coverme-scanner 1.10.1 → 1.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -383,16 +383,34 @@ Must include at least one of:
|
|
|
383
383
|
|
|
384
384
|
---
|
|
385
385
|
|
|
386
|
-
## PHASE 1:
|
|
386
|
+
## PHASE 1: BATCHED DISCOVERY (Memory-Efficient)
|
|
387
387
|
|
|
388
|
-
|
|
388
|
+
**CRITICAL: To prevent memory overflow, run agents in SMALL BATCHES of 3-4 agents max.**
|
|
389
|
+
|
|
390
|
+
### Memory Management Rules:
|
|
391
|
+
1. **Never run more than 4 agents in parallel** - prevents context overflow
|
|
392
|
+
2. **Each agent returns ONLY a status message** - not full findings
|
|
393
|
+
3. **Agents save findings to files** - orchestrator reads files later
|
|
394
|
+
4. **Wait for batch to complete before starting next batch**
|
|
395
|
+
|
|
396
|
+
### Batch Schedule:
|
|
397
|
+
```
|
|
398
|
+
Batch 1 (Core Security): SEC, AUTH, API, INFRA
|
|
399
|
+
Batch 2 (Specialized): AI, BIZ, DATA, PERF
|
|
400
|
+
Batch 3 (Quality): QUAL, TEST, DEAD, PII
|
|
401
|
+
Batch 4 (Deep Analysis): REDIS, RESIL, DB, ARCH
|
|
402
|
+
Batch 5 (Validation): DESIGN, CTX, ENC, DUP
|
|
403
|
+
Batch 6 (Summary): EXEC (single agent)
|
|
404
|
+
```
|
|
389
405
|
|
|
390
406
|
**IMPORTANT: Each agent MUST follow these steps:**
|
|
391
407
|
|
|
392
408
|
1. **Create output directory**: `mkdir -p .coverme/agents`
|
|
393
409
|
2. **Scan the codebase** according to agent-specific instructions
|
|
394
410
|
3. **Save findings to file**: `.coverme/agents/{AGENT_ID}.json`
|
|
395
|
-
4. **Return ONLY status
|
|
411
|
+
4. **Return ONLY a short status** (not findings!): `{"status": "complete", "file": ".coverme/agents/{AGENT_ID}.json", "count": N}`
|
|
412
|
+
|
|
413
|
+
**DO NOT return full findings in agent response - this causes memory overflow!**
|
|
396
414
|
|
|
397
415
|
**Agent output file template:**
|
|
398
416
|
```json
|
|
@@ -1953,7 +1971,33 @@ Output as array of objects with `title` and `description` fields.
|
|
|
1953
1971
|
|
|
1954
1972
|
---
|
|
1955
1973
|
|
|
1956
|
-
## PHASE 7:
|
|
1974
|
+
## PHASE 7: CONSOLIDATE AGENT RESULTS
|
|
1975
|
+
|
|
1976
|
+
**After all batches complete, read findings from agent output files:**
|
|
1977
|
+
|
|
1978
|
+
```bash
|
|
1979
|
+
# List all agent output files
|
|
1980
|
+
ls -la .coverme/agents/*.json 2>/dev/null
|
|
1981
|
+
|
|
1982
|
+
# Combine all findings into one array (using jq if available, or read each file)
|
|
1983
|
+
cat .coverme/agents/*.json 2>/dev/null | head -100
|
|
1984
|
+
```
|
|
1985
|
+
|
|
1986
|
+
**For each agent file that exists:**
|
|
1987
|
+
1. Read the JSON file
|
|
1988
|
+
2. Extract the `findings` array
|
|
1989
|
+
3. Merge into the master findings list
|
|
1990
|
+
4. Track which agents completed vs skipped
|
|
1991
|
+
|
|
1992
|
+
**Memory-efficient consolidation:**
|
|
1993
|
+
- Read ONE agent file at a time
|
|
1994
|
+
- Extract only the findings array
|
|
1995
|
+
- Do NOT keep the full file content in memory
|
|
1996
|
+
- Build the final `scan.json` incrementally
|
|
1997
|
+
|
|
1998
|
+
---
|
|
1999
|
+
|
|
2000
|
+
## PHASE 8: BUILD CONSENSUS & GENERATE OUTPUT
|
|
1957
2001
|
|
|
1958
2002
|
### CRITICAL: Actually Remove False Positives!
|
|
1959
2003
|
|