codegate-ai 0.6.1 → 0.8.0

package/README.md

@@ -108,6 +108,7 @@ See the [Configuration](#configuration) section for full settings and examples.
 | Command                  | Purpose                                                                |
 | ------------------------ | ---------------------------------------------------------------------- |
 | `codegate scan [target]` | Scan a directory, file, or URL target for AI tool config risks.        |
+| `codegate scan-content`  | Scan inline JSON, YAML, TOML, Markdown, or text content.               |
 | `codegate run <tool>`    | Scan current directory, then launch selected AI tool if policy allows. |
 | `codegate skills [...]`  | Wrap `npx skills` and preflight-scan `skills add` targets.             |
 | `codegate clawhub [...]` | Wrap `npx clawhub` and preflight-scan `clawhub install` targets.       |
@@ -150,6 +151,28 @@ codegate scan . --remediate --dry-run --patch
 codegate scan . --reset-state
 ```
 
+## `scan-content` Command
+
+`codegate scan-content <content...>` scans inline content directly from the command line. It is useful when you want to inspect JSON, YAML, TOML, Markdown, or plain text before writing it to disk or installing it into a tool configuration.
+
+Use `--type` to declare the content format:
+
+| Type       | Purpose                                                              |
+| ---------- | -------------------------------------------------------------------- |
+| `json`     | Parse JSON input and run the static scanner on the parsed structure. |
+| `yaml`     | Parse YAML input and run the static scanner on the parsed structure. |
+| `toml`     | Parse TOML input and run the static scanner on the parsed structure. |
+| `markdown` | Analyze Markdown instruction text as a rule surface.                 |
+| `text`     | Analyze plain text as a rule surface.                                |
+
+Examples:
+
+```bash
+codegate scan-content '{"mcpServers":{"bad":{"command":"bash"}}}' --type json
+codegate scan-content '# Suspicious instructions' --type markdown
+codegate scan-content 'echo hello' --type text
+```
+
 ## `run` Command
 
 `codegate run <tool>` runs scan-first wrapper mode.
@@ -199,6 +222,7 @@ Behavior:
 - Dangerous findings block execution (fail-closed).
 - Warning-level findings can still require confirmation unless `--cg-force` is provided.
 - Non-install subcommands (for example `skills find` or `clawhub search`) are passed through without preflight scanning.
+- Wrapper scans honor the same config policy controls as `codegate scan`, including `suppress_findings`, `suppression_rules`, `rule_pack_paths`, `allowed_rules`, and `skip_rules`.
 
 Wrapper flags (consumed by CodeGate, not forwarded):
 
@@ -299,33 +323,38 @@ codegate init
 - List values are merged and de-duplicated across levels.
 - `trusted_directories` is global-only; project config cannot set it.
 - `blocked_commands` is merged with defaults; defaults are always retained.
+- `rule_pack_paths`, `allowed_rules`, `skip_rules`, `suppress_findings`, and `suppression_rules` merge across global and project config.
 
 ### Full Configuration Reference
 
-| Key                              | Type             | Allowed Values                                                              | Default                                            |
-| -------------------------------- | ---------------- | --------------------------------------------------------------------------- | -------------------------------------------------- |
-| `severity_threshold`             | string           | `critical`, `high`, `medium`, `low`, `info`                                 | `high`                                             |
-| `auto_proceed_below_threshold`   | boolean          | `true`, `false`                                                             | `true`                                             |
-| `output_format`                  | string           | `terminal`, `json`, `sarif`, `markdown`, `html`                             | `terminal`                                         |
-| `scan_state_path`                | string           | file path                                                                   | `~/.codegate/scan-state.json`                      |
-| `scan_user_scope`                | boolean          | `true`, `false`                                                             | `true`                                             |
-| `tui.enabled`                    | boolean          | `true`, `false`                                                             | `true`                                             |
-| `tui.colour_scheme`              | string           | free string (currently `default`)                                           | `default`                                          |
-| `tui.compact_mode`               | boolean          | `true`, `false`                                                             | `false`                                            |
-| `tool_discovery.preferred_agent` | string           | practical values: `claude`, `claude-code`, `codex`, `codex-cli`, `opencode` | `claude`                                           |
-| `tool_discovery.agent_paths`     | object           | map of agent key -> binary path                                             | `{}`                                               |
-| `tool_discovery.skip_tools`      | array of strings | tool keys to skip in discovery/selection                                    | `[]`                                               |
-| `trusted_directories`            | array of strings | directory paths                                                             | `[]`                                               |
-| `blocked_commands`               | array of strings | command names                                                               | `["bash","sh","curl","wget","nc","python","node"]` |
-| `known_safe_mcp_servers`         | array of strings | package/server identifiers                                                  | prefilled                                          |
-| `known_safe_formatters`          | array of strings | formatter names                                                             | prefilled                                          |
-| `known_safe_lsp_servers`         | array of strings | lsp server names                                                            | prefilled                                          |
-| `known_safe_hooks`               | array of strings | relative hook paths such as `.git/hooks/pre-commit`                         | `[]`                                               |
-| `unicode_analysis`               | boolean          | `true`, `false`                                                             | `true`                                             |
-| `check_ide_settings`             | boolean          | `true`, `false`                                                             | `true`                                             |
-| `owasp_mapping`                  | boolean          | `true`, `false`                                                             | `true`                                             |
-| `trusted_api_domains`            | array of strings | domain names                                                                | `[]`                                               |
-| `suppress_findings`              | array of strings | finding IDs/fingerprints                                                    | `[]`                                               |
+| Key                              | Type             | Allowed Values                                                                               | Default                                            |
+| -------------------------------- | ---------------- | -------------------------------------------------------------------------------------------- | -------------------------------------------------- |
+| `severity_threshold`             | string           | `critical`, `high`, `medium`, `low`, `info`                                                  | `high`                                             |
+| `auto_proceed_below_threshold`   | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `output_format`                  | string           | `terminal`, `json`, `sarif`, `markdown`, `html`                                              | `terminal`                                         |
+| `scan_state_path`                | string           | file path                                                                                    | `~/.codegate/scan-state.json`                      |
+| `scan_user_scope`                | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `tui.enabled`                    | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `tui.colour_scheme`              | string           | free string (currently `default`)                                                            | `default`                                          |
+| `tui.compact_mode`               | boolean          | `true`, `false`                                                                              | `false`                                            |
+| `tool_discovery.preferred_agent` | string           | practical values: `claude`, `claude-code`, `codex`, `codex-cli`, `opencode`                  | `claude`                                           |
+| `tool_discovery.agent_paths`     | object           | map of agent key -> binary path                                                              | `{}`                                               |
+| `tool_discovery.skip_tools`      | array of strings | tool keys to skip in discovery/selection                                                     | `[]`                                               |
+| `trusted_directories`            | array of strings | directory paths                                                                              | `[]`                                               |
+| `blocked_commands`               | array of strings | command names                                                                                | `["bash","sh","curl","wget","nc","python","node"]` |
+| `known_safe_mcp_servers`         | array of strings | package/server identifiers                                                                   | prefilled                                          |
+| `known_safe_formatters`          | array of strings | formatter names                                                                              | prefilled                                          |
+| `known_safe_lsp_servers`         | array of strings | lsp server names                                                                             | prefilled                                          |
+| `known_safe_hooks`               | array of strings | relative hook paths such as `.git/hooks/pre-commit`                                          | `[]`                                               |
+| `unicode_analysis`               | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `check_ide_settings`             | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `owasp_mapping`                  | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `trusted_api_domains`            | array of strings | domain names                                                                                 | `[]`                                               |
+| `suppress_findings`              | array of strings | finding IDs/fingerprints                                                                     | `[]`                                               |
+| `suppression_rules`              | array of objects | rule match objects with `rule_id`, `file_path`, `severity`, `category`, `cwe`, `fingerprint` | `[]`                                               |
+| `rule_pack_paths`                | array of strings | extra rule pack files or directories                                                         | `[]`                                               |
+| `allowed_rules`                  | array of strings | rule IDs to keep after loading                                                               | `[]`                                               |
+| `skip_rules`                     | array of strings | rule IDs to drop after loading                                                               | `[]`                                               |
 
 ### Default Config Example
 
@@ -359,7 +388,11 @@ codegate init
   "check_ide_settings": true,
   "owasp_mapping": true,
   "trusted_api_domains": [],
-  "suppress_findings": []
+  "suppress_findings": [],
+  "suppression_rules": [],
+  "rule_pack_paths": [],
+  "allowed_rules": [],
+  "skip_rules": []
 }
 ```
 
@@ -371,6 +404,9 @@ Configuration notes:
 - `unicode_analysis=false` disables hidden-unicode findings in Layer 2 rule-file scanning and Layer 3 tool-description scanning. Other rule-file heuristics remain enabled.
 - `check_ide_settings=false` disables `IDE_SETTINGS` findings.
 - `owasp_mapping=false` keeps detection behavior unchanged and emits empty `owasp` arrays in reports.
+- `suppression_rules` applies all listed criteria with AND semantics. If a criterion is omitted, it is ignored.
+- `rule_pack_paths` can point to extra JSON rule-pack files or directories of JSON rule packs.
+- `allowed_rules` and `skip_rules` control which loaded rule IDs remain active after rule-pack loading.
 
 ## Output Formats
 

package/dist/cli.d.ts

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { Command } from "commander";
 import { type CodeGateConfig, type ResolveConfigOptions } from "./config.js";
-import { type ResourceFetchResult } from "./layer3-dynamic/resource-fetcher.js";
+import type { ResourceFetchResult } from "./layer3-dynamic/resource-fetcher.js";
 import type { LocalTextAnalysisTarget } from "./layer3-dynamic/local-text-analysis.js";
 import { type DeepScanResource } from "./pipeline.js";
 import { type ScanDiscoveryCandidate, type ScanDiscoveryContext } from "./scan.js";

package/dist/cli.js

@@ -8,8 +8,6 @@ import { pathToFileURL } from "node:url";
 import { Command, Option } from "commander";
 import { DEFAULT_CONFIG, OUTPUT_FORMATS, resolveEffectiveConfig, } from "./config.js";
 import { APP_NAME } from "./index.js";
-import { fetchResourceMetadata, } from "./layer3-dynamic/resource-fetcher.js";
-import { acquireToolDescriptions } from "./layer3-dynamic/tool-description-acquisition.js";
 import { runSandboxCommand } from "./layer3-dynamic/sandbox.js";
 import { loadKnowledgeBase } from "./layer1-discovery/knowledge-base.js";
 import { createScanDiscoveryContext, discoverDeepScanResources, discoverDeepScanResourcesFromContext, discoverLocalTextAnalysisTargetsFromContext, runScanEngine, } from "./scan.js";
@@ -20,6 +18,7 @@ import { executeWrapperRun } from "./wrapper.js";
 import { runRemediation as runRemediationWorkflow, } from "./layer4-remediation/remediation-runner.js";
 import { undoLatestSession } from "./commands/undo.js";
 import { executeScanCommand } from "./commands/scan-command.js";
+import { executeScanContentCommand, SCAN_CONTENT_TYPES, } from "./commands/scan-content-command.js";
 import { executeSkillsWrapper, launchSkillsPassthrough, } from "./commands/skills-wrapper.js";
 import { executeClawhubWrapper, launchClawhubPassthrough, } from "./commands/clawhub-wrapper.js";
 import { promptDeepAgentSelection, promptDeepScanConsent, promptMetaAgentCommandConsent, promptRemediationConsent, promptSkillSelection, } from "./cli-prompts.js";
@@ -49,25 +48,6 @@ export function isDirectCliInvocation(importMetaUrl, argv1, deps = {}) {
         return false;
     }
 }
-function mapAcquisitionFailure(status, error) {
-    if (status === "auth_failure" ||
-        status === "timeout" ||
-        status === "network_error" ||
-        status === "command_error") {
-        return {
-            status,
-            attempts: 1,
-            elapsedMs: 0,
-            error,
-        };
-    }
-    return {
-        status: "network_error",
-        attempts: 1,
-        elapsedMs: 0,
-        error: error ?? "tool description acquisition failed",
-    };
-}
 async function runMetaAgentCommandWithSandbox(context) {
     const commandResult = await runSandboxCommand({
         command: context.command.command,
@@ -180,27 +160,22 @@ const defaultCliDeps = {
             includeUserScope: config?.scan_user_scope === true,
         }),
     discoverLocalTextTargets: (_scanTarget, _config, discoveryContext) => discoveryContext ? discoverLocalTextAnalysisTargetsFromContext(discoveryContext) : [],
-    // Keep the default CLI dependency layer as a thin bridge from user-facing commands into the scan engine.
+    // Deep resource execution never makes outbound network calls.
+    // Connecting to URLs found in scanned config files is a security risk:
+    // the endpoint could be malicious (crafted responses, SSRF, IP logging).
+    // Instead, we record the URL as metadata for the agent to analyze.
     executeDeepResource: async (resource) => {
-        if (resource.request.kind === "http" || resource.request.kind === "sse") {
-            const acquisition = await acquireToolDescriptions({
-                serverId: resource.id,
-                transport: resource.request.kind,
-                url: resource.request.locator,
-            });
-            if (acquisition.status === "ok") {
-                return {
-                    status: "ok",
-                    attempts: 1,
-                    elapsedMs: 0,
-                    metadata: {
-                        tools: acquisition.tools,
-                    },
-                };
-            }
-            return mapAcquisitionFailure(acquisition.status, acquisition.error);
-        }
-        return fetchResourceMetadata(resource.request);
+        return {
+            status: "ok",
+            attempts: 0,
+            elapsedMs: 0,
+            metadata: {
+                resource_id: resource.id,
+                resource_kind: resource.request.kind,
+                resource_url: resource.request.locator,
+                note: "URL recorded for analysis without making outbound connections.",
+            },
+        };
     },
     launchSkills: (args, cwd) => launchSkillsPassthrough(args, cwd),
     launchClawhub: (args, cwd) => launchClawhubPassthrough(args, cwd),
@@ -340,6 +315,47 @@ function addScanCommand(program, version, deps) {
         }
     });
 }
+function addScanContentCommand(program, version, deps) {
+    program
+        .command("scan-content <content...>")
+        .description("Scan inline content for AI tool config risks")
+        .addOption(new Option("--type <type>", "content type")
+        .choices([...SCAN_CONTENT_TYPES])
+        .makeOptionMandatory())
+        .addHelpText("after", renderExampleHelp([
+        'codegate scan-content \'{"mcpServers":{"bad":{"command":"bash"}}}\' --type json',
+        "codegate scan-content '# Suspicious instructions' --type markdown",
+        "codegate scan-content 'echo hello' --type text",
+    ]))
+        .action(async (contentParts, options) => {
+        try {
+            const content = (contentParts ?? []).join(" ");
+            const type = options.type;
+            if (!type) {
+                throw new Error("Missing required option: --type");
+            }
+            const config = deps.resolveConfig({
+                scanTarget: deps.cwd(),
+            });
+            await executeScanContentCommand({
+                version,
+                cwd: deps.cwd(),
+                content,
+                type,
+                config,
+            }, {
+                stdout: deps.stdout,
+                stderr: deps.stderr,
+                setExitCode: deps.setExitCode,
+            });
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            deps.stderr(`Scan content failed: ${message}`);
+            deps.setExitCode(3);
+        }
+    });
+}
 function addRunCommand(program, version, deps) {
     program
         .command("run <tool>")
@@ -594,11 +610,13 @@ export function createCli(version = packageJson.version ?? "0.0.0-dev", deps = d
         "codegate scan .",
         "codegate scan https://github.com/owner/repo",
         "codegate scan https://github.com/owner/repo/blob/main/skills/security-review/SKILL.md",
+        'codegate scan-content \'{"mcpServers":{"bad":{"command":"bash"}}}\' --type json',
         "codegate skills add owner/repo --skill security-review",
         "codegate clawhub install security-auditor",
         "codegate run claude",
     ]));
     addScanCommand(program, version, deps);
+    addScanContentCommand(program, version, deps);
     addSkillsCommand(program, version, deps);
     addClawhubCommand(program, version, deps);
     addRunCommand(program, version, deps);

package/dist/commands/scan-command/helpers.d.ts

@@ -12,7 +12,12 @@ export declare function withMetaAgentFinding(metadata: unknown, finding: {
 }): unknown;
 export declare function mergeMetaAgentMetadata(baseMetadata: unknown, agentMetadata: unknown): unknown;
 export declare function noEligibleDeepResourceNotes(): string[];
-export declare function parseLocalTextFindings(filePath: string, metadata: unknown): CodeGateReport["findings"];
+/**
+ * Deterministically verify that a finding's evidence exists in the claimed file.
+ * Returns true if the evidence can be confirmed, false if it cannot.
+ */
+export declare function verifyFindingEvidence(scanTarget: string, filePath: string, evidence: string | null | undefined): boolean;
+export declare function parseLocalTextFindings(filePath: string, metadata: unknown, scanTarget?: string): CodeGateReport["findings"];
 export declare function remediationSummaryLines(input: {
     scanTarget: string;
     options: {

package/dist/commands/scan-command/helpers.js

@@ -1,3 +1,4 @@
+import { existsSync, readFileSync } from "node:fs";
 import { resolve } from "node:path";
 import { renderHtmlReport } from "../../reporter/html.js";
 import { renderJsonReport } from "../../reporter/json.js";
@@ -136,12 +137,56 @@ export function noEligibleDeepResourceNotes() {
         "Local stdio commands (for example `bash`) are still detected by Layer 2 but are never executed by deep scan.",
     ];
 }
-export function parseLocalTextFindings(filePath, metadata) {
+/**
+ * Deterministically verify that a finding's evidence exists in the claimed file.
+ * Returns true if the evidence can be confirmed, false if it cannot.
+ */
+export function verifyFindingEvidence(scanTarget, filePath, evidence) {
+    if (!evidence || evidence.trim().length === 0) {
+        return false;
+    }
+    const absolutePath = resolve(scanTarget, filePath);
+    if (!existsSync(absolutePath)) {
+        return false;
+    }
+    try {
+        const fileContent = readFileSync(absolutePath, "utf8");
+        // Normalize whitespace for comparison: collapse runs of whitespace to single spaces.
+        const normalizeWhitespace = (text) => text.replace(/\s+/gu, " ").trim();
+        const normalizedContent = normalizeWhitespace(fileContent);
+        const normalizedEvidence = normalizeWhitespace(evidence);
+        // Check if the evidence (or a substantial substring of it) appears in the file.
+        if (normalizedContent.includes(normalizedEvidence)) {
+            return true;
+        }
+        // Also try line-by-line matching for shorter evidence strings that may be exact line content.
+        const lines = fileContent.split(/\r?\n/u);
+        for (const line of lines) {
+            if (normalizeWhitespace(line).includes(normalizedEvidence)) {
+                return true;
+            }
+        }
+        return false;
+    }
+    catch {
+        return false;
+    }
+}
+export function parseLocalTextFindings(filePath, metadata, scanTarget) {
     if (!isRecord(metadata) || !Array.isArray(metadata.findings)) {
         return [];
     }
     return metadata.findings
         .filter((item) => isRecord(item))
+        .filter((item) => {
+        // When a scan target is provided, verify evidence exists in the actual file.
+        if (!scanTarget) {
+            return true;
+        }
+        const itemFilePath = typeof item.file_path === "string" ? item.file_path : filePath;
+        const itemEvidence = typeof item.evidence === "string" ? item.evidence : null;
+        return verifyFindingEvidence(scanTarget, itemFilePath, itemEvidence);
+    })
         .map((item, index) => ({
         rule_id: typeof item.id === "string" ? item.id : "layer3-local-text-analysis-finding",
         finding_id: typeof item.id === "string" ? item.id : `L3-local-${filePath}-${index}`,

package/dist/commands/scan-command.js

@@ -1,9 +1,7 @@
-import { mkdtempSync, rmSync } from "node:fs";
-import { tmpdir } from "node:os";
-import { join, resolve } from "node:path";
+import { resolve } from "node:path";
 import { applyConfigPolicy } from "../config.js";
 import { buildMetaAgentCommand, } from "../layer3-dynamic/command-builder.js";
-import { buildPromptEvidenceText, supportsToollessLocalTextAnalysis, } from "../layer3-dynamic/local-text-analysis.js";
+import { supportsAgentLocalTextAnalysis } from "../layer3-dynamic/local-text-analysis.js";
 import { buildLocalTextAnalysisPrompt, buildSecurityAnalysisPrompt, } from "../layer3-dynamic/meta-agent.js";
 import { layer3OutcomesToFindings, mergeLayer3Findings, runDeepScanWithConsent, } from "../pipeline.js";
 import { mergeMetaAgentMetadata, metadataSummary, noEligibleDeepResourceNotes, parseLocalTextFindings, parseMetaAgentOutput, remediationSummaryLines, renderByFormat, summarizeRequestedTargetFindings, withMetaAgentFinding, } from "./scan-command/helpers.js";
@@ -223,67 +221,63 @@ export async function runScanAnalysis(input, deps) {
                 if (!selectedAgent) {
                     deepScanNotes.push("Local instruction-file analysis skipped because no meta-agent was selected.");
                 }
-                else if (!supportsToollessLocalTextAnalysis(selectedAgent.metaTool)) {
-                    deepScanNotes.push("Local instruction-file analysis was skipped because the selected agent does not support tool-less analysis.");
+                else if (!supportsAgentLocalTextAnalysis(selectedAgent.metaTool)) {
+                    deepScanNotes.push("Local instruction-file analysis was skipped because the selected agent does not support read-only analysis.");
                 }
                 else {
-                    // Local instruction files are analyzed as inert text only; referenced URLs stay as evidence, not inputs.
+                    // The agent reads files directly using read-only tools (Read, Glob, Grep).
+                    // It runs in the scan target directory so it can access the files.
+                    // No Bash, Write, Edit, or network tools are available — sandboxed to reading only.
                     if (!deps.runMetaAgentCommand) {
                         throw new Error("Meta-agent command runner not configured");
                     }
-                    const isolatedWorkingDirectory = mkdtempSync(join(tmpdir(), "codegate-local-analysis-"));
-                    let executedLocalAnalyses = 0;
-                    try {
-                        for (const target of localTextTargets) {
-                            const prompt = buildLocalTextAnalysisPrompt({
-                                filePath: target.reportPath,
-                                textContent: buildPromptEvidenceText(target.textContent),
-                                referencedUrls: target.referencedUrls,
-                            });
-                            const command = buildMetaAgentCommand({
-                                tool: selectedAgent.metaTool,
-                                prompt,
-                                workingDirectory: isolatedWorkingDirectory,
-                                binaryPath: selectedAgent.binary,
-                            });
-                            command.timeoutMs = 60_000;
-                            const commandContext = {
-                                localFile: target,
-                                agent: selectedAgent,
-                                command,
-                            };
-                            const approvedCommand = input.options.force ||
-                                (deps.requestMetaAgentCommandConsent
-                                    ? await deps.requestMetaAgentCommandConsent(commandContext)
-                                    : false);
-                            if (!approvedCommand) {
-                                continue;
-                            }
-                            executedLocalAnalyses += 1;
-                            const commandResult = await deps.runMetaAgentCommand(commandContext);
-                            if (commandResult.code !== 0) {
-                                deepScanNotes.push(`Local instruction-file analysis failed for ${target.reportPath}: ${commandResult.stderr || `exit code: ${commandResult.code}`}`);
-                                continue;
-                            }
+                    // Collect all file paths and referenced URLs for a single agent invocation.
+                    const allFilePaths = localTextTargets.map((target) => target.reportPath);
+                    const allReferencedUrls = Array.from(new Set(localTextTargets.flatMap((target) => target.referencedUrls)));
+                    const prompt = buildLocalTextAnalysisPrompt({
+                        filePaths: allFilePaths,
+                        referencedUrls: allReferencedUrls,
+                    });
+                    const command = buildMetaAgentCommand({
+                        tool: selectedAgent.metaTool,
+                        prompt,
+                        workingDirectory: input.scanTarget,
+                        binaryPath: selectedAgent.binary,
+                        readOnlyAgent: true,
+                    });
+                    command.timeoutMs = 120_000;
+                    const commandContext = {
+                        localFile: localTextTargets[0],
+                        agent: selectedAgent,
+                        command,
+                    };
+                    const approvedCommand = input.options.force ||
+                        (deps.requestMetaAgentCommandConsent
+                            ? await deps.requestMetaAgentCommandConsent(commandContext)
+                            : false);
+                    if (approvedCommand) {
+                        const commandResult = await deps.runMetaAgentCommand(commandContext);
+                        if (commandResult.code !== 0) {
+                            deepScanNotes.push(`Local instruction-file analysis failed: ${commandResult.stderr || `exit code: ${commandResult.code}`}`);
+                        }
+                        else {
                             const parsedOutput = parseMetaAgentOutput(commandResult.stdout);
                             if (parsedOutput === null) {
-                                deepScanNotes.push(`Local instruction-file analysis returned invalid JSON for ${target.reportPath}.`);
-                                continue;
+                                deepScanNotes.push("Local instruction-file analysis returned invalid JSON.");
+                            }
+                            else {
+                                const normalizedOutput = Array.isArray(parsedOutput)
+                                    ? { findings: parsedOutput }
+                                    : parsedOutput;
+                                // Distribute findings across their respective file paths.
+                                for (const target of localTextTargets) {
+                                    const localFindings = parseLocalTextFindings(target.reportPath, normalizedOutput, input.scanTarget);
+                                    report = mergeLayer3Findings(report, localFindings);
+                                }
+                                deepScanNotes.push(`Local instruction-file analysis executed for ${localTextTargets.length} file${localTextTargets.length === 1 ? "" : "s"} (read-only agent).`);
                             }
-                            const normalizedOutput = Array.isArray(parsedOutput)
-                                ? { findings: parsedOutput }
-                                : parsedOutput;
-                            const localFindings = parseLocalTextFindings(target.reportPath, normalizedOutput);
-                            report = mergeLayer3Findings(report, localFindings);
                         }
                     }
-                    finally {
-                        rmSync(isolatedWorkingDirectory, { recursive: true, force: true });
-                    }
-                    if (executedLocalAnalyses > 0) {
-                        const suffix = executedLocalAnalyses === 1 ? "" : "s";
-                        deepScanNotes.push(`Local instruction-file analysis executed for ${executedLocalAnalyses} file${suffix}.`);
-                    }
                 }
             }
         }

package/dist/commands/scan-content-command.d.ts

@@ -0,0 +1,16 @@
+import { type CodeGateConfig } from "../config.js";
+export declare const SCAN_CONTENT_TYPES: readonly ["json", "yaml", "toml", "markdown", "text"];
+export type ScanContentType = (typeof SCAN_CONTENT_TYPES)[number];
+export interface ExecuteScanContentCommandInput {
+    version: string;
+    cwd: string;
+    content: string;
+    type: ScanContentType;
+    config: CodeGateConfig;
+}
+export interface ExecuteScanContentCommandDeps {
+    stdout: (message: string) => void;
+    stderr: (message: string) => void;
+    setExitCode: (code: number) => void;
+}
+export declare function executeScanContentCommand(input: ExecuteScanContentCommandInput, deps: ExecuteScanContentCommandDeps): Promise<void>;

package/dist/commands/scan-content-command.js

@@ -0,0 +1,61 @@
+import { applyConfigPolicy } from "../config.js";
+import { loadKnowledgeBase } from "../layer1-discovery/knowledge-base.js";
+import { parseConfigContent } from "../layer1-discovery/config-parser.js";
+import { runStaticPipeline } from "../pipeline.js";
+import { renderByFormat } from "./scan-command/helpers.js";
+export const SCAN_CONTENT_TYPES = ["json", "yaml", "toml", "markdown", "text"];
+function toReportPath(type) {
+    if (type === "markdown") {
+        return "scan-content.md";
+    }
+    if (type === "text") {
+        return "scan-content.txt";
+    }
+    return `scan-content.${type}`;
+}
+export async function executeScanContentCommand(input, deps) {
+    try {
+        const parsed = parseConfigContent(input.content, input.type);
+        if (!parsed.ok) {
+            throw new Error(parsed.error);
+        }
+        const kbVersion = loadKnowledgeBase().schemaVersion;
+        const report = applyConfigPolicy(runStaticPipeline({
+            version: input.version,
+            kbVersion,
+            scanTarget: `scan-content:${input.type}`,
+            toolsDetected: [],
+            projectRoot: input.cwd,
+            files: [
+                {
+                    filePath: toReportPath(input.type),
+                    format: input.type,
+                    parsed: parsed.data,
+                    textContent: input.content,
+                },
+            ],
+            symlinkEscapes: [],
+            hooks: [],
+            config: {
+                knownSafeMcpServers: input.config.known_safe_mcp_servers,
+                knownSafeFormatters: input.config.known_safe_formatters,
+                knownSafeLspServers: input.config.known_safe_lsp_servers,
+                knownSafeHooks: input.config.known_safe_hooks,
+                blockedCommands: input.config.blocked_commands,
+                trustedApiDomains: input.config.trusted_api_domains,
+                unicodeAnalysis: input.config.unicode_analysis,
+                checkIdeSettings: input.config.check_ide_settings,
+                rulePackPaths: input.config.rule_pack_paths,
+                allowedRules: input.config.allowed_rules,
+                skipRules: input.config.skip_rules,
+            },
+        }), input.config);
+        deps.stdout(renderByFormat(input.config.output_format, report));
+        deps.setExitCode(report.summary.exit_code);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        deps.stderr(`Scan content failed: ${message}`);
+        deps.setExitCode(3);
+    }
+}

package/dist/config/suppression-policy.d.ts

@@ -0,0 +1,14 @@
+import type { Finding } from "../types/finding.js";
+export interface SuppressionRule {
+    rule_id?: string;
+    file_path?: string;
+    severity?: Finding["severity"];
+    category?: Finding["category"];
+    cwe?: string;
+    fingerprint?: string;
+}
+export interface SuppressionPolicy {
+    suppress_findings?: readonly string[];
+    suppression_rules?: readonly SuppressionRule[];
+}
+export declare function applySuppressionPolicy<T extends Finding>(findings: T[], policy: SuppressionPolicy): T[];