security-mcp 1.1.1 → 1.1.3

package/README.md

@@ -19,8 +19,8 @@ Works with **Claude Code, GitHub Copilot, Cursor, Codex, Replit**, and any MCP-c
 
 - [What Problem Does This Solve?](#what-problem-does-this-solve)
 - [Who Is This For?](#who-is-this-for)
-- [Two Modes - Pick Your Depth](#two-modes--pick-your-depth)
-- [Quick Start - Install in 60 Seconds](#quick-start--install-in-60-seconds)
+- [Two Modes - Pick Your Depth](#two-modes---pick-your-depth)
+- [Quick Start - Install in 60 Seconds](#quick-start---install-in-60-seconds)
 - [Step-by-Step Installation Guide](#step-by-step-installation-guide)
   - [Claude Code](#step-by-step-claude-code)
   - [Cursor](#step-by-step-cursor)
@@ -77,19 +77,19 @@ A single elite security engineer agent that reviews your code, finds vulnerabili
 
 ### `/ciso-orchestrator` - A Full Security Program in One Command
 
-40 specialist agents running in parallel across 3 phases: threat modeling, deep code and infrastructure attack simulation, then compliance synthesis. Every domain gets its own specialist - a dedicated injection attacker, a JWT/OAuth hacker, a cloud privilege escalation analyst, a prompt injection specialist, a TLS auditor, a pentest team that reads the threat model as its attack brief, and a compliance analyst that maps every finding to PCI DSS 4.0, SOC 2, ISO 27001, NIST 800-53, HIPAA, and GDPR. Agents learn from each run and improve over time. Optionally fetches live CVE, CISA KEV, and ATT&CK data. Produces a merged findings report with full compliance mapping and a signed attestation.
+39 specialist agents across 3 phases. Phase 1: 7 lead agents run in parallel, each commanding its own team of sub-agents — threat modeling, deep code analysis, cloud infrastructure, supply chain, AI/LLM red team, mobile, and cryptography. Phase 2: adversarial penetration testing and compliance synthesis run in parallel after Phase 1 completes. Phase 3: findings are merged, deduplicated, and attested. Every domain has a dedicated specialist — an injection attacker, a JWT/OAuth hacker, a cloud privilege escalation analyst, a prompt injection specialist, a TLS auditor, a pentest team that reads the threat model as its attack brief, and a compliance analyst mapping every finding to PCI DSS 4.0, SOC 2, ISO 27001, NIST 800-53, HIPAA, and GDPR. Agents learn from each run and improve over time. 86 specialist skills registered in the registry — loaded on demand based on detected stack. Optionally fetches live CVE, CISA KEV, and ATT&CK data. Produces a merged findings report with full compliance mapping and a signed attestation.
 
-**Use this before major releases, compliance audits, or security reviews. -> [See the full 40-agent architecture](#ciso-orchestrator-flow-40-agents)**
+**Use this before major releases, compliance audits, or security reviews. -> [See the full 39-agent architecture](#ciso-orchestrator-flow-39-agents)**
 
 ---
 
 | | `/senior-security-engineer` | `/ciso-orchestrator` |
 | --- | --- | --- |
-| **What it is** | Single expert agent | 40-agent parallel security program |
+| **What it is** | Single expert agent | 39-agent multi-phase security program |
 | **Best for** | Daily development, PR reviews, targeted hardening | Pre-launch audits, compliance prep, incident response |
 | **Speed** | Seconds to minutes | Minutes to hours |
 | **Scope** | You choose: recent changes, full codebase, or specific files | Always full - every surface, every framework |
-| **Agents** | 1 | 40 (9 leads + 30 specialists) |
+| **Agents** | 1 | 39 (9 leads + 30 sub-agents) |
 | **Output** | Inline code fixes + SHA-256 attestation | Full domain reports + merged findings + attestation |
 | **API cost** | Low | High |
 | **Internet** | Not required | Optional (enriches findings with live CVEs, CISA KEV, MITRE ATT&CK) |
@@ -112,7 +112,7 @@ Restart your editor. Then in Claude Code:
 
 That's it. The engineer will ask how you want to scope the review, then find and fix security issues in your code.
 
-For a full 40-agent deep audit:
+For a full 39-agent deep audit:
 
 ```text
 /ciso-orchestrator
@@ -398,7 +398,7 @@ The orchestrator will ask:
 - **Yes** - agents enrich findings with live threat intelligence. More accurate, more current.
 - **No** - agents use cached intel. Still comprehensive, no external calls made.
 
-**Step 3 - Wait for Phase 1 (7 lead agents + 30 sub-agents, all parallel).**
+**Step 3 - Wait for Phase 1 (7 lead agents running in parallel, each commanding their domain-specific sub-agents — 25 sub-agents total across Phase 1).**
 
 Each agent writes findings to `.mcp/agent-runs/{agentRunId}/`.
 
@@ -468,7 +468,7 @@ The gate runs **18 checks in parallel** against your diff:
 | Category | What It Catches |
 | --- | --- |
 | **Secrets** | Hardcoded API keys, tokens, passwords, private keys (via Gitleaks patterns) |
-| **Dependencies** | CRITICAL/HIGH CVEs in npm/pip/go/maven packages; CISA Known Exploited Vulnerabilities |
+| **Dependencies** | CRITICAL/HIGH CVEs in npm/pip/go/maven packages; CISA KEV cross-check and EPSS >50% auto-escalation via live threat-intel (24h cached) |
 | **Cryptography** | MD5, SHA-1, DES, RC4, ECB mode, `Math.random()` for tokens, short JWT secrets |
 | **Authentication** | Missing rate limiting, no account lockout, JWT `alg:none`, weak session config |
 | **Injection** | SQL, NoSQL, command injection, path traversal, SSRF, prototype pollution |
@@ -485,6 +485,7 @@ The gate runs **18 checks in parallel** against your diff:
 | **Runtime** | HTTP security headers and TLS config on live staging URL (if configured) |
 | **AI red-team** | Static + optional dynamic probes against AI endpoints |
 | **Exceptions** | Validates any active security exceptions are non-expired and properly approved |
+| **Baseline regression** | Detects when previously-satisfied controls go missing (BASELINE_REGRESSION HIGH finding injected on regression) |
 
 ### Customize the Gate Policy
 
@@ -620,7 +621,7 @@ app.use(helmet({
 │                   Your Editor (Claude Code)                   │
 │                                                               │
 │  /senior-security-engineer      /ciso-orchestrator           │
-│  (single expert agent)          (40-agent security program)  │
+│  (single expert agent)          (39-agent security program)  │
 │          │                                │                   │
 └──────────┼────────────────────────────────┼───────────────────┘
            │                                │
@@ -701,7 +702,7 @@ User: /senior-security-engineer
     └── SHA-256 integrity hash
 ```
 
-### `/ciso-orchestrator` Flow (40 Agents)
+### `/ciso-orchestrator` Flow (39 Agents)
 
 ```text
 User: /ciso-orchestrator
@@ -715,7 +716,7 @@ User: /ciso-orchestrator
   │   -> stackContext: { languages, frameworks, cloudProvider, hasAI, hasMobile, ... }
   ├── security.start_review()          -> runId
   ├── orchestration.create_agent_run() -> agentRunId + manifest.json
-  └── orchestration.ensure_skill(×39) -> download skills if not cached
+  └── orchestration.ensure_skill(×N)  -> download stack-relevant skills from 86-skill registry
         │
         ▼
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
@@ -994,6 +995,8 @@ Edit `.mcp/exceptions/security-exceptions.json`:
 | `SECURITY_GATE_POLICY` | `.mcp/policies/security-policy.json` | Path to policy file |
 | `SECURITY_GATE_SCANNERS` | built-in | Path to custom scanner config (must be within project directory) |
 | `SECURITY_GATE_EXCEPTIONS` | `.mcp/exceptions/security-exceptions.json` | Path to exceptions file (must be within project directory) |
+| `SECURITY_GATE_MODE` | `full` | Set to `file_by_file` for scoped per-file scanning |
+| `SECURITY_GATE_TARGETS` | (all changed files) | Comma-separated file paths to restrict the scan surface |
 
 ### Integrations (all optional)
 

package/dist/ci/pr-gate.js

@@ -1,6 +1,8 @@
 import { runPrGate } from "../gate/policy.js";
 // Allow safe git revision operators (~ and ^) plus ref/path characters. CWE-88.
 const SAFE_REF_RE = /^[a-zA-Z0-9_./~^-]+$/;
+// Allow relative file/folder paths for targets. CWE-88.
+const SAFE_TARGET_RE = /^[a-zA-Z0-9_./ -]+$/;
 function safeEnvRef(envVar, defaultValue) {
     const val = process.env[envVar] || defaultValue;
     if (!SAFE_REF_RE.test(val)) {
@@ -9,11 +11,26 @@ function safeEnvRef(envVar, defaultValue) {
     }
     return val;
 }
+function safeEnvTargets(envVar) {
+    const raw = process.env[envVar];
+    if (!raw)
+        return undefined;
+    const targets = raw.split(",").map((t) => t.trim()).filter(Boolean);
+    return targets.filter((t) => {
+        if (!SAFE_TARGET_RE.test(t) || t.includes("..")) {
+            console.error(`Skipping unsafe target: "${t}"`);
+            return false;
+        }
+        return true;
+    });
+}
 async function main() {
     const baseRef = safeEnvRef("SECURITY_GATE_BASE_REF", "origin/main");
     const headRef = safeEnvRef("SECURITY_GATE_HEAD_REF", "HEAD");
     const policyPath = process.env.SECURITY_GATE_POLICY || ".mcp/policies/security-policy.json";
-    const result = await runPrGate({ baseRef, headRef, policyPath });
+    const mode = (process.env.SECURITY_GATE_MODE ?? "recent_changes");
+    const targets = safeEnvTargets("SECURITY_GATE_TARGETS");
+    const result = await runPrGate({ baseRef, headRef, policyPath, mode, targets });
     // Print result for Actions logs
     console.log(JSON.stringify(result, null, 2));
     if (result.status !== "PASS") {

package/dist/cli/onboarding.js

@@ -13,10 +13,12 @@
 import { createInterface } from "node:readline/promises";
 import { stdin as input, stdout as output } from "node:process";
 import { spawnSync } from "node:child_process";
-import { platform, arch, homedir } from "node:os";
-import { mkdirSync, createWriteStream, chmodSync, existsSync } from "node:fs";
+import { platform, arch, homedir, tmpdir } from "node:os";
+import { mkdirSync, createWriteStream, chmodSync, existsSync, writeFileSync, unlinkSync } from "node:fs";
 import { join } from "node:path";
 import { pipeline } from "node:stream/promises";
+import { createHash } from "node:crypto";
+import { readFile as readFileAsync } from "node:fs/promises";
 // ─── Constants ────────────────────────────────────────────────────────────────
 const PROJECT_TYPES = [
     {
@@ -220,6 +222,39 @@ function run(cmd, args) {
     const result = spawnSync(cmd, args, { stdio: "inherit" });
     return result.status === 0;
 }
+// ─── Binary integrity helpers ─────────────────────────────────────────────────
+// CWE-494: verify downloaded binary against publisher SHA-256 checksum before install.
+async function fetchChecksumFile(assets) {
+    const checksumAsset = assets.find((a) => /checksums?\.txt$/i.test(a.name) || /\.sha256(sums?)?$/i.test(a.name));
+    if (!checksumAsset)
+        return null;
+    try {
+        const res = await fetch(checksumAsset.browser_download_url);
+        if (!res.ok)
+            return null;
+        return await res.text();
+    }
+    catch {
+        return null;
+    }
+}
+function parseExpectedHash(checksumContent, filename) {
+    for (const line of checksumContent.split("\n")) {
+        const parts = line.trim().split(/\s+/);
+        if (parts.length >= 2) {
+            const hash = parts[0];
+            const name = (parts.at(-1) ?? "").replace(/^\*/, "");
+            if (name === filename && /^[0-9a-f]{64}$/i.test(hash)) {
+                return hash.toLowerCase();
+            }
+        }
+    }
+    return null;
+}
+async function verifyIntegrity(filePath, expectedHash) {
+    const content = await readFileAsync(filePath);
+    return createHash("sha256").update(content).digest("hex") === expectedHash;
+}
 // ─── GitHub binary download ───────────────────────────────────────────────────
 async function fetchLatestRelease(repo) {
     try {
@@ -282,6 +317,29 @@ async function installFromGitHub(tool, os) {
         print(`     Download failed.`);
         return false;
     }
+    // CWE-494: verify SHA-256 integrity before executing anything
+    const checksumContent = await fetchChecksumFile(release.assets);
+    if (checksumContent) {
+        const expectedHash = parseExpectedHash(checksumContent, fileName);
+        if (expectedHash) {
+            const valid = await verifyIntegrity(tmpFile, expectedHash);
+            if (!valid) {
+                print(`     Integrity check FAILED for ${fileName} — aborting install.`);
+                try {
+                    unlinkSync(tmpFile);
+                }
+                catch { /* ignore cleanup failure */ }
+                return false;
+            }
+            print(`     Integrity verified (SHA-256 matched).`);
+        }
+        else {
+            print(`     Warning: checksum file found but no entry for ${fileName} — proceeding without verification.`);
+        }
+    }
+    else {
+        print(`     Warning: no checksum file in release assets — cannot verify binary integrity.`);
+    }
     const destDir = "/usr/local/bin";
     if (tool.tarball) {
         // Extract the binary from the archive
@@ -347,12 +405,24 @@ async function tryDnf(tool) {
     const mgr = commandExists("dnf") ? "dnf" : commandExists("yum") ? "yum" : null;
     if (!mgr)
         return false;
-    // Add Aqua Security rpm repo
-    const repoContent = "[trivy]\\nname=Trivy repository\\n" +
-        "baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/\\n" +
-        "gpgcheck=0\\nenabled=1";
+    // CWE-78: avoid bash -c shell construction — write repo file to a temp path
+    // then move it into place with sudo (no shell, no injection surface).
+    const repoLines = [
+        "[trivy]",
+        "name=Trivy repository",
+        "baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/",
+        "gpgcheck=0",
+        "enabled=1"
+    ];
+    const tmpRepoFile = join(tmpdir(), `trivy-${Date.now()}.repo`);
     print(`     Adding Aqua Security yum/dnf repository...`);
-    run("bash", ["-c", `echo -e "${repoContent}" | sudo tee /etc/yum.repos.d/trivy.repo`]);
+    try {
+        writeFileSync(tmpRepoFile, repoLines.join("\n") + "\n", "utf-8");
+    }
+    catch {
+        return false;
+    }
+    run("sudo", ["mv", tmpRepoFile, "/etc/yum.repos.d/trivy.repo"]);
     print(`     sudo ${mgr} install -y trivy`);
     return run("sudo", [mgr, "install", "-y", "trivy"]);
 }
@@ -513,6 +583,7 @@ export async function runOnboarding() {
         print("");
         print("   This applies the right compliance controls automatically,");
         print("   such as PCI DSS for payment cards or HIPAA for health data.");
+        print("   You can select multiple options (e.g. 1 2 or 1,2).");
         print("");
         for (const d of SENSITIVE_DATA_OPTIONS) {
             print(`   ${d.key}.  ${d.label}`);

package/dist/gate/checks/api.js

@@ -1,4 +1,7 @@
+import { sanitizeErrorMessage } from "../result.js";
 import { searchRepo } from "../../repo/search.js";
+import fg from "fast-glob";
+import { readFileSafe } from "../../repo/fs.js";
 export async function checkApi(_) {
     const findings = [];
     const zodHits = await searchRepo({ query: "zod|valibot|yup|joi", isRegex: true, maxMatches: 200 });
@@ -135,5 +138,95 @@ export async function checkApi(_) {
             ]
         });
     }
+    // 5. API schema drift (OpenAPI/Swagger spec vs code routes)
+    findings.push(...await checkApiSchemaDrift());
+    return findings;
+}
+function parseDeclaredPaths(specContent) {
+    const paths = new Set();
+    for (const match of specContent.matchAll(/^\s{0,4}(\/[a-zA-Z0-9/{}_-]+)\s*:/gm)) {
+        paths.add(match[1]);
+    }
+    return paths;
+}
+function findShadowRoutes(codeRouteHits, declaredPaths) {
+    const shadows = [];
+    for (const hit of codeRouteHits) {
+        const routeMatch = /['"](\/?[a-zA-Z0-9/{}_-]+)['"]/.exec(hit.preview);
+        if (!routeMatch)
+            continue;
+        const route = routeMatch[1].startsWith("/") ? routeMatch[1] : `/${routeMatch[1]}`;
+        const normalised = route.replaceAll(/:([a-zA-Z_]+)/g, "{$1}");
+        if (!declaredPaths.has(normalised) && !declaredPaths.has(route)) {
+            shadows.push(`${hit.file}:${hit.line} — ${route}`);
+        }
+    }
+    return shadows;
+}
+async function checkApiSchemaDrift() {
+    const findings = [];
+    try {
+        const specFiles = await fg([
+            "openapi.{yaml,yml,json}",
+            "swagger.{yaml,yml,json}",
+            "**/openapi.{yaml,yml,json}",
+            "**/swagger.{yaml,yml,json}",
+            "**/api-spec.{yaml,yml,json}",
+            "**/openapi/**/*.{yaml,yml,json}"
+        ], { ignore: ["**/node_modules/**", "**/dist/**", "**/.git/**"], dot: true });
+        const codeRouteHits = await searchRepo({
+            query: String.raw `(?:router|app|fastify|server)\.(?:get|post|put|delete|patch)\s*\(\s*['"](/[^'"]+)['"]`,
+            isRegex: true,
+            maxMatches: 300
+        });
+        if (specFiles.length === 0) {
+            if (codeRouteHits.length > 0) {
+                findings.push({
+                    id: "API_NO_OPENAPI_SPEC",
+                    title: "API routes detected but no OpenAPI/Swagger specification found",
+                    severity: "MEDIUM",
+                    evidence: codeRouteHits.slice(0, 10).map((m) => `${m.file}:${m.line}:${m.preview}`),
+                    requiredActions: [
+                        "Create an OpenAPI 3.x specification (openapi.yaml) that documents all API routes.",
+                        "An API contract enables automated schema validation, client SDK generation, and drift detection.",
+                        "Use tools like `zod-to-openapi` or `tsoa` to generate the spec from existing TypeScript code."
+                    ]
+                });
+            }
+            return findings;
+        }
+        const specContent = await readFileSafe(specFiles[0]);
+        const declaredPaths = parseDeclaredPaths(specContent);
+        const shadowRoutes = findShadowRoutes(codeRouteHits, declaredPaths);
+        if (shadowRoutes.length > 0) {
+            findings.push({
+                id: "API_SHADOW_ENDPOINT",
+                title: `${shadowRoutes.length} API route(s) in code not declared in OpenAPI spec — shadow endpoints`,
+                severity: "HIGH",
+                evidence: [...new Set(shadowRoutes)].slice(0, 15),
+                requiredActions: [
+                    "Add all undocumented routes to the OpenAPI specification.",
+                    "Shadow endpoints bypass API gateway policies, rate limiting, and schema validation.",
+                    "Automate spec generation (tsoa, zod-to-openapi) to prevent drift from recurring."
+                ]
+            });
+        }
+        if (/type:\s+object/.test(specContent) && !/properties:/.test(specContent)) {
+            findings.push({
+                id: "API_PERMISSIVE_SCHEMA",
+                title: "OpenAPI spec contains `type: object` without `properties` — accepts any payload shape",
+                severity: "MEDIUM",
+                files: [specFiles[0]],
+                requiredActions: [
+                    "Define explicit `properties` for all object schemas in the OpenAPI spec.",
+                    "Permissive schemas allow attackers to inject unexpected fields (mass assignment, prototype pollution).",
+                    "Set `additionalProperties: false` on request body schemas to enforce strict validation."
+                ]
+            });
+        }
+    }
+    catch (err) {
+        console.warn("[checkApiSchemaDrift] Internal error:", sanitizeErrorMessage(err instanceof Error ? err.message : String(err)));
+    }
     return findings;
 }

package/dist/gate/checks/ci-pipeline.js

@@ -0,0 +1,135 @@
+/**
+ * GitHub Actions CI/CD pipeline hardening checks.
+ * Covers supply chain attack vectors specific to GitHub Actions workflows.
+ */
+import { sanitizeErrorMessage } from "../result.js";
+import fg from "fast-glob";
+import { readFileSafe } from "../../repo/fs.js";
+export async function runCiPipelineChecks(_opts) {
+    const findings = [];
+    try {
+        const workflowFiles = await fg([".github/workflows/*.yml", ".github/workflows/*.yaml"], {
+            dot: true,
+            ignore: ["**/node_modules/**", "**/.git/**"]
+        });
+        if (workflowFiles.length === 0) {
+            return [];
+        }
+        const unpinnedFiles = [];
+        const pwnTargetFiles = [];
+        const secretEchoFiles = [];
+        const noPermissionsFiles = [];
+        const selfHostedFiles = [];
+        for (const file of workflowFiles) {
+            let content;
+            try {
+                content = await readFileSafe(file);
+            }
+            catch {
+                continue;
+            }
+            // Check 1: Third-party actions not pinned to a full 40-char SHA
+            // Matches `uses: owner/repo@tag` but NOT `uses: owner/repo@<40hex chars>`
+            // Also skip `uses: ./.github/actions/` (local actions are fine)
+            const actionLines = content.split("\n").filter((line) => /uses:\s+[a-zA-Z0-9_.-]+\/[a-zA-Z0-9_.-]+@/.test(line));
+            const unpinnedActions = actionLines.filter((line) => {
+                // Skip local actions
+                if (/uses:\s+\.\//.test(line))
+                    return false;
+                // Flag anything not pinned to a 40-char hex SHA
+                return !/uses:\s+[a-zA-Z0-9_.\-/]+@[0-9a-f]{40}/.test(line);
+            });
+            if (unpinnedActions.length > 0) {
+                unpinnedFiles.push(file);
+            }
+            // Check 2: pull_request_target + dynamic ref usage (pwn-request vector)
+            // Attacker controls the ref/sha when a PR from a fork triggers pull_request_target
+            if (/pull_request_target/.test(content) &&
+                /\$\{\{\s*github\.event\.pull_request\.head\.(sha|ref)\s*\}\}/.test(content)) {
+                pwnTargetFiles.push(file);
+            }
+            // Check 3: Secrets printed to logs via echo
+            if (/echo\s+\$\{\{\s*secrets\./.test(content)) {
+                secretEchoFiles.push(file);
+            }
+            // Check 4: No top-level permissions block
+            // Without explicit permissions, the default is write access to all scopes
+            if (!/^permissions:/m.test(content)) {
+                noPermissionsFiles.push(file);
+            }
+            // Check 5: Self-hosted runners (broader attack surface — runner compromise = code execution)
+            if (/runs-on:\s+self-hosted/.test(content)) {
+                selfHostedFiles.push(file);
+            }
+        }
+        if (unpinnedFiles.length > 0) {
+            findings.push({
+                id: "CI_UNPINNED_ACTION",
+                title: "GitHub Actions using mutable tags instead of pinned SHA digests",
+                severity: "HIGH",
+                files: unpinnedFiles.slice(0, 10),
+                requiredActions: [
+                    "Pin all third-party actions to a full 40-character commit SHA (e.g. `uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683`).",
+                    "Mutable tags like @v3 can be silently redirected to malicious commits — SHA pinning prevents supply chain substitution.",
+                    "Use a tool like `pin-github-action` or Dependabot to automate SHA pinning."
+                ]
+            });
+        }
+        if (pwnTargetFiles.length > 0) {
+            findings.push({
+                id: "CI_PWNTARGET_SHA",
+                title: "pull_request_target workflow uses attacker-controlled ref/SHA — pwn-request vector",
+                severity: "CRITICAL",
+                files: pwnTargetFiles.slice(0, 10),
+                requiredActions: [
+                    "Never use `${{ github.event.pull_request.head.sha }}` or `head.ref` inside a `pull_request_target` workflow that checks out or runs code from the PR.",
+                    "`pull_request_target` runs with write permissions and secrets access; the PR head is attacker-controlled.",
+                    "Use `pull_request` (not `pull_request_target`) for code that executes untrusted contributions, or add explicit guard conditions."
+                ]
+            });
+        }
+        if (secretEchoFiles.length > 0) {
+            findings.push({
+                id: "CI_SECRET_ECHO",
+                title: "GitHub Actions workflow echoes secrets to logs",
+                severity: "CRITICAL",
+                files: secretEchoFiles.slice(0, 10),
+                requiredActions: [
+                    "Remove any `echo ${{ secrets.* }}` statements — secrets printed to logs are visible to anyone with read access to the repository.",
+                    "GitHub masks known secret values in logs, but this is not reliable for all encodings.",
+                    "Pass secrets via environment variables (`env: MY_SECRET: ${{ secrets.MY_SECRET }}`) and read them in code, never echo them."
+                ]
+            });
+        }
+        if (noPermissionsFiles.length > 0) {
+            findings.push({
+                id: "CI_NO_PERMISSIONS",
+                title: "GitHub Actions workflows without explicit permissions block",
+                severity: "MEDIUM",
+                files: noPermissionsFiles.slice(0, 10),
+                requiredActions: [
+                    "Add an explicit `permissions:` block at the top of each workflow (or at the job level) to grant only the minimum required scopes.",
+                    "Without explicit permissions, the default is determined by org/repo settings — often write-all.",
+                    "Example minimal read-only: `permissions: { contents: read }`."
+                ]
+            });
+        }
+        if (selfHostedFiles.length > 0) {
+            findings.push({
+                id: "CI_SELF_HOSTED_RUNNER",
+                title: "GitHub Actions using self-hosted runners",
+                severity: "MEDIUM",
+                files: selfHostedFiles.slice(0, 10),
+                requiredActions: [
+                    "Self-hosted runners executing untrusted fork PRs can be compromised — restrict `pull_request` triggers on self-hosted runner workflows.",
+                    "Ensure self-hosted runners are ephemeral (destroyed after each job) and isolated from production networks.",
+                    "Use GitHub-hosted runners for public repositories or untrusted code paths."
+                ]
+            });
+        }
+    }
+    catch (err) {
+        console.warn("[runCiPipelineChecks] Internal error:", sanitizeErrorMessage(err instanceof Error ? err.message : String(err)));
+    }
+    return findings;
+}

package/dist/gate/checks/crypto.js

@@ -1,4 +1,31 @@
+/**
+ * Weak cryptography detection.
+ * Mapped to NIST SP 800-131A Rev 2.
+ */
+import { sanitizeErrorMessage } from "../result.js";
 import { searchRepo } from "../../repo/search.js";
+function checkPbkdf2Iterations(hits) {
+    for (const hit of hits) {
+        const iterMatch = /pbkdf2(?:Sync)?\s*\([^)]*?,\s*[^,]+,\s*(\d+)/.exec(hit.preview);
+        if (!iterMatch)
+            continue;
+        const iters = Number.parseInt(iterMatch[1], 10);
+        if (iters < 600000) {
+            return {
+                id: "CRYPTO_LOW_PBKDF2_ITERATIONS",
+                title: `PBKDF2 iteration count too low (${iters} < 600,000)`,
+                severity: "HIGH",
+                evidence: [`${hit.file}:${hit.line}:${hit.preview}`],
+                files: [hit.file],
+                requiredActions: [
+                    "Use ≥ 600,000 iterations for PBKDF2-SHA256 (OWASP 2023 recommendation).",
+                    "Prefer bcrypt (cost ≥ 12) or Argon2id instead."
+                ]
+            };
+        }
+    }
+    return null;
+}
 export async function checkCrypto(_opts) {
     const findings = [];
     try {
@@ -86,27 +113,9 @@ export async function checkCrypto(_opts) {
             isRegex: true,
             maxMatches: 200
         });
-        // Check for numeric iteration counts in the context
-        for (const hit of pbkdf2Hits) {
-            const iterMatch = /pbkdf2(?:Sync)?\s*\([^)]*?,\s*[^,]+,\s*(\d+)/.exec(hit.preview);
-            if (iterMatch) {
-                const iters = parseInt(iterMatch[1], 10);
-                if (iters < 600000) {
-                    findings.push({
-                        id: "CRYPTO_LOW_PBKDF2_ITERATIONS",
-                        title: `PBKDF2 iteration count too low (${iters} < 600,000)`,
-                        severity: "HIGH",
-                        evidence: [`${hit.file}:${hit.line}:${hit.preview}`],
-                        files: [hit.file],
-                        requiredActions: [
-                            "Use ≥ 600,000 iterations for PBKDF2-SHA256 (OWASP 2023 recommendation).",
-                            "Prefer bcrypt (cost ≥ 12) or Argon2id instead."
-                        ]
-                    });
-                    break;
-                }
-            }
-        }
+        const pbkdf2Finding = checkPbkdf2Iterations(pbkdf2Hits);
+        if (pbkdf2Finding)
+            findings.push(pbkdf2Finding);
         // 6. Hardcoded IV/nonce
         const hardcodedIvHits = await searchRepo({
             query: String.raw `iv\s*[:=]\s*(?:Buffer\.from\(['"][0-9a-fA-F]+['"]\)|['"][0-9a-fA-F]{16,}['"])`,
@@ -145,9 +154,69 @@ export async function checkCrypto(_opts) {
                 ]
             });
         }
+        // 8. Post-quantum readiness: RSA-1024
+        const rsa1024Hits = await searchRepo({
+            query: String.raw `modulusLength\s*:\s*1024|generateKeyPair\s*\(\s*['"]rsa['"][^)]*1024`,
+            isRegex: true,
+            maxMatches: 200
+        });
+        if (rsa1024Hits.length > 0) {
+            findings.push({
+                id: "CRYPTO_RSA_1024",
+                title: "RSA-1024 key detected — cryptographically broken",
+                severity: "CRITICAL",
+                evidence: rsa1024Hits.slice(0, 10).map((m) => `${m.file}:${m.line}:${m.preview}`),
+                files: [...new Set(rsa1024Hits.slice(0, 10).map((m) => m.file))],
+                requiredActions: [
+                    "Upgrade to RSA-4096 minimum, or migrate to ML-DSA (FIPS 204) / SLH-DSA (FIPS 205) for new key material.",
+                    "RSA-1024 is fully broken — NIST deprecated it in 2013 (SP 800-131A).",
+                    "For TLS certificates, reissue with RSA-4096 or ECDSA P-384 immediately."
+                ]
+            });
+        }
+        // 9. Post-quantum readiness: RSA-2048 warning
+        const rsa2048Hits = await searchRepo({
+            query: String.raw `modulusLength\s*:\s*2048|generateKeyPair\s*\(\s*['"]rsa['"][^)]*2048`,
+            isRegex: true,
+            maxMatches: 200
+        });
+        if (rsa2048Hits.length > 0) {
+            findings.push({
+                id: "CRYPTO_RSA_2048_PQC",
+                title: "RSA-2048 detected — quantum-vulnerable; plan migration to post-quantum algorithms",
+                severity: "MEDIUM",
+                evidence: rsa2048Hits.slice(0, 10).map((m) => `${m.file}:${m.line}:${m.preview}`),
+                files: [...new Set(rsa2048Hits.slice(0, 10).map((m) => m.file))],
+                requiredActions: [
+                    "RSA-2048 is currently secure against classical computers but will be broken by sufficiently large quantum computers.",
+                    "NIST finalized post-quantum standards in 2024: ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205).",
+                    "For long-lived keys or data requiring 10+ year secrecy: migrate to ML-DSA or use a hybrid classical+PQC scheme."
+                ]
+            });
+        }
+        // 10. Post-quantum readiness: ECDSA P-256 (informational)
+        const p256Hits = await searchRepo({
+            query: String.raw `prime256v1|secp256r1|namedCurve\s*:\s*['"]P-256['"]|namedCurve\s*:\s*['"]p256['"]`,
+            isRegex: true,
+            maxMatches: 200
+        });
+        if (p256Hits.length > 0) {
+            findings.push({
+                id: "CRYPTO_ECDSA_P256_PQC",
+                title: "ECDSA P-256 detected — quantum-vulnerable in the long term",
+                severity: "LOW",
+                evidence: p256Hits.slice(0, 10).map((m) => `${m.file}:${m.line}:${m.preview}`),
+                files: [...new Set(p256Hits.slice(0, 10).map((m) => m.file))],
+                requiredActions: [
+                    "P-256 (secp256r1) is secure today but vulnerable to Shor's algorithm on a sufficiently large quantum computer.",
+                    "NIST post-quantum signature standards: ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) are the recommended replacements.",
+                    "For new systems handling sensitive long-lived data, evaluate hybrid ECDSA+ML-DSA or pure ML-DSA."
+                ]
+            });
+        }
     }
     catch (err) {
-        console.warn("[checkCrypto] Internal error:", err instanceof Error ? err.message : String(err));
+        console.warn("[checkCrypto] Internal error:", sanitizeErrorMessage(err instanceof Error ? err.message : String(err)));
     }
     return findings;
 }

package/dist/gate/checks/database.js

@@ -1,3 +1,7 @@
+/**
+ * Database security checks.
+ */
+import { sanitizeErrorMessage } from "../result.js";
 import { searchRepo } from "../../repo/search.js";
 export async function checkDatabase(_opts) {
     const findings = [];
@@ -138,7 +142,7 @@ export async function checkDatabase(_opts) {
         }
     }
     catch (err) {
-        console.warn("[checkDatabase] Internal error:", err instanceof Error ? err.message : String(err));
+        console.warn("[checkDatabase] Internal error:", sanitizeErrorMessage(err instanceof Error ? err.message : String(err)));
     }
     return findings;
 }