Aegis 0.1.1

Aegis 0.1.1

A dogfood release. Aegis was scanned by Aegis, and four findings turned up.
All four were false positives in the scanner heuristics; this release fixes
them and adds regression tests so they cannot resurface.

Fixes

• Dockerfile scanner — _looks_like_dockerfile no longer matches
  dockerfile.py, dockerfile.md, dockerfile.json, or other code/doc
  files. Only true Dockerfile-family names match: Dockerfile,
  Dockerfile.<short-alpha-variant>, and *.dockerfile.
• Obfuscation scanner — scope tightened to JS-family suffixes only
  (.js, .mjs, .cjs, .ts). Python and shell scripts can legitimately
  reference tokens like eval( or gunzipSync as data; the scanner used to
  treat them as packers.
• Obfuscation scanner — parenthesised the self_extract heuristic so
  the precedence between or and and is unambiguous.

Reliability

• Runner — isolates scanner exceptions. One crashing scanner no longer
  aborts the whole run; errors land in the Glasswing journal as
  scan.scanner_error.
• Index — enables WAL mode and synchronous=NORMAL on SQLite open so
  the MCP server and the CLI can read the same index concurrently without
  hitting database-locked errors.

Tests

• New tests/test_dogfood_regression.py pins the dockerfile heuristic,
  asserts that Aegis self-scanning yields zero findings, and verifies that
  one misbehaving scanner cannot take the others down.
• Suite size: 31 tests (was 28). All pass on py3.11 and py3.12.

Verified

• aegis scan src against this repository: 0 findings on 37 files.
• PyPI: https://pypi.org/project/aegis-sec/0.1.1/
• MCP Registry: io.github.verrysimatupang99/aegis@0.1.1
• Sigstore-signed via PyPI trusted publishing.

Install

No change in the install path. Same one-liner works:

{
  "mcpServers": {
    "aegis": {
      "command": "uvx",
      "args": ["--from", "aegis-sec", "aegis-mcp"]
    }
  }
}