appsec-agent 2.4.4 → 2.5.0

package/dist/src/schemas/learned_guidance.js

@@ -0,0 +1,286 @@
+"use strict";
+/**
+ * Learned-guidance synthesizer schemas (v2.5.0 / parent-app plan §3.8 — CLLG).
+ *
+ * The parent app collects three signal streams (dismissal validations,
+ * `addressed` PR outcomes, 👍 feedback) and buckets them by CWE. For each
+ * eligible bucket it asks this role to emit ONE short policy bullet that
+ * captures the class-level pattern (e.g. *"Trust the CSRF middleware in
+ * `auth/csrf.ts`; do not flag PR routes that go through it."*).
+ *
+ * Input file shape (passed via `--inputs <file>`; matches the JSON the
+ * parent app's `runSynthesizerAgent` writes in `learnedGuidanceSynthesizer.ts`):
+ *
+ *     {
+ *       "buckets": [
+ *         {
+ *           "cwe": "CWE-79",
+ *           "signal_count": 12,
+ *           "example_dismissal_reasons": [
+ *             "duplicate of issue #4321 - already mitigated by helmet middleware",
+ *             "auto-escaped by React JSX",
+ *             ...
+ *           ]
+ *         },
+ *         ...
+ *       ]
+ *     }
+ *
+ * Output shape on stdout (structured JSON, written to `-o <file>` per the
+ * parent app's spawn contract; backend rejects anything off-schema with
+ * `outcome=validation_error`):
+ *
+ *     {
+ *       "bullets": [
+ *         {
+ *           "cwe": "CWE-79",
+ *           "bullet": "≤300 chars positive-form rule the pr_reviewer can apply",
+ *           "confidence": 0.85
+ *         },
+ *         ...
+ *       ]
+ *     }
+ *
+ * The role is a pure transform: no Read/Grep tools, no source-tree
+ * access. Output is constrained by `LEARNED_GUIDANCE_OUTPUT_SCHEMA` so a
+ * malformed bullet list never reaches the parent app's prompt budget.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LEARNED_GUIDANCE_OUTPUT_SCHEMA = exports.MAX_BULLET_LEN = void 0;
+exports.parseLearnedGuidanceInputs = parseLearnedGuidanceInputs;
+exports.loadLearnedGuidanceInputs = loadLearnedGuidanceInputs;
+exports.buildLearnedGuidanceUserPrompt = buildLearnedGuidanceUserPrompt;
+exports.emptyLearnedGuidanceOutput = emptyLearnedGuidanceOutput;
+const fs = __importStar(require("fs"));
+/**
+ * Hard caps applied at parse time. Generous on top of the parent app's
+ * own caps in `learnedGuidanceSynthesizer.ts` (MAX_INPUTS_PER_BUCKET =
+ * 50, MIN_BUCKET_SIZE = 5) so this validator only fires on truly
+ * runaway inputs — e.g. someone hand-builds a malicious JSON file.
+ */
+const MAX_BUCKETS = 200;
+const MAX_REASONS_PER_BUCKET = 200;
+const MAX_REASON_LEN = 2_000;
+const MAX_CWE_LEN = 64;
+/** Output character cap. Stays in lockstep with the parent app's `MAX_BULLET_LEN = 300`. */
+exports.MAX_BULLET_LEN = 300;
+// ---------------------------------------------------------------------------
+// Input parser / validator
+// ---------------------------------------------------------------------------
+/**
+ * Parse and validate a `LearnedGuidanceInputs` object loaded from the
+ * `--inputs` JSON file. Throws on any structural deviation; the CLI
+ * wrapper in `main.ts` exits non-zero so the parent app sees the error
+ * via stderr (and stays fail-closed: zero bullets persisted).
+ */
+function parseLearnedGuidanceInputs(data) {
+    if (!data || typeof data !== 'object') {
+        throw new Error('Learned-guidance inputs must be a JSON object');
+    }
+    const o = data;
+    if (!Array.isArray(o.buckets)) {
+        throw new Error('Learned-guidance inputs must include a "buckets" array');
+    }
+    if (o.buckets.length === 0) {
+        throw new Error('Learned-guidance inputs must include at least one bucket');
+    }
+    if (o.buckets.length > MAX_BUCKETS) {
+        throw new Error(`Learned-guidance inputs supports at most ${MAX_BUCKETS} buckets per run`);
+    }
+    const buckets = [];
+    for (const item of o.buckets) {
+        if (!item || typeof item !== 'object') {
+            throw new Error('Each bucket must be an object');
+        }
+        const b = item;
+        if (typeof b.cwe !== 'string' || !b.cwe.trim()) {
+            throw new Error('Each bucket must include a non-empty string "cwe"');
+        }
+        if (b.cwe.length > MAX_CWE_LEN) {
+            throw new Error(`Bucket "cwe" exceeds ${MAX_CWE_LEN} chars`);
+        }
+        if (typeof b.signal_count !== 'number' || !Number.isFinite(b.signal_count) || b.signal_count < 0) {
+            throw new Error(`Bucket "${b.cwe}" must include a non-negative numeric "signal_count"`);
+        }
+        if (!Array.isArray(b.example_dismissal_reasons)) {
+            throw new Error(`Bucket "${b.cwe}" must include an array "example_dismissal_reasons"`);
+        }
+        if (b.example_dismissal_reasons.length > MAX_REASONS_PER_BUCKET) {
+            throw new Error(`Bucket "${b.cwe}" exceeds ${MAX_REASONS_PER_BUCKET} example_dismissal_reasons`);
+        }
+        const reasons = [];
+        for (const r of b.example_dismissal_reasons) {
+            if (typeof r !== 'string') {
+                throw new Error(`Bucket "${b.cwe}" example_dismissal_reasons must all be strings`);
+            }
+            // Truncate per-reason rather than reject — the parent app already
+            // sanitizes/truncates, but be defensive against future drift.
+            reasons.push(r.length > MAX_REASON_LEN ? r.slice(0, MAX_REASON_LEN) : r);
+        }
+        buckets.push({
+            cwe: b.cwe.trim(),
+            signal_count: Math.floor(b.signal_count),
+            example_dismissal_reasons: reasons,
+        });
+    }
+    return { buckets };
+}
+/**
+ * Convenience loader matching the pattern used by `loadRetestContext`
+ * etc. — read JSON from disk, parse, validate, return.
+ *
+ * Caller is responsible for path validation (we expect `main.ts` to run
+ * the file path through `validateInputFilePath` before calling this so
+ * traversal attempts never reach the loader).
+ */
+function loadLearnedGuidanceInputs(absolutePath) {
+    if (!fs.existsSync(absolutePath)) {
+        throw new Error(`Learned-guidance inputs file not found: ${absolutePath}`);
+    }
+    const raw = fs.readFileSync(absolutePath, 'utf-8');
+    let data;
+    try {
+        data = JSON.parse(raw);
+    }
+    catch (e) {
+        throw new Error(`Failed to parse learned-guidance inputs JSON: ${e?.message || e}`);
+    }
+    return parseLearnedGuidanceInputs(data);
+}
+// ---------------------------------------------------------------------------
+// Prompt builder
+// ---------------------------------------------------------------------------
+/**
+ * Build the user-facing prompt for the synthesizer role. The prompt:
+ *   1. States the task and the success bar (positive-form rule, not generic).
+ *   2. Lists each bucket with its CWE, signal count, and a few example reasons.
+ *   3. Reminds the model of the schema, the per-bullet length cap, and the
+ *      confidence scale.
+ *
+ * The system prompt (set in `agent_options.ts`) plus the JSON schema
+ * enforcement (set on `Options.outputFormat`) enforce the structural
+ * contract; this prompt focuses on the *content* contract.
+ */
+function buildLearnedGuidanceUserPrompt(inputs) {
+    const lines = [
+        '## Class-level Learned Guidance synthesis',
+        '',
+        'You are summarizing patterns observed in past **dismissed** security findings into ONE concise rule per CWE that a code reviewer can apply during the next PR scan to AVOID raising the same false-positive class again.',
+        '',
+        '### Quality bar for a bullet',
+        `- **Positive form**: "Trust X in Y; do not flag Z." not "Past dismissals were noisy."`,
+        `- **Specific**: cite a file path, function name, library, or framework feature wherever the example reasons mention one.`,
+        `- **Self-contained**: a future reviewer reading ONLY the bullet must understand when to apply it.`,
+        `- **≤ ${exports.MAX_BULLET_LEN} characters**. Hard cap; longer bullets will be rejected.`,
+        `- **Confidence in [0, 1]**: 0.9+ for "every example agrees on the same root cause", 0.6 for "majority agree", < 0.6 for "mixed signal" (will be dropped — return ONLY high-confidence bullets).`,
+        '',
+        '### Inputs',
+        '',
+    ];
+    for (const b of inputs.buckets) {
+        lines.push(`#### ${b.cwe} — ${b.signal_count} signal${b.signal_count === 1 ? '' : 's'}`);
+        if (b.example_dismissal_reasons.length === 0) {
+            lines.push('  _(no operator-supplied dismissal reasons; signal is from `addressed` outcomes / 👍 feedback only — be conservative)_');
+        }
+        else {
+            lines.push('Example dismissal reasons (operator-supplied; may be terse):');
+            for (const r of b.example_dismissal_reasons) {
+                lines.push(`  - ${r.replace(/\n+/g, ' ')}`);
+            }
+        }
+        lines.push('');
+    }
+    lines.push('### Output');
+    lines.push('Return JSON matching the required schema:');
+    lines.push('```json');
+    lines.push(JSON.stringify({
+        bullets: [
+            {
+                cwe: '<CWE-XXX>',
+                bullet: '<≤300-char positive-form rule>',
+                confidence: 0.0,
+            },
+        ],
+    }, null, 2));
+    lines.push('```');
+    lines.push('');
+    lines.push('Skip any bucket where the dismissal reasons disagree or are too vague to ground a specific rule. It is BETTER to return zero bullets than to emit a bullet the reviewer cannot act on.');
+    return lines.join('\n');
+}
+// ---------------------------------------------------------------------------
+// JSON Schema for Claude SDK structured output
+// ---------------------------------------------------------------------------
+exports.LEARNED_GUIDANCE_OUTPUT_SCHEMA = {
+    type: 'object',
+    required: ['bullets'],
+    properties: {
+        bullets: {
+            type: 'array',
+            maxItems: 50,
+            items: {
+                type: 'object',
+                required: ['cwe', 'bullet', 'confidence'],
+                properties: {
+                    cwe: {
+                        type: 'string',
+                        minLength: 1,
+                        maxLength: MAX_CWE_LEN,
+                        description: 'CWE identifier exactly as provided in the input bucket (e.g. "CWE-79").',
+                    },
+                    bullet: {
+                        type: 'string',
+                        minLength: 1,
+                        maxLength: exports.MAX_BULLET_LEN,
+                        description: 'Positive-form policy rule the pr_reviewer can apply at scan time. Cite file/library/framework when the dismissal reasons do.',
+                    },
+                    confidence: {
+                        type: 'number',
+                        minimum: 0,
+                        maximum: 1,
+                        description: 'Confidence in [0,1]. Bullets below 0.6 are dropped by the parent app.',
+                    },
+                },
+                additionalProperties: false,
+            },
+        },
+    },
+    additionalProperties: false,
+};
+/** Convenience empty-output shell for tests / agent-side fallback. */
+function emptyLearnedGuidanceOutput() {
+    return { bullets: [] };
+}
+//# sourceMappingURL=learned_guidance.js.map

package/dist/src/schemas/learned_guidance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"learned_guidance.js","sourceRoot":"","sources":["../../../src/schemas/learned_guidance.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwDH,gEA2DC;AAUD,8DAYC;AAiBD,wEAmDC;AA6CD,gEAEC;AA1PD,uCAAyB;AAgBzB;;;;;GAKG;AACH,MAAM,WAAW,GAAG,GAAG,CAAC;AACxB,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,cAAc,GAAG,KAAK,CAAC;AAC7B,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB,4FAA4F;AAC/E,QAAA,cAAc,GAAG,GAAG,CAAC;AAgBlC,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E;;;;;GAKG;AACH,SAAgB,0BAA0B,CAAC,IAAa;IACtD,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,MAAM,CAAC,GAAG,IAA+B,CAAC;IAC1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,GAAG,WAAW,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,4CAA4C,WAAW,kBAAkB,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,OAAO,GAAiC,EAAE,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,CAAC,GAAG,IAA+B,CAAC;QAE1C,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACvE,CAAC;QACD,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,wBAAwB,WAAW,QAAQ,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,OAAO,CAAC,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;YACjG,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,sDAAsD,CAAC,CAAC;QAC1F,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,qDAAqD,CAAC,CAAC;QACzF,CAAC;QACD,IAAI,CAAC,CAAC,yBAAyB,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CACb,WAAW,CAAC,CAAC,GAAG,aAAa,sBAAsB,4BAA4B,CAChF,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,yBAAyB,EAAE,CAAC;YAC5C,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,GAAG,iDAAiD,CAAC,CAAC;YACrF,CAAC;YACD,kEAAkE;YAClE,8DAA8D;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3E,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE;YACjB,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC;YACxC,yBAAyB,EAAE,OAAO;SACnC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,yBAAyB,CAAC,YAAoB;IAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACnD,IAAI,IAAa,CAAC;IAClB,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,EAAE,OAAO,IAAI,CAAC,EAAE,CAAC,CAAC;IACtF,CAAC;IACD,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,SAAgB,8BAA8B,CAAC,MAA6B;IAC1E,MAAM,KAAK,GAAa;QACtB,2CAA2C;QAC3C,EAAE;QACF,0NAA0N;QAC1N,EAAE;QACF,8BAA8B;QAC9B,uFAAuF;QACvF,0HAA0H;QAC1H,mGAAmG;QACnG,SAAS,sBAAc,2DAA2D;QAClF,iMAAiM;QACjM,EAAE;QACF,YAAY;QACZ,EAAE;KACH,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QAC/B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,YAAY,UAAU,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QACzF,IAAI,CAAC,CAAC,yBAAyB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,wHAAwH,CAAC,CAAC;QACvI,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;YAC3E,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,yBAAyB,EAAE,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzB,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CACvB;QACE,OAAO,EAAE;YACP;gBACE,GAAG,EAAE,WAAW;gBAChB,MAAM,EAAE,gCAAgC;gBACxC,UAAU,EAAE,GAAG;aAChB;SACF;KACF,EACD,IAAI,EACJ,CAAC,CACF,CAAC,CAAC;IACH,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,wLAAwL,CAAC,CAAC;IAErM,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,+CAA+C;AAC/C,8EAA8E;AAEjE,QAAA,8BAA8B,GAA4B;IACrE,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,SAAS,CAAC;IACrB,UAAU,EAAE;QACV,OAAO,EAAE;YACP,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,EAAE;YACZ,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,YAAY,CAAC;gBACzC,UAAU,EAAE;oBACV,GAAG,EAAE;wBACH,IAAI,EAAE,QAAQ;wBACd,SAAS,EAAE,CAAC;wBACZ,SAAS,EAAE,WAAW;wBACtB,WAAW,EAAE,yEAAyE;qBACvF;oBACD,MAAM,EAAE;wBACN,IAAI,EAAE,QAAQ;wBACd,SAAS,EAAE,CAAC;wBACZ,SAAS,EAAE,sBAAc;wBACzB,WAAW,EACT,8HAA8H;qBACjI;oBACD,UAAU,EAAE;wBACV,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,CAAC;wBACV,OAAO,EAAE,CAAC;wBACV,WAAW,EAAE,uEAAuE;qBACrF;iBACF;gBACD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,oBAAoB,EAAE,KAAK;CAC5B,CAAC;AAEF,sEAAsE;AACtE,SAAgB,0BAA0B;IACxC,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;AACzB,CAAC"}

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "appsec-agent",
-  "version": "2.4.4",
+  "version": "2.5.0",
   "description": "TypeScript package for AppSec AI Agent management",
   "author": "Sam Li",
-  "date": "Apr 28 2026",
+  "date": "May 03 2026",
   "license": "MIT",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",