@jait/gateway — Greenflagged

Jait AI gateway — local-first AI coding agent with terminal, filesystem, and browser control

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures gitHead linked

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

jakobwl

Keywords

aiagentcodinggatewayterminallocal-first

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
source-diff	obfuscated-file:web-dist/assets/blockDiagram-WCTKOSBZ-CNLmGpHu.js	AI (source-diff): Minified mermaid block diagram bundle; standard build artifact.	ai	2026/06/01
source-diff	obfuscated-file:web-dist/assets/graph-BDokxLqo.js	AI (source-diff): Minified graph library bundle; standard build artifact.	ai	2026/06/01
source-diff	net-exec-file:web-dist/assets/index-B3efWHMg.js	AI (source-diff): Network+exec pattern is mermaid's dynamic diagram renderer in bundled frontend, not malware.	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/index-B3efWHMg.js	AI (source-diff): Standard Vite-bundled frontend output; minified open-source libs (mermaid, d3, etc.).	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/architectureDiagram-2XIMDMQ5-Dc-KsYhx.js	AI (source-diff): Minified mermaid architecture diagram renderer; standard build output.	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/cose-bilkent-S5V4N54A-DKSvV8VX.js	AI (source-diff): Minified cose-bilkent cytoscape layout library; standard build output.	ai	2026/05/30
source-diff	obfuscated-file:web-dist/assets/dagre-KLK3FWXG-DJ0xtDkx.js	AI (source-diff): Minified dagre graph layout library; standard build output.	ai	2026/05/30
source-diff	large-new-source-files	AI (source-diff): Large file count reflects first inclusion of bundled web-dist frontend assets.	ai	2026/05/30
semgrep	semgrep:shady-links-raw-ip	AI (semgrep): Raw IP is 127.0.0.1 (localhost) health check — not an external exfiltration endpoint.	ai	2026/05/16
phantom-deps	phantom-dep:zod	AI (phantom-deps): zod is a declared runtime dep used in config/schema files; phantom-dep heuristic false positive.	ai	2026/05/16
phantom-deps	phantom-dep:pino	AI (phantom-deps): pino is a declared runtime dep; phantom-dep heuristic false positive.	ai	2026/05/16
phantom-deps	phantom-dep:@fastify/websocket	AI (phantom-deps): @fastify/websocket is a declared runtime dep; phantom-dep heuristic false positive.	ai	2026/05/16
semgrep	semgrep:dll-hijacking-commands	AI (semgrep): Fires on frozen JSON grammar definition blob in bundled web asset; no actual DLL loading commands present.	ai	2026/05/16
semgrep	semgrep:env-spread	AI (semgrep): env spread is used to pass current env plus a flag to a background child process — standard daemon-launch pattern, not exfiltration.	ai	2026/05/16

Versions (showing 100 of 243)

Version	Deps	Published
0.1.349	17 / 4	2026-04-20
0.1.348	17 / 4	2026-04-20
0.1.347	17 / 4	2026-04-20
0.1.346	17 / 4	2026-04-20
0.1.345	17 / 4	2026-04-20
0.1.344	17 / 4	2026-04-20
0.1.343	17 / 4	2026-04-19
0.1.342	17 / 4	2026-04-19
0.1.341	17 / 4	2026-04-19
0.1.340	17 / 4	2026-04-19
0.1.339	17 / 4	2026-04-19
0.1.338	17 / 4	2026-04-19
0.1.337	17 / 4	2026-04-19
0.1.334	17 / 4	2026-04-19
0.1.333	17 / 4	2026-04-19
0.1.332	17 / 4	2026-04-19
0.1.331	17 / 4	2026-04-19
0.1.330	17 / 4	2026-04-19
0.1.329	17 / 4	2026-04-19
0.1.328	17 / 4	2026-04-19
0.1.327	17 / 4	2026-04-19
0.1.326	17 / 4	2026-04-19
0.1.325	17 / 4	2026-04-19
0.1.324	17 / 4	2026-04-19
0.1.323	17 / 4	2026-04-18
0.1.322	17 / 4	2026-04-18
0.1.321	17 / 4	2026-04-18
0.1.320	17 / 4	2026-04-18
0.1.319	17 / 4	2026-04-18
0.1.318	16 / 4	2026-04-18
0.1.317	16 / 4	2026-04-17
0.1.316	16 / 4	2026-04-17
0.1.315	16 / 4	2026-04-16
0.1.314	16 / 4	2026-04-16
0.1.313	16 / 4	2026-04-16
0.1.312	16 / 4	2026-04-16
0.1.311	16 / 4	2026-04-15
0.1.310	16 / 4	2026-04-15
0.1.309	16 / 4	2026-04-15
0.1.308	16 / 4	2026-04-15
0.1.307	16 / 4	2026-04-15
0.1.306	16 / 4	2026-04-14
0.1.305	16 / 4	2026-04-14
0.1.304	16 / 4	2026-04-14
0.1.303	16 / 4	2026-04-14
0.1.302	16 / 4	2026-04-14
0.1.301	16 / 4	2026-04-14
0.1.300	16 / 4	2026-04-14
0.1.299	16 / 4	2026-04-14
0.1.298	16 / 4	2026-04-14
0.1.297	16 / 4	2026-04-12
0.1.296	16 / 4	2026-04-12
0.1.295	16 / 4	2026-04-11
0.1.294	16 / 4	2026-04-11
0.1.292	16 / 4	2026-04-06
0.1.291	16 / 4	2026-04-06
0.1.290	16 / 4	2026-04-06
0.1.289	16 / 4	2026-04-06
0.1.288	16 / 4	2026-04-06
0.1.287	16 / 4	2026-04-06
0.1.286	16 / 4	2026-04-06
0.1.285	16 / 4	2026-04-05
0.1.284	16 / 4	2026-04-05
0.1.283	16 / 4	2026-04-05
0.1.282	16 / 4	2026-04-05
0.1.281	16 / 4	2026-04-05
0.1.280	16 / 4	2026-04-05
0.1.279	16 / 4	2026-04-05
0.1.278	16 / 4	2026-04-05
0.1.277	16 / 4	2026-04-04
0.1.276	16 / 4	2026-04-04
0.1.275	16 / 4	2026-04-04
0.1.274	16 / 4	2026-04-04
0.1.273	16 / 4	2026-04-04
0.1.272	16 / 4	2026-04-04
0.1.270	16 / 4	2026-04-03
0.1.269	16 / 4	2026-03-30
0.1.268	16 / 4	2026-03-30
0.1.267	16 / 4	2026-03-30
0.1.266	16 / 4	2026-03-30
0.1.265	16 / 4	2026-03-30
0.1.264	16 / 4	2026-03-30
0.1.262	16 / 4	2026-03-29
0.1.68	17 / 4	2026-03-14
0.1.67	17 / 4	2026-03-14
0.1.66	17 / 4	2026-03-14
0.1.65	17 / 4	2026-03-14
0.1.64	17 / 4	2026-03-14
0.1.63	17 / 4	2026-03-14
0.1.62	17 / 4	2026-03-14
0.1.61	17 / 4	2026-03-13
0.1.59	17 / 4	2026-03-13
0.1.58	17 / 4	2026-03-13
0.1.57	17 / 4	2026-03-13
0.1.56	17 / 4	2026-03-13
0.1.55	17 / 4	2026-03-13
0.1.54	17 / 4	2026-03-13
0.1.53	17 / 4	2026-03-13
0.1.49	18 / 4	2026-03-12
0.1.48	18 / 4	2026-03-12

Showing 100 of 243 Next page →

v0.1.349

2 findings

HIGH env-spread: bin/jait.mjs:269 semgrep

Spreading entire process.env into an object — may capture all secrets Source: https://github.com/Widev-e-U/Jait/blob/cf555fbfda4f5eddbd7cf0e746e53d21cb690c32/bin/jait.mjs#L269 267 | detached: true, 268 | stdio: ["ignore", logFd, errFd], > 269 | env: { ...process.env, __JAIT_BACKGROUND: "1" }, 270 | windowsHide: true, 271 | });

LOW No provenance attestation provenance