
392
|
+
const owner = match[1].toLowerCase().replace(/[^a-z0-9-]/g, '-');
|
|
393
|
+
const repo = match[2].toLowerCase().replace(/[^a-z0-9-]/g, '-');
|
|
394
|
+
// Generic repo names get owner prefix to avoid collisions
|
|
395
|
+
const generic = ['mcp', 'server', 'plugin', 'tool', 'agent', 'sdk', 'api', 'app', 'cli', 'lib', 'core'];
|
|
396
|
+
if (generic.includes(repo)) return `${owner}-${repo}`;
|
|
397
|
+
return repo;
|
|
398
|
+
}
|
|
392
399
|
return url.replace(/[^a-z0-9]/gi, '-').toLowerCase().slice(0, 60);
|
|
393
400
|
}
|
|
394
401
|
|
|
@@ -1506,6 +1513,7 @@ async function auditRepo(url) {
|
|
|
1506
1513
|
|
|
1507
1514
|
let report = null;
|
|
1508
1515
|
let _lastLlmText = '';
|
|
1516
|
+
let providerMeta = {}; // Collect provider metadata for attestation
|
|
1509
1517
|
|
|
1510
1518
|
try {
|
|
1511
1519
|
if (resolvedProvider.id === 'anthropic') {
|
|
@@ -1534,6 +1542,12 @@ async function auditRepo(url) {
|
|
|
1534
1542
|
const text = data.content?.[0]?.text || '';
|
|
1535
1543
|
_lastLlmText = text;
|
|
1536
1544
|
report = extractJSON(text);
|
|
1545
|
+
providerMeta = {
|
|
1546
|
+
provider_msg_id: data.id || null,
|
|
1547
|
+
input_tokens: data.usage?.input_tokens || null,
|
|
1548
|
+
output_tokens: data.usage?.output_tokens || null,
|
|
1549
|
+
reported_model: data.model || null,
|
|
1550
|
+
};
|
|
1537
1551
|
} else {
|
|
1538
1552
|
// OpenAI, OpenRouter, Ollama, or Custom (all use OpenAI-compatible chat completions API)
|
|
1539
1553
|
let apiUrl, modelName, authHeaders;
|
|
@@ -1582,6 +1596,13 @@ async function auditRepo(url) {
|
|
|
1582
1596
|
const text = data.choices?.[0]?.message?.content || '';
|
|
1583
1597
|
_lastLlmText = text;
|
|
1584
1598
|
report = extractJSON(text);
|
|
1599
|
+
providerMeta = {
|
|
1600
|
+
provider_msg_id: data.id || null,
|
|
1601
|
+
provider_fingerprint: data.system_fingerprint || null,
|
|
1602
|
+
input_tokens: data.usage?.prompt_tokens || null,
|
|
1603
|
+
output_tokens: data.usage?.completion_tokens || null,
|
|
1604
|
+
reported_model: data.model || null,
|
|
1605
|
+
};
|
|
1585
1606
|
}
|
|
1586
1607
|
|
|
1587
1608
|
console.log(` ${c.green}done${c.reset} ${c.dim}(${elapsed(start)})${c.reset}`);
|
|
@@ -1642,7 +1663,16 @@ async function auditRepo(url) {
|
|
|
1642
1663
|
'Authorization': `Bearer ${creds.api_key}`,
|
|
1643
1664
|
'Content-Type': 'application/json',
|
|
1644
1665
|
},
|
|
1645
|
-
body: JSON.stringify({
|
|
1666
|
+
body: JSON.stringify({
|
|
1667
|
+
...report,
|
|
1668
|
+
audit_model: providerMeta.reported_model || actualModel,
|
|
1669
|
+
audit_provider: resolvedProvider.id,
|
|
1670
|
+
provider_msg_id: providerMeta.provider_msg_id || undefined,
|
|
1671
|
+
provider_fingerprint: providerMeta.provider_fingerprint || undefined,
|
|
1672
|
+
input_tokens: providerMeta.input_tokens || undefined,
|
|
1673
|
+
output_tokens: providerMeta.output_tokens || undefined,
|
|
1674
|
+
audit_duration_ms: Date.now() - start,
|
|
1675
|
+
}),
|
|
1646
1676
|
signal: AbortSignal.timeout(15_000),
|
|
1647
1677
|
});
|
|
1648
1678
|
if (res.ok) {
|