registry  /  @crewhaus/federation-protocol  /  0.2.1

@crewhaus/federation-protocol@0.2.1

Cross-deployment A2A wire protocol: federation envelope (extends @crewhaus/a2a-protocol) + mTLS HTTPS POST transport with cert pinning (Section 34)

AI Security Review

scanned 11m ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package exposes a federation protocol library with explicit runtime HTTPS POST transport and certificate validation.

Static reason
One or more suspicious static signals were detected.
Trigger
Application code imports the library and calls federationCall or test helper functions.
Impact
Sends caller-provided envelope data to caller-provided HTTPS URL; no automatic install/import-time execution or exfiltration observed.
Mechanism
User-invoked mTLS HTTPS POST and local fixture reads for tests
Rationale
Static inspection shows the flagged network and PEM indicators are expected for a federation mTLS transport library and test fixtures, with no lifecycle hook or automatic execution path. No credential harvesting, hardcoded endpoint exfiltration, shell execution, persistence, destructive behavior, or AI-agent control-surface mutation was found.
Evidence
package.jsondist/index.jsdist/test-helpers.jsdist/index.d.tssrc/fixtures-cert.pemsrc/fixtures-key.pemsrc/fixtures-other-cert.pemsrc/fixtures-other-key.pem
Network endpoints4
crewhaus.aigit+https://github.com/crewhaus/factory.gitgithub.com/crewhaus/factory/tree/main/packages/federation-protocol#readmegithub.com/crewhaus/factory/issues

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall hooks and exports only dist/index.js.
    • dist/index.js only validates/serializes federation envelopes and posts user-supplied envelopes to user-supplied HTTPS URLs with mTLS.
    • Network API use is package-aligned transport code; no hardcoded exfiltration host is present.
    • Secret-like PEM markers are credential validation strings, not embedded private keys in dist/index.js.
    • No child_process, eval/vm/Function, dynamic require/import, persistence, destructive writes, or AI-agent config mutation found.
    • dist/test-helpers.js reads local test fixture PEM paths only when explicitly imported; it is not exported by package.json.
    Behavioral surface
    Source
    CryptoFilesystemNetwork
    Supply chainNo supply-chain packaging signals triggered.
    ManifestNo manifest risk signals triggered.
    scanned 2 file(s), 10.1 KB of source

    Source & flagged code

    4 flagged · loading source
    dist/index.jsView file
    108patternName = private_key_rsa severity = critical line = 108 matchedText = if (!cre...) &&
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/index.jsView on unpkg · L108
    108patternName = private_key_rsa severity = critical line = 108 matchedText = if (!cre...) &&
    Critical
    Secret Pattern

    RSA private key in dist/index.js

    dist/index.jsView on unpkg · L108
    109patternName = private_key_rsa severity = critical line = 109 matchedText = !creds.c...) &&
    Critical
    Secret Pattern

    RSA private key in dist/index.js

    dist/index.jsView on unpkg · L109
    110patternName = private_key_ec severity = critical line = 110 matchedText = !creds.c...)) {
    Critical
    Secret Pattern

    EC private key in dist/index.js

    dist/index.jsView on unpkg · L110

    Findings

    4 Critical1 Medium2 Low
    CriticalCritical Secretdist/index.js
    CriticalSecret Patterndist/index.js
    CriticalSecret Patterndist/index.js
    CriticalSecret Patterndist/index.js
    MediumNetwork
    LowScripts Present
    LowFilesystem