feat: Daitenguyama-Shrine — Kagami fingerprint, Shingan scanner, fixture expansion, security hardening

4-pillar update (15 epics, ~98 stories, 4 phases):

Pillar A — Market Parity (D1-D6):
- LLM quality metrics, executive summary PDF/Markdown export
- Sengoku campaign engine with skill chaining and conditional branching
- Compliance export API, consolidated report with shingan section

Pillar B — Kagami (K1-K7):
- LLM behavioral fingerprinting engine with 18 probes
- Feature vector extraction, cosine distance matching, signature DB
- KagamiPanel, KagamiResults, ProbeProgress, FeatureRadar components
- API route /api/llm/fingerprint with streaming support

Pillar C — Shingan (D7):
- Universal skill/agent scanner with 6-layer attack taxonomy
- Trust scoring (0-100) across payload, metadata, context, social, exfil, supply-chain
- skill-parser.ts supporting 6 formats (MCP, Claude agent, BMAD, hooks, plugin, unknown)
- CLI --skill mode with realpath containment and extension guard

Pillar D — Fixture Expansion (D8):
- 600+ new fixtures across 36 attack categories (high + info severity)
- Video, audio, document, image, translation, cognitive, environmental categories
- Fixture validation tests ensuring scanner pass-through accuracy

Security hardening (9 findings fixed):
- CLI output path traversal → enforced CWD boundary
- Symlink traversal in walkDir → skip symlinks
- ReDoS via glob → max length + wildcard collapsing
- Prototype pollution in skill-parser → Object.create(null) + deny-list
- SSRF payload surface → 50KB max payload guard
- --skill symlink attack → realpath + TPI_SKILL_ROOT containment
- --skill binary file → extension whitelist guard
- Shingan report symlink → realpathSync containment + field sanitization
- Evidence directory filename → path separator rejection

Tests: 6,210 passing (2,449 bu-tpi + 3,761 dojolm-web), 0 failures

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: SchenLong

packages/bu-tpi/.github/actions/tpi-scan/action.yml

@@ -0,0 +1,141 @@
+name: 'TPI Scan — AI Security Scanner'
+description: 'Scan files for prompt injection, supply chain attacks, and AI security threats'
+
+inputs:
+  path:
+    description: 'Files or directory to scan'
+    required: true
+  format:
+    description: 'Output format (sarif/junit/json/csv/text)'
+    required: false
+    default: 'sarif'
+  threshold:
+    description: 'Minimum severity to fail (CRITICAL/WARNING/INFO)'
+    required: false
+    default: 'CRITICAL'
+  engines:
+    description: 'Comma-separated engine filter (e.g., "core-patterns,mcp-parser")'
+    required: false
+    default: ''
+  node-version:
+    description: 'Node.js version'
+    required: false
+    default: '20'
+  glob:
+    description: 'Glob pattern for directory scanning'
+    required: false
+    default: '**/*.txt'
+
+outputs:
+  findings-count:
+    description: 'Total number of findings'
+    value: ${{ steps.scan.outputs.findings-count }}
+  verdict:
+    description: 'BLOCK or ALLOW'
+    value: ${{ steps.scan.outputs.verdict }}
+  report-path:
+    description: 'Path to the generated report file'
+    value: ${{ steps.scan.outputs.report-path }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+
+    - name: Install dependencies
+      shell: bash
+      run: npm ci
+      working-directory: ${{ github.workspace }}
+
+    - name: Run TPI Scan
+      id: scan
+      shell: bash
+      env:
+        INPUT_FORMAT: ${{ inputs.format }}
+        INPUT_THRESHOLD: ${{ inputs.threshold }}
+        INPUT_ENGINES: ${{ inputs.engines }}
+        INPUT_PATH: ${{ inputs.path }}
+        INPUT_GLOB: ${{ inputs.glob }}
+        RUNNER_TEMP: ${{ runner.temp }}
+      run: |
+        # Validate format input
+        case "${INPUT_FORMAT}" in
+          sarif|junit|json|csv|text) ;;
+          *) echo "::error::Invalid format: ${INPUT_FORMAT}" && exit 1 ;;
+        esac
+
+        # Validate threshold input
+        case "${INPUT_THRESHOLD}" in
+          CRITICAL|WARNING|INFO) ;;
+          *) echo "::error::Invalid threshold: ${INPUT_THRESHOLD}" && exit 1 ;;
+        esac
+
+        # Determine report file extension
+        case "${INPUT_FORMAT}" in
+          sarif) EXT="sarif" ;;
+          junit) EXT="xml" ;;
+          csv)   EXT="csv" ;;
+          json)  EXT="json" ;;
+          *)     EXT="txt" ;;
+        esac
+
+        REPORT_PATH="${RUNNER_TEMP}/tpi-scan-report.${EXT}"
+        ARGS="--format ${INPUT_FORMAT} --threshold ${INPUT_THRESHOLD} --output ${REPORT_PATH}"
+
+        if [ -n "${INPUT_ENGINES}" ]; then
+          ARGS="${ARGS} --engines ${INPUT_ENGINES}"
+        fi
+
+        if [ -d "${INPUT_PATH}" ]; then
+          ARGS="${ARGS} --dir ${INPUT_PATH} --glob ${INPUT_GLOB}"
+        else
+          ARGS="${ARGS} --file ${INPUT_PATH}"
+        fi
+
+        set +e
+        npx tpi-scan ${ARGS} --summary 2>&1
+        EXIT_CODE=$?
+        set -e
+
+        if [ ${EXIT_CODE} -eq 0 ]; then
+          echo "verdict=ALLOW" >> "${GITHUB_OUTPUT}"
+        else
+          echo "verdict=BLOCK" >> "${GITHUB_OUTPUT}"
+        fi
+
+        echo "report-path=${REPORT_PATH}" >> "${GITHUB_OUTPUT}"
+
+        # Extract findings count from report
+        if [ -f "${REPORT_PATH}" ]; then
+          if [ "${INPUT_FORMAT}" = "json" ]; then
+            COUNT=$(node -e "const r=JSON.parse(require('fs').readFileSync(process.argv[1],'utf8'));console.log(r.findings?.length??0)" "${REPORT_PATH}")
+          elif [ "${INPUT_FORMAT}" = "sarif" ]; then
+            COUNT=$(node -e "const r=JSON.parse(require('fs').readFileSync(process.argv[1],'utf8'));console.log(r.runs?.[0]?.results?.length??0)" "${REPORT_PATH}")
+          else
+            COUNT="unknown"
+          fi
+          echo "findings-count=${COUNT}" >> "${GITHUB_OUTPUT}"
+        else
+          echo "findings-count=0" >> "${GITHUB_OUTPUT}"
+        fi
+
+        exit ${EXIT_CODE}
+
+    - name: Upload SARIF to GitHub Code Scanning
+      if: inputs.format == 'sarif' && always()
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: ${{ steps.scan.outputs.report-path }}
+        category: tpi-scan
+      continue-on-error: true
+
+    - name: Upload report artifact
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        name: tpi-scan-report
+        path: ${{ steps.scan.outputs.report-path }}
+        retention-days: 30

packages/bu-tpi/examples/ci/Makefile

@@ -0,0 +1,38 @@
+# TPI Scan — Makefile Targets
+# Copy to your project root or include via: include path/to/Makefile
+
+TPI_DIR ?= .
+TPI_GLOB ?= **/*.{txt,md,json,yml,yaml}
+TPI_THRESHOLD ?= WARNING
+TPI_OUTPUT_DIR ?= ./reports
+
+.PHONY: scan scan-sarif scan-junit scan-json scan-csv scan-dir
+
+scan: ## Run TPI scan with human-readable output
+	npx tpi-scan --dir $(TPI_DIR) --glob "$(TPI_GLOB)" --threshold $(TPI_THRESHOLD)
+
+scan-sarif: ## Run TPI scan with SARIF output
+	@mkdir -p $(TPI_OUTPUT_DIR)
+	npx tpi-scan --dir $(TPI_DIR) --glob "$(TPI_GLOB)" --format sarif --output $(TPI_OUTPUT_DIR)/tpi-report.sarif --threshold $(TPI_THRESHOLD)
+	@echo "Report: $(TPI_OUTPUT_DIR)/tpi-report.sarif"
+
+scan-junit: ## Run TPI scan with JUnit XML output
+	@mkdir -p $(TPI_OUTPUT_DIR)
+	npx tpi-scan --dir $(TPI_DIR) --glob "$(TPI_GLOB)" --format junit --output $(TPI_OUTPUT_DIR)/tpi-report.xml --threshold $(TPI_THRESHOLD)
+	@echo "Report: $(TPI_OUTPUT_DIR)/tpi-report.xml"
+
+scan-json: ## Run TPI scan with JSON output
+	@mkdir -p $(TPI_OUTPUT_DIR)
+	npx tpi-scan --dir $(TPI_DIR) --glob "$(TPI_GLOB)" --format json --output $(TPI_OUTPUT_DIR)/tpi-report.json --threshold $(TPI_THRESHOLD)
+	@echo "Report: $(TPI_OUTPUT_DIR)/tpi-report.json"
+
+scan-csv: ## Run TPI scan with CSV output
+	@mkdir -p $(TPI_OUTPUT_DIR)
+	npx tpi-scan --dir $(TPI_DIR) --glob "$(TPI_GLOB)" --format csv --output $(TPI_OUTPUT_DIR)/tpi-report.csv --threshold $(TPI_THRESHOLD)
+	@echo "Report: $(TPI_OUTPUT_DIR)/tpi-report.csv"
+
+scan-dir: ## Scan specific directory (usage: make scan-dir TPI_DIR=./prompts)
+	npx tpi-scan --dir $(TPI_DIR) --glob "$(TPI_GLOB)" --threshold $(TPI_THRESHOLD) --summary
+
+help: ## Show this help
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}'

packages/bu-tpi/examples/ci/github-actions.yml

@@ -0,0 +1,58 @@
+# TPI Scan — GitHub Actions Workflow Example
+# Copy this file to your repository's .github/workflows/ directory
+
+name: AI Security Scan
+on:
+  pull_request:
+    branches: [main]
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  security-events: write
+  pull-requests: write
+
+jobs:
+  tpi-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Run TPI Scan (SARIF)
+        id: scan
+        uses: ./packages/bu-tpi/.github/actions/tpi-scan
+        with:
+          path: '.'
+          format: sarif
+          threshold: WARNING
+          glob: '**/*.{txt,md,json,yml,yaml}'
+
+      - name: Run TPI Scan (JUnit)
+        if: always()
+        uses: ./packages/bu-tpi/.github/actions/tpi-scan
+        with:
+          path: '.'
+          format: junit
+          threshold: WARNING
+          glob: '**/*.{txt,md,json,yml,yaml}'
+
+      - name: Comment on PR
+        if: github.event_name == 'pull_request' && always()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const verdict = '${{ steps.scan.outputs.verdict }}';
+            const count = '${{ steps.scan.outputs.findings-count }}';
+            const icon = verdict === 'ALLOW' ? ':white_check_mark:' : ':x:';
+            const body = `## ${icon} TPI Security Scan\n\n` +
+              `**Verdict:** ${verdict}\n` +
+              `**Findings:** ${count}\n\n` +
+              `See the [Security tab](${context.payload.repository.html_url}/security/code-scanning) for details.`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body
+            });

packages/bu-tpi/examples/ci/gitlab-ci.yml

@@ -0,0 +1,35 @@
+# TPI Scan — GitLab CI Configuration Example
+# Copy this file (or merge into your existing .gitlab-ci.yml)
+
+stages:
+  - test
+
+tpi-scan:
+  stage: test
+  image: node:20-slim
+  before_script:
+    - npm ci
+  script:
+    - npx tpi-scan --dir . --glob "**/*.{txt,md,json,yml,yaml}" --format junit --output tpi-report.xml --threshold WARNING
+  artifacts:
+    when: always
+    reports:
+      junit: tpi-report.xml
+    paths:
+      - tpi-report.xml
+    expire_in: 30 days
+  allow_failure: false
+
+tpi-scan-sarif:
+  stage: test
+  image: node:20-slim
+  before_script:
+    - npm ci
+  script:
+    - npx tpi-scan --dir . --glob "**/*.{txt,md,json,yml,yaml}" --format sarif --output tpi-report.sarif
+  artifacts:
+    when: always
+    paths:
+      - tpi-report.sarif
+    expire_in: 30 days
+  allow_failure: true

packages/bu-tpi/examples/ci/pre-commit-hook.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env bash
+# TPI Scan — Git Pre-Commit Hook
+#
+# Installation:
+#   cp pre-commit-hook.sh .git/hooks/pre-commit
+#   chmod +x .git/hooks/pre-commit
+#
+# Configuration (optional): create .tpi-scan.yml in project root
+#   threshold: WARNING
+#   patterns:
+#     - "*.txt"
+#     - "*.md"
+#     - "*.json"
+#     - "*.yml"
+#     - "*.yaml"
+
+set -euo pipefail
+
+# Defaults
+THRESHOLD="CRITICAL"
+PATTERNS=("*.txt" "*.json" "*.md" "*.yml" "*.yaml")
+
+# Load config if present
+CONFIG_FILE=".tpi-scan.yml"
+if [ -f "$CONFIG_FILE" ]; then
+  # Parse threshold
+  CFG_THRESHOLD=$(grep -E '^threshold:' "$CONFIG_FILE" | awk '{print $2}' | tr -d '"'"'" || true)
+  if [ -n "$CFG_THRESHOLD" ]; then
+    case "$CFG_THRESHOLD" in
+      CRITICAL|WARNING|INFO) THRESHOLD="$CFG_THRESHOLD" ;;
+      *) echo "[TPI Scan] Invalid threshold '${CFG_THRESHOLD}' in config, using default: CRITICAL" >&2 ;;
+    esac
+  fi
+
+  # Parse patterns (simple YAML array parsing)
+  CFG_PATTERNS=()
+  IN_PATTERNS=false
+  while IFS= read -r line; do
+    if echo "$line" | grep -qE '^patterns:'; then
+      IN_PATTERNS=true
+      continue
+    fi
+    if [ "$IN_PATTERNS" = true ]; then
+      if echo "$line" | grep -qE '^\s+-\s+'; then
+        PATTERN=$(echo "$line" | sed 's/^\s*-\s*//' | tr -d '"'"'")
+        CFG_PATTERNS+=("$PATTERN")
+      else
+        IN_PATTERNS=false
+      fi
+    fi
+  done < "$CONFIG_FILE"
+
+  if [ ${#CFG_PATTERNS[@]} -gt 0 ]; then
+    PATTERNS=("${CFG_PATTERNS[@]}")
+  fi
+fi
+
+# Collect staged files matching patterns
+STAGED_FILES=()
+for PATTERN in "${PATTERNS[@]}"; do
+  while IFS= read -r file; do
+    if [ -n "$file" ] && [ -f "$file" ]; then
+      STAGED_FILES+=("$file")
+    fi
+  done < <(git diff --cached --name-only --diff-filter=ACM -- "$PATTERN" 2>/dev/null || true)
+done
+
+# Nothing to scan
+if [ ${#STAGED_FILES[@]} -eq 0 ]; then
+  exit 0
+fi
+
+echo "[TPI Scan] Scanning ${#STAGED_FILES[@]} staged file(s) (threshold: ${THRESHOLD})..."
+
+# Scan each file
+BLOCK=false
+TOTAL_FINDINGS=0
+
+for FILE in "${STAGED_FILES[@]}"; do
+  RESULT=$(npx tpi-scan --file "$FILE" --format json --threshold "$THRESHOLD" 2>/dev/null || true)
+  if [ -n "$RESULT" ]; then
+    FINDINGS=$(echo "$RESULT" | node -e "
+      let d='';process.stdin.on('data',c=>d+=c);
+      process.stdin.on('end',()=>{
+        try{const r=JSON.parse(d);console.log(r.findings?.length??0)}
+        catch{console.log(0)}
+      })" 2>/dev/null || echo "0")
+    VERDICT=$(echo "$RESULT" | node -e "
+      let d='';process.stdin.on('data',c=>d+=c);
+      process.stdin.on('end',()=>{
+        try{const r=JSON.parse(d);console.log(r.verdict??'ALLOW')}
+        catch{console.log('ALLOW')}
+      })" 2>/dev/null || echo "ALLOW")
+
+    if [ "$FINDINGS" != "0" ]; then
+      TOTAL_FINDINGS=$((TOTAL_FINDINGS + FINDINGS))
+      echo "  ${FILE}: ${FINDINGS} finding(s) [${VERDICT}]"
+    fi
+
+    if [ "$VERDICT" = "BLOCK" ]; then
+      BLOCK=true
+    fi
+  fi
+done
+
+if [ "$BLOCK" = true ]; then
+  echo ""
+  echo "[TPI Scan] BLOCKED: ${TOTAL_FINDINGS} finding(s) exceed ${THRESHOLD} threshold."
+  echo "  Run 'npx tpi-scan --file <path>' for details."
+  echo "  Use 'git commit --no-verify' to skip (not recommended)."
+  exit 1
+else
+  if [ "$TOTAL_FINDINGS" -gt 0 ]; then
+    echo "[TPI Scan] PASSED with ${TOTAL_FINDINGS} finding(s) below ${THRESHOLD} threshold."
+  fi
+  exit 0
+fi