ship-safe 6.1.1 → 6.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +735 -641
  2. package/cli/agents/api-fuzzer.js +345 -345
  3. package/cli/agents/auth-bypass-agent.js +348 -348
  4. package/cli/agents/base-agent.js +272 -272
  5. package/cli/agents/cicd-scanner.js +236 -201
  6. package/cli/agents/config-auditor.js +521 -521
  7. package/cli/agents/deep-analyzer.js +6 -2
  8. package/cli/agents/git-history-scanner.js +170 -170
  9. package/cli/agents/html-reporter.js +568 -568
  10. package/cli/agents/index.js +84 -84
  11. package/cli/agents/injection-tester.js +500 -500
  12. package/cli/agents/llm-redteam.js +251 -251
  13. package/cli/agents/mobile-scanner.js +231 -231
  14. package/cli/agents/orchestrator.js +322 -322
  15. package/cli/agents/pii-compliance-agent.js +301 -301
  16. package/cli/agents/scoring-engine.js +248 -248
  17. package/cli/agents/supabase-rls-agent.js +154 -154
  18. package/cli/agents/supply-chain-agent.js +650 -507
  19. package/cli/bin/ship-safe.js +452 -426
  20. package/cli/commands/agent.js +608 -608
  21. package/cli/commands/audit.js +986 -980
  22. package/cli/commands/baseline.js +193 -193
  23. package/cli/commands/ci.js +342 -342
  24. package/cli/commands/deps.js +516 -516
  25. package/cli/commands/doctor.js +159 -159
  26. package/cli/commands/fix.js +218 -218
  27. package/cli/commands/hooks.js +268 -0
  28. package/cli/commands/init.js +407 -407
  29. package/cli/commands/mcp.js +304 -304
  30. package/cli/commands/red-team.js +7 -1
  31. package/cli/commands/remediate.js +798 -798
  32. package/cli/commands/rotate.js +571 -571
  33. package/cli/commands/scan.js +569 -569
  34. package/cli/commands/score.js +449 -449
  35. package/cli/commands/watch.js +281 -281
  36. package/cli/hooks/patterns.js +313 -0
  37. package/cli/hooks/post-tool-use.js +140 -0
  38. package/cli/hooks/pre-tool-use.js +186 -0
  39. package/cli/index.js +73 -69
  40. package/cli/providers/llm-provider.js +397 -287
  41. package/cli/utils/autofix-rules.js +74 -74
  42. package/cli/utils/cache-manager.js +311 -311
  43. package/cli/utils/output.js +230 -230
  44. package/cli/utils/patterns.js +1121 -1121
  45. package/cli/utils/pdf-generator.js +94 -94
  46. package/package.json +69 -69
  47. package/configs/supabase/rls-templates.sql +0 -242
package/cli/agents/index.js CHANGED
@@ -1,84 +1,84 @@
1
- /**
2
- * Agent Registry
3
- * ===============
4
- *
5
- * Central export of all agents and supporting classes.
6
- */
7
-
8
- export { BaseAgent, createFinding } from './base-agent.js';
9
- export { Orchestrator } from './orchestrator.js';
10
- export { ReconAgent } from './recon-agent.js';
11
- export { InjectionTester } from './injection-tester.js';
12
- export { AuthBypassAgent } from './auth-bypass-agent.js';
13
- export { SSRFProber } from './ssrf-prober.js';
14
- export { SupplyChainAudit } from './supply-chain-agent.js';
15
- export { ConfigAuditor } from './config-auditor.js';
16
- export { LLMRedTeam } from './llm-redteam.js';
17
- export { MobileScanner } from './mobile-scanner.js';
18
- export { GitHistoryScanner } from './git-history-scanner.js';
19
- export { CICDScanner } from './cicd-scanner.js';
20
- export { APIFuzzer } from './api-fuzzer.js';
21
- export { SupabaseRLSAgent } from './supabase-rls-agent.js';
22
- export { MCPSecurityAgent } from './mcp-security-agent.js';
23
- export { AgenticSecurityAgent } from './agentic-security-agent.js';
24
- export { RAGSecurityAgent } from './rag-security-agent.js';
25
- export { PIIComplianceAgent } from './pii-compliance-agent.js';
26
- export { VibeCodingAgent } from './vibe-coding-agent.js';
27
- export { ExceptionHandlerAgent } from './exception-handler-agent.js';
28
- export { AgentConfigScanner } from './agent-config-scanner.js';
29
- export { ABOMGenerator } from './abom-generator.js';
30
- export { VerifierAgent } from './verifier-agent.js';
31
- export { DeepAnalyzer } from './deep-analyzer.js';
32
- export { ScoringEngine, GRADES, CATEGORIES } from './scoring-engine.js';
33
- export { SBOMGenerator } from './sbom-generator.js';
34
- export { PolicyEngine } from './policy-engine.js';
35
- export { HTMLReporter } from './html-reporter.js';
36
-
37
- /**
38
- * Create a fully configured orchestrator with all 16 scanning agents.
39
- * (VerifierAgent and DeepAnalyzer run as post-processors, not in the agent pool.)
40
- */
41
- import { Orchestrator as OrchestratorClass } from './orchestrator.js';
42
- import { InjectionTester as InjectionTesterClass } from './injection-tester.js';
43
- import { AuthBypassAgent as AuthBypassAgentClass } from './auth-bypass-agent.js';
44
- import { SSRFProber as SSRFProberClass } from './ssrf-prober.js';
45
- import { SupplyChainAudit as SupplyChainAuditClass } from './supply-chain-agent.js';
46
- import { ConfigAuditor as ConfigAuditorClass } from './config-auditor.js';
47
- import { LLMRedTeam as LLMRedTeamClass } from './llm-redteam.js';
48
- import { MobileScanner as MobileScannerClass } from './mobile-scanner.js';
49
- import { GitHistoryScanner as GitHistoryScannerClass } from './git-history-scanner.js';
50
- import { CICDScanner as CICDScannerClass } from './cicd-scanner.js';
51
- import { APIFuzzer as APIFuzzerClass } from './api-fuzzer.js';
52
- import { SupabaseRLSAgent as SupabaseRLSAgentClass } from './supabase-rls-agent.js';
53
- import { MCPSecurityAgent as MCPSecurityAgentClass } from './mcp-security-agent.js';
54
- import { AgenticSecurityAgent as AgenticSecurityAgentClass } from './agentic-security-agent.js';
55
- import { RAGSecurityAgent as RAGSecurityAgentClass } from './rag-security-agent.js';
56
- import { PIIComplianceAgent as PIIComplianceAgentClass } from './pii-compliance-agent.js';
57
- import { VibeCodingAgent as VibeCodingAgentClass } from './vibe-coding-agent.js';
58
- import { ExceptionHandlerAgent as ExceptionHandlerAgentClass } from './exception-handler-agent.js';
59
- import { AgentConfigScanner as AgentConfigScannerClass } from './agent-config-scanner.js';
60
-
61
- export function buildOrchestrator() {
62
- const orchestrator = new OrchestratorClass();
63
- orchestrator.registerAll([
64
- new InjectionTesterClass(),
65
- new AuthBypassAgentClass(),
66
- new SSRFProberClass(),
67
- new SupplyChainAuditClass(),
68
- new ConfigAuditorClass(),
69
- new LLMRedTeamClass(),
70
- new MobileScannerClass(),
71
- new GitHistoryScannerClass(),
72
- new CICDScannerClass(),
73
- new APIFuzzerClass(),
74
- new SupabaseRLSAgentClass(),
75
- new MCPSecurityAgentClass(),
76
- new AgenticSecurityAgentClass(),
77
- new RAGSecurityAgentClass(),
78
- new PIIComplianceAgentClass(),
79
- new VibeCodingAgentClass(),
80
- new ExceptionHandlerAgentClass(),
81
- new AgentConfigScannerClass(),
82
- ]);
83
- return orchestrator;
84
- }
1
+ /**
2
+ * Agent Registry
3
+ * ===============
4
+ *
5
+ * Central export of all agents and supporting classes.
6
+ */
7
+
8
+ export { BaseAgent, createFinding } from './base-agent.js';
9
+ export { Orchestrator } from './orchestrator.js';
10
+ export { ReconAgent } from './recon-agent.js';
11
+ export { InjectionTester } from './injection-tester.js';
12
+ export { AuthBypassAgent } from './auth-bypass-agent.js';
13
+ export { SSRFProber } from './ssrf-prober.js';
14
+ export { SupplyChainAudit } from './supply-chain-agent.js';
15
+ export { ConfigAuditor } from './config-auditor.js';
16
+ export { LLMRedTeam } from './llm-redteam.js';
17
+ export { MobileScanner } from './mobile-scanner.js';
18
+ export { GitHistoryScanner } from './git-history-scanner.js';
19
+ export { CICDScanner } from './cicd-scanner.js';
20
+ export { APIFuzzer } from './api-fuzzer.js';
21
+ export { SupabaseRLSAgent } from './supabase-rls-agent.js';
22
+ export { MCPSecurityAgent } from './mcp-security-agent.js';
23
+ export { AgenticSecurityAgent } from './agentic-security-agent.js';
24
+ export { RAGSecurityAgent } from './rag-security-agent.js';
25
+ export { PIIComplianceAgent } from './pii-compliance-agent.js';
26
+ export { VibeCodingAgent } from './vibe-coding-agent.js';
27
+ export { ExceptionHandlerAgent } from './exception-handler-agent.js';
28
+ export { AgentConfigScanner } from './agent-config-scanner.js';
29
+ export { ABOMGenerator } from './abom-generator.js';
30
+ export { VerifierAgent } from './verifier-agent.js';
31
+ export { DeepAnalyzer } from './deep-analyzer.js';
32
+ export { ScoringEngine, GRADES, CATEGORIES } from './scoring-engine.js';
33
+ export { SBOMGenerator } from './sbom-generator.js';
34
+ export { PolicyEngine } from './policy-engine.js';
35
+ export { HTMLReporter } from './html-reporter.js';
36
+
37
+ /**
38
+ * Create a fully configured orchestrator with all 16 scanning agents.
39
+ * (VerifierAgent and DeepAnalyzer run as post-processors, not in the agent pool.)
40
+ */
41
+ import { Orchestrator as OrchestratorClass } from './orchestrator.js';
42
+ import { InjectionTester as InjectionTesterClass } from './injection-tester.js';
43
+ import { AuthBypassAgent as AuthBypassAgentClass } from './auth-bypass-agent.js';
44
+ import { SSRFProber as SSRFProberClass } from './ssrf-prober.js';
45
+ import { SupplyChainAudit as SupplyChainAuditClass } from './supply-chain-agent.js';
46
+ import { ConfigAuditor as ConfigAuditorClass } from './config-auditor.js';
47
+ import { LLMRedTeam as LLMRedTeamClass } from './llm-redteam.js';
48
+ import { MobileScanner as MobileScannerClass } from './mobile-scanner.js';
49
+ import { GitHistoryScanner as GitHistoryScannerClass } from './git-history-scanner.js';
50
+ import { CICDScanner as CICDScannerClass } from './cicd-scanner.js';
51
+ import { APIFuzzer as APIFuzzerClass } from './api-fuzzer.js';
52
+ import { SupabaseRLSAgent as SupabaseRLSAgentClass } from './supabase-rls-agent.js';
53
+ import { MCPSecurityAgent as MCPSecurityAgentClass } from './mcp-security-agent.js';
54
+ import { AgenticSecurityAgent as AgenticSecurityAgentClass } from './agentic-security-agent.js';
55
+ import { RAGSecurityAgent as RAGSecurityAgentClass } from './rag-security-agent.js';
56
+ import { PIIComplianceAgent as PIIComplianceAgentClass } from './pii-compliance-agent.js';
57
+ import { VibeCodingAgent as VibeCodingAgentClass } from './vibe-coding-agent.js';
58
+ import { ExceptionHandlerAgent as ExceptionHandlerAgentClass } from './exception-handler-agent.js';
59
+ import { AgentConfigScanner as AgentConfigScannerClass } from './agent-config-scanner.js';
60
+
61
+ export function buildOrchestrator() {
62
+ const orchestrator = new OrchestratorClass();
63
+ orchestrator.registerAll([
64
+ new InjectionTesterClass(),
65
+ new AuthBypassAgentClass(),
66
+ new SSRFProberClass(),
67
+ new SupplyChainAuditClass(),
68
+ new ConfigAuditorClass(),
69
+ new LLMRedTeamClass(),
70
+ new MobileScannerClass(),
71
+ new GitHistoryScannerClass(),
72
+ new CICDScannerClass(),
73
+ new APIFuzzerClass(),
74
+ new SupabaseRLSAgentClass(),
75
+ new MCPSecurityAgentClass(),
76
+ new AgenticSecurityAgentClass(),
77
+ new RAGSecurityAgentClass(),
78
+ new PIIComplianceAgentClass(),
79
+ new VibeCodingAgentClass(),
80
+ new ExceptionHandlerAgentClass(),
81
+ new AgentConfigScannerClass(),
82
+ ]);
83
+ return orchestrator;
84
+ }