agentaudit 3.9.42 → 3.9.44

package/cli.mjs

@@ -48,8 +48,8 @@ function resolveProvider(flagOverride, keys) {
   if (preferred) {
     const resolved = aliases[preferred] || preferred;
     const p = providers[resolved];
-    if (!p) return null;
-    return p;
+    if (p) return p;
+    // Preferred provider not available (no API key) — fall through to inference
   }
   
   // Smart inference: if model is set, try to match it to a provider
@@ -565,8 +565,8 @@ function collectFiles(dir, basePath = '', collected = [], totalSize = { bytes: 0
   catch { return collected; }
   entries.sort((a, b) => a.name.localeCompare(b.name));
   for (const entry of entries) {
-    if (totalSize.bytes >= MAX_TOTAL_SIZE) { totalSize.truncated = true; totalSize.skippedPaths.push(relPath); continue; }
     const relPath = basePath ? `${basePath}/${entry.name}` : entry.name;
+    if (totalSize.bytes >= MAX_TOTAL_SIZE) { totalSize.truncated = true; totalSize.skippedPaths.push(relPath); continue; }
     const fullPath = path.join(dir, entry.name);
     // SECURITY: Never follow symlinks — attacker could link to /etc/passwd or ~/.ssh/
     if (entry.isSymbolicLink()) continue;
@@ -1471,15 +1471,65 @@ async function auditRepo(url) {
     if (_collectMeta.skippedPaths.length > 5) console.log(`  ${c.dim}    ... and ${_collectMeta.skippedPaths.length - 5} more${c.reset}`);
   }
   
-  // Step 3: Build audit payload
+  // Step 3: Resolve provider + model FIRST (needed for dynamic chunk sizing)
+  const anthropicKey = process.env.ANTHROPIC_API_KEY;
+  const openaiKey = process.env.OPENAI_API_KEY;
+  const openrouterKey = process.env.OPENROUTER_API_KEY;
+  const openrouterModel = process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4';
+  const providerFlag = process.argv.find(a => a.startsWith('--provider='))?.split('=')[1]?.toLowerCase()
+    || (process.argv.includes('--provider') ? process.argv[process.argv.indexOf('--provider') + 1]?.toLowerCase() : null);
+  const resolvedProvider = resolveProvider(providerFlag, { anthropicKey, openaiKey, openrouterKey });
+  // Determine actual model name
+  let actualModel;
+  if (!resolvedProvider) {
+    actualModel = 'unknown';
+  } else if (resolvedProvider.id === 'anthropic') {
+    actualModel = modelOverride || 'claude-sonnet-4-20250514';
+  } else if (resolvedProvider.id === 'openrouter') {
+    actualModel = modelOverride || process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4';
+  } else if (resolvedProvider.id === 'openai') {
+    actualModel = modelOverride || 'gpt-4o';
+  } else if (resolvedProvider.id === 'ollama') {
+    actualModel = modelOverride || resolvedProvider.model;
+  } else {
+    actualModel = modelOverride || resolvedProvider.model || 'unknown';
+  }
+
+  // Step 3b: Determine model context for dynamic chunk sizing
+  let modelContextTokens = 64_000; // conservative default
+  let outputTokenBudget = 4096;
+  
+  if (resolvedProvider) {
+    if (resolvedProvider.id === 'openrouter') {
+      try {
+        const modelInfoRes = await fetch(`https://openrouter.ai/api/v1/models`, {
+          signal: AbortSignal.timeout(5000),
+          headers: { 'HTTP-Referer': 'https://agentaudit.dev' },
+        });
+        if (modelInfoRes.ok) {
+          const modelData = await modelInfoRes.json();
+          const modelInfo = modelData.data?.find(m => m.id === actualModel);
+          if (modelInfo?.context_length) {
+            modelContextTokens = modelInfo.context_length;
+          }
+        }
+      } catch { /* ignore — use default */ }
+    } else if (resolvedProvider.id === 'anthropic') {
+      modelContextTokens = 200_000;
+    } else if (resolvedProvider.id === 'openai') {
+      modelContextTokens = 128_000;
+    } else if (resolvedProvider.id === 'ollama') {
+      modelContextTokens = 32_000;
+    }
+  }
+  
+  outputTokenBudget = modelContextTokens >= 128_000 ? 8192 : modelContextTokens >= 64_000 ? 4096 : modelContextTokens >= 32_000 ? 2048 : 2048;
+  const dynamicChunkChars = Math.floor(modelContextTokens * 0.5 * 4);
+  const MAX_CHUNK_CHARS = Math.max(40_000, Math.min(dynamicChunkChars, 600_000));
+
+  // Step 3c: Build audit payload
   process.stdout.write(`  ${c.dim}[3/4]${c.reset} Preparing audit payload...`);
   const auditPrompt = loadAuditPrompt();
-  
-  // Build code chunks for multi-pass analysis.
-  // Budget ~45k tokens (~180k chars) per chunk for code, leaving room for prompt + output.
-  // ~15k tokens per chunk for code → fits comfortably in 32k+ context models
-  // with room for system prompt (~2k tokens) + output (4k tokens)
-  const MAX_CHUNK_CHARS = 60_000;
   // Sort files by directory to keep related files in the same chunk.
   // This preserves cross-file context (imports, shared modules) within each pass.
   const sortedFiles = [...files].sort((a, b) => {
@@ -1524,17 +1574,6 @@ async function auditRepo(url) {
   const codeBlock = chunks[0] || '';
   
   // Step 4: LLM Analysis
-  // Check for API keys to determine which LLM to use
-  const anthropicKey = process.env.ANTHROPIC_API_KEY;
-  const openaiKey = process.env.OPENAI_API_KEY;
-  const openrouterKey = process.env.OPENROUTER_API_KEY;
-  const openrouterModel = process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4';
-
-  // --provider flag overrides auto-detection
-  const providerFlag = process.argv.find(a => a.startsWith('--provider='))?.split('=')[1]?.toLowerCase()
-    || (process.argv.includes('--provider') ? process.argv[process.argv.indexOf('--provider') + 1]?.toLowerCase() : null);
-
-  const resolvedProvider = resolveProvider(providerFlag, { anthropicKey, openaiKey, openrouterKey });
   const activeProvider = resolvedProvider?.label || null;
   
   if (!resolvedProvider) {
@@ -1603,49 +1642,9 @@ async function auditRepo(url) {
     return null;
   }
   
-  // Determine actual model name for display
-  let actualModel;
-  if (resolvedProvider.id === 'anthropic') {
-    actualModel = modelOverride || 'claude-sonnet-4-20250514';
-  } else if (resolvedProvider.id === 'openrouter') {
-    actualModel = modelOverride || process.env.OPENROUTER_MODEL || 'anthropic/claude-sonnet-4';
-  } else if (resolvedProvider.id === 'openai') {
-    actualModel = modelOverride || 'gpt-4o';
-  } else if (resolvedProvider.id === 'ollama') {
-    actualModel = modelOverride || resolvedProvider.model;
-  } else {
-    actualModel = modelOverride || resolvedProvider.model || 'unknown';
-  }
+  // actualModel already resolved in Step 3
   
   // ── LLM call helper (reused for multi-pass) ──
-  // Determine optimal max_tokens based on model context size
-  // For large-context models (128k+) we can afford 8192 output tokens
-  // For medium (32k-128k) use 4096, for small (<32k) use 2048
-  let outputTokenBudget = 4096; // safe default
-  if (resolvedProvider.id === 'openrouter') {
-    try {
-      const modelInfoRes = await fetch(`https://openrouter.ai/api/v1/models`, {
-        signal: AbortSignal.timeout(5000),
-        headers: { 'HTTP-Referer': 'https://agentaudit.dev' },
-      });
-      if (modelInfoRes.ok) {
-        const modelData = await modelInfoRes.json();
-        const modelInfo = modelData.data?.find(m => m.id === actualModel);
-        if (modelInfo?.context_length) {
-          const ctx = modelInfo.context_length;
-          outputTokenBudget = ctx >= 128_000 ? 8192 : ctx >= 64_000 ? 4096 : ctx >= 32_000 ? 2048 : 2048;
-          if (process.argv.includes('--debug')) {
-            console.log(`  ${c.dim}  Model context: ${ctx.toLocaleString()} tokens → max_tokens: ${outputTokenBudget}${c.reset}`);
-          }
-        }
-      }
-    } catch { /* ignore — use default */ }
-  } else if (resolvedProvider.id === 'anthropic') {
-    outputTokenBudget = 8192; // Claude models have 200k context
-  } else if (resolvedProvider.id === 'openai') {
-    outputTokenBudget = 8192; // GPT-4o has 128k context
-  }
-
   async function callLLM(codeContent, passLabel) {
     const systemPrompt = auditPrompt || 'You are a security auditor. Analyze the code and report findings as JSON.';
     const userMessage = [
@@ -1834,6 +1833,79 @@ async function auditRepo(url) {
     providerMeta = { ...lastMeta, input_tokens: totalInput || null, output_tokens: totalOutput || null };
     
     console.log(`  ${c.dim}  Merged: ${mergedFindings.length} unique findings from ${chunks.length} passes${c.reset}`);
+    
+    // ── Cross-file correlation pass ──
+    // Build lightweight import/export map and ask LLM to check for multi-file attack patterns
+    // that individual chunk passes couldn't detect (e.g., credential read in file A + exfil in file B)
+    process.stdout.write(`  ${c.dim}  Cross-file correlation...${c.reset}`);
+    try {
+      const importMap = sortedFiles.map(f => {
+        const imports = [];
+        const exports = [];
+        // JS/TS imports
+        for (const m of f.content.matchAll(/(?:import|require)\s*\(?['"]([^'"]+)['"]\)?/g)) imports.push(m[1]);
+        for (const m of f.content.matchAll(/(?:from)\s+['"]([^'"]+)['"]/g)) imports.push(m[1]);
+        // Python imports
+        for (const m of f.content.matchAll(/(?:from|import)\s+([\w.]+)/g)) imports.push(m[1]);
+        // Exports
+        for (const m of f.content.matchAll(/(?:module\.exports|export\s+(?:default\s+)?(?:function|class|const|let|var)\s+)(\w+)/g)) exports.push(m[1]);
+        // Dangerous function calls (brief)
+        const dangerousCalls = [];
+        if (/\b(?:exec|spawn|execSync|system|eval|Function)\s*\(/.test(f.content)) dangerousCalls.push('exec/eval');
+        if (/\b(?:fetch|https?\.request|axios|got)\s*\(/.test(f.content)) dangerousCalls.push('network');
+        if (/\b(?:readFile|writeFile|createReadStream|open)\s*\(/.test(f.content)) dangerousCalls.push('fs');
+        if (/process\.env|os\.environ|getenv/.test(f.content)) dangerousCalls.push('env-read');
+        return { path: f.path, imports: [...new Set(imports)].slice(0, 10), exports: exports.slice(0, 10), calls: dangerousCalls };
+      }).filter(f => f.imports.length > 0 || f.exports.length > 0 || f.calls.length > 0);
+      
+      if (importMap.length > 2) {
+        const correlationPrompt = [
+          `You previously analyzed ${chunks.length} code chunks from package "${slug}" (${url}).`,
+          `Here is a cross-file map showing imports, exports, and dangerous function calls.`,
+          `Check for MULTI-FILE ATTACK PATTERNS that individual chunk analysis could miss:`,
+          `- File A reads credentials/env → File B sends them to network (credential exfiltration pipeline)`,
+          `- File A defines a function with exec/eval → File B calls it with user input (indirect RCE)`,
+          `- Config file grants broad permissions → Code file exploits them`,
+          `- Install hook in scripts/ triggers code in src/ that exfiltrates data`,
+          ``,
+          `Respond with ONLY a JSON object: { "cross_file_findings": [...] } where each finding has:`,
+          `{ "title": "...", "severity": "...", "description": "...", "file": "...", "confidence": "...", "pattern_id": "CORR_001", "remediation": "..." }`,
+          `If no cross-file issues found, respond: { "cross_file_findings": [] }`,
+          ``,
+          `## File Map`,
+          JSON.stringify(importMap, null, 2),
+        ].join('\n');
+        
+        const corrResult = await callLLM(correlationPrompt, 'correlation');
+        if (corrResult.report?.cross_file_findings?.length > 0) {
+          const corrFindings = corrResult.report.cross_file_findings;
+          for (const f of corrFindings) {
+            const key = `${f.title}::${f.file || ''}`;
+            if (!seen.has(key)) {
+              seen.add(key);
+              mergedFindings.push(f);
+            }
+          }
+          console.log(` ${c.yellow}${corrFindings.length} cross-file issues found${c.reset}`);
+          // Re-merge into report
+          const newRisk = Math.min(100, mergedFindings.reduce((s, f) => s + (sevWeights[f.severity] || 0), 0));
+          report.findings = mergedFindings;
+          report.findings_count = mergedFindings.length;
+          report.risk_score = newRisk;
+          report.result = newRisk === 0 ? 'safe' : newRisk <= 20 ? 'caution' : 'unsafe';
+          totalInput += corrResult.meta?.input_tokens || 0;
+          totalOutput += corrResult.meta?.output_tokens || 0;
+          providerMeta = { ...providerMeta, input_tokens: totalInput || null, output_tokens: totalOutput || null };
+        } else {
+          console.log(` ${c.green}clean${c.reset}`);
+        }
+      } else {
+        console.log(` ${c.dim}skipped (too few files with imports)${c.reset}`);
+      }
+    } catch (corrErr) {
+      console.log(` ${c.dim}skipped (${corrErr.message?.slice(0, 40)})${c.reset}`);
+    }
+    
     console.log(` ${c.green}done${c.reset} ${c.dim}(${elapsed(start)})${c.reset}`);
   } else {
     // Single-pass (original flow)
@@ -1884,7 +1956,14 @@ async function auditRepo(url) {
   
   // Display results
   console.log();
-  const riskScore = report.risk_score || 0;
+  // Always recalculate risk_score from findings severities (never trust LLM's score)
+  const _sevW = { critical: 25, high: 15, medium: 5, low: 1 };
+  const recalcRisk = report.findings && report.findings.length > 0
+    ? Math.min(100, report.findings.reduce((s, f) => s + (_sevW[f.severity] || 0), 0))
+    : 0;
+  report.risk_score = recalcRisk;
+  report.result = recalcRisk === 0 ? 'safe' : recalcRisk <= 20 ? 'caution' : 'unsafe';
+  const riskScore = recalcRisk;
   const trustScore = 100 - riskScore;
   const trustColor = trustScore >= 70 ? c.green : trustScore >= 40 ? c.yellow : c.red;
   const trustLabel = trustScore >= 70 ? 'SAFE' : trustScore >= 40 ? 'CAUTION' : 'UNSAFE';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentaudit",
-  "version": "3.9.42",
+  "version": "3.9.44",
   "description": "Security scanner for AI packages — MCP server + CLI",
   "type": "module",
   "bin": {