npm - shellward - Versions diffs - 0.7.10 → 0.7.11 - Mend

shellward 0.7.10 → 0.7.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@
 [![npm](https://img.shields.io/npm/v/shellward?color=cb0000&label=npm)](https://www.npmjs.com/package/shellward)
 [![license](https://img.shields.io/badge/license-Apache--2.0-blue)](./LICENSE)
-[![tests](https://img.shields.io/badge/tests-302%20passing-brightgreen)](#performance)
+[![tests](https://img.shields.io/badge/tests-303%20passing-brightgreen)](#performance)
 [![deps](https://img.shields.io/badge/dependencies-0-brightgreen)](#performance)
 **🌐 官网: https://jnmetacode.github.io/shellward/**

package/dist/compliance/audit.js CHANGED Viewed

@@ -121,17 +121,52 @@ export function runProjectComplianceAudit(config, root) {
     }
     // CLI 静态扫描：未部署运行时 → 能力/审计类不虚报"已启用"，只如实评估项目证据
     const report = runComplianceAudit(config, env, { deployed: false });
+    // 「敏感个人信息识别」这条静态扫描确实做得到 —— 直接连到扫描结果，不再标"待核验"
+    const piiCount = scan.findings.filter(f => f.kind === 'pii').length;
+    const spi = report.results.find(r => r.control.id === 'pipl-spi-detect');
+    if (spi) {
+        if (piiCount > 0) {
+            spi.status = 'fail';
+            spi.detail_zh = `扫描在项目文件中发现 ${piiCount} 处个人信息暴露（见上方「项目实测风险」）— 需评估最小必要并脱敏`;
+            spi.detail_en = `Scan found ${piiCount} PII exposure(s) in files — assess minimization & de-identify`;
+        }
+        else {
+            spi.status = 'pass';
+            spi.detail_zh = '已扫描项目文件，未发现明文个人信息暴露（运行时 PII 处理建议仍接入 ShellWard）';
+            spi.detail_en = 'Scanned files; no plaintext PII exposure found';
+        }
+    }
+    // override 改了状态 → 重算计数与控制项得分
+    recount(report);
+    const baseScore = computeScore(report.results);
     // 发现驱动评分：项目实测风险按严重度扣分（封顶 40），使分数反映"你的真实风险"
     const penalty = computeProjectPenalty(scan);
-    if (penalty > 0) {
-        report.score = Math.max(0, report.score - penalty);
-        report.grade = gradeOf(report.score);
+    report.score = Math.max(0, baseScore - penalty);
+    report.grade = gradeOf(report.score);
+    if (penalty > 0)
         report.projectPenalty = penalty;
-    }
     report.staticScan = true;
     report.filesScanned = scan.filesScanned;
     return { report, scan };
 }
+/** 重新统计 pass/warn/fail/manual 计数（控制项状态被覆盖后调用） */
+function recount(report) {
+    let passed = 0, warned = 0, failed = 0, manual = 0;
+    for (const r of report.results) {
+        if (r.status === 'pass')
+            passed++;
+        else if (r.status === 'warn')
+            warned++;
+        else if (r.status === 'fail')
+            failed++;
+        else
+            manual++;
+    }
+    report.passed = passed;
+    report.warned = warned;
+    report.failed = failed;
+    report.manual = manual;
+}
 const FINDING_PENALTY = { critical: 8, high: 4, medium: 1 };
 const MAX_PROJECT_PENALTY = 40;
 function computeProjectPenalty(scan) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shellward",
-  "version": "0.7.10",
+  "version": "0.7.11",
   "mcpName": "io.github.jnMetaCode/shellward",
   "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
   "keywords": [

package/src/compliance/audit.ts CHANGED Viewed

@@ -189,19 +189,48 @@ export function runProjectComplianceAudit(config: ShellWardConfig, root: string)
   // CLI 静态扫描：未部署运行时 → 能力/审计类不虚报"已启用"，只如实评估项目证据
   const report = runComplianceAudit(config, env, { deployed: false })
+  // 「敏感个人信息识别」这条静态扫描确实做得到 —— 直接连到扫描结果，不再标"待核验"
+  const piiCount = scan.findings.filter(f => f.kind === 'pii').length
+  const spi = report.results.find(r => r.control.id === 'pipl-spi-detect')
+  if (spi) {
+    if (piiCount > 0) {
+      spi.status = 'fail'
+      spi.detail_zh = `扫描在项目文件中发现 ${piiCount} 处个人信息暴露（见上方「项目实测风险」）— 需评估最小必要并脱敏`
+      spi.detail_en = `Scan found ${piiCount} PII exposure(s) in files — assess minimization & de-identify`
+    } else {
+      spi.status = 'pass'
+      spi.detail_zh = '已扫描项目文件，未发现明文个人信息暴露（运行时 PII 处理建议仍接入 ShellWard）'
+      spi.detail_en = 'Scanned files; no plaintext PII exposure found'
+    }
+  }
+  // override 改了状态 → 重算计数与控制项得分
+  recount(report)
+  const baseScore = computeScore(report.results)
   // 发现驱动评分：项目实测风险按严重度扣分（封顶 40），使分数反映"你的真实风险"
   const penalty = computeProjectPenalty(scan)
-  if (penalty > 0) {
-    report.score = Math.max(0, report.score - penalty)
-    report.grade = gradeOf(report.score)
-    report.projectPenalty = penalty
-  }
+  report.score = Math.max(0, baseScore - penalty)
+  report.grade = gradeOf(report.score)
+  if (penalty > 0) report.projectPenalty = penalty
   report.staticScan = true
   report.filesScanned = scan.filesScanned
   return { report, scan }
 }
+/** 重新统计 pass/warn/fail/manual 计数（控制项状态被覆盖后调用） */
+function recount(report: ComplianceReport): void {
+  let passed = 0, warned = 0, failed = 0, manual = 0
+  for (const r of report.results) {
+    if (r.status === 'pass') passed++
+    else if (r.status === 'warn') warned++
+    else if (r.status === 'fail') failed++
+    else manual++
+  }
+  report.passed = passed; report.warned = warned; report.failed = failed; report.manual = manual
+}
 const FINDING_PENALTY = { critical: 8, high: 4, medium: 1 } as const
 const MAX_PROJECT_PENALTY = 40