corpus-core 0.1.0

package/dist/scanners/secret-detector.js

@@ -0,0 +1,188 @@
+// Standard secret patterns (regex-based)
+const SECRET_PATTERNS = [
+    { name: 'AWS Access Key', regex: /AKIA[0-9A-Z]{16}/g, severity: 'CRITICAL', message: 'AWS Access Key ID detected' },
+    { name: 'AWS Secret Key', regex: /(?:aws_secret_access_key|secret_key)\s*[=:]\s*['"]?([A-Za-z0-9/+=]{40})['"]?/gi, severity: 'CRITICAL', message: 'AWS Secret Access Key detected' },
+    { name: 'GitHub Token', regex: /gh[pousr]_[A-Za-z0-9_]{36,255}/g, severity: 'CRITICAL', message: 'GitHub token detected' },
+    { name: 'OpenAI API Key', regex: /sk-[A-Za-z0-9]{20,}/g, severity: 'CRITICAL', message: 'OpenAI API key detected' },
+    { name: 'Anthropic API Key', regex: /sk-ant-[A-Za-z0-9-]{20,}/g, severity: 'CRITICAL', message: 'Anthropic API key detected' },
+    { name: 'Stripe Key', regex: /[sr]k_(live|test)_[A-Za-z0-9]{20,}/g, severity: 'CRITICAL', message: 'Stripe API key detected' },
+    { name: 'Database URL', regex: /(?:postgres|mysql|mongodb|redis):\/\/[^\s'"]+:[^\s'"]+@[^\s'"]+/g, severity: 'CRITICAL', message: 'Database connection string with credentials detected' },
+    { name: 'Private Key', regex: /-----BEGIN (?:RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g, severity: 'CRITICAL', message: 'Private key detected' },
+    { name: 'Generic API Key Assignment', regex: /(?:api_key|apikey|api_secret|secret_key|auth_token|access_token)\s*[=:]\s*['"]([A-Za-z0-9_\-]{16,})['"](?!\s*(?:\/\/|#)\s*(?:placeholder|example|test|fake|dummy))/gi, severity: 'WARNING', message: 'Possible API key or secret in assignment' },
+    { name: 'Bearer Token', regex: /Bearer\s+[A-Za-z0-9\-._~+/]+=*/g, severity: 'WARNING', message: 'Bearer token detected' },
+    { name: 'Password Assignment', regex: /(?:password|passwd|pwd)\s*[=:]\s*['"]([^'"]{8,})['"](?!\s*(?:\/\/|#)\s*(?:placeholder|example|test|fake|dummy))/gi, severity: 'WARNING', message: 'Hardcoded password detected' },
+    { name: 'Slack Token', regex: /xox[baprs]-[0-9a-zA-Z-]{10,}/g, severity: 'CRITICAL', message: 'Slack token detected' },
+    { name: 'Twilio Key', regex: /SK[0-9a-fA-F]{32}/g, severity: 'CRITICAL', message: 'Twilio API key detected' },
+    { name: 'SendGrid Key', regex: /SG\.[A-Za-z0-9_-]{22}\.[A-Za-z0-9_-]{43}/g, severity: 'CRITICAL', message: 'SendGrid API key detected' },
+];
+// AI-specific patterns (heuristic, not regex-only)
+const AI_PATTERNS = {
+    // Env var inlined instead of referenced
+    inlinedEnvVar: /(?:const|let|var)\s+\w+\s*=\s*['"](?:postgres|mysql|mongodb|redis|https?):\/\/[^'"]+['"]/g,
+    // Real values in .env.example or .env.sample
+    realValueInExample: /^[A-Z_]+=(?!your_|<|placeholder|example|changeme|xxx|TODO)[A-Za-z0-9_\-]{16,}/gm,
+    // Hardcoded URLs with credentials
+    hardcodedCredUrl: /['"]https?:\/\/[^:]+:[^@]+@[^'"]+['"]/g,
+    // Disabled SSL
+    disabledSsl: /rejectUnauthorized\s*:\s*false/g,
+    // Overly permissive CORS
+    wildcardCors: /(?:cors|origin)\s*[=:]\s*['"]\*['"]/gi,
+};
+// Known placeholders and test values to SKIP (reduce false positives)
+const PLACEHOLDER_PATTERNS = [
+    /^sk-(?:test|fake|dummy|placeholder|example|xxx|your)[_-]/i,
+    /^(?:test|fake|dummy|placeholder|example|changeme|TODO|your_)/i,
+    /^(?:xxx|aaa|bbb|123|abc)/i,
+    /<[A-Z_]+>/, // <YOUR_API_KEY> style
+    /^(?:pk_test|sk_test)_/, // Stripe test keys are fine
+];
+function isPlaceholder(value) {
+    return PLACEHOLDER_PATTERNS.some((p) => p.test(value));
+}
+function isTestFile(filepath) {
+    const lower = filepath.toLowerCase();
+    return (lower.includes('test') ||
+        lower.includes('spec') ||
+        lower.includes('mock') ||
+        lower.includes('fixture') ||
+        lower.includes('__tests__'));
+}
+function redactValue(value) {
+    if (value.length <= 8)
+        return '***';
+    return value.slice(0, 4) + '...' + value.slice(-4);
+}
+/**
+ * Scans file content for secrets and AI-specific security patterns.
+ * Returns findings sorted by severity (CRITICAL first).
+ */
+export function detectSecrets(content, filepath, options) {
+    const findings = [];
+    const lines = content.split('\n');
+    const skipTests = options?.skipTests ?? true;
+    const skipPlaceholders = options?.skipPlaceholders ?? true;
+    if (skipTests && isTestFile(filepath))
+        return findings;
+    // Standard secret patterns
+    for (const pattern of SECRET_PATTERNS) {
+        pattern.regex.lastIndex = 0;
+        let match;
+        while ((match = pattern.regex.exec(content)) !== null) {
+            const value = match[1] ?? match[0];
+            if (skipPlaceholders && isPlaceholder(value))
+                continue;
+            const beforeMatch = content.slice(0, match.index);
+            const line = beforeMatch.split('\n').length;
+            const lastNewline = beforeMatch.lastIndexOf('\n');
+            const column = match.index - lastNewline;
+            findings.push({
+                severity: pattern.severity,
+                type: pattern.name,
+                value,
+                redacted: redactValue(value),
+                line,
+                column,
+                file: filepath,
+                message: pattern.message,
+                isAiPattern: false,
+            });
+        }
+    }
+    // AI-specific: env vars inlined in code
+    const isExampleFile = /\.example|\.sample|\.template/i.test(filepath);
+    if (!isExampleFile) {
+        AI_PATTERNS.inlinedEnvVar.lastIndex = 0;
+        let match;
+        while ((match = AI_PATTERNS.inlinedEnvVar.exec(content)) !== null) {
+            const beforeMatch = content.slice(0, match.index);
+            const line = beforeMatch.split('\n').length;
+            findings.push({
+                severity: 'WARNING',
+                type: 'Inlined Environment Variable',
+                value: match[0],
+                redacted: redactValue(match[0]),
+                line,
+                column: 0,
+                file: filepath,
+                message: 'URL with credentials hardcoded in code instead of read from environment variable. AI coding tools often inline values instead of referencing process.env.',
+                isAiPattern: true,
+            });
+        }
+    }
+    // AI-specific: real values in .env.example
+    if (isExampleFile) {
+        AI_PATTERNS.realValueInExample.lastIndex = 0;
+        let match;
+        while ((match = AI_PATTERNS.realValueInExample.exec(content)) !== null) {
+            const beforeMatch = content.slice(0, match.index);
+            const line = beforeMatch.split('\n').length;
+            findings.push({
+                severity: 'WARNING',
+                type: 'Real Value in Example File',
+                value: match[0],
+                redacted: redactValue(match[0]),
+                line,
+                column: 0,
+                file: filepath,
+                message: 'Example/template file contains what looks like a real value instead of a placeholder. AI often copies real .env values into example files.',
+                isAiPattern: true,
+            });
+        }
+    }
+    // AI-specific: disabled SSL
+    AI_PATTERNS.disabledSsl.lastIndex = 0;
+    let sslMatch;
+    while ((sslMatch = AI_PATTERNS.disabledSsl.exec(content)) !== null) {
+        const beforeMatch = content.slice(0, sslMatch.index);
+        const line = beforeMatch.split('\n').length;
+        findings.push({
+            severity: 'INFO',
+            type: 'Disabled SSL Verification',
+            value: sslMatch[0],
+            redacted: sslMatch[0],
+            line,
+            column: 0,
+            file: filepath,
+            message: 'SSL verification disabled. AI adds this to "make it work" during development but it should not ship to production.',
+            isAiPattern: true,
+        });
+    }
+    // AI-specific: wildcard CORS
+    AI_PATTERNS.wildcardCors.lastIndex = 0;
+    let corsMatch;
+    while ((corsMatch = AI_PATTERNS.wildcardCors.exec(content)) !== null) {
+        const beforeMatch = content.slice(0, corsMatch.index);
+        const line = beforeMatch.split('\n').length;
+        findings.push({
+            severity: 'WARNING',
+            type: 'Wildcard CORS',
+            value: corsMatch[0],
+            redacted: corsMatch[0],
+            line,
+            column: 0,
+            file: filepath,
+            message: 'CORS set to wildcard (*). AI defaults to permissive CORS to avoid errors during development.',
+            isAiPattern: true,
+        });
+    }
+    // Sort by severity: CRITICAL > WARNING > INFO
+    const severityOrder = { CRITICAL: 0, WARNING: 1, INFO: 2 };
+    findings.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+    return findings;
+}
+/**
+ * Scans multiple files and returns aggregate results.
+ */
+export function scanFiles(files, options) {
+    const start = Date.now();
+    const allFindings = [];
+    for (const file of files) {
+        const findings = detectSecrets(file.content, file.path, options);
+        allFindings.push(...findings);
+    }
+    return {
+        findings: allFindings,
+        scannedFiles: files.length,
+        scanTimeMs: Date.now() - start,
+    };
+}

package/dist/scanners/session-hijack.d.ts

@@ -0,0 +1,16 @@
+export interface SessionEvent {
+    /** Timestamp in seconds since epoch (NOT milliseconds). Use Date.now() / 1000. */
+    timestampEpoch: number;
+    sourceApp: string;
+    contentType?: string;
+    contentLength?: number;
+}
+export interface SessionCheckResult {
+    valid: boolean;
+    severity: 'OK' | 'SUSPICIOUS' | 'BLOCKED';
+    message: string;
+}
+/**
+ * Validates session event patterns to detect automated injection attempts.
+ */
+export declare function checkSessionIntegrity(events: SessionEvent[], maxEventsPerSecond?: number, minIntervalMs?: number): SessionCheckResult;

package/dist/scanners/session-hijack.js

@@ -0,0 +1,53 @@
+/**
+ * Validates session event patterns to detect automated injection attempts.
+ */
+export function checkSessionIntegrity(events, maxEventsPerSecond = 3, minIntervalMs = 200) {
+    if (events.length < 2) {
+        return { valid: true, severity: 'OK', message: '' };
+    }
+    const sorted = [...events].sort((a, b) => a.timestampEpoch - b.timestampEpoch);
+    // Check rapid-fire events
+    let rapidCount = 0;
+    for (let i = 1; i < sorted.length; i++) {
+        const intervalMs = (sorted[i].timestampEpoch - sorted[i - 1].timestampEpoch) * 1000;
+        if (intervalMs < minIntervalMs) {
+            rapidCount++;
+        }
+    }
+    if (rapidCount > 2) {
+        return {
+            valid: false,
+            severity: 'BLOCKED',
+            message: `Automated session detected: ${rapidCount} events with <${minIntervalMs}ms intervals.`,
+        };
+    }
+    // Check event rate
+    const timeSpan = sorted[sorted.length - 1].timestampEpoch - sorted[0].timestampEpoch;
+    if (timeSpan > 0) {
+        const rate = sorted.length / timeSpan;
+        if (rate > maxEventsPerSecond) {
+            return {
+                valid: false,
+                severity: 'BLOCKED',
+                message: `Event rate ${rate.toFixed(1)}/s exceeds max of ${maxEventsPerSecond}/s.`,
+            };
+        }
+    }
+    // Check for suspiciously uniform content
+    const sources = new Set(sorted.map((e) => e.sourceApp));
+    if (sources.size === 1 && sorted.length > 3) {
+        const lengths = sorted.map((e) => e.contentLength ?? 0).filter((l) => l > 0);
+        if (lengths.length > 3) {
+            const avg = lengths.reduce((a, b) => a + b, 0) / lengths.length;
+            const variance = lengths.reduce((a, l) => a + (l - avg) ** 2, 0) / lengths.length;
+            if (variance < 10) {
+                return {
+                    valid: false,
+                    severity: 'SUSPICIOUS',
+                    message: `Suspicious: ${sorted.length} events from '${[...sources][0]}' with near-identical content lengths.`,
+                };
+            }
+        }
+    }
+    return { valid: true, severity: 'OK', message: '' };
+}

package/dist/scanners/trust-score.d.ts

@@ -0,0 +1,34 @@
+export interface TrustFinding {
+    severity: 'CRITICAL' | 'WARNING' | 'INFO';
+    type: string;
+    line: number;
+    message: string;
+    fix: string;
+    isAiPattern: boolean;
+}
+export interface FileTrustResult {
+    file: string;
+    score: number;
+    findings: TrustFinding[];
+    lines: number;
+}
+export interface CodebaseTrustResult {
+    score: number;
+    files: FileTrustResult[];
+    totalFiles: number;
+    criticalFiles: number;
+    warningFiles: number;
+    cleanFiles: number;
+    scanTimeMs: number;
+}
+/**
+ * Compute trust score for a single file.
+ */
+export declare function computeFileTrust(content: string, filepath: string): FileTrustResult;
+/**
+ * Compute trust score for an entire codebase.
+ */
+export declare function computeCodebaseTrust(files: {
+    path: string;
+    content: string;
+}[]): CodebaseTrustResult;

package/dist/scanners/trust-score.js

@@ -0,0 +1,164 @@
+import { detectSecrets } from './secret-detector.js';
+import { checkCodeSafety } from './code-safety.js';
+import { scanPayload } from './exfiltration-guard.js';
+// Severity deductions
+const DEDUCTIONS = {
+    CRITICAL: 15,
+    WARNING: 5,
+    INFO: 1,
+};
+const CAPS = {
+    CRITICAL: 60,
+    WARNING: 25,
+    INFO: 10,
+};
+// Test file multiplier
+const TEST_MULTIPLIER = 0.5;
+function isTestFile(filepath) {
+    const l = filepath.toLowerCase();
+    return l.includes('test') || l.includes('spec') || l.includes('__tests__') || l.includes('fixture');
+}
+// Fix suggestions for each finding type
+const FIX_MAP = {
+    'AWS Access Key': 'Move to environment variable: process.env.AWS_ACCESS_KEY_ID',
+    'GitHub Token': 'Move to environment variable: process.env.GITHUB_TOKEN',
+    'OpenAI API Key': 'Move to environment variable: process.env.OPENAI_API_KEY',
+    'Anthropic API Key': 'Move to environment variable: process.env.ANTHROPIC_API_KEY',
+    'Stripe Key': 'Move to environment variable: process.env.STRIPE_SECRET_KEY',
+    'Database URL': 'Move to environment variable: process.env.DATABASE_URL',
+    'Private Key': 'Move to a secure key store or .env file (never commit)',
+    'Slack Token': 'Move to environment variable: process.env.SLACK_TOKEN',
+    'SendGrid Key': 'Move to environment variable: process.env.SENDGRID_API_KEY',
+    'Generic API Key Assignment': 'Replace with process.env.YOUR_KEY_NAME',
+    'Bearer Token': 'Load from secure token store, not hardcoded',
+    'Password Assignment': 'Move to environment variable or secret manager',
+    'Inlined Environment Variable': 'Use process.env.VARIABLE_NAME instead of hardcoding the URL',
+    'Real Value in Example File': 'Replace with a placeholder like YOUR_VALUE_HERE',
+    'Disabled SSL Verification': 'Set rejectUnauthorized: true (only disable in development)',
+    'Wildcard CORS': 'Set a specific origin: process.env.CORS_ORIGIN',
+    'eval_usage': 'Use JSON.parse() for data or Function() for dynamic code',
+    'innerHTML_assignment': 'Use textContent for text, or sanitize with DOMPurify',
+    'sql_concatenation': 'Use parameterized queries or an ORM',
+    'exec_usage': 'Use execFile() with an argument array',
+    'disabled_auth': 'Ensure authentication is enabled in production',
+    'hardcoded_ip': 'Use process.env.HOST for binding address',
+    'chmod_777': 'Use minimum required permissions (755 for executables, 644 for files)',
+    'console_log_sensitive': 'Remove sensitive data from log output or use a debug wrapper',
+    'todo_security': 'Address this security TODO before shipping to production',
+    'no_verify_flag': 'Remove bypass flags before production deployment',
+    'debug_endpoint': 'Gate behind authentication or remove before deployment',
+    'wildcard_permissions': 'Use least-privilege: specify exact actions and resources',
+};
+function getFix(type) {
+    return FIX_MAP[type] ?? 'Review and fix manually';
+}
+/**
+ * Compute trust score for a single file.
+ */
+export function computeFileTrust(content, filepath) {
+    const findings = [];
+    const lines = content.split('\n').length;
+    const isTF = isTestFile(filepath);
+    // Run secret detector
+    const secrets = detectSecrets(content, filepath, { skipTests: false, skipPlaceholders: true });
+    for (const s of secrets) {
+        findings.push({
+            severity: s.severity,
+            type: s.type,
+            line: s.line,
+            message: s.message,
+            fix: getFix(s.type),
+            isAiPattern: s.isAiPattern,
+        });
+    }
+    // Run code safety
+    const safety = checkCodeSafety(content, filepath);
+    for (const s of safety) {
+        findings.push({
+            severity: s.severity,
+            type: s.rule,
+            line: s.line,
+            message: s.message,
+            fix: s.suggestion,
+            isAiPattern: false,
+        });
+    }
+    // Run PII scan
+    const pii = scanPayload(content);
+    if (pii.hasPii) {
+        for (const m of pii.matches) {
+            findings.push({
+                severity: m.type === 'SSN' || m.type === 'CREDIT_CARD' ? 'CRITICAL' : 'INFO',
+                type: `PII: ${m.type}`,
+                line: 0,
+                message: `${m.type} found in source code`,
+                fix: `Remove or redact ${m.type} from source code`,
+                isAiPattern: false,
+            });
+        }
+    }
+    // Error handling checks (regex-based)
+    const fetchWithoutTry = /(?:await\s+)?fetch\s*\([^)]*\)/g;
+    let fetchMatch;
+    while ((fetchMatch = fetchWithoutTry.exec(content)) !== null) {
+        const before = content.slice(Math.max(0, fetchMatch.index - 200), fetchMatch.index);
+        if (!before.includes('try') && !before.includes('catch') && !before.includes('.catch')) {
+            const line = content.slice(0, fetchMatch.index).split('\n').length;
+            findings.push({
+                severity: 'WARNING',
+                type: 'unhandled_fetch',
+                line,
+                message: 'fetch() call without error handling',
+                fix: 'Wrap in try/catch or add .catch() handler',
+                isAiPattern: true,
+            });
+        }
+    }
+    // Compute score
+    let criticalDeductions = 0;
+    let warningDeductions = 0;
+    let infoDeductions = 0;
+    for (const f of findings) {
+        const mult = isTF ? TEST_MULTIPLIER : 1;
+        if (f.severity === 'CRITICAL') {
+            criticalDeductions += DEDUCTIONS.CRITICAL * mult;
+        }
+        else if (f.severity === 'WARNING') {
+            warningDeductions += DEDUCTIONS.WARNING * mult;
+        }
+        else {
+            infoDeductions += DEDUCTIONS.INFO * mult;
+        }
+    }
+    criticalDeductions = Math.min(criticalDeductions, CAPS.CRITICAL);
+    warningDeductions = Math.min(warningDeductions, CAPS.WARNING);
+    infoDeductions = Math.min(infoDeductions, CAPS.INFO);
+    const score = Math.max(0, Math.round(100 - criticalDeductions - warningDeductions - infoDeductions));
+    return { file: filepath, score, findings, lines };
+}
+/**
+ * Compute trust score for an entire codebase.
+ */
+export function computeCodebaseTrust(files) {
+    const start = Date.now();
+    const results = [];
+    for (const file of files) {
+        const result = computeFileTrust(file.content, file.path);
+        results.push(result);
+    }
+    // Weighted average by lines of code (exclude tiny files)
+    const scoredFiles = results.filter((r) => r.lines >= 5);
+    const totalLines = scoredFiles.reduce((s, r) => s + r.lines, 0);
+    const weightedScore = totalLines > 0
+        ? scoredFiles.reduce((s, r) => s + r.score * r.lines, 0) / totalLines
+        : 100;
+    return {
+        score: Math.round(weightedScore),
+        files: results.sort((a, b) => a.score - b.score),
+        totalFiles: results.length,
+        criticalFiles: results.filter((r) => r.score < 50).length,
+        warningFiles: results.filter((r) => r.score >= 50 && r.score < 80).length,
+        cleanFiles: results.filter((r) => r.score >= 80).length,
+        scanTimeMs: Date.now() - start,
+    };
+}

package/dist/scanners/undo-integrity.d.ts

@@ -0,0 +1,9 @@
+export type UndoCapability = 'REVERSIBLE' | 'BEST_EFFORT' | 'IRREVERSIBLE';
+export interface UndoCheckResult {
+    capability: UndoCapability;
+    message: string;
+}
+/**
+ * Checks whether an action can actually be undone.
+ */
+export declare function checkUndoIntegrity(actionType: string, hasUndoFn: boolean): UndoCheckResult;

package/dist/scanners/undo-integrity.js

@@ -0,0 +1,38 @@
+const IRREVERSIBLE = [
+    'send_email', 'send_sms', 'send_message', 'post_tweet', 'publish_post',
+    'post_to_linkedin', 'make_payment', 'transfer_funds', 'charge_card',
+    'delete_account', 'deactivate_account', 'notify_user', 'send_notification',
+    'submit_form', 'place_order',
+];
+const BEST_EFFORT = [
+    'create_calendar_event', 'share_document', 'invite_user',
+    'update_record', 'publish_article', 'grant_access',
+];
+/**
+ * Checks whether an action can actually be undone.
+ */
+export function checkUndoIntegrity(actionType, hasUndoFn) {
+    const lower = actionType.toLowerCase();
+    for (const action of IRREVERSIBLE) {
+        if (lower.startsWith(action)) {
+            return {
+                capability: 'IRREVERSIBLE',
+                message: hasUndoFn
+                    ? `'${actionType}' has an undo function but the action is irreversible (e.g., email already delivered).`
+                    : `'${actionType}' is irreversible and no undo function was provided.`,
+            };
+        }
+    }
+    for (const action of BEST_EFFORT) {
+        if (lower.startsWith(action)) {
+            return {
+                capability: 'BEST_EFFORT',
+                message: `'${actionType}' can be partially undone but side effects (notifications, cache) may persist.`,
+            };
+        }
+    }
+    return {
+        capability: hasUndoFn ? 'REVERSIBLE' : 'BEST_EFFORT',
+        message: hasUndoFn ? '' : `'${actionType}' appears reversible but no undo function was provided.`,
+    };
+}

package/dist/subprocess.d.ts

@@ -0,0 +1,10 @@
+import type { PolicyResult } from './types.js';
+/**
+ * Runs a Jac walker as a subprocess and returns its PolicyResult.
+ *
+ * If the subprocess times out, errors, or returns invalid JSON:
+ *   Returns CONFIRM verdict (safe default -- never silently execute).
+ *
+ * This function NEVER throws. All errors become CONFIRM verdicts.
+ */
+export declare function runJacWalker(jacFilePath: string, walkerName: string, args: Record<string, unknown>, timeoutMs: number): Promise<PolicyResult>;

package/dist/subprocess.js

@@ -0,0 +1,103 @@
+import { spawn } from 'child_process';
+import path from 'path';
+import { debug } from './logger.js';
+const MAX_OUTPUT_BYTES = 1024 * 1024; // 1MB max stdout/stderr
+/**
+ * Runs a Jac walker as a subprocess and returns its PolicyResult.
+ *
+ * If the subprocess times out, errors, or returns invalid JSON:
+ *   Returns CONFIRM verdict (safe default -- never silently execute).
+ *
+ * This function NEVER throws. All errors become CONFIRM verdicts.
+ */
+export async function runJacWalker(jacFilePath, walkerName, args, timeoutMs) {
+    return new Promise((resolve) => {
+        const safeDefault = {
+            verdict: 'CONFIRM',
+            blockReason: null,
+            message: 'Policy check could not complete. Confirm to proceed.',
+            policyName: `${walkerName}:error`,
+            requiresConfirmation: true,
+        };
+        // Validate inputs
+        const resolvedPath = path.resolve(jacFilePath);
+        if (!resolvedPath.endsWith('.jac')) {
+            debug(`Invalid jac file path: ${jacFilePath}`);
+            resolve(safeDefault);
+            return;
+        }
+        if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(walkerName)) {
+            debug(`Invalid walker name: ${walkerName}`);
+            resolve(safeDefault);
+            return;
+        }
+        let timedOut = false;
+        let resolved = false;
+        let stdout = '';
+        let stderr = '';
+        let outputExceeded = false;
+        function resolveOnce(result) {
+            if (resolved)
+                return;
+            resolved = true;
+            resolve(result);
+        }
+        const proc = spawn('jac', ['run', resolvedPath, '--entrypoint', walkerName], {
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        const timer = setTimeout(() => {
+            timedOut = true;
+            proc.kill('SIGTERM');
+            debug(`Jac walker ${walkerName} timed out after ${timeoutMs}ms`);
+            resolveOnce(safeDefault);
+        }, timeoutMs);
+        proc.stdin.write(JSON.stringify(args));
+        proc.stdin.end();
+        proc.stdout.on('data', (chunk) => {
+            stdout += chunk.toString();
+            if (stdout.length > MAX_OUTPUT_BYTES && !outputExceeded) {
+                outputExceeded = true;
+                proc.kill('SIGTERM');
+                debug(`Jac walker ${walkerName} output exceeded ${MAX_OUTPUT_BYTES} bytes`);
+                resolveOnce(safeDefault);
+            }
+        });
+        proc.stderr.on('data', (chunk) => {
+            stderr += chunk.toString();
+            if (stderr.length > MAX_OUTPUT_BYTES && !outputExceeded) {
+                outputExceeded = true;
+                proc.kill('SIGTERM');
+                debug(`Jac walker ${walkerName} stderr exceeded ${MAX_OUTPUT_BYTES} bytes`);
+                resolveOnce(safeDefault);
+            }
+        });
+        proc.on('close', (code) => {
+            clearTimeout(timer);
+            if (timedOut)
+                return;
+            if (stderr) {
+                debug(`Jac walker ${walkerName} stderr:`, stderr);
+            }
+            if (code !== 0) {
+                debug(`Jac walker ${walkerName} exited with code ${code}`);
+                resolveOnce(safeDefault);
+                return;
+            }
+            try {
+                const result = JSON.parse(stdout.trim());
+                resolveOnce(result);
+            }
+            catch {
+                debug(`Jac walker ${walkerName} returned invalid JSON:`, stdout);
+                resolveOnce(safeDefault);
+            }
+        });
+        proc.on('error', (err) => {
+            clearTimeout(timer);
+            if (!timedOut) {
+                debug(`Jac walker ${walkerName} process error:`, err.message);
+                resolveOnce(safeDefault);
+            }
+        });
+    });
+}