atris 3.28.0 → 3.29.0

package/AGENTS.md

@@ -136,12 +136,10 @@ Load these first:
 - `atris/now.md`
 - `atris/brain/STATUS.md`
 - `atris/brain/self_improvement_ledger.md`
-- `atris/wiki/concepts/agent-activation-contract.md`
 - `atris/skills/atris/SKILL.md`
 - `atris/PERSONA.md`
 - `atris/MAP.md`
 - `atris/TODO.md`
-- `atris/wiki/index.md`
 
 First-message rule: lead with the move before writing to the operator.
 Purpose: optimize for decision-speed; lead with the move, then use descriptions only when they help the operator act.

package/commands/security-review.js

@@ -12,16 +12,105 @@
 //   atris security-review --staged        scan staged changes (pre-commit gate)
 //   atris security-review --json          machine output for CI / the loop
 //   atris security-review --strict        also fail on MEDIUM (PII/paths)
+//   atris security-review --deep          model-review prompt + evidence
+//   atris security-review --update-baseline accept current findings
 //   atris security-review hook            install a pre-commit gate
 //
-// Exit code: 0 = clean, 1 = findings at/over the fail threshold, 2 = bad usage.
+// Exit code: 0 = clean, 1 = active findings at/over the fail threshold, 2 = bad usage.
 
 const fs = require('fs');
 const path = require('path');
-const { runScan, RULES } = require('../lib/security-scan');
+const {
+  runScan,
+  RULES,
+  DEFAULT_BASELINE,
+  SEVERITIES,
+  SEVERITY_RANK,
+  loadBaseline,
+  writeBaseline,
+  applyBaseline,
+  shouldFail,
+  scoreFindings,
+} = require('../lib/security-scan');
 
-const ICON = { high: '✗', medium: '!', low: '·', privacy: '✗', secret: '✗', pii: '!' };
-const SEV_ORDER = { high: 0, medium: 1, low: 2 };
+const ICON = { critical: '✗', high: '✗', medium: '!', low: '·', privacy: '✗', secret: '✗', pii: '!' };
+const SEV_ORDER = { critical: 0, high: 1, medium: 2, low: 3 };
+
+function parseArgs(argv) {
+  const opts = {
+    json: false,
+    quiet: false,
+    strict: false,
+    staged: false,
+    updateBaseline: false,
+    noBaseline: false,
+    deep: false,
+    md: false,
+    baseline: DEFAULT_BASELINE,
+    paths: [],
+  };
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i];
+    if (arg === 'scan') continue;
+    if (arg === '--json') opts.json = true;
+    else if (arg === '--quiet') opts.quiet = true;
+    else if (arg === '--strict') opts.strict = true;
+    else if (arg === '--staged') opts.staged = true;
+    else if (arg === '--update-baseline') opts.updateBaseline = true;
+    else if (arg === '--no-baseline') opts.noBaseline = true;
+    else if (arg === '--deep') opts.deep = true;
+    else if (arg === '--md' || arg === '--markdown') opts.md = true;
+    else if (arg === '--baseline') {
+      if (!argv[i + 1] || argv[i + 1].startsWith('-')) throw new Error('--baseline requires a path');
+      opts.baseline = argv[++i];
+    } else if (arg.startsWith('--baseline=')) {
+      opts.baseline = arg.slice('--baseline='.length);
+    } else if (arg.startsWith('-')) {
+      throw new Error(`unknown flag: ${arg}`);
+    } else {
+      opts.paths.push(arg);
+    }
+  }
+  if (opts.noBaseline && opts.updateBaseline) throw new Error('--update-baseline cannot be combined with --no-baseline');
+  return opts;
+}
+
+function sortFindings(findings) {
+  findings.sort((a, b) => (SEV_ORDER[a.sev] - SEV_ORDER[b.sev]) || a.file.localeCompare(b.file) || (a.line - b.line));
+  return findings;
+}
+
+function failThreshold(strict) {
+  return strict ? 'medium' : 'high';
+}
+
+function failingCount(findings, threshold) {
+  return findings.filter((f) => SEVERITY_RANK[f.sev] >= SEVERITY_RANK[threshold]).length;
+}
+
+function applyBaselineOptions(root, rawFindings, opts) {
+  if (opts.noBaseline) {
+    const active = applyBaseline(rawFindings, []);
+    return { ...active, baseline: { enabled: false, path: null, updated: false } };
+  }
+
+  let baseline = loadBaseline(root, opts.baseline);
+  let updated = false;
+  if (opts.updateBaseline) {
+    baseline = writeBaseline(root, rawFindings, opts.baseline);
+    updated = true;
+  }
+  const applied = applyBaseline(rawFindings, baseline.fingerprints);
+  return {
+    ...applied,
+    baseline: {
+      enabled: true,
+      path: path.relative(root, baseline.file) || opts.baseline,
+      updated,
+      fingerprints: baseline.fingerprints.length,
+    },
+  };
+}
 
 function securityReviewCommand(argv = []) {
   const sub = argv[0];
@@ -29,42 +118,72 @@ function securityReviewCommand(argv = []) {
   if (sub === 'rules') return printRules();
   if (sub === 'hook' || sub === 'install-hook') return installHook();
 
-  const json = argv.includes('--json');
-  const quiet = argv.includes('--quiet');
-  const strict = argv.includes('--strict');
-  const staged = argv.includes('--staged');
-  const paths = argv.filter((a) => !a.startsWith('-') && a !== 'scan');
   const root = process.cwd();
+  let opts;
+  try {
+    opts = parseArgs(argv);
+  } catch (e) {
+    console.error(`security-review: ${e.message}`);
+    return 2;
+  }
 
+  let raw;
   let result;
   try {
-    result = runScan({ root, paths, staged });
+    raw = runScan({ root, paths: opts.paths, staged: opts.staged });
+    result = applyBaselineOptions(root, raw.findings, opts);
   } catch (e) {
     console.error(`security-review: ${e.message}`);
     return 2;
   }
 
-  const { findings, counts, scanned } = result;
-  findings.sort((a, b) => (SEV_ORDER[a.sev] - SEV_ORDER[b.sev]) || a.file.localeCompare(b.file) || (a.line - b.line));
-  const failThreshold = strict ? ['high', 'medium'] : ['high'];
-  const failing = findings.filter((f) => failThreshold.includes(f.sev)).length;
+  const findings = sortFindings(result.findings);
+  const allFindings = sortFindings(result.allFindings);
+  const counts = result.counts;
+  const threshold = failThreshold(opts.strict);
+  const failing = failingCount(findings, threshold);
+  const ok = !shouldFail(findings, threshold);
 
-  if (json) {
+  if (opts.json) {
     console.log(JSON.stringify({
-      ok: failing === 0,
-      scanned,
+      ok,
+      scanned: raw.scanned,
       counts,
-      fail_threshold: strict ? 'medium' : 'high',
+      counts_all: result.countsAll,
+      suppressed: result.suppressed,
+      baseline: result.baseline,
+      score: scoreFindings(findings),
+      score_all: scoreFindings(allFindings),
+      fail_threshold: threshold,
       findings,
+      deep_review: opts.deep ? deepReviewPayload({ findings, counts, scanned: raw.scanned, suppressed: result.suppressed }) : undefined,
       generated_for: 'soc2-evidence',
     }, null, 2));
-    return failing ? 1 : 0;
+    return ok ? 0 : 1;
+  }
+
+  if (opts.md) {
+    console.log(renderMarkdownReport({
+      findings, allFindings, counts, countsAll: result.countsAll, scanned: raw.scanned,
+      threshold, failing, baseline: result.baseline, suppressed: result.suppressed,
+      includeDeep: opts.deep,
+    }));
+    return ok ? 0 : 1;
   }
 
-  if (!quiet) {
+  if (opts.deep) {
+    console.log(renderDeepReview({
+      findings, counts, scanned: raw.scanned, threshold, suppressed: result.suppressed, baseline: result.baseline,
+    }));
+    return ok ? 0 : 1;
+  }
+
+  if (!opts.quiet) {
     console.log('\n  ◉ atris security review');
     if (!findings.length) {
-      console.log(`\n  ✓ clean — no secrets, PII, or sensitive files in ${scanned} tracked file${scanned === 1 ? '' : 's'}\n`);
+      console.log(`\n  ✓ clean — no active secrets, PII, or sensitive files in ${raw.scanned} tracked file${raw.scanned === 1 ? '' : 's'}`);
+      if (result.suppressed) console.log(`  ${result.suppressed} accepted finding${result.suppressed === 1 ? '' : 's'} suppressed by ${result.baseline.path}`);
+      console.log('');
       return 0;
     }
     console.log('');
@@ -74,23 +193,125 @@ function securityReviewCommand(argv = []) {
       console.log(`  ${ICON[f.sev] || '·'} ${f.sev.toUpperCase().padEnd(6)} ${loc}  ${f.rule.padEnd(22)} ${f.why}`);
     }
   }
-  console.log(`\n  ${counts.high || 0} high · ${counts.medium || 0} medium · ${counts.low || 0} low across ${scanned} file${scanned === 1 ? '' : 's'}`);
+  console.log(`\n  ${counts.critical || 0} critical · ${counts.high || 0} high · ${counts.medium || 0} medium · ${counts.low || 0} low across ${raw.scanned} file${raw.scanned === 1 ? '' : 's'}`);
+  if (result.suppressed) console.log(`  ${result.suppressed} accepted finding${result.suppressed === 1 ? '' : 's'} suppressed by ${result.baseline.path}`);
+  if (result.baseline.updated) console.log(`  baseline updated: ${result.baseline.path} (${result.baseline.fingerprints} fingerprint${result.baseline.fingerprints === 1 ? '' : 's'})`);
   if (failing) {
-    console.log(`  ${failing} finding${failing === 1 ? '' : 's'} at/over the ${strict ? 'MEDIUM' : 'HIGH'} threshold · exit 1`);
+    console.log(`  ${failing} finding${failing === 1 ? '' : 's'} at/over the ${threshold.toUpperCase()} threshold · exit 1`);
     console.log('  fix or suppress (trailing `atris-allow-secret`), then re-run.\n');
   } else {
-    console.log(`  no findings at the ${strict ? 'MEDIUM' : 'HIGH'} threshold · exit 0\n`);
+    console.log(`  no findings at the ${threshold.toUpperCase()} threshold · exit 0\n`);
   }
-  return failing ? 1 : 0;
+  return ok ? 0 : 1;
 }
 
 function printRules() {
   console.log('\n  atris security-review — deterministic rules:\n');
-  for (const r of RULES) console.log(`  ${r.sev.toUpperCase().padEnd(6)} ${r.cat.padEnd(8)} ${r.id.padEnd(22)} ${r.why}`);
+  for (const sev of SEVERITIES) {
+    for (const r of RULES.filter((rule) => rule.sev === sev)) {
+      console.log(`  ${r.sev.toUpperCase().padEnd(8)} ${r.cat.padEnd(8)} ${r.id.padEnd(22)} ${r.why}`);
+    }
+  }
   console.log(`\n  ${RULES.length} rules + tracked-sensitive-file check. Suppress a line with a trailing \`atris-allow-secret\`.\n`);
   return 0;
 }
 
+const DEEP_DIMENSIONS = [
+  ['secrets & keys', 'Look for real keys, tokens, private keys, credential files, and places where logs or docs could expose them.'],
+  ['who-can-do-what', 'Check whether users, agents, missions, and local commands can only do the actions they should be allowed to do.'],
+  ['untrusted input to code/shell/path/web requests', 'Trace user-controlled values into eval, new Function, child_process, file paths, URLs, redirects, and fetch/request calls.'],
+  ['data exposure', 'Check logs, responses, reports, task state, prompts, and errors for personal data, secrets, or private workspace paths.'],
+  ['dependencies', 'Check package and script changes for risky install hooks, unpinned tools, vendored code, or unexpected network execution.'],
+  ['crypto & randomness', 'Check token generation, signing, hashing, random IDs, and compare logic for weak or predictable behavior.'],
+  ['config & defaults', 'Check debug flags, CORS, open ports, default credentials, unsafe local paths, and flags that bypass safety gates.'],
+];
+
+function evidenceLines(findings, limit = 80) {
+  if (!findings.length) return ['- No deterministic findings after baseline suppression.'];
+  return findings.slice(0, limit).map((f) => {
+    const loc = `${f.file}${f.line ? ':' + f.line : ''}`;
+    return `- ${f.sev.toUpperCase()} ${loc} ${f.rule}: ${f.why}`;
+  });
+}
+
+function deepReviewPayload({ findings, counts, scanned, suppressed }) {
+  return {
+    instruction: 'Answer each dimension with PASS or CONCERN. If CONCERN, cite file:line and the concrete risk. Do not speculate beyond the code.',
+    dimensions: DEEP_DIMENSIONS.map(([name, check]) => ({ name, check })),
+    evidence: {
+      scanned,
+      counts,
+      suppressed,
+      findings,
+    },
+  };
+}
+
+function renderDeepReview({ findings, counts, scanned, threshold, suppressed, baseline }) {
+  const lines = [
+    '# Atris Deep Security Review',
+    '',
+    'Use this as a second-pass review prompt for a capable model.',
+    'Answer every dimension with PASS or CONCERN, then give the file:line evidence.',
+    'Do not invent issues. If the code does not prove the issue, mark PASS or say what proof is missing.',
+    '',
+    'Deterministic evidence:',
+    `- scanned files: ${scanned}`,
+    `- active counts: ${counts.critical || 0} critical, ${counts.high || 0} high, ${counts.medium || 0} medium, ${counts.low || 0} low`,
+    `- fail threshold: ${threshold}`,
+    `- suppressed by baseline: ${suppressed}`,
+    `- baseline: ${baseline.enabled ? baseline.path : 'off'}`,
+    '',
+    'Findings:',
+    ...evidenceLines(findings),
+    '',
+    'Review dimensions:',
+  ];
+  for (const [name, check] of DEEP_DIMENSIONS) {
+    lines.push('', `## ${name}`, check, 'Answer: PASS or CONCERN', 'Specific evidence:');
+  }
+  return `${lines.join('\n')}\n`;
+}
+
+function renderMarkdownReport({ findings, allFindings, counts, countsAll, scanned, threshold, failing, baseline, suppressed, includeDeep }) {
+  const status = failing ? 'FAIL' : 'PASS';
+  const lines = [
+    '# Atris Security Review',
+    '',
+    `Status: ${status}`,
+    `Fail threshold: ${threshold}`,
+    `Scanned files: ${scanned}`,
+    `Baseline: ${baseline.enabled ? baseline.path : 'off'}`,
+    `Suppressed: ${suppressed}`,
+    '',
+    '## Active Counts',
+    '',
+    `- critical: ${counts.critical || 0}`,
+    `- high: ${counts.high || 0}`,
+    `- medium: ${counts.medium || 0}`,
+    `- low: ${counts.low || 0}`,
+    `- score: ${scoreFindings(findings)}`,
+    '',
+    '## All Counts',
+    '',
+    `- critical: ${countsAll.critical || 0}`,
+    `- high: ${countsAll.high || 0}`,
+    `- medium: ${countsAll.medium || 0}`,
+    `- low: ${countsAll.low || 0}`,
+    `- score: ${scoreFindings(allFindings)}`,
+    '',
+    '## Findings',
+    '',
+    ...evidenceLines(findings),
+  ];
+  if (includeDeep) {
+    lines.push('', '## Deep Review Prompt', '', renderDeepReview({
+      findings, counts, scanned, threshold, suppressed, baseline,
+    }).trim());
+  }
+  return `${lines.join('\n')}\n`;
+}
+
 function installHook() {
   const root = process.cwd();
   const hookDir = path.join(root, '.git', 'hooks');
@@ -120,11 +341,18 @@ function printHelp() {
     atris security-review --staged   scan staged changes (pre-commit gate)
     atris security-review --strict   also fail on MEDIUM (PII / personal paths)
     atris security-review --json     machine output / SOC 2 evidence artifact
+    atris security-review --md       markdown evidence report
+    atris security-review --deep     prompt a stronger model with framework + evidence
+    atris security-review --update-baseline
+                                      accept current findings in .security-review.baseline.json
+    atris security-review --no-baseline
+                                      ignore .security-review.baseline.json
     atris security-review rules       list the active detectors
     atris security-review hook        install a pre-commit gate
 
-  Scans for hardcoded secrets, API keys, personal data, and tracked sensitive
-  files. exit 0 = clean, 1 = found. Wire into the autopilot/mission gate and CI.
+  Scans for real-looking secrets, API keys, personal data, tracked sensitive
+  files, and code-exec review evidence. exit 0 = clean, 1 = found. Wire into
+  the autopilot/mission gate and CI.
 `);
   return 0;
 }

package/lib/security-scan.js

@@ -11,6 +11,7 @@
 
 const fs = require('fs');
 const path = require('path');
+const crypto = require('crypto');
 const { execFileSync } = require('child_process');
 
 const SCAN_EXTS = new Set([
@@ -18,27 +19,51 @@ const SCAN_EXTS = new Set([
   '.yml', '.yaml', '.env', '.sh', '.bash', '.zsh', '.py', '.rb', '.go', '.java',
   '.php', '.toml', '.ini', '.cfg', '.conf', '.html', '.vue', '.svelte', '.patch',
 ]);
-const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.next', 'coverage', 'out', 'vendor', '.cache', '__pycache__']);
+const SKIP_DIRS = new Set([
+  'node_modules', '.git', 'dist', 'build', '.next', 'coverage', 'out', 'vendor',
+  '.cache', '__pycache__', '_archive', 'fixtures', 'fixture', 'snapshots',
+  'snapshot', '__snapshots__', 'testdata',
+]);
+
+const DEFAULT_BASELINE = '.security-review.baseline.json';
 
 // Lines that opt out, and placeholder noise we never flag.
-const ALLOW_MARKER = /atris-allow-secret|atris-security-ignore/i;
-const PLACEHOLDER = /\b(?:example|placeholder|your[_-]?|my[_-]?key|xxx+|redacted|dummy|sample|changeme|test[_-]?key|fake|dummy|<[a-z_-]+>|process\.env|getenv|os\.environ|import\.meta\.env)\b/i;
+const ALLOW_MARKER = /atris-allow-secret|atris-security-ignore|#\s*nosec/i;
+const PLACEHOLDER = /\b(?:example|placeholder|your[_-]?|my[_-]?key|xxx+|redacted|dummy|sample|changeme|test[_-]?key|fake|fixture|benchmark|mock|not[-_ ]?real|should[-_ ]?not[-_ ]?leak|should[-_ ]?redact|no\s+matches|process\.env|getenv|os\.environ|import\.meta\.env)\b|<[a-z0-9_-]+>/i;
+const PLACEHOLDER_VALUE_FRAGMENTS = [
+  'should-not-leak', 'should_redact', 'fixture-token', 'xoxb-secret',
+  'xoxb-should-not-leak', 'xoxb-fixture-token', 'your_api_key',
+  'your-api-key', 'your_key_here', 'your-token', 'secret_yyy', 'secret-yyy',
+  'paid-audit-api-key', 'prod-api-key', 'free-plan-key', 'test1234567890',
+  'abc123def456', 'abcdefghijklmnopqrstuvwxyz', 'abcdef1234567890',
+  'sk-test', 'sk-abc', 'dev-secret', 'test-secret', 'my-super-secret',
+  'same-secret', 'correct_secret', 'oauth_access_token', 'some_secret',
+  'private-key-pem', 'shared-secret', 'oauth-access', 'ext-oauth',
+  'environment-secret', 'immutable-secret', 'member-secret', 'atris_sk_test',
+];
+const COMMON_PLACEHOLDER_VALUES = new Set([
+  'password', 'passw0rd', 'hunter2', 'hunter2hunter2', 'secret', 'secret123',
+  'test', 'testpass123', 'test_token_123', 'dev-user', 'dev-secret-do-not-use-in-prod',
+  'sovereign-local', 'my-hmac-key', 'env-token', 'audit-key',
+]);
 
-// High-precision secret patterns. severity high => fails the gate.
+// High-precision secret patterns. Known-provider keys become critical only when
+// their value quality check says the variable part looks real.
 const SECRET_RULES = [
-  { id: 'private-key', sev: 'high', cat: 'secret', re: /-----BEGIN (?:RSA |EC |OPENSSH |PGP |DSA |ENCRYPTED )?PRIVATE KEY-----/, why: 'private key committed in source' },
-  { id: 'aws-access-key-id', sev: 'high', cat: 'secret', re: /\bAKIA[0-9A-Z]{16}\b/, why: 'AWS access key id' },
-  { id: 'github-token', sev: 'high', cat: 'secret', re: /\bgh[pousr]_[A-Za-z0-9]{36,}\b/, why: 'GitHub personal/OAuth token' },
-  { id: 'slack-token', sev: 'high', cat: 'secret', re: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/, why: 'Slack token' },
-  { id: 'slack-webhook', sev: 'high', cat: 'secret', re: /https:\/\/hooks\.slack\.com\/services\/[A-Za-z0-9/_-]{20,}/, why: 'Slack incoming webhook url' },
-  { id: 'openai-key', sev: 'high', cat: 'secret', re: /\bsk-(?:proj-)?[A-Za-z0-9]{20,}\b/, why: 'OpenAI-style API key' },
-  { id: 'anthropic-key', sev: 'high', cat: 'secret', re: /\bsk-ant-[A-Za-z0-9_-]{20,}\b/, why: 'Anthropic API key' },
-  { id: 'google-api-key', sev: 'high', cat: 'secret', re: /\bAIza[0-9A-Za-z_-]{35}\b/, why: 'Google API key' },
-  { id: 'stripe-key', sev: 'high', cat: 'secret', re: /\b[rs]k_live_[A-Za-z0-9]{20,}\b/, why: 'Stripe live key' },
-  { id: 'npm-token', sev: 'high', cat: 'secret', re: /\bnpm_[A-Za-z0-9]{36}\b/, why: 'npm access token' },
-  { id: 'jwt', sev: 'medium', cat: 'secret', re: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{6,}\b/, why: 'JWT (often carries claims/PII)' },
-  { id: 'bearer-token', sev: 'medium', cat: 'secret', re: /\bBearer\s+[A-Za-z0-9._-]{24,}/, why: 'hardcoded Bearer token' },
-  { id: 'assigned-secret', sev: 'high', cat: 'secret', re: /(?:password|passwd|pwd|secret|api[_-]?key|apikey|access[_-]?token|auth[_-]?token|client[_-]?secret|private[_-]?key)\s*[:=]\s*['"][^'"\s]{8,}['"]/i, why: 'hardcoded credential assignment' },
+  { id: 'private-key', sev: 'critical', cat: 'secret', re: /(-----BEGIN (?:RSA |EC |OPENSSH |PGP |DSA |ENCRYPTED )?PRIVATE KEY-----)/, known: true, noEntropy: true, why: 'private key committed in source' },
+  { id: 'aws-access-key-id', sev: 'critical', cat: 'secret', re: /\b((?:AKIA|ASIA)[0-9A-Z]{16})\b/, known: true, why: 'real-looking AWS access key id' },
+  { id: 'github-token', sev: 'critical', cat: 'secret', re: /\b(gh[pousr]_[A-Za-z0-9]{36,}|github_pat_[A-Za-z0-9_]{40,})\b/, known: true, why: 'real-looking GitHub token' },
+  { id: 'slack-token', sev: 'critical', cat: 'secret', re: /\b(xox[baprs]-[A-Za-z0-9-]{10,})\b/, known: true, why: 'real-looking Slack token' },
+  { id: 'slack-webhook', sev: 'critical', cat: 'secret', re: /(https:\/\/hooks\.slack\.com\/services\/[A-Za-z0-9/_-]{20,})/, known: true, why: 'real-looking Slack incoming webhook url' },
+  { id: 'openai-key', sev: 'critical', cat: 'secret', re: /\b(sk-proj-[A-Za-z0-9_-]{32,}|sk-[A-Za-z0-9]{32,})\b/, known: true, why: 'real-looking OpenAI-style API key' },
+  { id: 'anthropic-key', sev: 'critical', cat: 'secret', re: /\b(sk-ant-[A-Za-z0-9_-]{20,})\b/, known: true, why: 'real-looking Anthropic API key' },
+  { id: 'google-api-key', sev: 'critical', cat: 'secret', re: /\b(AIza[0-9A-Za-z_-]{35})\b/, known: true, why: 'real-looking Google API key' },
+  { id: 'stripe-key', sev: 'critical', cat: 'secret', re: /\b([rs]k_live_[A-Za-z0-9]{20,})\b/, known: true, why: 'real-looking Stripe live key' },
+  { id: 'npm-token', sev: 'critical', cat: 'secret', re: /\b(npm_[A-Za-z0-9]{36})\b/, known: true, why: 'real-looking npm access token' },
+  { id: 'sendgrid-key', sev: 'critical', cat: 'secret', re: /\b(SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43})\b/, known: true, why: 'real-looking SendGrid API key' },
+  { id: 'jwt', sev: 'medium', cat: 'secret', re: /\b(eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{6,})\b/, why: 'JWT-like token in source' },
+  { id: 'bearer-token', sev: 'medium', cat: 'secret', re: /\bBearer\s+([A-Za-z0-9._~+/=-]{24,})/, why: 'hardcoded Bearer token' },
+  { id: 'assigned-secret', sev: 'high', cat: 'secret', re: /\b(?:password|passwd|pwd|secret|api[_-]?key|apikey|apiKey|access[_-]?token|accessToken|auth[_-]?token|authToken|client[_-]?secret|clientSecret|private[_-]?key|privateKey)\b\s*[:=]\s*(['"`])([^'"`\s]{8,})\1/i, valueGroup: 2, why: 'real-looking hardcoded credential value' },
 ];
 
 // Personal data. Home-path is the recurring leak (a username + local layout).
@@ -55,8 +80,8 @@ const PII_RULES = [
 // command-injection class (MEDIUM — common and sometimes safe, so it asks for a
 // human look rather than hard-failing the gate).
 const CODE_RULES = [
-  { id: 'eval-call', sev: 'high', cat: 'code', re: /(?<![.\w])eval\((?!\s*\))/, why: 'eval() executes arbitrary code' },
-  { id: 'new-function', sev: 'high', cat: 'code', re: /\bnew\s+Function\(/, why: 'new Function() executes arbitrary code' },
+  { id: 'eval-call', sev: 'medium', cat: 'code', re: /(?<![.\w])eval\((?!\s*\))/, why: 'eval() can run untrusted code' },
+  { id: 'new-function', sev: 'medium', cat: 'code', re: /\bnew\s+Function\(/, why: 'new Function() can run untrusted code' },
   { id: 'shell-exec-interpolation', sev: 'medium', cat: 'code', re: /\b(?:exec|execSync)\s*\(\s*[`'"][^`'"]*(?:\$\{|"\s*\+|'\s*\+)/, why: 'shell exec with interpolated input (command-injection risk; prefer execFile/spawn with an args array)' },
   { id: 'child-process-shell-true', sev: 'medium', cat: 'code', re: /\bshell\s*:\s*true\b/, why: 'child_process shell:true enables shell interpretation of args' },
 ];
@@ -65,20 +90,172 @@ const CODE_RULES = [
 const EMAIL_SAFE = /\b(?:noreply|no-reply|support|hello|info|contact|team|hi|admin|press)@/i;
 
 const RULES = [...SECRET_RULES, ...PII_RULES, ...CODE_RULES];
+const SEVERITIES = ['critical', 'high', 'medium', 'low'];
+const SEVERITY_RANK = { low: 0, medium: 1, high: 2, critical: 3 };
 
 // Filenames that should never be committed (checked against the tracked file list).
 const SENSITIVE_FILE_RE = /(?:^|\/)(?:\.env(?:\.[\w.-]+)?|id_rsa|id_dsa|id_ed25519|.*\.pem|.*\.pfx|.*\.p12|.*\.keystore|credentials\.json|\.npmrc|\.pypirc|\.netrc|secrets?\.(?:json|ya?ml|env))$/i;
 const SENSITIVE_FILE_ALLOW = /\.env\.example$|\.env\.sample$|\.env\.template$/i;
 
+function normalizeSnippet(snippet) {
+  return String(snippet || '').replace(/\s+/g, ' ').trim();
+}
+
+function sha256(value) {
+  return crypto.createHash('sha256').update(String(value)).digest('hex');
+}
+
+function shannonEntropy(value) {
+  const s = String(value || '');
+  if (!s) return 0;
+  const freq = new Map();
+  for (const ch of s) freq.set(ch, (freq.get(ch) || 0) + 1);
+  let entropy = 0;
+  for (const count of freq.values()) {
+    const p = count / s.length;
+    entropy -= p * Math.log2(p);
+  }
+  return entropy;
+}
+
+function charClassCount(value) {
+  const s = String(value || '');
+  let count = 0;
+  if (/[a-z]/.test(s)) count++;
+  if (/[A-Z]/.test(s)) count++;
+  if (/[0-9]/.test(s)) count++;
+  if (/[^A-Za-z0-9]/.test(s)) count++;
+  return count;
+}
+
+function uniqueChars(value) {
+  return new Set(String(value || '').split('')).size;
+}
+
+function hasRepeatedChunk(value) {
+  const s = String(value || '');
+  if (/^(.)\1{7,}$/.test(s)) return true;
+  for (let size = 2; size <= Math.min(24, Math.floor(s.length / 2)); size++) {
+    if (s.length % size !== 0) continue;
+    const chunk = s.slice(0, size);
+    if (chunk.repeat(s.length / size) === s) return true;
+  }
+  return /(.{8,})\1/.test(s);
+}
+
+function hasSequentialRun(value) {
+  const s = String(value || '').toLowerCase();
+  const sequences = [
+    'abcdefghijklmnopqrstuvwxyz',
+    'zyxwvutsrqponmlkjihgfedcba',
+    '0123456789',
+    '9876543210',
+    'qwertyuiopasdfghjklzxcvbnm',
+  ];
+  for (const seq of sequences) {
+    for (let i = 0; i <= seq.length - 8; i++) {
+      if (s.includes(seq.slice(i, i + 8))) return true;
+    }
+  }
+  return false;
+}
+
+function stripKnownPrefix(value) {
+  return String(value || '')
+    .replace(/^(?:AKIA|ASIA)/, '')
+    .replace(/^github_pat_/, '')
+    .replace(/^gh[pousr]_/, '')
+    .replace(/^xox[baprs]-/, '')
+    .replace(/^https:\/\/hooks\.slack\.com\/services\//, '')
+    .replace(/^sk-proj-/, '')
+    .replace(/^sk-ant-/, '')
+    .replace(/^sk-/, '')
+    .replace(/^AIza/, '')
+    .replace(/^[rs]k_live_/, '')
+    .replace(/^npm_/, '')
+    .replace(/^SG\./, '');
+}
+
+function isPlaceholderSecretValue(value, line = '') {
+  const raw = String(value || '');
+  const lowValue = raw.toLowerCase();
+  const lowLine = String(line || '').toLowerCase();
+  if (!raw) return true;
+  if (PLACEHOLDER.test(lowLine) || PLACEHOLDER.test(lowValue)) return true;
+  if (COMMON_PLACEHOLDER_VALUES.has(lowValue)) return true;
+  if (/^<[^>]+>$/.test(raw) || /^\$\{?[A-Z0-9_]+\}?$/.test(raw)) return true;
+  if (/^(?:x+|\*+|\.+|-+|_+)$/.test(raw)) return true;
+  if (PLACEHOLDER_VALUE_FRAGMENTS.some((fragment) => lowValue.includes(fragment) || lowLine.includes(fragment))) return true;
+  return false;
+}
+
+function secretQuality(value, { known = false, noEntropy = false } = {}, line = '') {
+  const raw = String(value || '').trim();
+  if (isPlaceholderSecretValue(raw, line)) return { ok: false, reason: 'placeholder' };
+  if (noEntropy) return { ok: true, entropy: null, reason: 'private-key-marker' };
+
+  const core = stripKnownPrefix(raw).replace(/[-_.:/]/g, '');
+  const entropy = shannonEntropy(core);
+  const minLength = known ? 16 : 18;
+  const minEntropy = known ? 3.0 : 3.35;
+  const minUnique = known ? 8 : 10;
+
+  if (core.length < minLength) return { ok: false, entropy, reason: 'too-short' };
+  if (uniqueChars(core) < minUnique) return { ok: false, entropy, reason: 'low-variety' };
+  if (charClassCount(core) < 2) return { ok: false, entropy, reason: 'single-charset' };
+  if (entropy < minEntropy) return { ok: false, entropy, reason: 'low-entropy' };
+  if (hasRepeatedChunk(core)) return { ok: false, entropy, reason: 'repeating' };
+  if (hasSequentialRun(core)) return { ok: false, entropy, reason: 'sequential' };
+  return { ok: true, entropy, reason: 'real-shaped' };
+}
+
+function extractSecretValue(rule, match) {
+  if (!match) return '';
+  if (rule.valueGroup != null) return match[rule.valueGroup] || '';
+  return match[1] || match[0] || '';
+}
+
+function secretSnippet(rule, value) {
+  const safeValue = String(value || '');
+  if (rule.id === 'private-key') return 'private key header';
+  const prefix = safeValue.slice(0, Math.min(12, safeValue.length));
+  return `${prefix}${safeValue.length > prefix.length ? '...' : ''} sha256:${sha256(safeValue).slice(0, 12)}`;
+}
+
+function findingFingerprint(finding) {
+  const raw = [
+    finding.rule,
+    finding.cat,
+    finding.file || '',
+    normalizeSnippet(finding.snippet),
+  ].join('|');
+  return sha256(raw);
+}
+
+function withFingerprint(finding) {
+  return { ...finding, fingerprint: findingFingerprint(finding), suppressed: false };
+}
+
 function scanLine(line, rules = RULES) {
   if (ALLOW_MARKER.test(line)) return [];
   const findings = [];
-  const placeholder = PLACEHOLDER.test(line);
   for (const rule of rules) {
     const m = rule.re.exec(line);
     if (!m) continue;
-    // Secrets in obvious placeholder/env-read lines are not real leaks.
-    if (rule.cat === 'secret' && placeholder) continue;
+    if (rule.cat === 'secret') {
+      const value = extractSecretValue(rule, m);
+      const quality = secretQuality(value, rule, line);
+      if (!quality.ok) continue;
+      findings.push({
+        rule: rule.id,
+        sev: rule.sev,
+        cat: rule.cat,
+        why: rule.why,
+        snippet: secretSnippet(rule, value),
+        entropy: quality.entropy == null ? null : Number(quality.entropy.toFixed(2)),
+      });
+      continue;
+    }
     if (rule.id === 'email' && EMAIL_SAFE.test(line)) continue;
     findings.push({ rule: rule.id, sev: rule.sev, cat: rule.cat, why: rule.why, snippet: m[0].trim().slice(0, 60) });
   }
@@ -97,6 +274,7 @@ function scanText(text, rules = RULES) {
 // Code-execution rules only make sense in actual code files — `eval(` written in
 // a markdown doc is prose, not a vuln.
 const CODE_EXTS = new Set(['.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx', '.py', '.rb', '.go', '.java', '.php', '.sh', '.bash', '.zsh']);
+const DOC_EXTS = new Set(['.md', '.mdx', '.txt', '.patch']);
 
 function rulesForFile(file) {
   return CODE_EXTS.has(path.extname(file)) ? RULES : RULES.filter((r) => r.cat !== 'code');
@@ -105,7 +283,13 @@ function rulesForFile(file) {
 function scanFile(file, rules) {
   let text;
   try { text = fs.readFileSync(file, 'utf8'); } catch { return []; }
-  return scanText(text, rules || rulesForFile(file)).map((f) => ({ ...f, file }));
+  const ext = path.extname(file);
+  return scanText(text, rules || rulesForFile(file)).map((f) => {
+    if (DOC_EXTS.has(ext) && f.rule === 'assigned-secret' && f.sev === 'high') {
+      return { ...f, sev: 'medium', why: 'credential-looking value in documentation; verify before publishing', file };
+    }
+    return { ...f, file };
+  });
 }
 
 // Repo-level hygiene: a sensitive file being tracked at all is a finding,
@@ -113,6 +297,7 @@ function scanFile(file, rules) {
 function sensitiveFileFindings(relPaths) {
   const out = [];
   for (const p of relPaths) {
+    if (shouldSkipRelPath(p)) continue;
     if (SENSITIVE_FILE_RE.test(p) && !SENSITIVE_FILE_ALLOW.test(p)) {
       out.push({ file: p, line: 0, rule: 'tracked-sensitive-file', sev: 'high', cat: 'privacy', why: 'sensitive file is tracked in git (gitignore + remove it)', snippet: path.basename(p) });
     }
@@ -149,18 +334,26 @@ function scannable(file) {
   return SCAN_EXTS.has(ext) || path.basename(file).startsWith('.env');
 }
 
+function shouldSkipRelPath(relPath) {
+  const parts = String(relPath || '').split(/[\\/]+/).filter(Boolean);
+  return parts.some((part) => SKIP_DIRS.has(part));
+}
+
 // Resolve the set of files to scan + the relative-path list for hygiene checks.
 function resolveTargets({ root = process.cwd(), paths = [], staged = false } = {}) {
   if (paths.length) {
-    const files = paths.flatMap((p) => walk(path.resolve(root, p), [])).filter(scannable);
+    const files = paths.flatMap((p) => walk(path.resolve(root, p), []))
+      .filter(scannable)
+      .filter((f) => !shouldSkipRelPath(path.relative(root, f)));
     return { files, relPaths: files.map((f) => path.relative(root, f)) };
   }
   const tracked = gitTrackedFiles(root, { staged });
   if (tracked) {
-    const files = tracked.filter(scannable).map((p) => path.join(root, p)).filter((f) => fs.existsSync(f));
-    return { files, relPaths: tracked };
+    const relPaths = tracked.filter((p) => !shouldSkipRelPath(p));
+    const files = relPaths.filter(scannable).map((p) => path.join(root, p)).filter((f) => fs.existsSync(f));
+    return { files, relPaths };
   }
-  const files = walk(root, []).filter(scannable);
+  const files = walk(root, []).filter(scannable).filter((f) => !shouldSkipRelPath(path.relative(root, f)));
   return { files, relPaths: files.map((f) => path.relative(root, f)) };
 }
 
@@ -177,12 +370,71 @@ function runScan({ root = process.cwd(), paths = [], staged = false } = {}) {
     for (const finding of scanFile(f)) findings.push({ ...finding, file: path.relative(root, finding.file) });
   }
   findings.push(...sensitiveFileFindings(relPaths.filter((p) => !SELF_FILES.has(p))));
-  const counts = { high: 0, medium: 0, low: 0 };
+  const withIds = findings.map(withFingerprint);
+  const counts = summarizeFindings(withIds);
+  return { findings: withIds, counts, scanned: files.length };
+}
+
+function summarizeFindings(findings) {
+  const counts = { critical: 0, high: 0, medium: 0, low: 0 };
   for (const f of findings) counts[f.sev] = (counts[f.sev] || 0) + 1;
-  return { findings, counts, scanned: files.length };
+  return counts;
+}
+
+function loadBaseline(root = process.cwd(), baselineFile = DEFAULT_BASELINE) {
+  const file = path.isAbsolute(baselineFile) ? baselineFile : path.join(root, baselineFile);
+  if (!fs.existsSync(file)) return { file, fingerprints: [] };
+  let raw;
+  try { raw = JSON.parse(fs.readFileSync(file, 'utf8')); }
+  catch (e) { throw new Error(`invalid baseline json: ${path.relative(root, file) || file} (${e.message})`); }
+  const values = Array.isArray(raw) ? raw : raw && raw.fingerprints;
+  if (!Array.isArray(values)) throw new Error('invalid baseline json: expected {"fingerprints":[...]}');
+  return { file, fingerprints: values.filter((v) => typeof v === 'string') };
+}
+
+function writeBaseline(root = process.cwd(), findings = [], baselineFile = DEFAULT_BASELINE) {
+  const file = path.isAbsolute(baselineFile) ? baselineFile : path.join(root, baselineFile);
+  const payload = {
+    generated_at: new Date().toISOString(),
+    fingerprints: [...new Set(findings.map((f) => f.fingerprint || findingFingerprint(f)))].sort(),
+  };
+  fs.writeFileSync(file, JSON.stringify(payload, null, 2) + '\n');
+  return { file, fingerprints: payload.fingerprints };
+}
+
+function applyBaseline(findings, fingerprints = []) {
+  const accepted = new Set(fingerprints);
+  let suppressed = 0;
+  const all = findings.map((finding) => {
+    const fp = finding.fingerprint || findingFingerprint(finding);
+    const isSuppressed = accepted.has(fp);
+    if (isSuppressed) suppressed++;
+    return { ...finding, fingerprint: fp, suppressed: isSuppressed };
+  });
+  const active = all.filter((f) => !f.suppressed);
+  return {
+    findings: active,
+    allFindings: all,
+    suppressed,
+    counts: summarizeFindings(active),
+    countsAll: summarizeFindings(all),
+  };
+}
+
+function shouldFail(findings, failOn = 'high') {
+  const threshold = SEVERITY_RANK[failOn] == null ? SEVERITY_RANK.high : SEVERITY_RANK[failOn];
+  return findings.some((f) => SEVERITY_RANK[f.sev] >= threshold);
+}
+
+function scoreFindings(findings) {
+  const score = { low: 1, medium: 10, high: 50, critical: 100 };
+  return findings.reduce((sum, f) => sum + (score[f.sev] || 0), 0);
 }
 
 module.exports = {
   scanLine, scanText, scanFile, sensitiveFileFindings, gitTrackedFiles,
-  resolveTargets, runScan, SECRET_RULES, PII_RULES, RULES,
+  resolveTargets, runScan, SECRET_RULES, PII_RULES, RULES, CODE_RULES,
+  DEFAULT_BASELINE, SEVERITIES, SEVERITY_RANK, normalizeSnippet,
+  shannonEntropy, secretQuality, findingFingerprint, summarizeFindings,
+  loadBaseline, writeBaseline, applyBaseline, shouldFail, scoreFindings,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "atris",
-  "version": "3.28.0",
+  "version": "3.29.0",
   "main": "bin/atris.js",
   "bin": {
     "atris": "bin/atris.js",