codegate-ai 0.6.1 → 0.8.0

package/dist/config/suppression-policy.js

@@ -0,0 +1,81 @@
+function normalizeString(value) {
+    if (typeof value !== "string") {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function globToRegExp(glob) {
+    const pattern = normalizeString(glob)?.replaceAll("\\", "/");
+    if (!pattern) {
+        return /^$/;
+    }
+    let regex = "^";
+    for (let index = 0; index < pattern.length; index++) {
+        const char = pattern[index];
+        if (char === "*") {
+            if (pattern[index + 1] === "*") {
+                regex += ".*";
+                index++;
+            }
+            else {
+                regex += "[^/]*";
+            }
+            continue;
+        }
+        if (char === "?") {
+            regex += "[^/]";
+            continue;
+        }
+        regex += escapeRegExp(char);
+    }
+    regex += "$";
+    return new RegExp(regex);
+}
+function matchesGlob(value, glob) {
+    return globToRegExp(glob).test(value.replaceAll("\\", "/"));
+}
+function matchesSuppressionRule(finding, rule) {
+    const ruleId = normalizeString(rule.rule_id);
+    if (ruleId && finding.rule_id !== ruleId) {
+        return false;
+    }
+    const filePath = normalizeString(rule.file_path);
+    if (filePath && !matchesGlob(finding.file_path, filePath)) {
+        return false;
+    }
+    const severity = rule.severity;
+    if (severity && finding.severity !== severity) {
+        return false;
+    }
+    const category = normalizeString(rule.category);
+    if (category && finding.category !== category) {
+        return false;
+    }
+    const cwe = normalizeString(rule.cwe);
+    if (cwe && finding.cwe !== cwe) {
+        return false;
+    }
+    const fingerprint = normalizeString(rule.fingerprint);
+    if (fingerprint && finding.fingerprint !== fingerprint) {
+        return false;
+    }
+    return true;
+}
+export function applySuppressionPolicy(findings, policy) {
+    const legacySuppressions = new Set((policy.suppress_findings ?? [])
+        .map((findingId) => normalizeString(findingId))
+        .filter((findingId) => findingId !== undefined));
+    const rules = policy.suppression_rules ?? [];
+    return findings.map((finding) => {
+        const ruleMatch = rules.some((rule) => matchesSuppressionRule(finding, rule));
+        const legacyMatch = legacySuppressions.has(finding.finding_id);
+        return {
+            ...finding,
+            suppressed: finding.suppressed || legacyMatch || ruleMatch,
+        };
+    });
+}

package/dist/config.d.ts

@@ -1,5 +1,6 @@
 import type { Finding } from "./types/finding.js";
 import type { CodeGateReport } from "./types/report.js";
+import { type SuppressionRule } from "./config/suppression-policy.js";
 export declare const OUTPUT_FORMATS: readonly ["terminal", "json", "sarif", "markdown", "html"];
 export type OutputFormat = (typeof OUTPUT_FORMATS)[number];
 export declare const SEVERITY_THRESHOLDS: readonly ["critical", "high", "medium", "low", "info"];
@@ -32,7 +33,11 @@ export interface CodeGateConfig {
     check_ide_settings: boolean;
     owasp_mapping: boolean;
     trusted_api_domains: string[];
+    rule_pack_paths?: string[];
+    allowed_rules?: string[];
+    skip_rules?: string[];
     suppress_findings: string[];
+    suppression_rules?: SuppressionRule[];
 }
 export interface CliConfigOverrides {
     format?: OutputFormat;

package/dist/config.js

@@ -3,6 +3,7 @@ import { homedir } from "node:os";
 import { join, resolve } from "node:path";
 import { parse as parseJsonc } from "jsonc-parser";
 import { applyReportSummary, computeExitCode as computeReportExitCode } from "./report-summary.js";
+import { applySuppressionPolicy } from "./config/suppression-policy.js";
 export const OUTPUT_FORMATS = ["terminal", "json", "sarif", "markdown", "html"];
 export const SEVERITY_THRESHOLDS = ["critical", "high", "medium", "low", "info"];
 export const DEFAULT_CONFIG = {
@@ -34,7 +35,11 @@ export const DEFAULT_CONFIG = {
     check_ide_settings: true,
     owasp_mapping: true,
     trusted_api_domains: [],
+    rule_pack_paths: [],
+    allowed_rules: [],
+    skip_rules: [],
     suppress_findings: [],
+    suppression_rules: [],
 };
 function normalizeOutputFormat(value) {
     if (!value) {
@@ -163,22 +168,43 @@ export function resolveEffectiveConfig(options) {
             globalConfig.trusted_api_domains,
             projectConfig.trusted_api_domains,
         ]),
+        rule_pack_paths: unique([
+            DEFAULT_CONFIG.rule_pack_paths,
+            globalConfig.rule_pack_paths,
+            projectConfig.rule_pack_paths,
+        ]),
+        allowed_rules: unique([
+            DEFAULT_CONFIG.allowed_rules,
+            globalConfig.allowed_rules,
+            projectConfig.allowed_rules,
+        ]),
+        skip_rules: unique([
+            DEFAULT_CONFIG.skip_rules,
+            globalConfig.skip_rules,
+            projectConfig.skip_rules,
+        ]),
         suppress_findings: unique([
             DEFAULT_CONFIG.suppress_findings,
             globalConfig.suppress_findings,
             projectConfig.suppress_findings,
         ]),
+        suppression_rules: [
+            ...(DEFAULT_CONFIG.suppression_rules ?? []),
+            ...(globalConfig.suppression_rules ?? []),
+            ...(projectConfig.suppression_rules ?? []),
+        ],
     };
 }
 export function computeExitCode(findings, threshold) {
     return computeReportExitCode(findings, threshold);
 }
 export function applyConfigPolicy(report, config) {
-    const suppressionSet = new Set(config.suppress_findings);
-    const findings = report.findings.map((finding) => ({
+    const findings = applySuppressionPolicy(report.findings, {
+        suppress_findings: config.suppress_findings,
+        suppression_rules: config.suppression_rules,
+    }).map((finding) => ({
         ...finding,
         owasp: config.owasp_mapping ? finding.owasp : [],
-        suppressed: finding.suppressed || suppressionSet.has(finding.finding_id),
     }));
     return applyReportSummary({
         ...report,

package/dist/layer2-static/advisories/agent-components.json

@@ -0,0 +1,62 @@
+[
+  {
+    "id": "filesystem",
+    "rule_id": "advisory-agent-component-filesystem",
+    "severity": "MEDIUM",
+    "category": "CONFIG_PRESENT",
+    "description": "Filesystem agent components can expose broad local file access and should be reviewed before approval.",
+    "signatures": ["@anthropic/mcp-server-filesystem", "mcp-server-filesystem"],
+    "file_patterns": ["**/.mcp.json", "**/mcp.json", "**/settings.json"],
+    "remediation_actions": ["remove_field", "review_component"],
+    "metadata": {
+      "sources": ["mcpServers.*.command", "mcpServers.*.args"],
+      "sinks": ["local_filesystem"],
+      "referenced_secrets": [],
+      "risk_tags": ["sensitive_access"],
+      "origin": "agent-components.json"
+    },
+    "owasp": ["ASI03", "ASI07"],
+    "cwe": "CWE-200",
+    "confidence": "HIGH"
+  },
+  {
+    "id": "github",
+    "rule_id": "advisory-agent-component-github",
+    "severity": "MEDIUM",
+    "category": "CONFIG_PRESENT",
+    "description": "GitHub agent components can ingest untrusted repository content and deserve manual review.",
+    "signatures": ["@modelcontextprotocol/server-github", "server-github"],
+    "file_patterns": ["**/.mcp.json", "**/mcp.json", "**/settings.json"],
+    "remediation_actions": ["remove_field", "review_component"],
+    "metadata": {
+      "sources": ["mcpServers.*.command", "mcpServers.*.args"],
+      "sinks": ["repository_content"],
+      "referenced_secrets": [],
+      "risk_tags": ["untrusted_input"],
+      "origin": "agent-components.json"
+    },
+    "owasp": ["ASI01", "ASI07"],
+    "cwe": "CWE-74",
+    "confidence": "HIGH"
+  },
+  {
+    "id": "slack",
+    "rule_id": "advisory-agent-component-slack",
+    "severity": "HIGH",
+    "category": "CONFIG_PRESENT",
+    "description": "Slack agent components can become exfiltration sinks and should be approved deliberately.",
+    "signatures": ["@modelcontextprotocol/server-slack", "server-slack"],
+    "file_patterns": ["**/.mcp.json", "**/mcp.json", "**/settings.json"],
+    "remediation_actions": ["remove_field", "review_component"],
+    "metadata": {
+      "sources": ["mcpServers.*.command", "mcpServers.*.args"],
+      "sinks": ["message_exfiltration"],
+      "referenced_secrets": [],
+      "risk_tags": ["exfiltration_sink"],
+      "origin": "agent-components.json"
+    },
+    "owasp": ["ASI07", "ASI09"],
+    "cwe": "CWE-200",
+    "confidence": "HIGH"
+  }
+]

package/dist/layer2-static/detectors/advisory-intelligence.d.ts

@@ -0,0 +1,7 @@
+import type { Finding } from "../../types/finding.js";
+export interface AdvisoryIntelligenceInput {
+    filePath: string;
+    parsed: unknown;
+    textContent: string;
+}
+export declare function detectAdvisoryIntelligence(input: AdvisoryIntelligenceInput): Finding[];

package/dist/layer2-static/detectors/advisory-intelligence.js

@@ -0,0 +1,170 @@
+import { readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { buildFindingEvidence } from "../evidence.js";
+const COMPONENTS_PATH = join(dirname(fileURLToPath(import.meta.url)), "../advisories/agent-components.json");
+const GENERIC_AFFECTED_TOOLS = [
+    "claude-code",
+    "codex-cli",
+    "opencode",
+    "cursor",
+    "windsurf",
+    "github-copilot",
+];
+function globToRegExp(glob) {
+    const pattern = glob.replaceAll("\\", "/").trim();
+    if (pattern.length === 0) {
+        return /^$/u;
+    }
+    let regex = "^";
+    for (let index = 0; index < pattern.length; index += 1) {
+        const char = pattern[index];
+        if (char === "*") {
+            if (pattern[index + 1] === "*") {
+                regex += ".*";
+                index += 1;
+            }
+            else {
+                regex += "[^/]*";
+            }
+            continue;
+        }
+        if (char === "?") {
+            regex += "[^/]";
+            continue;
+        }
+        if ("\\^$.*+?()[]{}|".includes(char)) {
+            regex += `\\${char}`;
+            continue;
+        }
+        regex += char;
+    }
+    regex += "$";
+    return new RegExp(regex, "u");
+}
+function matchesGlob(value, glob) {
+    const normalizedValue = value.replaceAll("\\", "/");
+    const normalizedGlob = glob.replaceAll("\\", "/").trim();
+    if (normalizedGlob.startsWith("**/")) {
+        const suffix = normalizedGlob.slice(3);
+        return normalizedValue === suffix || normalizedValue.endsWith(`/${suffix}`);
+    }
+    return globToRegExp(normalizedGlob).test(normalizedValue);
+}
+function loadComponents() {
+    const raw = readFileSync(COMPONENTS_PATH, "utf8");
+    const parsed = JSON.parse(raw);
+    return parsed;
+}
+const ADVISORY_COMPONENTS = loadComponents();
+function normalizeToken(value) {
+    return value.trim().toLowerCase();
+}
+function collectStringCandidates(value, path = [], output = []) {
+    if (typeof value === "string") {
+        output.push({ path: path.join("."), value });
+        return output;
+    }
+    if (Array.isArray(value)) {
+        value.forEach((entry, index) => {
+            collectStringCandidates(entry, [...path, String(index)], output);
+        });
+        return output;
+    }
+    if (!value || typeof value !== "object") {
+        return output;
+    }
+    for (const [key, child] of Object.entries(value)) {
+        collectStringCandidates(child, [...path, key], output);
+    }
+    return output;
+}
+function makeFinding(filePath, matchedPath, component, signature, evidence) {
+    const location = { field: matchedPath };
+    if (typeof evidence?.line === "number") {
+        location.line = evidence.line;
+    }
+    if (typeof evidence?.column === "number") {
+        location.column = evidence.column;
+    }
+    return {
+        rule_id: component.rule_id,
+        finding_id: `${component.rule_id}-${filePath}-${matchedPath}`,
+        severity: component.severity,
+        category: component.category,
+        layer: "L2",
+        file_path: filePath,
+        location,
+        description: component.description,
+        affected_tools: GENERIC_AFFECTED_TOOLS,
+        cve: null,
+        owasp: component.owasp,
+        cwe: component.cwe,
+        confidence: component.confidence,
+        fixable: true,
+        remediation_actions: component.remediation_actions,
+        metadata: {
+            sources: component.metadata?.sources ?? [],
+            sinks: component.metadata?.sinks ?? [],
+            referenced_secrets: component.metadata?.referenced_secrets ?? [],
+            risk_tags: component.metadata?.risk_tags ?? [],
+            origin: component.metadata?.origin ?? "agent-components.json",
+        },
+        evidence: evidence?.evidence ?? null,
+        suppressed: false,
+    };
+}
+function componentMatchesFile(component, filePath) {
+    return component.file_patterns.some((pattern) => matchesGlob(filePath, pattern));
+}
+function signatureMatches(value, signatures) {
+    const normalizedValue = normalizeToken(value);
+    for (const signature of signatures) {
+        const normalizedSignature = normalizeToken(signature);
+        if (normalizedSignature.length > 0 && normalizedValue.includes(normalizedSignature)) {
+            return signature;
+        }
+    }
+    return null;
+}
+function detectComponentMatch(input, component) {
+    if (!componentMatchesFile(component, input.filePath)) {
+        return null;
+    }
+    const stringCandidates = collectStringCandidates(input.parsed);
+    for (const candidate of stringCandidates) {
+        const signature = signatureMatches(candidate.value, component.signatures);
+        if (!signature) {
+            continue;
+        }
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            jsonPaths: candidate.path.length > 0 ? [candidate.path] : [],
+            searchTerms: [signature],
+            fallbackValue: `${candidate.path} = ${candidate.value}`,
+        });
+        return makeFinding(input.filePath, candidate.path || component.id, component, signature, evidence);
+    }
+    for (const signature of component.signatures) {
+        if (!signatureMatches(input.textContent, [signature])) {
+            continue;
+        }
+        const evidence = buildFindingEvidence({
+            textContent: input.textContent,
+            searchTerms: [signature],
+            fallbackValue: signature,
+        });
+        return makeFinding(input.filePath, component.id, component, signature, evidence);
+    }
+    return null;
+}
+export function detectAdvisoryIntelligence(input) {
+    const findings = [];
+    for (const component of ADVISORY_COMPONENTS) {
+        const finding = detectComponentMatch(input, component);
+        if (finding) {
+            findings.push(finding);
+        }
+    }
+    return findings;
+}

package/dist/layer2-static/detectors/command-exec.js

@@ -95,6 +95,12 @@ function makeFinding(filePath, field, ruleId, severity, description, evidence) {
         confidence: "HIGH",
         fixable: true,
         remediation_actions: ["remove_field", "replace_with_default"],
+        metadata: {
+            sources: [filePath, field],
+            sinks: ["process-execution"],
+            risk_tags: ["command-execution", "shell-pipeline"],
+            origin: "command-exec",
+        },
         evidence: evidence?.evidence ?? null,
         suppressed: false,
     };

package/dist/layer2-static/detectors/rule-file.js

@@ -48,6 +48,11 @@ function makeFinding(filePath, field, ruleId, description, evidence, severity =
         confidence: "HIGH",
         fixable: true,
         remediation_actions: ["strip_unicode", "remove_block", "quarantine_file"],
+        metadata: {
+            sources: [filePath, field],
+            risk_tags: ["rule-injection", "prompt-injection"],
+            origin: "rule-file",
+        },
         evidence: evidence?.evidence ?? null,
         observed: narrative.observed ?? null,
         inference: narrative.inference ?? null,

package/dist/layer2-static/engine.d.ts

@@ -1,6 +1,6 @@
 import { type GitHookEntry } from "./detectors/git-hooks.js";
 import { type SymlinkEscapeEntry } from "./detectors/symlink.js";
-import type { Finding } from "../types/finding.js";
+import { type Finding } from "../types/finding.js";
 import type { DiscoveryFormat } from "../types/discovery.js";
 export interface StaticFileInput {
     filePath: string;
@@ -17,6 +17,9 @@ export interface StaticEngineConfig {
     trustedApiDomains: string[];
     unicodeAnalysis: boolean;
     checkIdeSettings: boolean;
+    rulePackPaths?: string[];
+    allowedRules?: string[];
+    skipRules?: string[];
 }
 export interface StaticEngineInput {
     projectRoot: string;

package/dist/layer2-static/engine.js

@@ -1,4 +1,5 @@
 import { detectCommandExecution } from "./detectors/command-exec.js";
+import { detectAdvisoryIntelligence } from "./detectors/advisory-intelligence.js";
 import { detectConsentBypass } from "./detectors/consent-bypass.js";
 import { detectEnvOverrides } from "./detectors/env-override.js";
 import { detectGitHookIssues } from "./detectors/git-hooks.js";
@@ -6,6 +7,78 @@ import { detectIdeSettingsIssues } from "./detectors/ide-settings.js";
 import { detectPluginManifestIssues } from "./detectors/plugin-manifest.js";
 import { detectRuleFileIssues } from "./detectors/rule-file.js";
 import { detectSymlinkEscapes } from "./detectors/symlink.js";
+import { FINDING_CATEGORIES } from "../types/finding.js";
+import { buildFindingEvidence } from "./evidence.js";
+import { evaluateRule, loadRulePacks } from "./rule-engine.js";
+const GENERIC_AFFECTED_TOOLS = [
+    "claude-code",
+    "codex-cli",
+    "opencode",
+    "cursor",
+    "windsurf",
+    "github-copilot",
+];
+function parseRuleSeverity(value) {
+    const normalized = value.trim().toUpperCase();
+    if (normalized === "CRITICAL" ||
+        normalized === "HIGH" ||
+        normalized === "MEDIUM" ||
+        normalized === "LOW") {
+        return normalized;
+    }
+    return "INFO";
+}
+function parseRuleCategory(value) {
+    const normalized = value.trim().toUpperCase();
+    if (FINDING_CATEGORIES.some((category) => category === normalized)) {
+        return normalized;
+    }
+    return "CONFIG_PRESENT";
+}
+function remediationActionsForRule(rule) {
+    if (rule.query_type === "text_pattern") {
+        return ["quarantine_file", "remove_block"];
+    }
+    return ["remove_field", "replace_with_default"];
+}
+function findingFromRulePackMatch(file, rule) {
+    const locationField = rule.query_type === "text_pattern" ? "content" : rule.query;
+    const evidence = buildFindingEvidence({
+        textContent: file.textContent,
+        searchTerms: [rule.query],
+        fallbackValue: `${locationField} matched rule ${rule.id}`,
+    });
+    const affectedTools = rule.tool === "*" ? GENERIC_AFFECTED_TOOLS : [rule.tool];
+    return {
+        rule_id: rule.id,
+        finding_id: `RULE_PACK-${rule.id}-${file.filePath}-${locationField}`,
+        severity: parseRuleSeverity(rule.severity),
+        category: parseRuleCategory(rule.category),
+        layer: "L2",
+        file_path: file.filePath,
+        location: { field: locationField },
+        description: rule.description,
+        affected_tools: affectedTools,
+        cve: rule.cve ?? null,
+        owasp: rule.owasp,
+        cwe: rule.cwe,
+        confidence: "HIGH",
+        fixable: true,
+        remediation_actions: remediationActionsForRule(rule),
+        metadata: {
+            sources: [file.filePath, locationField],
+            risk_tags: ["rule-pack"],
+            origin: "rule-pack",
+        },
+        evidence: evidence?.evidence ?? null,
+        suppressed: false,
+    };
+}
+function hasEquivalentFinding(findings, candidate) {
+    return findings.some((finding) => finding.rule_id === candidate.rule_id &&
+        finding.file_path === candidate.file_path &&
+        (finding.location.field ?? "") === (candidate.location.field ?? ""));
+}
 function dedupeFindings(findings) {
     const deduped = new Map();
     for (const finding of findings) {
@@ -32,6 +105,11 @@ function dedupeFindings(findings) {
 }
 export function runStaticEngine(input) {
     const findings = [];
+    const rulePackRules = loadRulePacks({
+        rule_pack_paths: input.config.rulePackPaths ?? [],
+        allowed_rules: input.config.allowedRules ?? [],
+        skip_rules: input.config.skipRules ?? [],
+    });
     for (const file of input.files) {
         findings.push(...detectEnvOverrides({
             filePath: file.filePath,
@@ -69,6 +147,11 @@ export function runStaticEngine(input) {
             trustedApiDomains: input.config.trustedApiDomains,
             blockedCommands: input.config.blockedCommands,
         }));
+        findings.push(...detectAdvisoryIntelligence({
+            filePath: file.filePath,
+            parsed: file.parsed,
+            textContent: file.textContent,
+        }));
         if (file.format === "text" || file.format === "markdown") {
             findings.push(...detectRuleFileIssues({
                 filePath: file.filePath,
@@ -76,6 +159,20 @@ export function runStaticEngine(input) {
                 unicodeAnalysis: input.config.unicodeAnalysis,
             }));
         }
+        for (const rule of rulePackRules) {
+            if (!evaluateRule(rule, {
+                filePath: file.filePath,
+                format: file.format,
+                parsed: file.parsed,
+                textContent: file.textContent,
+            })) {
+                continue;
+            }
+            const candidate = findingFromRulePackMatch(file, rule);
+            if (!hasEquivalentFinding(findings, candidate)) {
+                findings.push(candidate);
+            }
+        }
     }
     findings.push(...detectSymlinkEscapes({ symlinkEscapes: input.symlinkEscapes }));
     findings.push(...detectGitHookIssues({ hooks: input.hooks, knownSafeHooks: input.config.knownSafeHooks }));

package/dist/layer2-static/rule-engine.d.ts

@@ -21,4 +21,4 @@ export interface RuleEvaluationInput {
     textContent: string;
 }
 export declare function evaluateRule(rule: DetectionRule, input: RuleEvaluationInput): boolean;
-export declare function loadRulePacks(baseDir?: string): DetectionRule[];
+export { loadRulePacks } from "./rule-pack-loader.js";

package/dist/layer2-static/rule-engine.js

@@ -1,7 +1,3 @@
-import { readdirSync, readFileSync } from "node:fs";
-import { dirname, extname, join, resolve } from "node:path";
-import { fileURLToPath } from "node:url";
-const rulesDir = resolve(dirname(fileURLToPath(import.meta.url)), "rules");
 function escapeRegex(value) {
     return value.replace(/[|\\{}()[\]^$+?.]/g, "\\$&");
 }
@@ -127,12 +123,4 @@ export function evaluateRule(rule, input) {
     }
     return false;
 }
-export function loadRulePacks(baseDir = rulesDir) {
-    const files = readdirSync(baseDir)
-        .filter((file) => extname(file) === ".json")
-        .sort();
-    return files.flatMap((file) => {
-        const raw = readFileSync(join(baseDir, file), "utf8");
-        return JSON.parse(raw);
-    });
-}
+export { loadRulePacks } from "./rule-pack-loader.js";

package/dist/layer2-static/rule-pack-loader.d.ts

@@ -0,0 +1,10 @@
+import type { DetectionRule } from "./rule-engine.js";
+export interface RulePackLoaderOptions {
+    baseDir?: string;
+    rule_pack_paths?: string[];
+    allowed_rules?: string[];
+    skip_rules?: string[];
+}
+export declare function loadRulePacks(): DetectionRule[];
+export declare function loadRulePacks(baseDir: string): DetectionRule[];
+export declare function loadRulePacks(options: RulePackLoaderOptions): DetectionRule[];