codegate-ai 0.7.0 → 0.8.0

package/README.md

@@ -108,6 +108,7 @@ See the [Configuration](#configuration) section for full settings and examples.
 | Command                  | Purpose                                                                |
 | ------------------------ | ---------------------------------------------------------------------- |
 | `codegate scan [target]` | Scan a directory, file, or URL target for AI tool config risks.        |
+| `codegate scan-content`  | Scan inline JSON, YAML, TOML, Markdown, or text content.               |
 | `codegate run <tool>`    | Scan current directory, then launch selected AI tool if policy allows. |
 | `codegate skills [...]`  | Wrap `npx skills` and preflight-scan `skills add` targets.             |
 | `codegate clawhub [...]` | Wrap `npx clawhub` and preflight-scan `clawhub install` targets.       |
@@ -150,6 +151,28 @@ codegate scan . --remediate --dry-run --patch
 codegate scan . --reset-state
 ```
 
+## `scan-content` Command
+
+`codegate scan-content <content...>` scans inline content directly from the command line. It is useful when you want to inspect JSON, YAML, TOML, Markdown, or plain text before writing it to disk or installing it into a tool configuration.
+
+Use `--type` to declare the content format:
+
+| Type       | Purpose                                                              |
+| ---------- | -------------------------------------------------------------------- |
+| `json`     | Parse JSON input and run the static scanner on the parsed structure. |
+| `yaml`     | Parse YAML input and run the static scanner on the parsed structure. |
+| `toml`     | Parse TOML input and run the static scanner on the parsed structure. |
+| `markdown` | Analyze Markdown instruction text as a rule surface.                 |
+| `text`     | Analyze plain text as a rule surface.                                |
+
+Examples:
+
+```bash
+codegate scan-content '{"mcpServers":{"bad":{"command":"bash"}}}' --type json
+codegate scan-content '# Suspicious instructions' --type markdown
+codegate scan-content 'echo hello' --type text
+```
+
 ## `run` Command
 
 `codegate run <tool>` runs scan-first wrapper mode.
@@ -199,6 +222,7 @@ Behavior:
 - Dangerous findings block execution (fail-closed).
 - Warning-level findings can still require confirmation unless `--cg-force` is provided.
 - Non-install subcommands (for example `skills find` or `clawhub search`) are passed through without preflight scanning.
+- Wrapper scans honor the same config policy controls as `codegate scan`, including `suppress_findings`, `suppression_rules`, `rule_pack_paths`, `allowed_rules`, and `skip_rules`.
 
 Wrapper flags (consumed by CodeGate, not forwarded):
 
@@ -299,33 +323,38 @@ codegate init
 - List values are merged and de-duplicated across levels.
 - `trusted_directories` is global-only; project config cannot set it.
 - `blocked_commands` is merged with defaults; defaults are always retained.
+- `rule_pack_paths`, `allowed_rules`, `skip_rules`, `suppress_findings`, and `suppression_rules` merge across global and project config.
 
 ### Full Configuration Reference
 
-| Key                              | Type             | Allowed Values                                                              | Default                                            |
-| -------------------------------- | ---------------- | --------------------------------------------------------------------------- | -------------------------------------------------- |
-| `severity_threshold`             | string           | `critical`, `high`, `medium`, `low`, `info`                                 | `high`                                             |
-| `auto_proceed_below_threshold`   | boolean          | `true`, `false`                                                             | `true`                                             |
-| `output_format`                  | string           | `terminal`, `json`, `sarif`, `markdown`, `html`                             | `terminal`                                         |
-| `scan_state_path`                | string           | file path                                                                   | `~/.codegate/scan-state.json`                      |
-| `scan_user_scope`                | boolean          | `true`, `false`                                                             | `true`                                             |
-| `tui.enabled`                    | boolean          | `true`, `false`                                                             | `true`                                             |
-| `tui.colour_scheme`              | string           | free string (currently `default`)                                           | `default`                                          |
-| `tui.compact_mode`               | boolean          | `true`, `false`                                                             | `false`                                            |
-| `tool_discovery.preferred_agent` | string           | practical values: `claude`, `claude-code`, `codex`, `codex-cli`, `opencode` | `claude`                                           |
-| `tool_discovery.agent_paths`     | object           | map of agent key -> binary path                                             | `{}`                                               |
-| `tool_discovery.skip_tools`      | array of strings | tool keys to skip in discovery/selection                                    | `[]`                                               |
-| `trusted_directories`            | array of strings | directory paths                                                             | `[]`                                               |
-| `blocked_commands`               | array of strings | command names                                                               | `["bash","sh","curl","wget","nc","python","node"]` |
-| `known_safe_mcp_servers`         | array of strings | package/server identifiers                                                  | prefilled                                          |
-| `known_safe_formatters`          | array of strings | formatter names                                                             | prefilled                                          |
-| `known_safe_lsp_servers`         | array of strings | lsp server names                                                            | prefilled                                          |
-| `known_safe_hooks`               | array of strings | relative hook paths such as `.git/hooks/pre-commit`                         | `[]`                                               |
-| `unicode_analysis`               | boolean          | `true`, `false`                                                             | `true`                                             |
-| `check_ide_settings`             | boolean          | `true`, `false`                                                             | `true`                                             |
-| `owasp_mapping`                  | boolean          | `true`, `false`                                                             | `true`                                             |
-| `trusted_api_domains`            | array of strings | domain names                                                                | `[]`                                               |
-| `suppress_findings`              | array of strings | finding IDs/fingerprints                                                    | `[]`                                               |
+| Key                              | Type             | Allowed Values                                                                               | Default                                            |
+| -------------------------------- | ---------------- | -------------------------------------------------------------------------------------------- | -------------------------------------------------- |
+| `severity_threshold`             | string           | `critical`, `high`, `medium`, `low`, `info`                                                  | `high`                                             |
+| `auto_proceed_below_threshold`   | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `output_format`                  | string           | `terminal`, `json`, `sarif`, `markdown`, `html`                                              | `terminal`                                         |
+| `scan_state_path`                | string           | file path                                                                                    | `~/.codegate/scan-state.json`                      |
+| `scan_user_scope`                | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `tui.enabled`                    | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `tui.colour_scheme`              | string           | free string (currently `default`)                                                            | `default`                                          |
+| `tui.compact_mode`               | boolean          | `true`, `false`                                                                              | `false`                                            |
+| `tool_discovery.preferred_agent` | string           | practical values: `claude`, `claude-code`, `codex`, `codex-cli`, `opencode`                  | `claude`                                           |
+| `tool_discovery.agent_paths`     | object           | map of agent key -> binary path                                                              | `{}`                                               |
+| `tool_discovery.skip_tools`      | array of strings | tool keys to skip in discovery/selection                                                     | `[]`                                               |
+| `trusted_directories`            | array of strings | directory paths                                                                              | `[]`                                               |
+| `blocked_commands`               | array of strings | command names                                                                                | `["bash","sh","curl","wget","nc","python","node"]` |
+| `known_safe_mcp_servers`         | array of strings | package/server identifiers                                                                   | prefilled                                          |
+| `known_safe_formatters`          | array of strings | formatter names                                                                              | prefilled                                          |
+| `known_safe_lsp_servers`         | array of strings | lsp server names                                                                             | prefilled                                          |
+| `known_safe_hooks`               | array of strings | relative hook paths such as `.git/hooks/pre-commit`                                          | `[]`                                               |
+| `unicode_analysis`               | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `check_ide_settings`             | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `owasp_mapping`                  | boolean          | `true`, `false`                                                                              | `true`                                             |
+| `trusted_api_domains`            | array of strings | domain names                                                                                 | `[]`                                               |
+| `suppress_findings`              | array of strings | finding IDs/fingerprints                                                                     | `[]`                                               |
+| `suppression_rules`              | array of objects | rule match objects with `rule_id`, `file_path`, `severity`, `category`, `cwe`, `fingerprint` | `[]`                                               |
+| `rule_pack_paths`                | array of strings | extra rule pack files or directories                                                         | `[]`                                               |
+| `allowed_rules`                  | array of strings | rule IDs to keep after loading                                                               | `[]`                                               |
+| `skip_rules`                     | array of strings | rule IDs to drop after loading                                                               | `[]`                                               |
 
 ### Default Config Example
 
@@ -359,7 +388,11 @@ codegate init
   "check_ide_settings": true,
   "owasp_mapping": true,
   "trusted_api_domains": [],
-  "suppress_findings": []
+  "suppress_findings": [],
+  "suppression_rules": [],
+  "rule_pack_paths": [],
+  "allowed_rules": [],
+  "skip_rules": []
 }
 ```
 
@@ -371,6 +404,9 @@ Configuration notes:
 - `unicode_analysis=false` disables hidden-unicode findings in Layer 2 rule-file scanning and Layer 3 tool-description scanning. Other rule-file heuristics remain enabled.
 - `check_ide_settings=false` disables `IDE_SETTINGS` findings.
 - `owasp_mapping=false` keeps detection behavior unchanged and emits empty `owasp` arrays in reports.
+- `suppression_rules` applies all listed criteria with AND semantics. If a criterion is omitted, it is ignored.
+- `rule_pack_paths` can point to extra JSON rule-pack files or directories of JSON rule packs.
+- `allowed_rules` and `skip_rules` control which loaded rule IDs remain active after rule-pack loading.
 
 ## Output Formats
 

package/dist/cli.js

@@ -18,6 +18,7 @@ import { executeWrapperRun } from "./wrapper.js";
 import { runRemediation as runRemediationWorkflow, } from "./layer4-remediation/remediation-runner.js";
 import { undoLatestSession } from "./commands/undo.js";
 import { executeScanCommand } from "./commands/scan-command.js";
+import { executeScanContentCommand, SCAN_CONTENT_TYPES, } from "./commands/scan-content-command.js";
 import { executeSkillsWrapper, launchSkillsPassthrough, } from "./commands/skills-wrapper.js";
 import { executeClawhubWrapper, launchClawhubPassthrough, } from "./commands/clawhub-wrapper.js";
 import { promptDeepAgentSelection, promptDeepScanConsent, promptMetaAgentCommandConsent, promptRemediationConsent, promptSkillSelection, } from "./cli-prompts.js";
@@ -314,6 +315,47 @@ function addScanCommand(program, version, deps) {
         }
     });
 }
+function addScanContentCommand(program, version, deps) {
+    program
+        .command("scan-content <content...>")
+        .description("Scan inline content for AI tool config risks")
+        .addOption(new Option("--type <type>", "content type")
+        .choices([...SCAN_CONTENT_TYPES])
+        .makeOptionMandatory())
+        .addHelpText("after", renderExampleHelp([
+        'codegate scan-content \'{"mcpServers":{"bad":{"command":"bash"}}}\' --type json',
+        "codegate scan-content '# Suspicious instructions' --type markdown",
+        "codegate scan-content 'echo hello' --type text",
+    ]))
+        .action(async (contentParts, options) => {
+        try {
+            const content = (contentParts ?? []).join(" ");
+            const type = options.type;
+            if (!type) {
+                throw new Error("Missing required option: --type");
+            }
+            const config = deps.resolveConfig({
+                scanTarget: deps.cwd(),
+            });
+            await executeScanContentCommand({
+                version,
+                cwd: deps.cwd(),
+                content,
+                type,
+                config,
+            }, {
+                stdout: deps.stdout,
+                stderr: deps.stderr,
+                setExitCode: deps.setExitCode,
+            });
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            deps.stderr(`Scan content failed: ${message}`);
+            deps.setExitCode(3);
+        }
+    });
+}
 function addRunCommand(program, version, deps) {
     program
         .command("run <tool>")
@@ -568,11 +610,13 @@ export function createCli(version = packageJson.version ?? "0.0.0-dev", deps = d
         "codegate scan .",
         "codegate scan https://github.com/owner/repo",
         "codegate scan https://github.com/owner/repo/blob/main/skills/security-review/SKILL.md",
+        'codegate scan-content \'{"mcpServers":{"bad":{"command":"bash"}}}\' --type json',
         "codegate skills add owner/repo --skill security-review",
         "codegate clawhub install security-auditor",
         "codegate run claude",
     ]));
     addScanCommand(program, version, deps);
+    addScanContentCommand(program, version, deps);
     addSkillsCommand(program, version, deps);
     addClawhubCommand(program, version, deps);
     addRunCommand(program, version, deps);

package/dist/commands/scan-content-command.d.ts

@@ -0,0 +1,16 @@
+import { type CodeGateConfig } from "../config.js";
+export declare const SCAN_CONTENT_TYPES: readonly ["json", "yaml", "toml", "markdown", "text"];
+export type ScanContentType = (typeof SCAN_CONTENT_TYPES)[number];
+export interface ExecuteScanContentCommandInput {
+    version: string;
+    cwd: string;
+    content: string;
+    type: ScanContentType;
+    config: CodeGateConfig;
+}
+export interface ExecuteScanContentCommandDeps {
+    stdout: (message: string) => void;
+    stderr: (message: string) => void;
+    setExitCode: (code: number) => void;
+}
+export declare function executeScanContentCommand(input: ExecuteScanContentCommandInput, deps: ExecuteScanContentCommandDeps): Promise<void>;

package/dist/commands/scan-content-command.js

@@ -0,0 +1,61 @@
+import { applyConfigPolicy } from "../config.js";
+import { loadKnowledgeBase } from "../layer1-discovery/knowledge-base.js";
+import { parseConfigContent } from "../layer1-discovery/config-parser.js";
+import { runStaticPipeline } from "../pipeline.js";
+import { renderByFormat } from "./scan-command/helpers.js";
+export const SCAN_CONTENT_TYPES = ["json", "yaml", "toml", "markdown", "text"];
+function toReportPath(type) {
+    if (type === "markdown") {
+        return "scan-content.md";
+    }
+    if (type === "text") {
+        return "scan-content.txt";
+    }
+    return `scan-content.${type}`;
+}
+export async function executeScanContentCommand(input, deps) {
+    try {
+        const parsed = parseConfigContent(input.content, input.type);
+        if (!parsed.ok) {
+            throw new Error(parsed.error);
+        }
+        const kbVersion = loadKnowledgeBase().schemaVersion;
+        const report = applyConfigPolicy(runStaticPipeline({
+            version: input.version,
+            kbVersion,
+            scanTarget: `scan-content:${input.type}`,
+            toolsDetected: [],
+            projectRoot: input.cwd,
+            files: [
+                {
+                    filePath: toReportPath(input.type),
+                    format: input.type,
+                    parsed: parsed.data,
+                    textContent: input.content,
+                },
+            ],
+            symlinkEscapes: [],
+            hooks: [],
+            config: {
+                knownSafeMcpServers: input.config.known_safe_mcp_servers,
+                knownSafeFormatters: input.config.known_safe_formatters,
+                knownSafeLspServers: input.config.known_safe_lsp_servers,
+                knownSafeHooks: input.config.known_safe_hooks,
+                blockedCommands: input.config.blocked_commands,
+                trustedApiDomains: input.config.trusted_api_domains,
+                unicodeAnalysis: input.config.unicode_analysis,
+                checkIdeSettings: input.config.check_ide_settings,
+                rulePackPaths: input.config.rule_pack_paths,
+                allowedRules: input.config.allowed_rules,
+                skipRules: input.config.skip_rules,
+            },
+        }), input.config);
+        deps.stdout(renderByFormat(input.config.output_format, report));
+        deps.setExitCode(report.summary.exit_code);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        deps.stderr(`Scan content failed: ${message}`);
+        deps.setExitCode(3);
+    }
+}

package/dist/config/suppression-policy.d.ts

@@ -0,0 +1,14 @@
+import type { Finding } from "../types/finding.js";
+export interface SuppressionRule {
+    rule_id?: string;
+    file_path?: string;
+    severity?: Finding["severity"];
+    category?: Finding["category"];
+    cwe?: string;
+    fingerprint?: string;
+}
+export interface SuppressionPolicy {
+    suppress_findings?: readonly string[];
+    suppression_rules?: readonly SuppressionRule[];
+}
+export declare function applySuppressionPolicy<T extends Finding>(findings: T[], policy: SuppressionPolicy): T[];

package/dist/config/suppression-policy.js

@@ -0,0 +1,81 @@
+function normalizeString(value) {
+    if (typeof value !== "string") {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function escapeRegExp(value) {
+    return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function globToRegExp(glob) {
+    const pattern = normalizeString(glob)?.replaceAll("\\", "/");
+    if (!pattern) {
+        return /^$/;
+    }
+    let regex = "^";
+    for (let index = 0; index < pattern.length; index++) {
+        const char = pattern[index];
+        if (char === "*") {
+            if (pattern[index + 1] === "*") {
+                regex += ".*";
+                index++;
+            }
+            else {
+                regex += "[^/]*";
+            }
+            continue;
+        }
+        if (char === "?") {
+            regex += "[^/]";
+            continue;
+        }
+        regex += escapeRegExp(char);
+    }
+    regex += "$";
+    return new RegExp(regex);
+}
+function matchesGlob(value, glob) {
+    return globToRegExp(glob).test(value.replaceAll("\\", "/"));
+}
+function matchesSuppressionRule(finding, rule) {
+    const ruleId = normalizeString(rule.rule_id);
+    if (ruleId && finding.rule_id !== ruleId) {
+        return false;
+    }
+    const filePath = normalizeString(rule.file_path);
+    if (filePath && !matchesGlob(finding.file_path, filePath)) {
+        return false;
+    }
+    const severity = rule.severity;
+    if (severity && finding.severity !== severity) {
+        return false;
+    }
+    const category = normalizeString(rule.category);
+    if (category && finding.category !== category) {
+        return false;
+    }
+    const cwe = normalizeString(rule.cwe);
+    if (cwe && finding.cwe !== cwe) {
+        return false;
+    }
+    const fingerprint = normalizeString(rule.fingerprint);
+    if (fingerprint && finding.fingerprint !== fingerprint) {
+        return false;
+    }
+    return true;
+}
+export function applySuppressionPolicy(findings, policy) {
+    const legacySuppressions = new Set((policy.suppress_findings ?? [])
+        .map((findingId) => normalizeString(findingId))
+        .filter((findingId) => findingId !== undefined));
+    const rules = policy.suppression_rules ?? [];
+    return findings.map((finding) => {
+        const ruleMatch = rules.some((rule) => matchesSuppressionRule(finding, rule));
+        const legacyMatch = legacySuppressions.has(finding.finding_id);
+        return {
+            ...finding,
+            suppressed: finding.suppressed || legacyMatch || ruleMatch,
+        };
+    });
+}

package/dist/config.d.ts

@@ -1,5 +1,6 @@
 import type { Finding } from "./types/finding.js";
 import type { CodeGateReport } from "./types/report.js";
+import { type SuppressionRule } from "./config/suppression-policy.js";
 export declare const OUTPUT_FORMATS: readonly ["terminal", "json", "sarif", "markdown", "html"];
 export type OutputFormat = (typeof OUTPUT_FORMATS)[number];
 export declare const SEVERITY_THRESHOLDS: readonly ["critical", "high", "medium", "low", "info"];
@@ -32,7 +33,11 @@ export interface CodeGateConfig {
     check_ide_settings: boolean;
     owasp_mapping: boolean;
     trusted_api_domains: string[];
+    rule_pack_paths?: string[];
+    allowed_rules?: string[];
+    skip_rules?: string[];
     suppress_findings: string[];
+    suppression_rules?: SuppressionRule[];
 }
 export interface CliConfigOverrides {
     format?: OutputFormat;

package/dist/config.js

@@ -3,6 +3,7 @@ import { homedir } from "node:os";
 import { join, resolve } from "node:path";
 import { parse as parseJsonc } from "jsonc-parser";
 import { applyReportSummary, computeExitCode as computeReportExitCode } from "./report-summary.js";
+import { applySuppressionPolicy } from "./config/suppression-policy.js";
 export const OUTPUT_FORMATS = ["terminal", "json", "sarif", "markdown", "html"];
 export const SEVERITY_THRESHOLDS = ["critical", "high", "medium", "low", "info"];
 export const DEFAULT_CONFIG = {
@@ -34,7 +35,11 @@ export const DEFAULT_CONFIG = {
     check_ide_settings: true,
     owasp_mapping: true,
     trusted_api_domains: [],
+    rule_pack_paths: [],
+    allowed_rules: [],
+    skip_rules: [],
     suppress_findings: [],
+    suppression_rules: [],
 };
 function normalizeOutputFormat(value) {
     if (!value) {
@@ -163,22 +168,43 @@ export function resolveEffectiveConfig(options) {
             globalConfig.trusted_api_domains,
             projectConfig.trusted_api_domains,
         ]),
+        rule_pack_paths: unique([
+            DEFAULT_CONFIG.rule_pack_paths,
+            globalConfig.rule_pack_paths,
+            projectConfig.rule_pack_paths,
+        ]),
+        allowed_rules: unique([
+            DEFAULT_CONFIG.allowed_rules,
+            globalConfig.allowed_rules,
+            projectConfig.allowed_rules,
+        ]),
+        skip_rules: unique([
+            DEFAULT_CONFIG.skip_rules,
+            globalConfig.skip_rules,
+            projectConfig.skip_rules,
+        ]),
         suppress_findings: unique([
             DEFAULT_CONFIG.suppress_findings,
             globalConfig.suppress_findings,
             projectConfig.suppress_findings,
         ]),
+        suppression_rules: [
+            ...(DEFAULT_CONFIG.suppression_rules ?? []),
+            ...(globalConfig.suppression_rules ?? []),
+            ...(projectConfig.suppression_rules ?? []),
+        ],
     };
 }
 export function computeExitCode(findings, threshold) {
     return computeReportExitCode(findings, threshold);
 }
 export function applyConfigPolicy(report, config) {
-    const suppressionSet = new Set(config.suppress_findings);
-    const findings = report.findings.map((finding) => ({
+    const findings = applySuppressionPolicy(report.findings, {
+        suppress_findings: config.suppress_findings,
+        suppression_rules: config.suppression_rules,
+    }).map((finding) => ({
         ...finding,
         owasp: config.owasp_mapping ? finding.owasp : [],
-        suppressed: finding.suppressed || suppressionSet.has(finding.finding_id),
     }));
     return applyReportSummary({
         ...report,

package/dist/layer2-static/advisories/agent-components.json

@@ -0,0 +1,62 @@
+[
+  {
+    "id": "filesystem",
+    "rule_id": "advisory-agent-component-filesystem",
+    "severity": "MEDIUM",
+    "category": "CONFIG_PRESENT",
+    "description": "Filesystem agent components can expose broad local file access and should be reviewed before approval.",
+    "signatures": ["@anthropic/mcp-server-filesystem", "mcp-server-filesystem"],
+    "file_patterns": ["**/.mcp.json", "**/mcp.json", "**/settings.json"],
+    "remediation_actions": ["remove_field", "review_component"],
+    "metadata": {
+      "sources": ["mcpServers.*.command", "mcpServers.*.args"],
+      "sinks": ["local_filesystem"],
+      "referenced_secrets": [],
+      "risk_tags": ["sensitive_access"],
+      "origin": "agent-components.json"
+    },
+    "owasp": ["ASI03", "ASI07"],
+    "cwe": "CWE-200",
+    "confidence": "HIGH"
+  },
+  {
+    "id": "github",
+    "rule_id": "advisory-agent-component-github",
+    "severity": "MEDIUM",
+    "category": "CONFIG_PRESENT",
+    "description": "GitHub agent components can ingest untrusted repository content and deserve manual review.",
+    "signatures": ["@modelcontextprotocol/server-github", "server-github"],
+    "file_patterns": ["**/.mcp.json", "**/mcp.json", "**/settings.json"],
+    "remediation_actions": ["remove_field", "review_component"],
+    "metadata": {
+      "sources": ["mcpServers.*.command", "mcpServers.*.args"],
+      "sinks": ["repository_content"],
+      "referenced_secrets": [],
+      "risk_tags": ["untrusted_input"],
+      "origin": "agent-components.json"
+    },
+    "owasp": ["ASI01", "ASI07"],
+    "cwe": "CWE-74",
+    "confidence": "HIGH"
+  },
+  {
+    "id": "slack",
+    "rule_id": "advisory-agent-component-slack",
+    "severity": "HIGH",
+    "category": "CONFIG_PRESENT",
+    "description": "Slack agent components can become exfiltration sinks and should be approved deliberately.",
+    "signatures": ["@modelcontextprotocol/server-slack", "server-slack"],
+    "file_patterns": ["**/.mcp.json", "**/mcp.json", "**/settings.json"],
+    "remediation_actions": ["remove_field", "review_component"],
+    "metadata": {
+      "sources": ["mcpServers.*.command", "mcpServers.*.args"],
+      "sinks": ["message_exfiltration"],
+      "referenced_secrets": [],
+      "risk_tags": ["exfiltration_sink"],
+      "origin": "agent-components.json"
+    },
+    "owasp": ["ASI07", "ASI09"],
+    "cwe": "CWE-200",
+    "confidence": "HIGH"
+  }
+]

package/dist/layer2-static/detectors/advisory-intelligence.d.ts

@@ -0,0 +1,7 @@
+import type { Finding } from "../../types/finding.js";
+export interface AdvisoryIntelligenceInput {
+    filePath: string;
+    parsed: unknown;
+    textContent: string;
+}
+export declare function detectAdvisoryIntelligence(input: AdvisoryIntelligenceInput): Finding[];