@jait/gateway — Greenflagged

Jait AI gateway — local-first AI coding agent with terminal, filesystem, and browser control

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

jakobwl

Keywords

aiagentcodinggatewayterminallocal-first

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:web-dist/assets/blockDiagram-WCTKOSBZ-CNLmGpHu.js	AI (source-diff): Minified mermaid block diagram bundle; standard build artifact.	ai	2026/06/01
source-diff	obfuscated-file:web-dist/assets/graph-BDokxLqo.js	AI (source-diff): Minified graph library bundle; standard build artifact.	ai	2026/06/01
source-diff	net-exec-file:web-dist/assets/index-B3efWHMg.js	AI (source-diff): Network+exec pattern is mermaid's dynamic diagram renderer in bundled frontend, not malware.	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/index-B3efWHMg.js	AI (source-diff): Standard Vite-bundled frontend output; minified open-source libs (mermaid, d3, etc.).	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/architectureDiagram-2XIMDMQ5-Dc-KsYhx.js	AI (source-diff): Minified mermaid architecture diagram renderer; standard build output.	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/cose-bilkent-S5V4N54A-DKSvV8VX.js	AI (source-diff): Minified cose-bilkent cytoscape layout library; standard build output.	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/dagre-KLK3FWXG-DJ0xtDkx.js	AI (source-diff): Minified dagre graph layout library; standard build output.	ai	2026/05/30
source-diff	large-new-source-files	AI (source-diff): Large file count reflects first inclusion of bundled web-dist frontend assets.	ai	2026/05/30
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): Raw IP is 127.0.0.1 (localhost) health check — not an external exfiltration endpoint.	ai	2026/05/16
phantom-deps	phantom-dep:zod	AI (phantom-deps): zod is a declared runtime dep used in config/schema files; phantom-dep heuristic false positive.	ai	2026/05/16
phantom-deps	phantom-dep:pino	AI (phantom-deps): pino is a declared runtime dep; phantom-dep heuristic false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@fastify/websocket	AI (phantom-deps): @fastify/websocket is a declared runtime dep; phantom-dep heuristic false positive.	ai	2026/05/16
semgrep	semgrep:dll-hijacking-commands	AI (semgrep): Fires on frozen JSON grammar definition blob in bundled web asset; no actual DLL loading commands present.	ai	2026/05/16
semgrep	semgrep:env-spread	AI (semgrep): env spread is used to pass current env plus a flag to a background child process — standard daemon-launch pattern, not exfiltration.	ai	2026/05/16

Versions (showing 43 of 243)

Version	Deps	Published
0.1.47	18 / 4	2026-03-12
0.1.46	18 / 4	2026-03-12
0.1.45	18 / 4	2026-03-12
0.1.44	18 / 4	2026-03-12
0.1.43	18 / 4	2026-03-12
0.1.42	18 / 4	2026-03-12
0.1.39	17 / 4	2026-03-12
0.1.38	17 / 4	2026-03-12
0.1.37	17 / 4	2026-03-12
0.1.36	17 / 4	2026-03-12
0.1.35	17 / 4	2026-03-12
0.1.34	17 / 4	2026-03-11
0.1.33	17 / 4	2026-03-11
0.1.32	17 / 4	2026-03-11
0.1.31	17 / 4	2026-03-11
0.1.30	17 / 4	2026-03-11
0.1.29	17 / 4	2026-03-11
0.1.28	17 / 4	2026-03-11
0.1.27	17 / 4	2026-03-11
0.1.26	17 / 4	2026-03-11
0.1.25	17 / 4	2026-03-11
0.1.24	17 / 4	2026-03-11
0.1.23	17 / 4	2026-03-11
0.1.22	17 / 4	2026-03-11
0.1.21	17 / 4	2026-03-11
0.1.20	17 / 4	2026-03-11
0.1.19	17 / 4	2026-03-11
0.1.17	17 / 4	2026-03-10
0.1.16	17 / 4	2026-03-10
0.1.14	17 / 4	2026-03-10
0.1.13	17 / 4	2026-03-10
0.1.12	17 / 4	2026-03-10
0.1.11	17 / 4	2026-03-10
0.1.10	17 / 4	2026-03-10
0.1.9	17 / 4	2026-03-10
0.1.8	17 / 4	2026-03-10
0.1.7	17 / 4	2026-03-09
0.1.6	17 / 4	2026-03-09
0.1.5	17 / 4	2026-03-09
0.1.4	17 / 4	2026-03-09
0.1.3	17 / 4	2026-03-09
0.1.1	17 / 4	2026-03-09
0.1.0	17 / 4	2026-03-09