ferret-scan 2.1.2 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (181) hide show
  1. package/CHANGELOG.md +35 -0
  2. package/README.md +15 -11
  3. package/bin/ferret.js +109 -13
  4. package/dist/__tests__/AgentMonitor.test.d.ts +6 -0
  5. package/dist/__tests__/AgentMonitor.test.js +235 -0
  6. package/dist/__tests__/AtlasNavigatorReporter.test.d.ts +6 -0
  7. package/dist/__tests__/AtlasNavigatorReporter.test.js +193 -0
  8. package/dist/__tests__/CorrelationAnalyzer.test.d.ts +6 -0
  9. package/dist/__tests__/CorrelationAnalyzer.test.js +211 -0
  10. package/dist/__tests__/IndicatorMatcher.test.d.ts +6 -0
  11. package/dist/__tests__/IndicatorMatcher.test.js +245 -0
  12. package/dist/__tests__/MarketplaceScanner.test.d.ts +5 -0
  13. package/dist/__tests__/MarketplaceScanner.test.js +212 -0
  14. package/dist/__tests__/RuleGenerator.test.d.ts +6 -0
  15. package/dist/__tests__/RuleGenerator.test.js +207 -0
  16. package/dist/__tests__/ThreatFeed.test.d.ts +6 -0
  17. package/dist/__tests__/ThreatFeed.test.js +359 -0
  18. package/dist/__tests__/WatchMode.test.d.ts +6 -0
  19. package/dist/__tests__/WatchMode.test.js +104 -0
  20. package/dist/__tests__/astAnalyzerExtra.test.d.ts +6 -0
  21. package/dist/__tests__/astAnalyzerExtra.test.js +67 -0
  22. package/dist/__tests__/astAnalyzerFull.test.d.ts +6 -0
  23. package/dist/__tests__/astAnalyzerFull.test.js +138 -0
  24. package/dist/__tests__/astAnalyzerPatterns.test.d.ts +6 -0
  25. package/dist/__tests__/astAnalyzerPatterns.test.js +143 -0
  26. package/dist/__tests__/atlas.test.d.ts +6 -0
  27. package/dist/__tests__/atlas.test.js +319 -0
  28. package/dist/__tests__/atlasCatalog.test.d.ts +6 -0
  29. package/dist/__tests__/atlasCatalog.test.js +200 -0
  30. package/dist/__tests__/atlasCatalogExtra.test.d.ts +6 -0
  31. package/dist/__tests__/atlasCatalogExtra.test.js +215 -0
  32. package/dist/__tests__/baseline.test.d.ts +6 -0
  33. package/dist/__tests__/baseline.test.js +321 -0
  34. package/dist/__tests__/baselineExtra.test.d.ts +6 -0
  35. package/dist/__tests__/baselineExtra.test.js +317 -0
  36. package/dist/__tests__/capabilityMapping.test.d.ts +5 -0
  37. package/dist/__tests__/capabilityMapping.test.js +49 -0
  38. package/dist/__tests__/capabilityMappingExtra.test.d.ts +5 -0
  39. package/dist/__tests__/capabilityMappingExtra.test.js +200 -0
  40. package/dist/__tests__/complianceExtra.test.d.ts +6 -0
  41. package/dist/__tests__/complianceExtra.test.js +121 -0
  42. package/dist/__tests__/config.test.js +1 -1
  43. package/dist/__tests__/configLoader.test.d.ts +6 -0
  44. package/dist/__tests__/configLoader.test.js +225 -0
  45. package/dist/__tests__/configLoaderExtra.test.d.ts +6 -0
  46. package/dist/__tests__/configLoaderExtra.test.js +186 -0
  47. package/dist/__tests__/correlationAnalyzerExtra.test.d.ts +5 -0
  48. package/dist/__tests__/correlationAnalyzerExtra.test.js +98 -0
  49. package/dist/__tests__/correlationAnalyzerFull.test.d.ts +6 -0
  50. package/dist/__tests__/correlationAnalyzerFull.test.js +154 -0
  51. package/dist/__tests__/customRules.extra.test.d.ts +6 -0
  52. package/dist/__tests__/customRules.extra.test.js +245 -0
  53. package/dist/__tests__/customRules.test.d.ts +7 -0
  54. package/dist/__tests__/customRules.test.js +347 -0
  55. package/dist/__tests__/dependencyRisk.test.d.ts +5 -0
  56. package/dist/__tests__/dependencyRisk.test.js +248 -0
  57. package/dist/__tests__/dependencyRiskExtra.test.d.ts +6 -0
  58. package/dist/__tests__/dependencyRiskExtra.test.js +177 -0
  59. package/dist/__tests__/featureExitCodes.test.d.ts +7 -0
  60. package/dist/__tests__/featureExitCodes.test.js +332 -0
  61. package/dist/__tests__/fileDiscoveryConfigOnly.test.d.ts +6 -0
  62. package/dist/__tests__/fileDiscoveryConfigOnly.test.js +195 -0
  63. package/dist/__tests__/fileDiscoveryExtra.test.d.ts +6 -0
  64. package/dist/__tests__/fileDiscoveryExtra.test.js +149 -0
  65. package/dist/__tests__/fixer.extra.test.d.ts +6 -0
  66. package/dist/__tests__/fixer.extra.test.js +135 -0
  67. package/dist/__tests__/fixerApply.test.d.ts +6 -0
  68. package/dist/__tests__/fixerApply.test.js +132 -0
  69. package/dist/__tests__/gitHooks.test.d.ts +7 -0
  70. package/dist/__tests__/gitHooks.test.js +188 -0
  71. package/dist/__tests__/htmlReporter.extra.test.d.ts +5 -0
  72. package/dist/__tests__/htmlReporter.extra.test.js +126 -0
  73. package/dist/__tests__/interactiveTui.test.d.ts +6 -0
  74. package/dist/__tests__/interactiveTui.test.js +180 -0
  75. package/dist/__tests__/interactiveTuiCommands.test.d.ts +6 -0
  76. package/dist/__tests__/interactiveTuiCommands.test.js +187 -0
  77. package/dist/__tests__/interactiveTuiMore.test.d.ts +6 -0
  78. package/dist/__tests__/interactiveTuiMore.test.js +194 -0
  79. package/dist/__tests__/interactiveTuiSession.test.d.ts +6 -0
  80. package/dist/__tests__/interactiveTuiSession.test.js +173 -0
  81. package/dist/__tests__/llmAnalysis.test.d.ts +6 -0
  82. package/dist/__tests__/llmAnalysis.test.js +229 -0
  83. package/dist/__tests__/llmAnalysisBuildExcerpt.test.d.ts +6 -0
  84. package/dist/__tests__/llmAnalysisBuildExcerpt.test.js +132 -0
  85. package/dist/__tests__/llmAnalysisExtra.test.d.ts +6 -0
  86. package/dist/__tests__/llmAnalysisExtra.test.js +214 -0
  87. package/dist/__tests__/llmAnalysisFilters.test.d.ts +6 -0
  88. package/dist/__tests__/llmAnalysisFilters.test.js +181 -0
  89. package/dist/__tests__/llmAnalysisMitre.test.d.ts +6 -0
  90. package/dist/__tests__/llmAnalysisMitre.test.js +192 -0
  91. package/dist/__tests__/llmGroqTPM.test.d.ts +6 -0
  92. package/dist/__tests__/llmGroqTPM.test.js +89 -0
  93. package/dist/__tests__/llmProviderRetry.test.d.ts +6 -0
  94. package/dist/__tests__/llmProviderRetry.test.js +172 -0
  95. package/dist/__tests__/mcpValidator.extra.test.d.ts +5 -0
  96. package/dist/__tests__/mcpValidator.extra.test.js +270 -0
  97. package/dist/__tests__/patternMatcherExtra.test.d.ts +7 -0
  98. package/dist/__tests__/patternMatcherExtra.test.js +198 -0
  99. package/dist/__tests__/patternsCommon.test.d.ts +6 -0
  100. package/dist/__tests__/patternsCommon.test.js +107 -0
  101. package/dist/__tests__/policyEnforcement.test.d.ts +5 -0
  102. package/dist/__tests__/policyEnforcement.test.js +510 -0
  103. package/dist/__tests__/quarantineExtra.test.d.ts +5 -0
  104. package/dist/__tests__/quarantineExtra.test.js +214 -0
  105. package/dist/__tests__/redactionExtra.test.d.ts +6 -0
  106. package/dist/__tests__/redactionExtra.test.js +228 -0
  107. package/dist/__tests__/scanDiff.test.d.ts +7 -0
  108. package/dist/__tests__/scanDiff.test.js +266 -0
  109. package/dist/__tests__/scanFull.test.d.ts +6 -0
  110. package/dist/__tests__/scanFull.test.js +158 -0
  111. package/dist/__tests__/scannerDampening.test.d.ts +6 -0
  112. package/dist/__tests__/scannerDampening.test.js +160 -0
  113. package/dist/__tests__/scannerExtra.test.d.ts +6 -0
  114. package/dist/__tests__/scannerExtra.test.js +194 -0
  115. package/dist/__tests__/scannerMitre.test.d.ts +5 -0
  116. package/dist/__tests__/scannerMitre.test.js +141 -0
  117. package/dist/__tests__/scannerSSRF.test.d.ts +5 -0
  118. package/dist/__tests__/scannerSSRF.test.js +149 -0
  119. package/dist/__tests__/schemas.test.d.ts +6 -0
  120. package/dist/__tests__/schemas.test.js +125 -0
  121. package/dist/__tests__/webhooks.extra.test.d.ts +6 -0
  122. package/dist/__tests__/webhooks.extra.test.js +144 -0
  123. package/dist/__tests__/webhooks.test.d.ts +6 -0
  124. package/dist/__tests__/webhooks.test.js +154 -0
  125. package/dist/analyzers/AstAnalyzer.d.ts +5 -1
  126. package/dist/analyzers/AstAnalyzer.js +25 -4
  127. package/dist/features/customRules.js +22 -29
  128. package/dist/features/ignoreComments.js +5 -5
  129. package/dist/features/mcpTrustScore.d.ts +17 -0
  130. package/dist/features/mcpTrustScore.js +74 -0
  131. package/dist/features/mcpValidator.d.ts +2 -0
  132. package/dist/features/mcpValidator.js +13 -0
  133. package/dist/features/policyEnforcement.d.ts +22 -22
  134. package/dist/features/policyEnforcement.js +3 -2
  135. package/dist/intelligence/ThreatFeed.js +207 -62
  136. package/dist/remediation/Fixer.js +56 -30
  137. package/dist/remediation/Quarantine.js +79 -11
  138. package/dist/reporters/ConsoleReporter.js +10 -0
  139. package/dist/reporters/HtmlReporter.js +5 -0
  140. package/dist/reporters/SarifReporter.d.ts +1 -0
  141. package/dist/reporters/SarifReporter.js +1 -0
  142. package/dist/rules/ai-specific.js +8 -8
  143. package/dist/rules/backdoors.js +12 -12
  144. package/dist/rules/correlationRules.js +6 -6
  145. package/dist/rules/index.d.ts +1 -0
  146. package/dist/rules/index.js +10 -1
  147. package/dist/rules/injection.js +8 -8
  148. package/dist/rules/patterns/common.d.ts +34 -0
  149. package/dist/rules/patterns/common.js +48 -0
  150. package/dist/scanner/IAnalyzer.d.ts +19 -0
  151. package/dist/scanner/IAnalyzer.js +5 -0
  152. package/dist/scanner/PatternMatcher.js +19 -2
  153. package/dist/scanner/Scanner.js +64 -125
  154. package/dist/scanner/analyzers/CapabilityAnalyzer.d.ts +8 -0
  155. package/dist/scanner/analyzers/CapabilityAnalyzer.js +19 -0
  156. package/dist/scanner/analyzers/DependencyAnalyzer.d.ts +8 -0
  157. package/dist/scanner/analyzers/DependencyAnalyzer.js +18 -0
  158. package/dist/scanner/analyzers/EntropyAnalyzer.d.ts +8 -0
  159. package/dist/scanner/analyzers/EntropyAnalyzer.js +12 -0
  160. package/dist/scanner/analyzers/LlmAnalyzer.d.ts +17 -0
  161. package/dist/scanner/analyzers/LlmAnalyzer.js +36 -0
  162. package/dist/scanner/analyzers/McpAnalyzer.d.ts +8 -0
  163. package/dist/scanner/analyzers/McpAnalyzer.js +19 -0
  164. package/dist/scanner/analyzers/SemanticAnalyzer.d.ts +8 -0
  165. package/dist/scanner/analyzers/SemanticAnalyzer.js +21 -0
  166. package/dist/scanner/analyzers/ThreatIntelAnalyzer.d.ts +8 -0
  167. package/dist/scanner/analyzers/ThreatIntelAnalyzer.js +21 -0
  168. package/dist/types.d.ts +23 -0
  169. package/dist/types.js +1 -1
  170. package/dist/utils/baseline.d.ts +15 -2
  171. package/dist/utils/baseline.js +50 -19
  172. package/dist/utils/contentCache.d.ts +39 -0
  173. package/dist/utils/contentCache.js +77 -0
  174. package/dist/utils/glob.d.ts +50 -0
  175. package/dist/utils/glob.js +84 -0
  176. package/dist/utils/pathSecurity.js +1 -0
  177. package/dist/utils/safeRegex.d.ts +55 -0
  178. package/dist/utils/safeRegex.js +130 -0
  179. package/dist/utils/schemas.d.ts +70 -64
  180. package/dist/utils/schemas.js +13 -0
  181. package/package.json +34 -19
package/dist/utils/schemas.d.ts CHANGED
@@ -18,8 +18,8 @@ export declare const ThreatIndicatorSchema: z.ZodObject<{
18
18
  }, "strip", z.ZodTypeAny, {
19
19
  category: string;
20
20
  value: string;
21
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
22
- severity: "critical" | "high" | "medium" | "low";
21
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
22
+ severity: "high" | "medium" | "low" | "critical";
23
23
  description: string;
24
24
  confidence: number;
25
25
  source: string;
@@ -30,8 +30,8 @@ export declare const ThreatIndicatorSchema: z.ZodObject<{
30
30
  }, {
31
31
  category: string;
32
32
  value: string;
33
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
34
- severity: "critical" | "high" | "medium" | "low";
33
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
34
+ severity: "high" | "medium" | "low" | "critical";
35
35
  description: string;
36
36
  confidence: number;
37
37
  source: string;
@@ -102,8 +102,8 @@ export declare const ThreatDatabaseSchema: z.ZodObject<{
102
102
  }, "strip", z.ZodTypeAny, {
103
103
  category: string;
104
104
  value: string;
105
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
106
- severity: "critical" | "high" | "medium" | "low";
105
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
106
+ severity: "high" | "medium" | "low" | "critical";
107
107
  description: string;
108
108
  confidence: number;
109
109
  source: string;
@@ -114,8 +114,8 @@ export declare const ThreatDatabaseSchema: z.ZodObject<{
114
114
  }, {
115
115
  category: string;
116
116
  value: string;
117
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
118
- severity: "critical" | "high" | "medium" | "low";
117
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
118
+ severity: "high" | "medium" | "low" | "critical";
119
119
  description: string;
120
120
  confidence: number;
121
121
  source: string;
@@ -154,8 +154,8 @@ export declare const ThreatDatabaseSchema: z.ZodObject<{
154
154
  indicators: {
155
155
  category: string;
156
156
  value: string;
157
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
158
- severity: "critical" | "high" | "medium" | "low";
157
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
158
+ severity: "high" | "medium" | "low" | "critical";
159
159
  description: string;
160
160
  confidence: number;
161
161
  source: string;
@@ -184,8 +184,8 @@ export declare const ThreatDatabaseSchema: z.ZodObject<{
184
184
  indicators: {
185
185
  category: string;
186
186
  value: string;
187
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
188
- severity: "critical" | "high" | "medium" | "low";
187
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
188
+ severity: "high" | "medium" | "low" | "critical";
189
189
  description: string;
190
190
  confidence: number;
191
191
  source: string;
@@ -246,16 +246,16 @@ export declare const QuarantineEntrySchema: z.ZodObject<{
246
246
  }>;
247
247
  }, "strip", z.ZodTypeAny, {
248
248
  id: string;
249
+ reason: string;
249
250
  metadata: {
250
251
  category: string;
251
252
  severity: string;
252
253
  riskScore: number;
253
254
  originalPermissions?: string | undefined;
254
255
  };
256
+ findings: any[];
255
257
  originalPath: string;
256
258
  quarantinePath: string;
257
- reason: string;
258
- findings: any[];
259
259
  quarantineDate: string;
260
260
  fileSize: number;
261
261
  fileHash: string;
@@ -263,16 +263,16 @@ export declare const QuarantineEntrySchema: z.ZodObject<{
263
263
  restoredDate?: string | undefined;
264
264
  }, {
265
265
  id: string;
266
+ reason: string;
266
267
  metadata: {
267
268
  category: string;
268
269
  severity: string;
269
270
  riskScore: number;
270
271
  originalPermissions?: string | undefined;
271
272
  };
273
+ findings: any[];
272
274
  originalPath: string;
273
275
  quarantinePath: string;
274
- reason: string;
275
- findings: any[];
276
276
  quarantineDate: string;
277
277
  fileSize: number;
278
278
  fileHash: string;
@@ -312,16 +312,16 @@ export declare const QuarantineDatabaseSchema: z.ZodObject<{
312
312
  }>;
313
313
  }, "strip", z.ZodTypeAny, {
314
314
  id: string;
315
+ reason: string;
315
316
  metadata: {
316
317
  category: string;
317
318
  severity: string;
318
319
  riskScore: number;
319
320
  originalPermissions?: string | undefined;
320
321
  };
322
+ findings: any[];
321
323
  originalPath: string;
322
324
  quarantinePath: string;
323
- reason: string;
324
- findings: any[];
325
325
  quarantineDate: string;
326
326
  fileSize: number;
327
327
  fileHash: string;
@@ -329,16 +329,16 @@ export declare const QuarantineDatabaseSchema: z.ZodObject<{
329
329
  restoredDate?: string | undefined;
330
330
  }, {
331
331
  id: string;
332
+ reason: string;
332
333
  metadata: {
333
334
  category: string;
334
335
  severity: string;
335
336
  riskScore: number;
336
337
  originalPermissions?: string | undefined;
337
338
  };
339
+ findings: any[];
338
340
  originalPath: string;
339
341
  quarantinePath: string;
340
- reason: string;
341
- findings: any[];
342
342
  quarantineDate: string;
343
343
  fileSize: number;
344
344
  fileHash: string;
@@ -364,16 +364,16 @@ export declare const QuarantineDatabaseSchema: z.ZodObject<{
364
364
  }, "strip", z.ZodTypeAny, {
365
365
  entries: {
366
366
  id: string;
367
+ reason: string;
367
368
  metadata: {
368
369
  category: string;
369
370
  severity: string;
370
371
  riskScore: number;
371
372
  originalPermissions?: string | undefined;
372
373
  };
374
+ findings: any[];
373
375
  originalPath: string;
374
376
  quarantinePath: string;
375
- reason: string;
376
- findings: any[];
377
377
  quarantineDate: string;
378
378
  fileSize: number;
379
379
  fileHash: string;
@@ -392,16 +392,16 @@ export declare const QuarantineDatabaseSchema: z.ZodObject<{
392
392
  }, {
393
393
  entries: {
394
394
  id: string;
395
+ reason: string;
395
396
  metadata: {
396
397
  category: string;
397
398
  severity: string;
398
399
  riskScore: number;
399
400
  originalPermissions?: string | undefined;
400
401
  };
402
+ findings: any[];
401
403
  originalPath: string;
402
404
  quarantinePath: string;
403
- reason: string;
404
- findings: any[];
405
405
  quarantineDate: string;
406
406
  fileSize: number;
407
407
  fileHash: string;
@@ -968,18 +968,18 @@ export declare const BaselineFindingSchema: z.ZodObject<{
968
968
  }, "strip", z.ZodTypeAny, {
969
969
  match: string;
970
970
  line: number;
971
- hash: string;
972
971
  ruleId: string;
973
972
  file: string;
973
+ hash: string;
974
974
  acceptedDate: string;
975
975
  reason?: string | undefined;
976
976
  expiresDate?: string | undefined;
977
977
  }, {
978
978
  match: string;
979
979
  line: number;
980
- hash: string;
981
980
  ruleId: string;
982
981
  file: string;
982
+ hash: string;
983
983
  acceptedDate: string;
984
984
  reason?: string | undefined;
985
985
  expiresDate?: string | undefined;
@@ -1001,18 +1001,18 @@ export declare const BaselineSchema: z.ZodObject<{
1001
1001
  }, "strip", z.ZodTypeAny, {
1002
1002
  match: string;
1003
1003
  line: number;
1004
- hash: string;
1005
1004
  ruleId: string;
1006
1005
  file: string;
1006
+ hash: string;
1007
1007
  acceptedDate: string;
1008
1008
  reason?: string | undefined;
1009
1009
  expiresDate?: string | undefined;
1010
1010
  }, {
1011
1011
  match: string;
1012
1012
  line: number;
1013
- hash: string;
1014
1013
  ruleId: string;
1015
1014
  file: string;
1015
+ hash: string;
1016
1016
  acceptedDate: string;
1017
1017
  reason?: string | undefined;
1018
1018
  expiresDate?: string | undefined;
@@ -1020,33 +1020,33 @@ export declare const BaselineSchema: z.ZodObject<{
1020
1020
  checksum: z.ZodOptional<z.ZodString>;
1021
1021
  }, "strip", z.ZodTypeAny, {
1022
1022
  version: string;
1023
- lastUpdated: string;
1024
1023
  findings: {
1025
1024
  match: string;
1026
1025
  line: number;
1027
- hash: string;
1028
1026
  ruleId: string;
1029
1027
  file: string;
1028
+ hash: string;
1030
1029
  acceptedDate: string;
1031
1030
  reason?: string | undefined;
1032
1031
  expiresDate?: string | undefined;
1033
1032
  }[];
1033
+ lastUpdated: string;
1034
1034
  createdDate: string;
1035
1035
  description?: string | undefined;
1036
1036
  checksum?: string | undefined;
1037
1037
  }, {
1038
1038
  version: string;
1039
- lastUpdated: string;
1040
1039
  findings: {
1041
1040
  match: string;
1042
1041
  line: number;
1043
- hash: string;
1044
1042
  ruleId: string;
1045
1043
  file: string;
1044
+ hash: string;
1046
1045
  acceptedDate: string;
1047
1046
  reason?: string | undefined;
1048
1047
  expiresDate?: string | undefined;
1049
1048
  }[];
1049
+ lastUpdated: string;
1050
1050
  createdDate: string;
1051
1051
  description?: string | undefined;
1052
1052
  checksum?: string | undefined;
@@ -1071,6 +1071,10 @@ export declare function safeParseJSON<T>(content: string, schema: z.ZodType<T>,
1071
1071
  * Useful when you already have a parsed object
1072
1072
  */
1073
1073
  export declare function validateSchema<T>(data: unknown, schema: z.ZodType<T>): ParseResult<T>;
1074
+ /** Validates a comma-separated severity string parsed from the CLI. */
1075
+ export declare const SeverityValueSchema: z.ZodEnum<["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"]>;
1076
+ /** Validates a comma-separated category string parsed from the CLI. */
1077
+ export declare const ThreatCategoryValueSchema: z.ZodEnum<["exfiltration", "credentials", "injection", "backdoors", "supply-chain", "permissions", "persistence", "obfuscation", "ai-specific", "advanced-hiding", "behavioral"]>;
1074
1078
  declare const _default: {
1075
1079
  ThreatIndicatorSchema: z.ZodObject<{
1076
1080
  value: z.ZodString;
@@ -1087,8 +1091,8 @@ declare const _default: {
1087
1091
  }, "strip", z.ZodTypeAny, {
1088
1092
  category: string;
1089
1093
  value: string;
1090
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
1091
- severity: "critical" | "high" | "medium" | "low";
1094
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
1095
+ severity: "high" | "medium" | "low" | "critical";
1092
1096
  description: string;
1093
1097
  confidence: number;
1094
1098
  source: string;
@@ -1099,8 +1103,8 @@ declare const _default: {
1099
1103
  }, {
1100
1104
  category: string;
1101
1105
  value: string;
1102
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
1103
- severity: "critical" | "high" | "medium" | "low";
1106
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
1107
+ severity: "high" | "medium" | "low" | "critical";
1104
1108
  description: string;
1105
1109
  confidence: number;
1106
1110
  source: string;
@@ -1171,8 +1175,8 @@ declare const _default: {
1171
1175
  }, "strip", z.ZodTypeAny, {
1172
1176
  category: string;
1173
1177
  value: string;
1174
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
1175
- severity: "critical" | "high" | "medium" | "low";
1178
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
1179
+ severity: "high" | "medium" | "low" | "critical";
1176
1180
  description: string;
1177
1181
  confidence: number;
1178
1182
  source: string;
@@ -1183,8 +1187,8 @@ declare const _default: {
1183
1187
  }, {
1184
1188
  category: string;
1185
1189
  value: string;
1186
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
1187
- severity: "critical" | "high" | "medium" | "low";
1190
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
1191
+ severity: "high" | "medium" | "low" | "critical";
1188
1192
  description: string;
1189
1193
  confidence: number;
1190
1194
  source: string;
@@ -1223,8 +1227,8 @@ declare const _default: {
1223
1227
  indicators: {
1224
1228
  category: string;
1225
1229
  value: string;
1226
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
1227
- severity: "critical" | "high" | "medium" | "low";
1230
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
1231
+ severity: "high" | "medium" | "low" | "critical";
1228
1232
  description: string;
1229
1233
  confidence: number;
1230
1234
  source: string;
@@ -1253,8 +1257,8 @@ declare const _default: {
1253
1257
  indicators: {
1254
1258
  category: string;
1255
1259
  value: string;
1256
- type: "domain" | "url" | "ip" | "hash" | "email" | "filename" | "package" | "pattern" | "signature";
1257
- severity: "critical" | "high" | "medium" | "low";
1260
+ type: "url" | "pattern" | "domain" | "ip" | "hash" | "email" | "filename" | "package" | "signature";
1261
+ severity: "high" | "medium" | "low" | "critical";
1258
1262
  description: string;
1259
1263
  confidence: number;
1260
1264
  source: string;
@@ -1299,16 +1303,16 @@ declare const _default: {
1299
1303
  }>;
1300
1304
  }, "strip", z.ZodTypeAny, {
1301
1305
  id: string;
1306
+ reason: string;
1302
1307
  metadata: {
1303
1308
  category: string;
1304
1309
  severity: string;
1305
1310
  riskScore: number;
1306
1311
  originalPermissions?: string | undefined;
1307
1312
  };
1313
+ findings: any[];
1308
1314
  originalPath: string;
1309
1315
  quarantinePath: string;
1310
- reason: string;
1311
- findings: any[];
1312
1316
  quarantineDate: string;
1313
1317
  fileSize: number;
1314
1318
  fileHash: string;
@@ -1316,16 +1320,16 @@ declare const _default: {
1316
1320
  restoredDate?: string | undefined;
1317
1321
  }, {
1318
1322
  id: string;
1323
+ reason: string;
1319
1324
  metadata: {
1320
1325
  category: string;
1321
1326
  severity: string;
1322
1327
  riskScore: number;
1323
1328
  originalPermissions?: string | undefined;
1324
1329
  };
1330
+ findings: any[];
1325
1331
  originalPath: string;
1326
1332
  quarantinePath: string;
1327
- reason: string;
1328
- findings: any[];
1329
1333
  quarantineDate: string;
1330
1334
  fileSize: number;
1331
1335
  fileHash: string;
@@ -1365,16 +1369,16 @@ declare const _default: {
1365
1369
  }>;
1366
1370
  }, "strip", z.ZodTypeAny, {
1367
1371
  id: string;
1372
+ reason: string;
1368
1373
  metadata: {
1369
1374
  category: string;
1370
1375
  severity: string;
1371
1376
  riskScore: number;
1372
1377
  originalPermissions?: string | undefined;
1373
1378
  };
1379
+ findings: any[];
1374
1380
  originalPath: string;
1375
1381
  quarantinePath: string;
1376
- reason: string;
1377
- findings: any[];
1378
1382
  quarantineDate: string;
1379
1383
  fileSize: number;
1380
1384
  fileHash: string;
@@ -1382,16 +1386,16 @@ declare const _default: {
1382
1386
  restoredDate?: string | undefined;
1383
1387
  }, {
1384
1388
  id: string;
1389
+ reason: string;
1385
1390
  metadata: {
1386
1391
  category: string;
1387
1392
  severity: string;
1388
1393
  riskScore: number;
1389
1394
  originalPermissions?: string | undefined;
1390
1395
  };
1396
+ findings: any[];
1391
1397
  originalPath: string;
1392
1398
  quarantinePath: string;
1393
- reason: string;
1394
- findings: any[];
1395
1399
  quarantineDate: string;
1396
1400
  fileSize: number;
1397
1401
  fileHash: string;
@@ -1417,16 +1421,16 @@ declare const _default: {
1417
1421
  }, "strip", z.ZodTypeAny, {
1418
1422
  entries: {
1419
1423
  id: string;
1424
+ reason: string;
1420
1425
  metadata: {
1421
1426
  category: string;
1422
1427
  severity: string;
1423
1428
  riskScore: number;
1424
1429
  originalPermissions?: string | undefined;
1425
1430
  };
1431
+ findings: any[];
1426
1432
  originalPath: string;
1427
1433
  quarantinePath: string;
1428
- reason: string;
1429
- findings: any[];
1430
1434
  quarantineDate: string;
1431
1435
  fileSize: number;
1432
1436
  fileHash: string;
@@ -1445,16 +1449,16 @@ declare const _default: {
1445
1449
  }, {
1446
1450
  entries: {
1447
1451
  id: string;
1452
+ reason: string;
1448
1453
  metadata: {
1449
1454
  category: string;
1450
1455
  severity: string;
1451
1456
  riskScore: number;
1452
1457
  originalPermissions?: string | undefined;
1453
1458
  };
1459
+ findings: any[];
1454
1460
  originalPath: string;
1455
1461
  quarantinePath: string;
1456
- reason: string;
1457
- findings: any[];
1458
1462
  quarantineDate: string;
1459
1463
  fileSize: number;
1460
1464
  fileHash: string;
@@ -2021,18 +2025,18 @@ declare const _default: {
2021
2025
  }, "strip", z.ZodTypeAny, {
2022
2026
  match: string;
2023
2027
  line: number;
2024
- hash: string;
2025
2028
  ruleId: string;
2026
2029
  file: string;
2030
+ hash: string;
2027
2031
  acceptedDate: string;
2028
2032
  reason?: string | undefined;
2029
2033
  expiresDate?: string | undefined;
2030
2034
  }, {
2031
2035
  match: string;
2032
2036
  line: number;
2033
- hash: string;
2034
2037
  ruleId: string;
2035
2038
  file: string;
2039
+ hash: string;
2036
2040
  acceptedDate: string;
2037
2041
  reason?: string | undefined;
2038
2042
  expiresDate?: string | undefined;
@@ -2054,18 +2058,18 @@ declare const _default: {
2054
2058
  }, "strip", z.ZodTypeAny, {
2055
2059
  match: string;
2056
2060
  line: number;
2057
- hash: string;
2058
2061
  ruleId: string;
2059
2062
  file: string;
2063
+ hash: string;
2060
2064
  acceptedDate: string;
2061
2065
  reason?: string | undefined;
2062
2066
  expiresDate?: string | undefined;
2063
2067
  }, {
2064
2068
  match: string;
2065
2069
  line: number;
2066
- hash: string;
2067
2070
  ruleId: string;
2068
2071
  file: string;
2072
+ hash: string;
2069
2073
  acceptedDate: string;
2070
2074
  reason?: string | undefined;
2071
2075
  expiresDate?: string | undefined;
@@ -2073,37 +2077,39 @@ declare const _default: {
2073
2077
  checksum: z.ZodOptional<z.ZodString>;
2074
2078
  }, "strip", z.ZodTypeAny, {
2075
2079
  version: string;
2076
- lastUpdated: string;
2077
2080
  findings: {
2078
2081
  match: string;
2079
2082
  line: number;
2080
- hash: string;
2081
2083
  ruleId: string;
2082
2084
  file: string;
2085
+ hash: string;
2083
2086
  acceptedDate: string;
2084
2087
  reason?: string | undefined;
2085
2088
  expiresDate?: string | undefined;
2086
2089
  }[];
2090
+ lastUpdated: string;
2087
2091
  createdDate: string;
2088
2092
  description?: string | undefined;
2089
2093
  checksum?: string | undefined;
2090
2094
  }, {
2091
2095
  version: string;
2092
- lastUpdated: string;
2093
2096
  findings: {
2094
2097
  match: string;
2095
2098
  line: number;
2096
- hash: string;
2097
2099
  ruleId: string;
2098
2100
  file: string;
2101
+ hash: string;
2099
2102
  acceptedDate: string;
2100
2103
  reason?: string | undefined;
2101
2104
  expiresDate?: string | undefined;
2102
2105
  }[];
2106
+ lastUpdated: string;
2103
2107
  createdDate: string;
2104
2108
  description?: string | undefined;
2105
2109
  checksum?: string | undefined;
2106
2110
  }>;
2111
+ SeverityValueSchema: z.ZodEnum<["CRITICAL", "HIGH", "MEDIUM", "LOW", "INFO"]>;
2112
+ ThreatCategoryValueSchema: z.ZodEnum<["exfiltration", "credentials", "injection", "backdoors", "supply-chain", "permissions", "persistence", "obfuscation", "ai-specific", "advanced-hiding", "behavioral"]>;
2107
2113
  safeParseJSON: typeof safeParseJSON;
2108
2114
  validateSchema: typeof validateSchema;
2109
2115
  };
package/dist/utils/schemas.js CHANGED
@@ -235,6 +235,17 @@ export function validateSchema(data, schema) {
235
235
  };
236
236
  }
237
237
  }
238
+ // ============================================
239
+ // CLI-parsed value schemas
240
+ // ============================================
241
+ /** Validates a comma-separated severity string parsed from the CLI. */
242
+ export const SeverityValueSchema = z.enum(['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO']);
243
+ /** Validates a comma-separated category string parsed from the CLI. */
244
+ export const ThreatCategoryValueSchema = z.enum([
245
+ 'exfiltration', 'credentials', 'injection', 'backdoors',
246
+ 'supply-chain', 'permissions', 'persistence', 'obfuscation',
247
+ 'ai-specific', 'advanced-hiding', 'behavioral',
248
+ ]);
238
249
  export default {
239
250
  ThreatIndicatorSchema,
240
251
  ThreatSourceSchema,
@@ -244,6 +255,8 @@ export default {
244
255
  ConfigFileSchema,
245
256
  BaselineFindingSchema,
246
257
  BaselineSchema,
258
+ SeverityValueSchema,
259
+ ThreatCategoryValueSchema,
247
260
  safeParseJSON,
248
261
  validateSchema,
249
262
  };
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "ferret-scan",
3
- "version": "2.1.2",
4
- "description": "Comprehensive AI Agent Security Platform - scan, monitor, and secure AI CLI configurations with IDE integrations, behavior analysis, and compliance frameworks",
3
+ "version": "2.3.0",
4
+ "description": "Static security scanner for AI CLI and MCP configurations detects credential leaks, prompt injection, jailbreaks, and supply chain risks",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
7
7
  "types": "dist/index.d.ts",
@@ -25,9 +25,15 @@
25
25
  "lint": "eslint src",
26
26
  "lint:fix": "eslint src --fix",
27
27
  "prepare": "npm run build",
28
- "prepublishOnly": "npm run build && npm run test && npm run lint",
28
+ "schema:generate": "node scripts/generate-json-schema.mjs",
29
+ "schema:check": "node scripts/generate-json-schema.mjs --check",
30
+ "prepublishOnly": "npm run build && npm run schema:generate && npm run test",
29
31
  "scan": "node bin/ferret.js scan",
30
- "check:resources": "node -e \"console.log('RAM:', Math.round(process.memoryUsage().heapUsed / 1024 / 1024) + 'MB')\""
32
+ "check:resources": "node -e \"console.log('RAM:', Math.round(process.memoryUsage().heapUsed / 1024 / 1024) + 'MB')\"",
33
+ "bench": "npm run build && node scripts/bench.mjs",
34
+ "bench:json": "npm run build && node scripts/bench.mjs --json",
35
+ "bench:compare": "node scripts/bench-compare.mjs",
36
+ "docs:api": "typedoc"
31
37
  },
32
38
  "keywords": [
33
39
  "ai-cli",
@@ -80,7 +86,9 @@
80
86
  "npm": ">=9.0.0"
81
87
  },
82
88
  "os": [
83
- "!win32"
89
+ "linux",
90
+ "darwin",
91
+ "win32"
84
92
  ],
85
93
  "cpu": [
86
94
  "x64",
@@ -101,15 +109,15 @@
101
109
  },
102
110
  "dependencies": {
103
111
  "boxen": "^7.1.1",
104
- "chalk": "^5.3.0",
105
- "chokidar": "^3.5.3",
112
+ "chalk": "^5.6.2",
113
+ "chokidar": "^3.6.0",
106
114
  "commander": "^12.1.0",
107
- "glob": "^10.3.10",
108
- "ignore": "^5.3.1",
109
- "ora": "^8.0.1",
110
- "table": "^6.8.1",
111
- "yaml": "^2.3.4",
112
- "zod": "^3.22.4"
115
+ "glob": "^10.5.0",
116
+ "ignore": "^5.3.2",
117
+ "ora": "^8.2.0",
118
+ "table": "^6.9.0",
119
+ "yaml": "^2.8.3",
120
+ "zod": "^3.25.76"
113
121
  },
114
122
  "peerDependencies": {
115
123
  "typescript": ">=5.0.0"
@@ -120,15 +128,22 @@
120
128
  }
121
129
  },
122
130
  "devDependencies": {
131
+ "@babel/preset-env": "^7.29.2",
123
132
  "@eslint/js": "^9.26.0",
124
- "@types/jest": "^29.5.11",
125
- "@types/node": "^20.11.0",
133
+ "@types/jest": "^29.5.14",
134
+ "@types/node": "^20.19.39",
126
135
  "@typescript-eslint/eslint-plugin": "^8.54.0",
127
136
  "@typescript-eslint/parser": "^8.54.0",
128
- "eslint": "^9.26.0",
137
+ "babel-jest": "^30.3.0",
138
+ "eslint": "^9.39.4",
139
+ "fast-check": "^4.7.0",
129
140
  "jest": "^29.7.0",
130
- "ts-jest": "^29.1.1",
131
- "typescript": "^5.0.0",
132
- "typescript-eslint": "^8.54.0"
141
+ "ts-jest": "^29.4.9",
142
+ "typescript": "^5.9.3",
143
+ "typescript-eslint": "^8.54.0",
144
+ "zod-to-json-schema": "^3.25.2"
145
+ },
146
+ "optionalDependencies": {
147
+ "re2": "1.24.0"
133
148
  }
134
149
  }