codegate-ai 0.1.0

package/dist/layer2-static/detectors/consent-bypass.js

@@ -0,0 +1,330 @@
+import { buildFindingEvidence } from "../evidence.js";
+const AUTO_APPROVAL_KEYS = new Set(["alwaysallow", "always_allow", "autoapprove", "auto_approve"]);
+const REMOTE_MCP_ARRAY_KEYS = ["remoteMCPServers", "remote_mcp_servers"];
+const SENSITIVE_REMOTE_MCP_HEADER_KEYS = new Set([
+    "authorization",
+    "proxyauthorization",
+    "cookie",
+    "xapikey",
+    "apikey",
+    "xauthtoken",
+    "xaccesstoken",
+]);
+const ROUTING_REMOTE_MCP_HEADER_KEYS = new Set([
+    "host",
+    "origin",
+    "referer",
+    "forwarded",
+    "xforwardedhost",
+    "xforwardedfor",
+    "xrealip",
+]);
+function normalizeToken(value) {
+    return value.replace(/[^a-z0-9]/giu, "").toLowerCase();
+}
+function hasMeaningfulHeaderValue(value) {
+    if (typeof value === "string") {
+        return value.trim().length > 0;
+    }
+    if (typeof value === "number") {
+        return Number.isFinite(value);
+    }
+    return value === true;
+}
+function normalizeTrustedDomain(value) {
+    const trimmed = value.trim().toLowerCase();
+    if (trimmed.length === 0) {
+        return null;
+    }
+    try {
+        return new URL(trimmed).hostname.toLowerCase();
+    }
+    catch {
+        const withoutScheme = trimmed.replace(/^[a-z][a-z0-9+.-]*:\/\//u, "");
+        const domainOnly = withoutScheme.split(/[/?#]/u)[0]?.toLowerCase() ?? "";
+        return domainOnly.length > 0 ? domainOnly : null;
+    }
+}
+function isTrustedDomain(hostname, trustedDomains) {
+    const lowerHost = hostname.toLowerCase();
+    for (const domain of trustedDomains) {
+        const normalized = normalizeTrustedDomain(domain);
+        if (!normalized) {
+            continue;
+        }
+        if (normalized.startsWith("*.")) {
+            const suffix = normalized.slice(1);
+            if (lowerHost.endsWith(suffix)) {
+                return true;
+            }
+            continue;
+        }
+        if (lowerHost === normalized || lowerHost.endsWith(`.${normalized}`)) {
+            return true;
+        }
+    }
+    return false;
+}
+function extractHostFromHeaderValue(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    if (trimmed.length === 0) {
+        return null;
+    }
+    try {
+        return new URL(trimmed).hostname.toLowerCase();
+    }
+    catch {
+        // Continue with host-like parsing.
+    }
+    const hostLike = trimmed.split(/[/?#]/u)[0] ?? "";
+    const normalizedHost = hostLike.replace(/:\d+$/u, "").toLowerCase();
+    if (/^[a-z0-9.-]+$/u.test(normalizedHost) && normalizedHost.includes(".")) {
+        return normalizedHost;
+    }
+    return null;
+}
+function makeFinding(filePath, field, ruleId, description, evidence) {
+    const location = { field };
+    if (typeof evidence?.line === "number") {
+        location.line = evidence.line;
+    }
+    if (typeof evidence?.column === "number") {
+        location.column = evidence.column;
+    }
+    return {
+        rule_id: ruleId,
+        finding_id: `CONSENT_BYPASS-${filePath}-${field}`,
+        severity: "CRITICAL",
+        category: "CONSENT_BYPASS",
+        layer: "L2",
+        file_path: filePath,
+        location,
+        description,
+        affected_tools: [
+            "claude-code",
+            "codex-cli",
+            "opencode",
+            "cursor",
+            "windsurf",
+            "github-copilot",
+        ],
+        cve: null,
+        owasp: ["ASI05", "ASI09"],
+        cwe: "CWE-78",
+        confidence: "HIGH",
+        fixable: true,
+        remediation_actions: ["remove_field", "replace_with_default"],
+        evidence: evidence?.evidence ?? null,
+        suppressed: false,
+    };
+}
+export function detectConsentBypass(input) {
+    const findings = [];
+    const trustedApiDomains = input.trustedApiDomains ?? [];
+    const parsed = (input.parsed && typeof input.parsed === "object"
+        ? input.parsed
+        : {});
+    const stack = [{ value: parsed, path: "" }];
+    for (const { value, path } of stack) {
+        if (!value || typeof value !== "object" || Array.isArray(value)) {
+            continue;
+        }
+        const record = value;
+        for (const [key, child] of Object.entries(record)) {
+            const fieldPath = path.length > 0 ? `${path}.${key}` : key;
+            const normalized = key.toLowerCase();
+            if (AUTO_APPROVAL_KEYS.has(normalized) && child === true) {
+                const evidence = buildFindingEvidence({
+                    textContent: input.textContent,
+                    jsonPaths: [fieldPath],
+                    searchTerms: [key, normalized],
+                    fallbackValue: `${fieldPath} = true`,
+                });
+                findings.push(makeFinding(input.filePath, fieldPath, "cross-tool-auto-approval", `Cross-tool auto-approval flag is enabled: ${fieldPath}`, evidence));
+            }
+            stack.push({ value: child, path: fieldPath });
+        }
+    }
+    if (parsed.enableAllProjectMcpServers === true) {
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            jsonPaths: ["enableAllProjectMcpServers"],
+            searchTerms: ['"enableAllProjectMcpServers"', "enableAllProjectMcpServers"],
+            fallbackValue: "enableAllProjectMcpServers = true",
+        });
+        findings.push(makeFinding(input.filePath, "enableAllProjectMcpServers", "claude-mcp-consent-bypass", "Project-level MCP auto-approval bypass is enabled", evidence));
+    }
+    if (Array.isArray(parsed.enabledMcpjsonServers) && parsed.enabledMcpjsonServers.length > 0) {
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            jsonPaths: ["enabledMcpjsonServers"],
+            searchTerms: ['"enabledMcpjsonServers"', "enabledMcpjsonServers"],
+            fallbackValue: `enabledMcpjsonServers = ${JSON.stringify(parsed.enabledMcpjsonServers)}`,
+        });
+        findings.push(makeFinding(input.filePath, "enabledMcpjsonServers", "claude-mcp-server-auto-approval", "Specific MCP servers are auto-approved in project config", evidence));
+    }
+    if (Array.isArray(parsed.trustedCommands)
+        ? parsed.trustedCommands.length > 0
+        : typeof parsed.trustedCommands === "object" && parsed.trustedCommands !== null) {
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            jsonPaths: ["trustedCommands"],
+            searchTerms: ['"trustedCommands"', "trustedCommands"],
+            fallbackValue: `trustedCommands = ${JSON.stringify(parsed.trustedCommands)}`,
+        });
+        findings.push(makeFinding(input.filePath, "trustedCommands", "trusted-commands-consent-bypass", "Trusted command allowlist may bypass consent prompts", evidence));
+    }
+    if (parsed.mcpMarketplaceEnabled === false) {
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            jsonPaths: ["mcpMarketplaceEnabled"],
+            searchTerms: ['"mcpMarketplaceEnabled"', "mcpMarketplaceEnabled"],
+            fallbackValue: "mcpMarketplaceEnabled = false",
+        });
+        findings.push(makeFinding(input.filePath, "mcpMarketplaceEnabled", "cline-mcp-marketplace-disabled", "Cline remote policy disables MCP marketplace and local MCP server usage", evidence));
+    }
+    if (parsed.blockPersonalRemoteMCPServers === true) {
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            jsonPaths: ["blockPersonalRemoteMCPServers"],
+            searchTerms: ['"blockPersonalRemoteMCPServers"', "blockPersonalRemoteMCPServers"],
+            fallbackValue: "blockPersonalRemoteMCPServers = true",
+        });
+        findings.push(makeFinding(input.filePath, "blockPersonalRemoteMCPServers", "cline-block-personal-remote-mcp", "Cline remote policy blocks personal remote MCP servers and enforces organization endpoints", evidence));
+    }
+    for (const arrayKey of REMOTE_MCP_ARRAY_KEYS) {
+        const remoteServers = parsed[arrayKey];
+        if (!Array.isArray(remoteServers)) {
+            continue;
+        }
+        remoteServers.forEach((entry, index) => {
+            if (!entry || typeof entry !== "object" || Array.isArray(entry)) {
+                return;
+            }
+            const server = entry;
+            const alwaysEnabledField = `${arrayKey}.${index}.alwaysEnabled`;
+            if (server.alwaysEnabled === true) {
+                const evidence = buildFindingEvidence({
+                    textContent: input.textContent,
+                    jsonPaths: [alwaysEnabledField],
+                    searchTerms: ['"alwaysEnabled"', "alwaysEnabled", arrayKey],
+                    fallbackValue: `${alwaysEnabledField} = true`,
+                });
+                findings.push(makeFinding(input.filePath, alwaysEnabledField, "cline-remote-mcp-always-enabled", "Cline remote MCP server is configured as always-enabled and cannot be disabled by users", evidence));
+            }
+            const urlField = `${arrayKey}.${index}.url`;
+            let remoteUrlHost = null;
+            if (typeof server.url === "string") {
+                let protocol;
+                try {
+                    const parsedUrl = new URL(server.url);
+                    protocol = parsedUrl.protocol;
+                    remoteUrlHost = parsedUrl.hostname.toLowerCase();
+                }
+                catch {
+                    protocol = "";
+                }
+                if (protocol === "http:") {
+                    const evidence = buildFindingEvidence({
+                        textContent: input.textContent,
+                        jsonPaths: [urlField],
+                        searchTerms: [server.url],
+                        fallbackValue: `${urlField} = ${JSON.stringify(server.url)}`,
+                    });
+                    findings.push(makeFinding(input.filePath, urlField, "cline-remote-mcp-insecure-url", `Cline remote MCP server uses insecure HTTP endpoint: ${server.url}`, evidence));
+                }
+                if (protocol === "https:" &&
+                    remoteUrlHost &&
+                    trustedApiDomains.length > 0 &&
+                    !isTrustedDomain(remoteUrlHost, trustedApiDomains)) {
+                    const evidence = buildFindingEvidence({
+                        textContent: input.textContent,
+                        jsonPaths: [urlField],
+                        searchTerms: [server.url, remoteUrlHost],
+                        fallbackValue: `${urlField} = ${JSON.stringify(server.url)}`,
+                    });
+                    findings.push(makeFinding(input.filePath, urlField, "cline-remote-mcp-unallowlisted-url-domain", `Cline remote MCP server URL domain is not allowlisted: ${remoteUrlHost}`, evidence));
+                }
+            }
+            if (!server.headers || typeof server.headers !== "object" || Array.isArray(server.headers)) {
+                return;
+            }
+            for (const [headerName, headerValue] of Object.entries(server.headers)) {
+                if (!hasMeaningfulHeaderValue(headerValue)) {
+                    continue;
+                }
+                const normalizedHeader = normalizeToken(headerName);
+                const headerField = `${arrayKey}.${index}.headers.${headerName}`;
+                if (SENSITIVE_REMOTE_MCP_HEADER_KEYS.has(normalizedHeader)) {
+                    const evidence = buildFindingEvidence({
+                        textContent: input.textContent,
+                        jsonPaths: [headerField, `${arrayKey}.${index}.headers`],
+                        searchTerms: [headerName],
+                        fallbackValue: `${headerField} = ${JSON.stringify(headerValue)}`,
+                    });
+                    findings.push(makeFinding(input.filePath, headerField, "cline-remote-mcp-sensitive-header", `Cline remote MCP server config injects sensitive credential-bearing header: ${headerName}`, evidence));
+                    continue;
+                }
+                if (ROUTING_REMOTE_MCP_HEADER_KEYS.has(normalizedHeader)) {
+                    const evidence = buildFindingEvidence({
+                        textContent: input.textContent,
+                        jsonPaths: [headerField, `${arrayKey}.${index}.headers`],
+                        searchTerms: [headerName],
+                        fallbackValue: `${headerField} = ${JSON.stringify(headerValue)}`,
+                    });
+                    findings.push(makeFinding(input.filePath, headerField, "cline-remote-mcp-routing-header", `Cline remote MCP server config injects routing/identity override header: ${headerName}`, evidence));
+                    const headerHost = extractHostFromHeaderValue(headerValue);
+                    if (headerHost &&
+                        trustedApiDomains.length > 0 &&
+                        !isTrustedDomain(headerHost, trustedApiDomains)) {
+                        const domainEvidence = buildFindingEvidence({
+                            textContent: input.textContent,
+                            jsonPaths: [headerField, `${arrayKey}.${index}.headers`],
+                            searchTerms: [headerName, headerHost],
+                            fallbackValue: `${headerField} = ${JSON.stringify(headerValue)}`,
+                        });
+                        findings.push(makeFinding(input.filePath, headerField, "cline-remote-mcp-unallowlisted-header-domain", `Cline remote MCP routing header references non-allowlisted domain: ${headerHost}`, domainEvidence));
+                    }
+                    else if (headerHost &&
+                        remoteUrlHost &&
+                        headerHost !== remoteUrlHost &&
+                        trustedApiDomains.length === 0) {
+                        const mismatchEvidence = buildFindingEvidence({
+                            textContent: input.textContent,
+                            jsonPaths: [headerField, urlField],
+                            searchTerms: [headerName, headerHost, remoteUrlHost],
+                            fallbackValue: `${headerField} overrides ${remoteUrlHost} -> ${headerHost}`,
+                        });
+                        findings.push(makeFinding(input.filePath, headerField, "cline-remote-mcp-header-host-mismatch", `Cline remote MCP routing header host differs from server URL host (${remoteUrlHost} -> ${headerHost})`, mismatchEvidence));
+                    }
+                }
+            }
+        });
+    }
+    const patterns = [
+        { match: "--dangerously-skip-permissions", evidenceTerms: ["--dangerously-skip-permissions"] },
+        { match: "--trust-all-tools", evidenceTerms: ["--trust-all-tools"] },
+        { match: "--no-interactive", evidenceTerms: ["--no-interactive"] },
+        { match: "alwaysallow", evidenceTerms: ["alwaysAllow", "alwaysallow"] },
+        { match: "always_allow", evidenceTerms: ["always_allow"] },
+        { match: "autoapprove", evidenceTerms: ["autoApprove", "autoapprove"] },
+        { match: "auto_approve", evidenceTerms: ["auto_approve"] },
+        { match: "yolo", evidenceTerms: ["YOLO", "yolo"] },
+    ];
+    const lower = input.textContent.toLowerCase();
+    for (const pattern of patterns) {
+        if (lower.includes(pattern.match)) {
+            const evidence = buildFindingEvidence({
+                textContent: input.textContent,
+                searchTerms: pattern.evidenceTerms,
+                fallbackValue: `text contains "${pattern.match}"`,
+            });
+            findings.push(makeFinding(input.filePath, "script_flags", "consent-bypass-cli-flag", `Consent bypass CLI flag detected: ${pattern.match}`, evidence));
+            break;
+        }
+    }
+    return findings;
+}

package/dist/layer2-static/detectors/env-override.d.ts

@@ -0,0 +1,8 @@
+import type { Finding } from "../../types/finding.js";
+export interface EnvOverrideInput {
+    filePath: string;
+    parsed: unknown;
+    textContent: string;
+    trustedApiDomains: string[];
+}
+export declare function detectEnvOverrides(input: EnvOverrideInput): Finding[];

package/dist/layer2-static/detectors/env-override.js

@@ -0,0 +1,132 @@
+import { buildFindingEvidence } from "../evidence.js";
+const CRITICAL_KEYS = new Set([
+    "ANTHROPIC_BASE_URL",
+    "ANTHROPIC_BEDROCK_BASE_URL",
+    "ANTHROPIC_VERTEX_BASE_URL",
+    "OPENAI_BASE_URL",
+    "OPENAI_API_BASE",
+    "CODEX_HOME",
+]);
+const HEADER_KEYS = new Set(["ANTHROPIC_CUSTOM_HEADERS"]);
+const API_KEY_KEYS = new Set([
+    "ANTHROPIC_API_KEY",
+    "OPENAI_API_KEY",
+    "AZURE_OPENAI_API_KEY",
+    "GOOGLE_AI_API_KEY",
+    "DEEPSEEK_API_KEY",
+]);
+function getEnvRecord(parsed) {
+    if (!parsed || typeof parsed !== "object") {
+        return {};
+    }
+    const root = parsed;
+    if (root.env && typeof root.env === "object") {
+        return root.env;
+    }
+    return root;
+}
+function isTrustedHost(hostname, trustedApiDomains) {
+    if (hostname === "api.anthropic.com" || hostname.endsWith(".anthropic.com")) {
+        return true;
+    }
+    if (hostname === "api.openai.com" || hostname.endsWith(".openai.azure.com")) {
+        return true;
+    }
+    if (hostname.endsWith(".amazonaws.com")) {
+        return true;
+    }
+    if (hostname.endsWith(".googleapis.com")) {
+        return true;
+    }
+    return trustedApiDomains.some((domain) => {
+        if (domain.startsWith("*.")) {
+            return hostname.endsWith(domain.slice(1));
+        }
+        return hostname === domain;
+    });
+}
+function makeFinding(filePath, field, ruleId, severity, description, evidence) {
+    const location = { field };
+    if (typeof evidence?.line === "number") {
+        location.line = evidence.line;
+    }
+    if (typeof evidence?.column === "number") {
+        location.column = evidence.column;
+    }
+    return {
+        rule_id: ruleId,
+        finding_id: `ENV_OVERRIDE-${filePath}-${field}`,
+        severity,
+        category: "ENV_OVERRIDE",
+        layer: "L2",
+        file_path: filePath,
+        location,
+        description,
+        affected_tools: [
+            "claude-code",
+            "codex-cli",
+            "opencode",
+            "cursor",
+            "windsurf",
+            "github-copilot",
+        ],
+        cve: null,
+        owasp: ["ASI03", "ASI06"],
+        cwe: "CWE-522",
+        confidence: "HIGH",
+        fixable: true,
+        remediation_actions: ["remove_field", "replace_with_default"],
+        evidence: evidence?.evidence ?? null,
+        suppressed: false,
+    };
+}
+export function detectEnvOverrides(input) {
+    const root = input.parsed && typeof input.parsed === "object"
+        ? input.parsed
+        : null;
+    const hasEnvObject = !!(root && root.env && typeof root.env === "object");
+    const env = getEnvRecord(input.parsed);
+    const findings = [];
+    for (const [key, rawValue] of Object.entries(env)) {
+        if (typeof rawValue !== "string") {
+            continue;
+        }
+        const field = `env.${key}`;
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            jsonPaths: hasEnvObject ? [field] : [key, field],
+            searchTerms: [`"${key}"`, rawValue],
+            fallbackValue: `${field} = ${rawValue}`,
+        });
+        if (HEADER_KEYS.has(key) || key.endsWith("_CUSTOM_HEADERS") || key.endsWith("_EXTRA_HEADERS")) {
+            findings.push(makeFinding(input.filePath, field, "env-custom-headers-override", "HIGH", `${key} injects custom API headers`, evidence));
+            continue;
+        }
+        if (API_KEY_KEYS.has(key)) {
+            findings.push(makeFinding(input.filePath, field, "env-api-key-override", "MEDIUM", `${key} overrides AI tool credentials at project scope`, evidence));
+            continue;
+        }
+        const looksLikeEndpoint = CRITICAL_KEYS.has(key) ||
+            key.endsWith("_BASE_URL") ||
+            key.endsWith("_API_URL") ||
+            key.endsWith("_ENDPOINT");
+        if (!looksLikeEndpoint) {
+            continue;
+        }
+        try {
+            const url = new URL(rawValue);
+            if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
+                findings.push(makeFinding(input.filePath, field, "env-local-endpoint-override", "MEDIUM", `${key} points to localhost/loopback and may intercept API traffic`, evidence));
+                continue;
+            }
+            if (isTrustedHost(url.hostname, input.trustedApiDomains)) {
+                continue;
+            }
+            findings.push(makeFinding(input.filePath, field, "env-base-url-override", "CRITICAL", `${key} redirects API traffic to an untrusted domain`, evidence));
+        }
+        catch {
+            findings.push(makeFinding(input.filePath, field, "env-invalid-endpoint-override", "CRITICAL", `${key} contains an invalid endpoint override`, evidence));
+        }
+    }
+    return findings;
+}

package/dist/layer2-static/detectors/git-hooks.d.ts

@@ -0,0 +1,11 @@
+import type { Finding } from "../../types/finding.js";
+export interface GitHookEntry {
+    path: string;
+    content: string;
+    executable: boolean;
+}
+export interface GitHooksInput {
+    hooks: GitHookEntry[];
+    knownSafeHooks?: string[];
+}
+export declare function detectGitHookIssues(input: GitHooksInput): Finding[];

package/dist/layer2-static/detectors/git-hooks.js

@@ -0,0 +1,61 @@
+import { buildFindingEvidence } from "../evidence.js";
+function makeFinding(path, description, evidence) {
+    const location = { field: "hook_content" };
+    if (typeof evidence?.line === "number") {
+        location.line = evidence.line;
+    }
+    if (typeof evidence?.column === "number") {
+        location.column = evidence.column;
+    }
+    return {
+        rule_id: "git-hook-suspicious-pattern",
+        finding_id: `GIT_HOOK-${path}`,
+        severity: "MEDIUM",
+        category: "GIT_HOOK",
+        layer: "L2",
+        file_path: path,
+        location,
+        description,
+        affected_tools: [
+            "claude-code",
+            "codex-cli",
+            "opencode",
+            "cursor",
+            "windsurf",
+            "github-copilot",
+        ],
+        cve: null,
+        owasp: ["ASI05", "ASI06"],
+        cwe: "CWE-78",
+        confidence: "HIGH",
+        fixable: true,
+        remediation_actions: ["remove_execute_permission", "quarantine_file", "remove_file"],
+        evidence: evidence?.evidence ?? null,
+        suppressed: false,
+    };
+}
+export function detectGitHookIssues(input) {
+    const findings = [];
+    const knownSafeHooks = new Set((input.knownSafeHooks ?? []).map((hook) => hook.trim()).filter((hook) => hook.length > 0));
+    const suspiciousPattern = /\b(curl|wget|nc|ncat|socat)\b|[|;&`]|[$][(]/u;
+    const exfilPattern = /(~\/\.ssh|~\/\.aws|\.env|id_rsa|git-credentials)/u;
+    for (const hook of input.hooks) {
+        if (knownSafeHooks.has(hook.path)) {
+            continue;
+        }
+        if (!hook.executable) {
+            continue;
+        }
+        if (suspiciousPattern.test(hook.content) || exfilPattern.test(hook.content)) {
+            const suspiciousMatch = hook.content.match(suspiciousPattern)?.[0];
+            const exfilMatch = hook.content.match(exfilPattern)?.[0];
+            const evidence = buildFindingEvidence({
+                textContent: hook.content,
+                searchTerms: [suspiciousMatch ?? "", exfilMatch ?? ""],
+                fallbackValue: "suspicious hook content detected",
+            });
+            findings.push(makeFinding(hook.path, "Executable hook contains suspicious command or exfiltration pattern", evidence));
+        }
+    }
+    return findings;
+}

package/dist/layer2-static/detectors/ide-settings.d.ts

@@ -0,0 +1,8 @@
+import type { Finding } from "../../types/finding.js";
+export interface IdeSettingsInput {
+    filePath: string;
+    parsed: unknown;
+    textContent: string;
+    projectRoot: string;
+}
+export declare function detectIdeSettingsIssues(input: IdeSettingsInput): Finding[];

package/dist/layer2-static/detectors/ide-settings.js

@@ -0,0 +1,66 @@
+import { isAbsolute, join, normalize, relative } from "node:path";
+import { buildFindingEvidence } from "../evidence.js";
+const KNOWN_DANGEROUS_KEYS = new Set(["php.validate.executablePath", "PATH_TO_GIT"]);
+function isInsideProject(pathValue, projectRoot) {
+    const resolved = isAbsolute(pathValue)
+        ? normalize(pathValue)
+        : normalize(join(projectRoot, pathValue));
+    const rel = relative(normalize(projectRoot), resolved);
+    return rel === "" || (!rel.startsWith("..") && !isAbsolute(rel));
+}
+function makeFinding(filePath, field, severity, ruleId, description, evidence) {
+    const location = { field };
+    if (typeof evidence?.line === "number") {
+        location.line = evidence.line;
+    }
+    if (typeof evidence?.column === "number") {
+        location.column = evidence.column;
+    }
+    return {
+        rule_id: ruleId,
+        finding_id: `IDE_SETTINGS-${filePath}-${field}`,
+        severity,
+        category: "IDE_SETTINGS",
+        layer: "L2",
+        file_path: filePath,
+        location,
+        description,
+        affected_tools: ["cursor", "github-copilot", "windsurf", "claude-code"],
+        cve: null,
+        owasp: ["ASI05", "ASI06"],
+        cwe: "CWE-78",
+        confidence: "HIGH",
+        fixable: true,
+        remediation_actions: ["remove_field", "replace_with_default"],
+        evidence: evidence?.evidence ?? null,
+        suppressed: false,
+    };
+}
+export function detectIdeSettingsIssues(input) {
+    if (!input.parsed || typeof input.parsed !== "object") {
+        return [];
+    }
+    const settings = input.parsed;
+    const findings = [];
+    for (const [key, value] of Object.entries(settings)) {
+        if (typeof value !== "string") {
+            continue;
+        }
+        if (!isInsideProject(value, input.projectRoot)) {
+            continue;
+        }
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            searchTerms: [`"${key}"`, key, value],
+            fallbackValue: `${key} = ${value}`,
+        });
+        if (KNOWN_DANGEROUS_KEYS.has(key)) {
+            findings.push(makeFinding(input.filePath, key, "CRITICAL", "ide-known-dangerous-executable-path", `Known-dangerous executable path key points inside project: ${key}`, evidence));
+            continue;
+        }
+        if (/(path|executable|binary|command|interpreter)/iu.test(key)) {
+            findings.push(makeFinding(input.filePath, key, "HIGH", "ide-pattern-executable-path", `Executable-like settings key points inside project: ${key}`, evidence));
+        }
+    }
+    return findings;
+}

package/dist/layer2-static/detectors/plugin-manifest.d.ts

@@ -0,0 +1,9 @@
+import type { Finding } from "../../types/finding.js";
+export interface PluginManifestInput {
+    filePath: string;
+    parsed: unknown;
+    textContent: string;
+    trustedApiDomains: string[];
+    blockedCommands: string[];
+}
+export declare function detectPluginManifestIssues(input: PluginManifestInput): Finding[];