Audit hardening: unpack scanning, SARIF/JSON output, apm-action wiring

[danielmeppiel]

Summary

Strengthen apm audit with three capabilities: content scanning during apm unpack, machine-readable output (SARIF/JSON), and apm-action integration for CI artifact capture.

Motivation

• Unpack gap: apm install scans files for hidden Unicode characters before deployment, but apm unpack does not. Bundles can carry tampered content that lands on disk unscanned. Since apm-action's bundle restore mode uses apm unpack, this gap affects CI workflows.
• No machine-readable output: apm audit only outputs Rich tables. CI pipelines need JSON or SARIF to capture findings as artifacts and integrate with GitHub Code Scanning.
• apm-action doesn't surface audit: No way to generate or upload audit reports during apm install or bundle restore in CI.

Changes

1. Content scanning for apm unpack

• Scan bundle files after extraction, before deployment using the same ContentScanner as install
• Critical findings block deployment unless --force is used
• Warnings are non-blocking
• New --force flag on unpack (audit override only)

2. apm audit --format sarif/json --output

• --format/-f: text (default), json (machine-readable), sarif (GitHub Code Scanning)
• --output/-o: write to file with auto-detection from extension (.sarif, .json)
• SARIF 2.1.0 compliant; relative paths only, no content snippets (privacy-safe)
• New src/apm_cli/security/audit_report.py module

3. apm-action audit-report input (microsoft/apm-action)

• New audit-report input and audit-report-path output
• Passes --audit-report to apm install and apm unpack in bundle restore mode
• Emits core.warning() when raw tar fallback executes without scanning

4. Documentation

• Fix apm audit --ci references — correctly marked as planned (not yet available)
• Add SARIF golden path workflow to CI/CD docs
• Add Content Scanning section to gh-aw integration docs
• Update CLI reference with new flags
• Update security docs with unpack coverage

CI golden path

- uses: microsoft/apm-action@v1
  with:
    commands: apm install
- run: apm audit -f sarif -o apm-audit.sarif
  if: always()
- uses: github/codeql-action/upload-sarif@v3
  if: always()
  with:
    sarif_file: apm-audit.sarif
    category: apm-audit

Security considerations

• SARIF uses relative paths only, never includes file content snippets
• --force overrides are visible in CLI output (forensic trail)
• Unpack scanning prevents tampered bundles from reaching agent-readable directories
• Raw tar fallback (APM not installed) skips scanning — documented as limitation

Limitations

• Audit detects hidden Unicode only — not plain-text prompt injection, homoglyphs, or semantic manipulation
• apm audit --ci (lockfile consistency / drift detection) remains planned, not implemented
• Bundle signing is not in scope (integrity relies on transport security)