@cortexkit/aft
Unified CLI for Agent File Tools (AFT) — setup, doctor, and diagnostics across supported agent harnesses (OpenCode, Pi)
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | encoded-string-file:dist/index.js | AI (source-diff): Encoded string is llhttp WASM base64 from bundled undici — standard pattern, not malicious. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase explained by bundling undici HTTP library; consistent with build output. | ai | |
| phantom-deps | phantom-dep:@cortexkit/aft-bridge | AI (phantom-deps): Same-org workspace dependency; phantom detection is a false positive for monorepo workspace packages. | ai | |
| typosquat | typosquat.levenshtein:got | AI (typosquat): Scoped package @cortexkit/aft is not a plausible typosquat of 'got'; edit-distance match is coincidental. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): Scoped package @cortexkit/aft is not a plausible typosquat of 'ajv'; edit-distance match is coincidental. | ai | |
| phantom-deps | phantom-dep:comment-json | AI (phantom-deps): comment-json is a declared runtime dependency used for config file parsing; stable false positive for this package. | ai |
Versions (showing 51 of 59)
| Version | Deps | Published |
|---|---|---|
| 0.35.4 | 3 / 2 | |
| 0.35.3 | 3 / 2 | |
| 0.35.2 | 3 / 2 | |
| 0.35.1 | 3 / 2 | |
| 0.35.0 | 3 / 2 | |
| 0.34.0 | 3 / 2 | |
| 0.33.0 | 3 / 2 | |
| 0.32.0 | 3 / 2 | |
| 0.31.1 | 3 / 2 | |
| 0.31.0 | 3 / 2 | |
| 0.30.3 | 3 / 2 | |
| 0.30.2 | 3 / 2 | |
| 0.30.1 | 3 / 2 | |
| 0.30.0 | 3 / 2 | |
| 0.29.1 | 3 / 2 | |
| 0.29.0 | 3 / 2 | |
| 0.28.2 | 3 / 2 | |
| 0.28.1 | 3 / 2 | |
| 0.28.0 | 3 / 2 | |
| 0.27.1 | 2 / 2 | |
| 0.27.0 | 2 / 2 | |
| 0.26.4 | 2 / 2 | |
| 0.26.3 | 2 / 2 | |
| 0.26.2 | 2 / 2 | |
| 0.26.1 | 2 / 2 | |
| 0.26.0 | 2 / 2 | |
| 0.25.2 | 2 / 2 | |
| 0.25.1 | 2 / 2 | |
| 0.25.0 | 2 / 2 | |
| 0.24.0 | 2 / 2 | |
| 0.23.0 | 2 / 2 | |
| 0.22.1 | 2 / 2 | |
| 0.22.0 | 2 / 2 | |
| 0.21.0 | 2 / 2 | |
| 0.20.1 | 2 / 2 | |
| 0.20.0 | 2 / 2 | |
| 0.19.6 | 2 / 2 | |
| 0.19.5 | 2 / 2 | |
| 0.19.4 | 2 / 2 | |
| 0.19.3 | 2 / 2 | |
| 0.19.2 | 2 / 2 | |
| 0.19.1 | 2 / 2 | |
| 0.19.0 | 2 / 2 | |
| 0.18.4 | 2 / 2 | |
| 0.18.3 | 2 / 2 | |
| 0.18.2 | 2 / 2 | |
| 0.18.1 | 2 / 2 | |
| 0.18.0 | 2 / 2 | |
| 0.17.3 | 2 / 2 | |
| 0.17.2 | 2 / 2 | |
| 0.17.1 | 2 / 2 |
v0.35.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.35.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.34.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.33.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.32.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.31.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.30.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.29.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.28.0
2 findingsModified file contains 2 long encoded string(s) (200+ chars). These are commonly used to hide malicious payloads.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.27.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.26.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.25.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.24.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.23.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.22.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.21.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.20.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.6
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.19.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.18.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.