registry  /  @crewhaus/federation-protocol  /  0.1.7

@crewhaus/federation-protocol@0.1.7

Cross-deployment A2A wire protocol: federation envelope (extends @crewhaus/a2a-protocol) + mTLS HTTPS POST transport with cert pinning (Section 34)

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Runtime HTTPS POST behavior is the stated federation transport and is activated only by caller invocation with caller-provided URL and credentials.

Static reason
One or more suspicious static signals were detected.
Trigger
Importing package has no side effects; network only occurs when caller invokes federationCall().
Impact
No unauthorized credential/file harvesting or exfiltration identified by static inspection.
Mechanism
User-invoked mTLS HTTPS POST transport and envelope validation
Rationale
The suspicious primitives are consistent with the package description: mTLS federation transport and credential format validation. Static inspection found no lifecycle execution, hidden endpoint, secret collection, shell execution, or persistence, so this should be marked clean.
Evidence
package.jsondist/index.jsdist/index.d.tsdist/test-helpers.jsdist/test-helpers.js reads src fixture PEM paths only when test helpers are invoked

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/index.js exports federationCall that can POST to caller-supplied HTTPS URLs with mTLS credentials.
  • dist/test-helpers.js reads local PEM fixture files when its helper functions are explicitly invoked.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks and only exports dist/index.js.
  • dist/index.js has no import-time side effects beyond declarations/imports.
  • Network use is package-aligned federation transport, requires explicit federationCall invocation, and uses caller-supplied URL and credentials.
  • No fixed exfiltration endpoint, process.env harvesting, child_process, eval/vm/Function, destructive file operations, or persistence found.
  • The critical-looking private-key strings in dist/index.js are PEM format validators, not embedded secrets.
Behavioral surface
Source
CryptoFilesystemNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source

Source & flagged code

4 flagged · loading source
dist/index.jsView file
108patternName = private_key_rsa severity = critical line = 108 matchedText = if (!cre...) &&
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L108
108patternName = private_key_rsa severity = critical line = 108 matchedText = if (!cre...) &&
Critical
Secret Pattern

RSA private key in dist/index.js

dist/index.jsView on unpkg · L108
109patternName = private_key_rsa severity = critical line = 109 matchedText = !creds.c...) &&
Critical
Secret Pattern

RSA private key in dist/index.js

dist/index.jsView on unpkg · L109
110patternName = private_key_ec severity = critical line = 110 matchedText = !creds.c...)) {
Critical
Secret Pattern

EC private key in dist/index.js

dist/index.jsView on unpkg · L110

Findings

4 Critical1 Medium2 Low
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.js
MediumNetwork
LowScripts Present
LowFilesystem