security-mcp 1.1.4 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (129) hide show
  1. package/README.md +116 -264
  2. package/defaults/checklists/ai.json +20 -1
  3. package/defaults/checklists/api.json +35 -1
  4. package/defaults/checklists/infra.json +34 -1
  5. package/defaults/checklists/mobile.json +23 -1
  6. package/defaults/checklists/payments.json +15 -1
  7. package/defaults/checklists/web.json +11 -1
  8. package/defaults/security-policy.json +2 -2
  9. package/dist/cli/index.js +0 -0
  10. package/dist/gate/baseline.js +82 -7
  11. package/dist/gate/catalog.js +10 -2
  12. package/dist/gate/checks/ai.js +757 -39
  13. package/dist/gate/checks/auth-deep.js +920 -216
  14. package/dist/gate/checks/business-logic.js +751 -0
  15. package/dist/gate/checks/ci-pipeline.js +399 -4
  16. package/dist/gate/checks/crypto.js +423 -2
  17. package/dist/gate/checks/dependencies.js +571 -15
  18. package/dist/gate/checks/graphql.js +201 -19
  19. package/dist/gate/checks/infra.js +246 -1
  20. package/dist/gate/checks/injection-deep.js +827 -184
  21. package/dist/gate/checks/k8s.js +114 -1
  22. package/dist/gate/checks/mobile-android.js +917 -3
  23. package/dist/gate/checks/mobile-ios.js +797 -5
  24. package/dist/gate/checks/required-artifacts.js +194 -0
  25. package/dist/gate/checks/runtime.js +178 -0
  26. package/dist/gate/checks/secrets.js +244 -13
  27. package/dist/gate/checks/supply-chain-deep.js +787 -0
  28. package/dist/gate/checks/web-nextjs.js +572 -48
  29. package/dist/gate/diff.js +17 -5
  30. package/dist/gate/evidence.js +8 -1
  31. package/dist/gate/exceptions.js +131 -9
  32. package/dist/gate/policy.js +280 -131
  33. package/dist/mcp/audit-chain.js +122 -28
  34. package/dist/mcp/auth.js +169 -0
  35. package/dist/mcp/learning.js +129 -4
  36. package/dist/mcp/model-router.js +158 -21
  37. package/dist/mcp/orchestration.js +186 -51
  38. package/dist/mcp/server.js +337 -53
  39. package/dist/repo/fs.js +24 -1
  40. package/dist/repo/search.js +31 -6
  41. package/dist/review/store.js +52 -1
  42. package/package.json +7 -7
  43. package/skills/_TEMPLATE/SKILL.md +99 -0
  44. package/skills/advanced-dos-tester/SKILL.md +109 -0
  45. package/skills/agentic-loop-exploiter/SKILL.md +368 -0
  46. package/skills/ai-llm-redteam/SKILL.md +104 -0
  47. package/skills/ai-model-supply-chain-agent/SKILL.md +103 -0
  48. package/skills/algorithm-implementation-reviewer/SKILL.md +98 -0
  49. package/skills/android-penetration-tester/SKILL.md +455 -46
  50. package/skills/anti-replay-tester/SKILL.md +106 -0
  51. package/skills/appsec-code-auditor/SKILL.md +85 -0
  52. package/skills/artifact-integrity-analyst/SKILL.md +441 -0
  53. package/skills/attack-navigator/SKILL.md +467 -8
  54. package/skills/auth-session-hacker/SKILL.md +102 -0
  55. package/skills/aws-penetration-tester/SKILL.md +456 -0
  56. package/skills/azure-penetration-tester/SKILL.md +490 -3
  57. package/skills/binary-auth-validator/SKILL.md +111 -0
  58. package/skills/bot-detection-specialist/SKILL.md +109 -0
  59. package/skills/business-logic-attacker/SKILL.md +231 -0
  60. package/skills/capec-code-mapper/SKILL.md +84 -0
  61. package/skills/cert-pin-rotation-specialist/SKILL.md +112 -0
  62. package/skills/cicd-pipeline-hijacker/SKILL.md +405 -0
  63. package/skills/ciso-orchestrator/SKILL.md +454 -43
  64. package/skills/cloud-infra-specialist/SKILL.md +118 -0
  65. package/skills/compliance-gap-analyst/SKILL.md +422 -0
  66. package/skills/compliance-grc/SKILL.md +85 -0
  67. package/skills/compliance-lifecycle-tracker/SKILL.md +84 -0
  68. package/skills/credential-stuffing-specialist/SKILL.md +102 -0
  69. package/skills/crypto-pki-specialist/SKILL.md +87 -0
  70. package/skills/csa-ccm-mapper/SKILL.md +84 -0
  71. package/skills/csf2-governance-mapper/SKILL.md +84 -0
  72. package/skills/deep-link-fuzzer/SKILL.md +109 -0
  73. package/skills/dependency-confusion-attacker/SKILL.md +415 -0
  74. package/skills/device-integrity-aggregator/SKILL.md +108 -0
  75. package/skills/dos-resilience-tester/SKILL.md +97 -0
  76. package/skills/dread-scorer/SKILL.md +84 -0
  77. package/skills/egress-policy-enforcer/SKILL.md +99 -0
  78. package/skills/evidence-collector/SKILL.md +98 -0
  79. package/skills/file-upload-attacker/SKILL.md +109 -0
  80. package/skills/gcp-penetration-tester/SKILL.md +459 -2
  81. package/skills/git-history-secret-scanner/SKILL.md +106 -0
  82. package/skills/iam-privesc-graph-builder/SKILL.md +152 -0
  83. package/skills/incident-responder/SKILL.md +111 -0
  84. package/skills/injection-specialist/SKILL.md +102 -0
  85. package/skills/ios-security-auditor/SKILL.md +282 -0
  86. package/skills/json-ambiguity-tester/SKILL.md +0 -0
  87. package/skills/k8s-container-escaper/SKILL.md +384 -0
  88. package/skills/key-management-lifecycle-analyst/SKILL.md +98 -0
  89. package/skills/kill-switch-engineer/SKILL.md +102 -0
  90. package/skills/linddun-privacy-analyst/SKILL.md +102 -0
  91. package/skills/logic-race-fuzzer/SKILL.md +443 -0
  92. package/skills/mobile-api-network-attacker/SKILL.md +421 -0
  93. package/skills/mobile-binary-hardener/SKILL.md +102 -0
  94. package/skills/mobile-security-specialist/SKILL.md +85 -0
  95. package/skills/mobile-webview-auditor/SKILL.md +96 -0
  96. package/skills/model-extraction-attacker/SKILL.md +219 -0
  97. package/skills/multipart-abuse-tester/SKILL.md +84 -0
  98. package/skills/oauth-pkce-specialist/SKILL.md +104 -0
  99. package/skills/parser-exhaustion-tester/SKILL.md +142 -0
  100. package/skills/pentest-infra/SKILL.md +98 -0
  101. package/skills/pentest-social/SKILL.md +201 -0
  102. package/skills/pentest-team/SKILL.md +87 -0
  103. package/skills/pentest-web-api/SKILL.md +98 -0
  104. package/skills/privacy-flow-analyst/SKILL.md +234 -0
  105. package/skills/prompt-injection-specialist/SKILL.md +394 -0
  106. package/skills/quantum-migration-planner/SKILL.md +96 -0
  107. package/skills/rag-poisoning-specialist/SKILL.md +358 -0
  108. package/skills/registry-mirror-enforcer/SKILL.md +84 -0
  109. package/skills/rotation-validation-agent/SKILL.md +112 -0
  110. package/skills/samm-assessor/SKILL.md +85 -0
  111. package/skills/secrets-mask-bypass-tester/SKILL.md +100 -0
  112. package/skills/senior-security-engineer/SKILL.md +167 -0
  113. package/skills/serialization-memory-attacker/SKILL.md +332 -0
  114. package/skills/session-timeout-tester/SKILL.md +161 -0
  115. package/skills/slsa-level3-enforcer/SKILL.md +112 -0
  116. package/skills/slsa-provenance-enforcer/SKILL.md +102 -0
  117. package/skills/ssrf-detection-validator/SKILL.md +108 -0
  118. package/skills/step-up-auth-enforcer/SKILL.md +84 -0
  119. package/skills/stride-pasta-analyst/SKILL.md +420 -0
  120. package/skills/supply-chain-devsecops/SKILL.md +98 -0
  121. package/skills/threat-infrastructure-analyst/SKILL.md +84 -0
  122. package/skills/threat-modeler/SKILL.md +85 -0
  123. package/skills/tls-certificate-auditor/SKILL.md +573 -18
  124. package/skills/token-reuse-detector/SKILL.md +95 -0
  125. package/skills/trike-risk-modeler/SKILL.md +84 -0
  126. package/skills/unicode-homograph-tester/SKILL.md +84 -0
  127. package/skills/waf-rule-lifecycle-agent/SKILL.md +97 -0
  128. package/skills/webhook-security-tester/SKILL.md +102 -0
  129. package/skills/zero-trust-architect/SKILL.md +109 -0
@@ -209,3 +209,112 @@ Trust model: VPC membership = trusted; external = untrusted
209
209
  - `requiredActions`: phased ZTA adoption steps
210
210
  - `complianceImpact`: framework mappings
211
211
  - `beyondSkillMd`: true — ZTA is beyond standard policy coverage
212
+
213
+ Every findings JSON MUST include `intelligenceForOtherAgents`:
214
+ ```json
215
+ {
216
+ "intelligenceForOtherAgents": {
217
+ "forPentestTeam": [{ "type": "HIGH_VALUE_TARGET", "description": "Service with IP-based trust and no mTLS — pivot directly from any pod in the VPC", "exploitHint": "kubectl exec into low-privilege pod; curl internal service without cert — if 200, IP trust confirmed exploitable" }],
218
+ "forCryptoSpecialist": [{ "type": "CRYPTO_WEAKNESS_REFERENCE", "algorithm": "mTLS certificate authority", "location": "Check CA key strength, rotation schedule, and whether self-signed CAs are in use for internal mTLS" }],
219
+ "forCloudSpecialist": [{ "type": "SSRF_TO_CLOUD_CHAIN", "ssrfLocation": "Any service with IMDS access and no mTLS — SSRF can retrieve instance credentials", "escalationPath": "SSRF to IMDS v1 (no token required) to IAM role credentials to lateral movement across VPC trust boundary" }],
220
+ "forComplianceGrc": [{ "type": "COMPLIANCE_BLOCKER", "frameworks": ["PCI DSS Req 1.3", "SOC 2 CC6.6", "NIST 800-207"], "releaseBlock": true }]
221
+ }
222
+ }
223
+ ```
224
+
225
+ ---
226
+
227
+ ## BEYOND SKILL.MD — MANDATORY EXPANSIONS
228
+
229
+ - **OIDC Workload Identity Federation Audience Confusion (ATT&CK T1552.001 / Real-World: 2023 CircleCI breach):** An attacker who compromises a CI/CD OIDC token can replay it against any cloud workload identity binding that lacks a strict `sub` or `aud` claim condition. In the CircleCI incident, stolen environment secrets (equivalent to unconstrained OIDC tokens) allowed lateral movement into customer AWS accounts. Test by: forge a JWT with a valid `iss` but mismatched `sub` claim and POST it to the token exchange endpoint (`sts.amazonaws.com` / `iam.googleapis.com`) — if it returns credentials, the binding is misconfigured. Finding threshold: any workload identity binding without an exact `sub` match condition or accepting wildcard audience is a CRITICAL finding.
230
+
231
+ - **eBPF Sidecar Bypass for mTLS Interception (CVE-2023-2728 / ATT&CK T1040):** A container with `CAP_BPF` or `CAP_NET_ADMIN` can attach an eBPF program to a cgroup socket that intercepts plaintext traffic before the Istio/Envoy sidecar encrypts it, silently breaking the mTLS guarantee without any `PeerAuthentication` policy change. CVE-2023-2728 demonstrated privilege escalation via Kubernetes admission bypass enabling unsafe capabilities. Test by: run `kubectl exec` into a pod and attempt `bpftool prog load` — if successful without privileged SCC/PSA, the cluster allows eBPF-based interception. Finding threshold: any pod with `CAP_BPF`, `CAP_NET_ADMIN`, or `privileged: true` in a namespace with mTLS-protected workloads is a HIGH finding.
232
+
233
+ - **AI-Assisted Lateral Movement via Mesh Trust Graph Enumeration (ATT&CK T1046 / Research: "Graph-of-Thought" LLM pivot chains, 2024):** An attacker with a single compromised pod can use an LLM (GPT-4o, local Llama) to automatically enumerate all reachable services via DNS resolution, parse Kubernetes RBAC and AuthorizationPolicies from the API server (if `system:discovery` is granted), and generate a ranked list of lateral movement paths in under 60 seconds — faster than any SOC analyst can triage. This was demonstrated in academic research on LLM-assisted network reconnaissance in 2024. Test by: from a low-privilege pod, run `kubectl get authorizationpolicies -A` and `curl -k https://kubernetes.default.svc/api/v1/services` — if either succeeds without explicit binding, automated enumeration is possible. Finding threshold: any unauthenticated or over-permissive API server discovery response in a ZTA-claimed environment is a CRITICAL control failure.
234
+
235
+ - **Post-Quantum Harvest-Now-Decrypt-Later Against mTLS Session Keys (NIST FIPS 203 / ATT&CK T1040):** Nation-state adversaries are actively capturing encrypted east-west traffic (Shodan-scale passive capture) with the intent to decrypt it once cryptographically relevant quantum computers (CRQCs) are available (~2028–2032). Current mTLS using ECDHE-P256 or X25519 provides no forward secrecy against a CRQC. NIST finalized ML-KEM (Kyber) as FIPS 203 in 2024 — service meshes must begin hybrid TLS migration now. Test by: `openssl s_client -connect <service>:<port>` and inspect the `Server Temp Key` line — if it shows `ECDH, P-256` or `X25519` without a PQ hybrid, the session is harvest-vulnerable. Finding threshold: any mTLS endpoint not offering a `X25519MLKEM768` or equivalent PQ hybrid cipher suite is a MEDIUM finding today, escalating to CRITICAL after 2027.
236
+
237
+ - **Continuous Validation Token Replay Within Revocation Cache TTL (CWE-613 / ATT&CK T1550.001):** Even with per-request JWT validation, if the token revocation cache has a TTL of 30–300 seconds (common Redis defaults), a stolen token remains valid for the full TTL window. An attacker who exfiltrates a token via XSS or a compromised log sink has a guaranteed replay window. The `jti` (JWT ID) claim is the only reliable per-token uniqueness marker, but most implementations check only expiry. Test by: authenticate to obtain a valid JWT, call `POST /auth/logout` (or equivalent revocation), then immediately replay the same token to a protected endpoint — if it returns 200, the revocation cache is not consulted on every request. Finding threshold: any successful authenticated request using a token after explicit revocation is a HIGH finding; TTL > 60 seconds on the revocation cache is a MEDIUM finding.
238
+
239
+ - **EU Cyber Resilience Act (CRA) Mandatory Attestation Gap for Service Mesh Components (Regulatory Deadline: 2027 / Supply Chain Risk):** The EU CRA (effective 2024, enforcement 2027) requires software attestation and SBOM for any "product with digital elements" — this explicitly includes service mesh control-plane and data-plane components (Istio, Envoy, Linkerd) when deployed in products sold to EU customers. Organizations without a CycloneDX or SPDX SBOM for their mesh components, and without SLSA Level 2 provenance for internal service images traversing the mesh, face regulatory non-compliance and potential market exclusion. Test by: run `syft image istio/pilot:<version> -o cyclonedx-json` and `cosign verify <image>` against the mesh control-plane image — if either fails or returns no provenance attestation, the component is CRA non-compliant. Finding threshold: any mesh component without a verifiable SBOM and SLSA L2+ attestation in a product targeting EU markets is a HIGH compliance finding with a hard 2027 deadline.
240
+
241
+ ---
242
+
243
+ ## §EDGE-CASE-MATRIX
244
+
245
+ The 5 Zero Trust attack cases that automated scanners and naive manual review universally miss. MANDATORY checks — do not skip.
246
+
247
+ | # | Edge Case | Why Scanners Miss It | Concrete Test |
248
+ |---|-----------|----------------------|---------------|
249
+ | 1 | mTLS bypass via permissive `PERMISSIVE` mode left on one namespace | Scanners check that Istio is installed; they do not enumerate PeerAuthentication mode per namespace | `kubectl get peerauthentication -A -o json \| jq '.items[] \| select(.spec.mtls.mode != "STRICT")'` — any non-STRICT namespace is an open east-west pivot |
250
+ | 2 | JWT `alg:none` accepted by internal service that trusts sidecar validation | Services may skip JWT verification assuming the sidecar already verified it; attacker forges token with `alg:none` and bypasses sidecar by calling the pod port directly | Port-forward directly to the container port (bypassing Istio sidecar) and send a token with `"alg":"none","typ":"JWT"` — check if the service accepts it |
251
+ | 3 | Workload Identity federation misconfiguration allows cross-project impersonation | IAM binding `roles/iam.workloadIdentityUser` set on `allUsers` or a wildcard service account audience | `gcloud iam service-accounts get-iam-policy SA_EMAIL` — look for `allUsers` or overly broad `principalSet` in the binding condition |
252
+ | 4 | Kubernetes NetworkPolicy allows `0.0.0.0/0` egress — microsegmentation is illusory | NetworkPolicy `ingress` rules are reviewed; `egress` rules that permit all outbound are ignored | `kubectl get networkpolicy -A -o json \| jq '.items[] \| select(.spec.egress[]?.to == null)'` — null egress selector = allow all |
253
+ | 5 | Continuous validation middleware skipped for webhook/internal callback endpoints | Middleware chains are written for user-facing routes; internal webhook receivers and health-check endpoints are registered before the auth middleware | Enumerate all routes registered before the auth middleware chain; send unauthenticated POST to each `/webhook`, `/callback`, `/internal/*` path |
254
+
255
+ ---
256
+
257
+ ## §TEMPORAL-THREATS
258
+
259
+ Threats materialising in the 2025–2030 window that ZTA defences designed today must account for.
260
+
261
+ | Threat | Est. Timeline | Relevance to Zero Trust | Prepare Now By |
262
+ |--------|--------------|-------------------------|----------------|
263
+ | Cryptographically Relevant Quantum Computer (CRQC) breaks mTLS certificate chains | 2028–2032 | All TLS 1.3 session keys negotiated with ECDHE are retroactively breakable via harvest-now-decrypt-later; PKI underpinning mTLS is compromised | Inventory all internal CA and mTLS certificate algorithms; plan migration to ML-KEM (FIPS 203) hybrid TLS; begin testing TLS agility in service mesh |
264
+ | AI-assisted lateral movement: LLM-generated pivot chains from minimal foothold | 2025–2027 (active) | Attacker with a single compromised pod can use AI to auto-enumerate misconfigured trust paths across the mesh in minutes | Assume an attacker inside the mesh has full AI-assisted enumeration; audit every AuthorizationPolicy for least-privilege completeness, not just the obvious paths |
265
+ | Workload identity federation attacks on cloud-native CI/CD | 2025–2026 (active) | OIDC-based workload identity is the new target: compromise the OIDC issuer or misconfigure audience binding to escalate from CI runner to prod IAM role | Enforce strict `sub` and `aud` claim conditions on every workload identity binding; rotate trusted OIDC issuers list quarterly |
266
+ | EU CRA mandatory device attestation requirements | 2026–2027 | Connected devices accessing enterprise resources must provide hardware attestation; soft device posture checks will no longer satisfy regulatory compliance | Migrate device trust from agent-reported posture to hardware-backed attestation (TPM 2.0 / Apple Secure Enclave) before CRA enforcement |
267
+ | eBPF-based kernel exploits bypassing sidecar-based mTLS | 2026–2028 | eBPF programs with `CAP_BPF` can intercept traffic before it reaches the Istio sidecar, rendering mTLS inspection moot | Restrict `CAP_BPF` via Kubernetes admission; deploy Falco eBPF rules to detect unauthorized BPF program loads; evaluate kernel-level mTLS (WireGuard CNI) as defence-in-depth |
268
+ | Mandatory SBOM + SLSA for service mesh components (US EO 14028 / EU CRA) | 2025–2026 (active) | Istio, Envoy, and Linkerd are in-scope for SBOM requirements; unattested mesh components in the data path are a supply-chain risk | Generate CycloneDX SBOM for all mesh control-plane and data-plane components; achieve SLSA L2 minimum for internal service images traversing the mesh |
269
+
270
+ ---
271
+
272
+ ## §DETECTION-GAP
273
+
274
+ What current security monitoring CANNOT detect in a Zero Trust architecture, and what to build to close each gap.
275
+
276
+ **ZTA-specific gaps that MUST be checked:**
277
+
278
+ - **mTLS certificate impersonation via stolen workload cert**: If a pod's private key is exfiltrated (e.g., through a container escape), the attacker can impersonate that workload identity indefinitely until cert rotation. Standard logs show valid mutual authentication — no alert fires. Need: cert lifetime monitoring (alert on any cert with TTL > 24h for workload identities); detect private key material appearing outside the expected pod filesystem path via Falco rule `(fd.name startswith "/proc/" and fd.name contains "ssl/private")`.
279
+ - **Sidecar bypass via direct pod-to-pod IP call**: A compromised pod calling another pod's IP directly on the container port (not the mesh port) bypasses Istio entirely — the PeerAuthentication policy is never evaluated. Need: Falco or eBPF network rule alerting on any TCP connection to a pod port that does not originate from `127.0.0.1` (the sidecar) or the CNI bridge.
280
+ - **Token replay within the continuous validation window**: A stolen JWT is valid until the next revocation check cycle. If the revocation cache TTL is 60 seconds, an attacker has a 60-second replay window per stolen token. Need: per-`jti` usage frequency monitoring — flag any `jti` value seen more than once per second across different source IPs.
281
+ - **Gradual privilege creep through AuthorizationPolicy drift**: Individual AuthorizationPolicy changes are individually reviewed and approved, but over months the cumulative effect is a service that can call every other service in the mesh. Standard SIEM looks at individual changes, not cumulative access graphs. Need: weekly AuthorizationPolicy graph diff — compare current effective access graph to the baseline and alert on any new service-to-service path added since last week.
282
+ - **Cross-agent ZTA attack chains invisible to individual scanners**: An IP-based trust finding from network scan + a long-lived credential finding from IAM scan = a CRITICAL lateral movement chain (pivot to trusted IP, then use long-lived credential for persistence). Neither scanner flags the chain. Need: CISO orchestrator Phase 1 synthesis — correlate all ZTA findings across agents before Phase 2 to surface compound chains.
283
+
284
+ ---
285
+
286
+ ## §ZERO-MISS-MANDATE
287
+
288
+ This agent CANNOT declare any ZTA attack class clean without explicit evidence of checking. For each item, output one of:
289
+ - `CHECKED: [N files] | [patterns used] | CLEAN`
290
+ - `CHECKED: [N files] | [patterns used] | [N findings, all fixed]`
291
+ - `SKIPPED: [reason — must be "not applicable: [evidence]"]`
292
+
293
+ **Silent skip = FAILED COVERAGE.** The orchestrator flags this as a quality gap.
294
+
295
+ **Mandatory ZTA attack classes — all must be covered:**
296
+
297
+ | Attack Class | Patterns to Search | Files to Check |
298
+ |---|---|---|
299
+ | IP-based implicit trust | `req.ip`, `startsWith("10.")`, `trusted.*subnet`, `internal.*network` | All API middleware, gateway config |
300
+ | Missing mTLS enforcement | `PeerAuthentication`, `mtls.mode`, `PERMISSIVE` | All `k8s/**/*.yaml`, Istio config |
301
+ | Long-lived service credentials | `serviceAccountKey`, `credentials.json`, `GOOGLE_APPLICATION_CREDENTIALS` pointing to file | Dockerfile, CI config, env files |
302
+ | Missing NetworkPolicy egress restriction | `egress: []`, null egress selector | All NetworkPolicy manifests |
303
+ | JWT `alg:none` or weak algorithm acceptance | `alg.*none`, `algorithms.*["none"]`, `verify.*false` | All JWT validation code |
304
+ | Continuous validation bypass | route registration before auth middleware, `/webhook`, `/internal`, `/callback` without auth | All router/server entrypoints |
305
+ | Workload Identity audience misconfiguration | `allUsers`, wildcard `principalSet` in IAM bindings | All Terraform IAM, GCP IAM policy files |
306
+
307
+ The output findings JSON MUST include a `coverageManifest` key:
308
+ ```json
309
+ {
310
+ "coverageManifest": {
311
+ "attackClassesCovered": [
312
+ { "class": "IP-Based Implicit Trust", "filesReviewed": 23, "patterns": ["req.ip", "startsWith(\"10.\")", "trusted.*subnet"], "result": "CLEAN" },
313
+ { "class": "Missing mTLS Enforcement", "filesReviewed": 14, "patterns": ["PeerAuthentication", "mtls.mode", "PERMISSIVE"], "result": "2 findings, both fixed" }
314
+ ],
315
+ "filesReviewed": 47,
316
+ "negativeAssertions": ["IP-Based Implicit Trust: pattern searched across 23 files — 0 matches"],
317
+ "uncoveredReason": {}
318
+ }
319
+ }
320
+ ```