vaspera 2.12.0 → 2.14.0

package/CHANGELOG.md

@@ -1,5 +1,84 @@
 # Changelog
 
+## [2.14.0] - 2026-06-05
+
+### Added
+
+#### Antagonist Agent
+- New meta-analysis agent that runs after all other agents complete
+- **Synthesis mode**: Chains findings into attack narratives mapped to MITRE ATT&CK kill chain
+- **Challenger mode**: Internal critic that flags false positives, coverage gaps, and inconsistencies
+- Prioritized remediation recommendations based on attack surface reduction
+- New `antagonist_synthesize` tool - full analysis with narratives, challenges, and prioritization
+- New `antagonist_challenge` tool - manually challenge specific findings
+
+#### Attack Narrative Features
+- Builds attack graphs from findings and exploit chains
+- Maps vulnerabilities to 14 MITRE ATT&CK kill chain phases
+- Identifies bottleneck findings that block multiple attack paths
+- Generates human-readable attack stories with difficulty/likelihood ratings
+
+#### Challenger Features
+- Detects potential false positives (test files, low confidence, generic descriptions)
+- Identifies untested attack vectors (17 categories tracked)
+- Flags agents with zero findings as potentially incomplete
+- Calculates coverage score across attack surface
+
+### Fixed
+- Empty catch blocks in `store.ts` and `signing.ts` now log errors
+- Antagonist agent integration test types corrected
+
+### Changed
+- MCP tools increased from 108 to 110
+- New agent type `antagonist` with weight 0.15 (informs but doesn't dominate consensus)
+- Added to AGENT_VERIFICATION_MAP (verified by security, adversary, redteam)
+
+## [2.13.0] - 2026-06-04
+
+### Added
+
+#### False Positive Feedback System
+- New `feedback_submit` tool to mark findings as true/false positives
+- New `feedback_report` tool to view FP rates by scanner and rule
+- New `feedback_suppressions` tool to get rule suppression suggestions based on feedback
+- Feedback stored in `.vaspera/fp-feedback.json` with full audit trail
+
+#### Diff-Aware CI Scanning
+- New `certification_scan_diff` tool scans only changed files (git diff)
+- Estimates scan time savings vs full scan
+- Auto-detects security-critical files that always get scanned
+
+#### Standalone Autofix Preview
+- `autofix_preview` now works without certification_id
+- Provide file + pattern_id to preview fixes directly
+- Use `autofix_list_patterns` to see available fix patterns
+
+### Fixed
+
+#### Persistence DB Fallback
+- Added JSON file fallback when SQLite is unavailable
+- New `src/persistence/json-fallback.ts` with atomic writes
+- Graceful degradation: warns but continues operating
+
+#### scale_bottlenecks False Positives
+- Added semantic analysis for workflow/pipeline patterns
+- Confidence scoring (60-100) based on context
+- Sequential workflows no longer flagged as N+1 queries
+
+#### ai_code_verify Diagnostics
+- Returns detailed diagnostics when 0 files found
+- Shows which extensions were searched
+- Reports which exclude patterns matched
+- Suggests alternative file extensions
+
+#### Scanner Error Messages
+- Added `ScannerErrorDetails` with actionable suggestions
+- tsc/eslint now report phase (init/scan/parse) and fix steps
+- Full error output available for debugging
+
+### Changed
+- MCP tools increased from 103 to 108
+
 ## 2.10.0
 
 ### Minor Changes

package/dist/__tests__/antagonist-integration.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Integration test for Antagonist Agent
+ * Tests the full pipeline on sample findings
+ */
+export {};
+//# sourceMappingURL=antagonist-integration.test.d.ts.map

package/dist/__tests__/antagonist-integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"antagonist-integration.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/antagonist-integration.test.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/__tests__/antagonist-integration.test.js

@@ -0,0 +1,239 @@
+/**
+ * Integration test for Antagonist Agent
+ * Tests the full pipeline on sample findings
+ */
+import { describe, it, expect } from "vitest";
+import { synthesizeNarrativesDeterministic } from "../agents/antagonist/synthesizer.js";
+import { runChallengerDeterministic } from "../agents/antagonist/challenger.js";
+import { prioritizeRemediations } from "../agents/antagonist/prioritizer.js";
+import { DEFAULT_ANTAGONIST_CONFIG } from "../agents/antagonist/types.js";
+// Sample findings that represent real security issues
+const sampleFindings = [
+    {
+        id: "find-001",
+        severity: "high",
+        category: "command-injection",
+        description: "Potential command injection via unsanitized user input",
+        evidence: "spawn(cmd, [userInput])",
+        confidence: 85,
+        verifications: [],
+        created_at: new Date().toISOString(),
+        file: "src/scanners/custom.ts",
+        line: 42,
+    },
+    {
+        id: "find-002",
+        severity: "medium",
+        category: "hardcoded-secret",
+        description: "Hardcoded API key detected",
+        evidence: "const API_KEY = 'sk-...'",
+        confidence: 90,
+        verifications: [],
+        created_at: new Date().toISOString(),
+        file: "src/config.ts",
+        line: 15,
+    },
+    {
+        id: "find-003",
+        severity: "high",
+        category: "auth-bypass",
+        description: "Missing authentication check on admin endpoint",
+        evidence: "No auth middleware on /admin route",
+        confidence: 75,
+        verifications: [],
+        created_at: new Date().toISOString(),
+        file: "src/routes/admin.ts",
+        line: 8,
+    },
+    {
+        id: "find-004",
+        severity: "critical",
+        category: "sql-injection",
+        description: "SQL injection vulnerability in query builder",
+        evidence: "db.query(`SELECT * FROM users WHERE id = ${userId}`)",
+        confidence: 95,
+        verifications: [],
+        created_at: new Date().toISOString(),
+        file: "src/db/queries.ts",
+        line: 22,
+    },
+    {
+        id: "find-005",
+        severity: "low",
+        category: "xss",
+        description: "Potential XSS in user-generated content",
+        evidence: "innerHTML = userContent",
+        confidence: 60,
+        verifications: [],
+        created_at: new Date().toISOString(),
+        file: "src/components/Comment.tsx",
+        line: 55,
+    },
+];
+// Sample exploit chains (matching ExploitChain type)
+const sampleChains = [
+    {
+        id: "chain-001",
+        name: "Auth Bypass to Data Exfil",
+        steps: [
+            {
+                findingId: "find-003",
+                finding: sampleFindings[2],
+                role: "entry",
+                enables: "find-004",
+                techniques: ["T1190"],
+            },
+            {
+                findingId: "find-004",
+                finding: sampleFindings[3],
+                role: "target",
+                prerequisite: "find-003",
+                techniques: ["T1213"],
+            },
+        ],
+        totalSeverity: "critical",
+        originalSeverities: ["high", "critical"],
+        confidence: 85,
+        attackScenario: "Attacker bypasses auth, then exfiltrates data via SQL injection",
+        mitreAttackIds: ["T1190", "T1213"],
+        impact: "Data breach - full database access",
+        difficulty: "easy",
+    },
+];
+// Agent summaries
+const agentSummaries = {
+    security: { completed: true, findingCount: 5 },
+    reliability: { completed: true, findingCount: 2 },
+    typesafety: { completed: true, findingCount: 1 },
+    performance: { completed: true, findingCount: 0 },
+    quality: { completed: true, findingCount: 3 },
+    redteam: { completed: true, findingCount: 1 },
+    "agent-redteam": { completed: false, findingCount: 0 },
+    "agent-privacy": { completed: false, findingCount: 0 },
+    "agent-integrity": { completed: false, findingCount: 0 },
+    adversary: { completed: false, findingCount: 0 },
+    antagonist: { completed: false, findingCount: 0 },
+};
+// Test config with all required fields
+const testConfig = {
+    ...DEFAULT_ANTAGONIST_CONFIG,
+    maxNarratives: 5,
+    minConfidence: 50,
+    challengeThreshold: 50,
+};
+describe("Antagonist Integration", () => {
+    describe("synthesizeNarrativesDeterministic", () => {
+        it("generates attack narratives from findings", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            expect(narratives.length).toBeGreaterThan(0);
+            expect(narratives[0]).toHaveProperty("id");
+            expect(narratives[0]).toHaveProperty("name");
+            expect(narratives[0]).toHaveProperty("phases");
+            expect(narratives[0]).toHaveProperty("narrative");
+            expect(narratives[0]).toHaveProperty("findingIds");
+            expect(narratives[0]).toHaveProperty("recommendations");
+        });
+        it("includes MITRE ATT&CK techniques", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            const narrativeWithTechniques = narratives.find((n) => n.mitreTechniques.length > 0);
+            expect(narrativeWithTechniques).toBeDefined();
+        });
+        it("maps findings to kill chain phases", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            const narrative = narratives[0];
+            expect(narrative.phases.length).toBeGreaterThan(0);
+            expect(narrative.phases[0]).toHaveProperty("phase");
+            expect(narrative.phases[0]).toHaveProperty("description");
+        });
+        it("prioritizes critical findings in narratives", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            const hasCritical = narratives.some((n) => n.findingIds.includes("find-004"));
+            expect(hasCritical).toBe(true);
+        });
+    });
+    describe("runChallengerDeterministic", () => {
+        it("identifies coverage gaps", () => {
+            const result = runChallengerDeterministic(sampleFindings, agentSummaries, testConfig);
+            expect(result.assessments).toBeDefined();
+            expect(result.gapAnalysis).toBeDefined();
+            expect(result.gapAnalysis).toHaveProperty("untestedAttackVectors");
+            expect(result.gapAnalysis).toHaveProperty("missingControls");
+            expect(result.gapAnalysis).toHaveProperty("coverageScore");
+        });
+        it("flags potential false positives", () => {
+            const findingsWithTestFile = [
+                ...sampleFindings,
+                {
+                    id: "find-test",
+                    severity: "medium",
+                    category: "sql-injection",
+                    description: "SQL injection in test",
+                    evidence: "test code",
+                    confidence: 60,
+                    verifications: [],
+                    created_at: new Date().toISOString(),
+                    file: "src/__tests__/db.test.ts",
+                    line: 10,
+                },
+            ];
+            const result = runChallengerDeterministic(findingsWithTestFile, agentSummaries, testConfig);
+            const testChallenge = result.assessments.find((c) => c.targetFindingId === "find-test" && c.type === "false_positive_likely");
+            expect(testChallenge).toBeDefined();
+            expect(testChallenge?.challenge).toContain("false positive");
+        });
+        it("warns about agents with zero findings", () => {
+            const summariesWithZero = {
+                ...agentSummaries,
+                performance: { completed: true, findingCount: 0 },
+            };
+            const result = runChallengerDeterministic(sampleFindings, summariesWithZero, testConfig);
+            const zeroFindingChallenge = result.assessments.find((c) => c.type === "missed_check" && c.targetAgent === "performance");
+            expect(zeroFindingChallenge).toBeDefined();
+        });
+    });
+    describe("prioritizeRemediations", () => {
+        it("generates prioritized remediation list", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            const prioritized = prioritizeRemediations(sampleFindings, narratives);
+            expect(prioritized.length).toBeGreaterThan(0);
+            expect(prioritized[0]).toHaveProperty("order");
+            expect(prioritized[0]).toHaveProperty("findingId");
+            expect(prioritized[0]).toHaveProperty("reason");
+            expect(prioritized[0]).toHaveProperty("effort");
+            expect(prioritized[0]).toHaveProperty("impact");
+        });
+        it("prioritizes critical findings first", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            const prioritized = prioritizeRemediations(sampleFindings, narratives);
+            const criticalPosition = prioritized.findIndex((p) => p.findingId === "find-004");
+            expect(criticalPosition).toBeLessThan(3);
+        });
+        it("considers bottleneck findings (appear in multiple narratives)", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            const prioritized = prioritizeRemediations(sampleFindings, narratives);
+            const hasBlocksNarratives = prioritized.some((p) => p.blocksNarratives && p.blocksNarratives.length > 0);
+            expect(hasBlocksNarratives).toBe(true);
+        });
+    });
+    describe("Full pipeline", () => {
+        it("runs complete antagonist analysis", () => {
+            const narratives = synthesizeNarrativesDeterministic(sampleFindings, sampleChains, [], testConfig);
+            const challengerResult = runChallengerDeterministic(sampleFindings, agentSummaries, testConfig);
+            const prioritized = prioritizeRemediations(sampleFindings, narratives);
+            expect(narratives.length).toBeGreaterThan(0);
+            expect(challengerResult.assessments).toBeDefined();
+            expect(challengerResult.gapAnalysis).toBeDefined();
+            expect(prioritized.length).toBeGreaterThan(0);
+            console.log("\n=== Antagonist Analysis Summary ===");
+            console.log(`Attack Narratives: ${narratives.length}`);
+            console.log(`Challenger Assessments: ${challengerResult.assessments.length}`);
+            console.log(`Coverage Score: ${challengerResult.gapAnalysis.coverageScore}%`);
+            console.log(`Prioritized Remediations: ${prioritized.length}`);
+            console.log("\nTop 3 Remediation Priorities:");
+            prioritized.slice(0, 3).forEach((p, i) => {
+                console.log(`  ${i + 1}. ${p.findingId}: ${p.reason}`);
+            });
+        });
+    });
+});
+//# sourceMappingURL=antagonist-integration.test.js.map

package/dist/__tests__/antagonist-integration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"antagonist-integration.test.js","sourceRoot":"","sources":["../../src/__tests__/antagonist-integration.test.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,iCAAiC,EAAE,MAAM,qCAAqC,CAAC;AACxF,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAI1E,sDAAsD;AACtD,MAAM,cAAc,GAAc;IAChC;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,yBAAyB;QACnC,UAAU,EAAE,EAAE;QACd,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,EAAE;KACT;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,kBAAkB;QAC5B,WAAW,EAAE,4BAA4B;QACzC,QAAQ,EAAE,0BAA0B;QACpC,UAAU,EAAE,EAAE;QACd,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,EAAE;KACT;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,oCAAoC;QAC9C,UAAU,EAAE,EAAE;QACd,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE,qBAAqB;QAC3B,IAAI,EAAE,CAAC;KACR;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,eAAe;QACzB,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,sDAAsD;QAChE,UAAU,EAAE,EAAE;QACd,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE,mBAAmB;QACzB,IAAI,EAAE,EAAE;KACT;IACD;QACE,EAAE,EAAE,UAAU;QACd,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,yCAAyC;QACtD,QAAQ,EAAE,yBAAyB;QACnC,UAAU,EAAE,EAAE;QACd,aAAa,EAAE,EAAE;QACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,IAAI,EAAE,4BAA4B;QAClC,IAAI,EAAE,EAAE;KACT;CACF,CAAC;AAEF,qDAAqD;AACrD,MAAM,YAAY,GAAmB;IACnC;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,2BAA2B;QACjC,KAAK,EAAE;YACL;gBACE,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC;gBAC1B,IAAI,EAAE,OAAO;gBACb,OAAO,EAAE,UAAU;gBACnB,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB;YACD;gBACE,SAAS,EAAE,UAAU;gBACrB,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC;gBAC1B,IAAI,EAAE,QAAQ;gBACd,YAAY,EAAE,UAAU;gBACxB,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB;SACF;QACD,aAAa,EAAE,UAAU;QACzB,kBAAkB,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;QACxC,UAAU,EAAE,EAAE;QACd,cAAc,EAAE,iEAAiE;QACjF,cAAc,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;QAClC,MAAM,EAAE,oCAAoC;QAC5C,UAAU,EAAE,MAAM;KACnB;CACF,CAAC;AAEF,kBAAkB;AAClB,MAAM,cAAc,GAAoE;IACtF,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;IAC9C,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;IACjD,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;IAChD,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;IACjD,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;IAC7C,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;IAC7C,eAAe,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE;IACtD,eAAe,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE;IACtD,iBAAiB,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE;IACxD,SAAS,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE;IAChD,UAAU,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,EAAE;CAClD,CAAC;AAEF,uCAAuC;AACvC,MAAM,UAAU,GAAG;IACjB,GAAG,yBAAyB;IAC5B,aAAa,EAAE,CAAC;IAChB,aAAa,EAAE,EAAE;IACjB,kBAAkB,EAAE,EAAE;CACvB,CAAC;AAEF,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;QACjD,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YAClD,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YACnD,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,uBAAuB,GAAG,UAAU,CAAC,IAAI,CAC7C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CACpC,CAAC;YACF,MAAM,CAAC,uBAAuB,CAAC,CAAC,WAAW,EAAE,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACpD,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACxC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAClC,CAAC;YACF,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,MAAM,GAAG,0BAA0B,CACvC,cAAc,EACd,cAAc,EACd,UAAU,CACX,CAAC;YAEF,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,cAAc,CAAC,uBAAuB,CAAC,CAAC;YACnE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;YAC7D,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,cAAc,CAAC,eAAe,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,oBAAoB,GAAc;gBACtC,GAAG,cAAc;gBACjB;oBACE,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,QAAQ;oBAClB,QAAQ,EAAE,eAAe;oBACzB,WAAW,EAAE,uBAAuB;oBACpC,QAAQ,EAAE,WAAW;oBACrB,UAAU,EAAE,EAAE;oBACd,aAAa,EAAE,EAAE;oBACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACpC,IAAI,EAAE,0BAA0B;oBAChC,IAAI,EAAE,EAAE;iBACT;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,0BAA0B,CACvC,oBAAoB,EACpB,cAAc,EACd,UAAU,CACX,CAAC;YAEF,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAC3C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,WAAW,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,CAC/E,CAAC;YACF,MAAM,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE,CAAC;YACpC,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,iBAAiB,GAAG;gBACxB,GAAG,cAAc;gBACjB,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,EAAE;aAClD,CAAC;YAEF,MAAM,MAAM,GAAG,0BAA0B,CACvC,cAAc,EACd,iBAAiB,EACjB,UAAU,CACX,CAAC;YAEF,MAAM,oBAAoB,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,WAAW,KAAK,aAAa,CACpE,CAAC;YACF,MAAM,CAAC,oBAAoB,CAAC,CAAC,WAAW,EAAE,CAAC;QAC7C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,WAAW,GAAG,sBAAsB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;YAEvE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC9C,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YACnD,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAChD,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,WAAW,GAAG,sBAAsB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;YAEvE,MAAM,gBAAgB,GAAG,WAAW,CAAC,SAAS,CAC5C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAClC,CAAC;YACF,MAAM,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;YACvE,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,WAAW,GAAG,sBAAsB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;YAEvE,MAAM,mBAAmB,GAAG,WAAW,CAAC,IAAI,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAC3D,CAAC;YACF,MAAM,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,UAAU,GAAG,iCAAiC,CAClD,cAAc,EACd,YAAY,EACZ,EAAE,EACF,UAAU,CACX,CAAC;YAEF,MAAM,gBAAgB,GAAG,0BAA0B,CACjD,cAAc,EACd,cAAc,EACd,UAAU,CACX,CAAC;YAEF,MAAM,WAAW,GAAG,sBAAsB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;YAEvE,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAE9C,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,sBAAsB,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,2BAA2B,gBAAgB,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;YAC9E,OAAO,CAAC,GAAG,CAAC,mBAAmB,gBAAgB,CAAC,WAAW,CAAC,aAAa,GAAG,CAAC,CAAC;YAC9E,OAAO,CAAC,GAAG,CAAC,6BAA6B,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;YAC/D,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;YAC/C,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/siem-integration.test.d.ts

@@ -0,0 +1,7 @@
+/**
+ * SIEM Integration Tests
+ *
+ * Tests for SIEM event formatting and client registry.
+ */
+export {};
+//# sourceMappingURL=siem-integration.test.d.ts.map

package/dist/__tests__/siem-integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"siem-integration.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/siem-integration.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/__tests__/siem-integration.test.js

@@ -0,0 +1,285 @@
+/**
+ * SIEM Integration Tests
+ *
+ * Tests for SIEM event formatting and client registry.
+ */
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { formatAsCEF, formatAsJSON, formatForSplunk, formatForSentinel, formatForDatadog, mapSeverity, severityToCEF, createFindingEvent, createScanEvent, createCertificationEvent, getSIEMRegistry, closeSIEMRegistry, createSplunkClient, createDatadogClient, } from "../integrations/siem/index.js";
+describe("SIEM Integration", () => {
+    describe("Severity Mapping", () => {
+        it("maps Vaspera severities to SIEM severities", () => {
+            expect(mapSeverity("critical")).toBe("critical");
+            expect(mapSeverity("high")).toBe("high");
+            expect(mapSeverity("medium")).toBe("medium");
+            expect(mapSeverity("low")).toBe("low");
+            expect(mapSeverity("info")).toBe("informational");
+        });
+        it("maps SIEM severity to CEF numeric values", () => {
+            expect(severityToCEF("critical")).toBe(10);
+            expect(severityToCEF("high")).toBe(8);
+            expect(severityToCEF("medium")).toBe(5);
+            expect(severityToCEF("low")).toBe(3);
+            expect(severityToCEF("informational")).toBe(1);
+        });
+    });
+    describe("Event Creation", () => {
+        it("creates finding events", () => {
+            const event = createFindingEvent("/test/project", "finding.new", {
+                findingId: "finding-001",
+                severity: "high",
+                category: "sql-injection",
+                file: "src/api.ts",
+                line: 42,
+                scanner: "semgrep",
+                ruleId: "sql-injection-001",
+                cweIds: ["CWE-89"],
+                description: "SQL injection vulnerability",
+            }, "cert-001");
+            expect(event.eventType).toBe("finding.new");
+            expect(event.severity).toBe("high");
+            expect(event.project).toBe("/test/project");
+            expect(event.certificationId).toBe("cert-001");
+            expect(event.source).toBe("vaspera");
+            expect(event.message).toContain("sql-injection");
+            expect(event.message).toContain("src/api.ts:42");
+        });
+        it("creates scan events", () => {
+            const event = createScanEvent("/test/project", "scan.completed", {
+                scanners: ["semgrep", "gitleaks"],
+                findingsCount: 5,
+                bySeverity: { critical: 1, high: 2, medium: 2, low: 0, info: 0 },
+                durationMs: 5000,
+            }, "cert-001");
+            expect(event.eventType).toBe("scan.completed");
+            expect(event.severity).toBe("critical");
+            expect(event.message).toContain("5 findings");
+            expect(event.message).toContain("1 critical");
+        });
+        it("creates certification events", () => {
+            const event = createCertificationEvent("/test/project", "certification.completed", {
+                certificationId: "cert-001",
+                level: "GOLD",
+                score: 85,
+                findingsCount: 5,
+                durationMs: 30000,
+            });
+            expect(event.eventType).toBe("certification.completed");
+            expect(event.severity).toBe("informational");
+            expect(event.message).toContain("GOLD");
+            expect(event.message).toContain("85");
+        });
+    });
+    describe("CEF Formatting", () => {
+        it("formats events as CEF", () => {
+            const event = {
+                timestamp: "2024-01-01T00:00:00.000Z",
+                eventType: "finding.new",
+                severity: "high",
+                project: "/test/project",
+                certificationId: "cert-001",
+                message: "SQL injection detected",
+                source: "vaspera",
+                data: {
+                    findingId: "finding-001",
+                    category: "sql-injection",
+                    file: "src/api.ts",
+                    line: 42,
+                },
+            };
+            const cef = formatAsCEF(event);
+            expect(cef).toContain("CEF:0");
+            expect(cef).toContain("Vaspera");
+            expect(cef).toContain("Hardening MCP");
+            expect(cef).toContain("VASP-001");
+            expect(cef).toContain("New Security Finding");
+            expect(cef).toContain("|8|");
+        });
+        it("escapes special characters in CEF", () => {
+            const event = {
+                timestamp: "2024-01-01T00:00:00.000Z",
+                eventType: "finding.new",
+                severity: "medium",
+                project: "/test/project",
+                message: "Message with | pipe and = equals",
+                source: "vaspera",
+                data: {},
+            };
+            const cef = formatAsCEF(event);
+            expect(cef).toContain("\\|");
+            expect(cef).toContain("\\=");
+        });
+    });
+    describe("JSON Formatting", () => {
+        it("formats events as JSON", () => {
+            const event = {
+                timestamp: "2024-01-01T00:00:00.000Z",
+                eventType: "finding.new",
+                severity: "high",
+                project: "/test/project",
+                message: "SQL injection detected",
+                source: "vaspera",
+                data: { findingId: "finding-001" },
+            };
+            const json = formatAsJSON(event);
+            expect(json).toHaveProperty("@timestamp", "2024-01-01T00:00:00.000Z");
+            expect(json).toHaveProperty("event");
+            expect(json.event.action).toBe("finding.new");
+            expect(json.event.severity).toBe(8);
+        });
+    });
+    describe("Splunk Formatting", () => {
+        it("formats events for Splunk HEC", () => {
+            const event = {
+                timestamp: "2024-01-01T00:00:00.000Z",
+                eventType: "scan.completed",
+                severity: "informational",
+                project: "/test/project",
+                message: "Scan completed",
+                source: "vaspera",
+                data: {},
+            };
+            const splunk = formatForSplunk(event, {
+                index: "security",
+                source: "vaspera:test",
+                host: "test-host",
+            });
+            expect(splunk).toHaveProperty("time");
+            expect(splunk).toHaveProperty("host", "test-host");
+            expect(splunk).toHaveProperty("source", "vaspera:test");
+            expect(splunk).toHaveProperty("index", "security");
+            expect(splunk).toHaveProperty("event");
+        });
+    });
+    describe("Sentinel Formatting", () => {
+        it("formats events for Microsoft Sentinel", () => {
+            const event = {
+                timestamp: "2024-01-01T00:00:00.000Z",
+                eventType: "finding.new",
+                severity: "critical",
+                project: "/test/project",
+                certificationId: "cert-001",
+                message: "Critical finding",
+                source: "vaspera",
+                data: { category: "secrets" },
+            };
+            const sentinel = formatForSentinel(event);
+            expect(sentinel).toHaveProperty("TimeGenerated", "2024-01-01T00:00:00.000Z");
+            expect(sentinel).toHaveProperty("EventType_s", "finding.new");
+            expect(sentinel).toHaveProperty("Severity_s", "critical");
+            expect(sentinel).toHaveProperty("Project_s", "/test/project");
+            expect(sentinel).toHaveProperty("CertificationId_g", "cert-001");
+        });
+    });
+    describe("Datadog Formatting", () => {
+        it("formats events for Datadog", () => {
+            const event = {
+                timestamp: "2024-01-01T00:00:00.000Z",
+                eventType: "finding.new",
+                severity: "high",
+                project: "/test/project",
+                message: "High severity finding",
+                source: "vaspera",
+                data: {},
+            };
+            const datadog = formatForDatadog(event, {
+                service: "my-service",
+                env: "production",
+                tags: ["team:security"],
+            });
+            expect(datadog).toHaveProperty("ddsource", "vaspera");
+            expect(datadog).toHaveProperty("service", "my-service");
+            expect(datadog).toHaveProperty("status", "error");
+            expect(datadog.ddtags).toContain("project:/test/project");
+            expect(datadog.ddtags).toContain("env:production");
+            expect(datadog.ddtags).toContain("team:security");
+        });
+        it("maps severity to Datadog status", () => {
+            const criticalEvent = {
+                timestamp: new Date().toISOString(),
+                eventType: "finding.new",
+                severity: "critical",
+                project: "/test",
+                message: "Critical",
+                source: "vaspera",
+                data: {},
+            };
+            const lowEvent = {
+                timestamp: new Date().toISOString(),
+                eventType: "finding.new",
+                severity: "low",
+                project: "/test",
+                message: "Low",
+                source: "vaspera",
+                data: {},
+            };
+            const critical = formatForDatadog(criticalEvent);
+            const low = formatForDatadog(lowEvent);
+            expect(critical.status).toBe("emergency");
+            expect(low.status).toBe("info");
+        });
+    });
+    describe("SIEM Registry", () => {
+        beforeEach(async () => {
+            await closeSIEMRegistry();
+        });
+        afterEach(async () => {
+            await closeSIEMRegistry();
+        });
+        it("registers and retrieves clients", () => {
+            const registry = getSIEMRegistry();
+            const client = createSplunkClient({
+                endpoint: "https://splunk.example.com:8088",
+                token: "test-token",
+                index: "security",
+            });
+            registry.register("test-splunk", client);
+            const retrieved = registry.get("test-splunk");
+            expect(retrieved).toBeDefined();
+            expect(retrieved?.provider).toBe("splunk");
+        });
+        it("lists all registered clients", () => {
+            const registry = getSIEMRegistry();
+            registry.register("splunk-1", createSplunkClient({ endpoint: "https://splunk.example.com", token: "t1" }));
+            registry.register("datadog-1", createDatadogClient({ apiKey: "api-key-1" }));
+            const list = registry.list();
+            expect(list).toHaveLength(2);
+            expect(list.find((c) => c.name === "splunk-1")?.provider).toBe("splunk");
+            expect(list.find((c) => c.name === "datadog-1")?.provider).toBe("datadog");
+        });
+        it("unregisters clients", async () => {
+            const registry = getSIEMRegistry();
+            registry.register("test", createSplunkClient({ endpoint: "https://splunk.example.com", token: "t" }));
+            expect(registry.get("test")).toBeDefined();
+            await registry.unregister("test");
+            expect(registry.get("test")).toBeUndefined();
+        });
+        it("closes all clients", async () => {
+            const registry = getSIEMRegistry();
+            registry.register("s1", createSplunkClient({ endpoint: "https://splunk.example.com", token: "t1" }));
+            registry.register("d1", createDatadogClient({ apiKey: "api-key-1" }));
+            expect(registry.list()).toHaveLength(2);
+            await registry.closeAll();
+            expect(registry.list()).toHaveLength(0);
+        });
+    });
+    describe("Event Type Mapping", () => {
+        it("generates correct signature IDs for event types", () => {
+            const findingEvent = createFindingEvent("/test", "finding.new", {
+                findingId: "f1",
+                severity: "high",
+                category: "test",
+            });
+            const cef = formatAsCEF(findingEvent);
+            expect(cef).toContain("VASP-001");
+            const scanEvent = createScanEvent("/test", "scan.completed", {
+                scanners: ["test"],
+                findingsCount: 0,
+                bySeverity: { critical: 0, high: 0, medium: 0, low: 0, info: 0 },
+                durationMs: 100,
+            });
+            const scanCef = formatAsCEF(scanEvent);
+            expect(scanCef).toContain("VASP-011");
+        });
+    });
+});
+//# sourceMappingURL=siem-integration.test.js.map