hackmyagent 0.11.11 → 0.11.13

package/dist/cli.js

@@ -118,7 +118,7 @@ program
     .name('hackmyagent')
     .description(`Find it. Break it. Fix it.
 
-The hacker's toolkit for AI agents. 199 security checks, 115 attack
+The hacker's toolkit for AI agents. 204 security checks, 115 attack
 payloads, auto-fix with rollback, and OASB benchmark compliance.
 
 Documentation: https://hackmyagent.com/docs
@@ -127,10 +127,10 @@ Updates (v${index_1.VERSION}):
   - NemoClaw sandbox scanner (28 installation checks)
   - 10 new static analysis patterns (NEMO series)
   - Community trust contributions
-  - 199 checks across 60 categories
+  - 204 checks across 60 categories
 
 Examples:
-  $ hackmyagent secure                         Find vulnerabilities (199 checks)
+  $ hackmyagent secure                         Find vulnerabilities (204 checks)
   $ hackmyagent attack --local                 Break it with 115 attack payloads
   $ hackmyagent secure --fix                   Fix issues automatically
   $ hackmyagent fix-all                        Run all security plugins
@@ -139,7 +139,7 @@ Examples:
     .option('--no-color', 'Disable colored output (also respects NO_COLOR env)');
 program.addHelpText('beforeAll', `
 Quick start:
-  $ hackmyagent secure              Scan current directory (199 checks)
+  $ hackmyagent secure              Scan current directory (204 checks)
   $ hackmyagent fix-all --with-aim  Auto-fix + create agent identity
   $ hackmyagent attack              Red-team your agent
 `);
@@ -1695,7 +1695,7 @@ program
     .command('secure')
     .description(`Scan and harden your agent setup
 
-Performs 199 security checks across 60 categories:
+Performs 204 security checks across 60 categories:
   • Credentials: API key exposure, secrets in configs
   • MCP: Server configs, tool permissions, secrets
   • Network: TLS, interface bindings, CORS
@@ -1734,7 +1734,9 @@ Examples:
     .option('--dry-run', 'Preview fixes without applying them (use with --fix)')
     .option('--ignore <checks>', 'Comma-separated check IDs to skip (e.g., CRED-001,GIT-002)')
     .option('--json', 'Output as JSON (deprecated: use --format json)')
-    .option('-f, --format <format>', 'Output format: text, json, sarif, html (default: text)', 'text')
+    .option('-f, --format <format>', 'Output format: text, json, sarif, html, asff (default: text)', 'text')
+    .option('--aws-account-id <id>', 'AWS account ID for ASFF format')
+    .option('--aws-region <region>', 'AWS region for ASFF format')
     .option('-o, --output <file>', 'Write output to file instead of stdout')
     .option('--fail-below <percent>', 'Exit 1 if compliance below threshold (0-100)')
     .option('-v, --verbose', 'Show all checks including passed ones')
@@ -1787,7 +1789,7 @@ Examples:
             process.exit(1);
         }
         // Determine output format (--json is deprecated alias for --format json)
-        const validFormats = ['text', 'json', 'sarif', 'html', 'asp'];
+        const validFormats = ['text', 'json', 'sarif', 'html', 'asp', 'asff'];
         const format = options.json ? 'json' : (options.format || 'text');
         if (!validFormats.includes(format)) {
             console.error(`Error: Invalid format '${format}'. Use: ${validFormats.join(', ')}`);
@@ -2013,6 +2015,26 @@ Examples:
                 process.exit(1);
             return;
         }
+        if (format === 'asff') {
+            const { toASSF } = await Promise.resolve().then(() => __importStar(require('./output/asff.js')));
+            const output = toASSF(result.findings, {
+                awsAccountId: options.awsAccountId,
+                awsRegion: options.awsRegion,
+                targetDir,
+            });
+            if (options.output) {
+                require('fs').writeFileSync(options.output, output);
+                console.error(`ASFF report written to ${options.output}`);
+                console.error(`Import: aws securityhub batch-import-findings --findings file://${options.output}`);
+            }
+            else {
+                console.log(output);
+            }
+            const critHigh = result.findings.filter((f) => !f.passed && !f.fixed && (f.severity === 'critical' || f.severity === 'high'));
+            if (critHigh.length > 0)
+                process.exit(1);
+            return;
+        }
         // Filter to only show failed findings (issues)
         const issues = result.findings.filter((f) => !f.passed && !f.fixed);
         const fixedFindings = result.findings.filter((f) => f.fixed);
@@ -4303,7 +4325,7 @@ Examples:
         console.log(`\n  Detected: ${result.tool}\n`);
         console.log(`  Added HackMyAgent MCP server to ${result.configPath}\n`);
         console.log(`  Available tools in ${result.tool}:`);
-        console.log(`    hackmyagent_scan       — 199 checks + structural analysis`);
+        console.log(`    hackmyagent_scan       — 204 checks + structural analysis`);
         console.log(`    hackmyagent_deep_scan  — Full analysis with LLM reasoning`);
         console.log(`    hackmyagent_analyze_file — Analyze a single file`);
         console.log(`    hackmyagent_benchmark  — OASB-1 compliance assessment\n`);