npm - @oculum/scanner - Versions diffs - 1.0.0 - Mend

@oculum/scanner 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (281) hide show

package/dist/formatters/cli-terminal.d.ts +27 -0
package/dist/formatters/cli-terminal.d.ts.map +1 -0
package/dist/formatters/cli-terminal.js +412 -0
package/dist/formatters/cli-terminal.js.map +1 -0
package/dist/formatters/github-comment.d.ts +41 -0
package/dist/formatters/github-comment.d.ts.map +1 -0
package/dist/formatters/github-comment.js +306 -0
package/dist/formatters/github-comment.js.map +1 -0
package/dist/formatters/grouping.d.ts +52 -0
package/dist/formatters/grouping.d.ts.map +1 -0
package/dist/formatters/grouping.js +152 -0
package/dist/formatters/grouping.js.map +1 -0
package/dist/formatters/index.d.ts +9 -0
package/dist/formatters/index.d.ts.map +1 -0
package/dist/formatters/index.js +35 -0
package/dist/formatters/index.js.map +1 -0
package/dist/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/formatters/vscode-diagnostic.js +151 -0
package/dist/formatters/vscode-diagnostic.js.map +1 -0
package/dist/index.d.ts +52 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +648 -0
package/dist/index.js.map +1 -0
package/dist/layer1/comments.d.ts +8 -0
package/dist/layer1/comments.d.ts.map +1 -0
package/dist/layer1/comments.js +203 -0
package/dist/layer1/comments.js.map +1 -0
package/dist/layer1/config-audit.d.ts +8 -0
package/dist/layer1/config-audit.d.ts.map +1 -0
package/dist/layer1/config-audit.js +252 -0
package/dist/layer1/config-audit.js.map +1 -0
package/dist/layer1/entropy.d.ts +8 -0
package/dist/layer1/entropy.d.ts.map +1 -0
package/dist/layer1/entropy.js +500 -0
package/dist/layer1/entropy.js.map +1 -0
package/dist/layer1/file-flags.d.ts +7 -0
package/dist/layer1/file-flags.d.ts.map +1 -0
package/dist/layer1/file-flags.js +112 -0
package/dist/layer1/file-flags.js.map +1 -0
package/dist/layer1/index.d.ts +36 -0
package/dist/layer1/index.d.ts.map +1 -0
package/dist/layer1/index.js +132 -0
package/dist/layer1/index.js.map +1 -0
package/dist/layer1/patterns.d.ts +8 -0
package/dist/layer1/patterns.d.ts.map +1 -0
package/dist/layer1/patterns.js +482 -0
package/dist/layer1/patterns.js.map +1 -0
package/dist/layer1/urls.d.ts +8 -0
package/dist/layer1/urls.d.ts.map +1 -0
package/dist/layer1/urls.js +296 -0
package/dist/layer1/urls.js.map +1 -0
package/dist/layer1/weak-crypto.d.ts +7 -0
package/dist/layer1/weak-crypto.d.ts.map +1 -0
package/dist/layer1/weak-crypto.js +291 -0
package/dist/layer1/weak-crypto.js.map +1 -0
package/dist/layer2/ai-agent-tools.d.ts +19 -0
package/dist/layer2/ai-agent-tools.d.ts.map +1 -0
package/dist/layer2/ai-agent-tools.js +528 -0
package/dist/layer2/ai-agent-tools.js.map +1 -0
package/dist/layer2/ai-endpoint-protection.d.ts +36 -0
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -0
package/dist/layer2/ai-endpoint-protection.js +332 -0
package/dist/layer2/ai-endpoint-protection.js.map +1 -0
package/dist/layer2/ai-execution-sinks.d.ts +18 -0
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -0
package/dist/layer2/ai-execution-sinks.js +496 -0
package/dist/layer2/ai-execution-sinks.js.map +1 -0
package/dist/layer2/ai-fingerprinting.d.ts +7 -0
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -0
package/dist/layer2/ai-fingerprinting.js +654 -0
package/dist/layer2/ai-fingerprinting.js.map +1 -0
package/dist/layer2/ai-prompt-hygiene.d.ts +19 -0
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -0
package/dist/layer2/ai-prompt-hygiene.js +356 -0
package/dist/layer2/ai-prompt-hygiene.js.map +1 -0
package/dist/layer2/ai-rag-safety.d.ts +21 -0
package/dist/layer2/ai-rag-safety.d.ts.map +1 -0
package/dist/layer2/ai-rag-safety.js +459 -0
package/dist/layer2/ai-rag-safety.js.map +1 -0
package/dist/layer2/ai-schema-validation.d.ts +25 -0
package/dist/layer2/ai-schema-validation.d.ts.map +1 -0
package/dist/layer2/ai-schema-validation.js +375 -0
package/dist/layer2/ai-schema-validation.js.map +1 -0
package/dist/layer2/auth-antipatterns.d.ts +20 -0
package/dist/layer2/auth-antipatterns.d.ts.map +1 -0
package/dist/layer2/auth-antipatterns.js +333 -0
package/dist/layer2/auth-antipatterns.js.map +1 -0
package/dist/layer2/byok-patterns.d.ts +12 -0
package/dist/layer2/byok-patterns.d.ts.map +1 -0
package/dist/layer2/byok-patterns.js +299 -0
package/dist/layer2/byok-patterns.js.map +1 -0
package/dist/layer2/dangerous-functions.d.ts +7 -0
package/dist/layer2/dangerous-functions.d.ts.map +1 -0
package/dist/layer2/dangerous-functions.js +1375 -0
package/dist/layer2/dangerous-functions.js.map +1 -0
package/dist/layer2/data-exposure.d.ts +16 -0
package/dist/layer2/data-exposure.d.ts.map +1 -0
package/dist/layer2/data-exposure.js +279 -0
package/dist/layer2/data-exposure.js.map +1 -0
package/dist/layer2/framework-checks.d.ts +7 -0
package/dist/layer2/framework-checks.d.ts.map +1 -0
package/dist/layer2/framework-checks.js +388 -0
package/dist/layer2/framework-checks.js.map +1 -0
package/dist/layer2/index.d.ts +58 -0
package/dist/layer2/index.d.ts.map +1 -0
package/dist/layer2/index.js +380 -0
package/dist/layer2/index.js.map +1 -0
package/dist/layer2/logic-gates.d.ts +7 -0
package/dist/layer2/logic-gates.d.ts.map +1 -0
package/dist/layer2/logic-gates.js +182 -0
package/dist/layer2/logic-gates.js.map +1 -0
package/dist/layer2/risky-imports.d.ts +7 -0
package/dist/layer2/risky-imports.d.ts.map +1 -0
package/dist/layer2/risky-imports.js +161 -0
package/dist/layer2/risky-imports.js.map +1 -0
package/dist/layer2/variables.d.ts +8 -0
package/dist/layer2/variables.d.ts.map +1 -0
package/dist/layer2/variables.js +152 -0
package/dist/layer2/variables.js.map +1 -0
package/dist/layer3/anthropic.d.ts +83 -0
package/dist/layer3/anthropic.d.ts.map +1 -0
package/dist/layer3/anthropic.js +1745 -0
package/dist/layer3/anthropic.js.map +1 -0
package/dist/layer3/index.d.ts +24 -0
package/dist/layer3/index.d.ts.map +1 -0
package/dist/layer3/index.js +119 -0
package/dist/layer3/index.js.map +1 -0
package/dist/layer3/openai.d.ts +25 -0
package/dist/layer3/openai.d.ts.map +1 -0
package/dist/layer3/openai.js +238 -0
package/dist/layer3/openai.js.map +1 -0
package/dist/layer3/package-check.d.ts +63 -0
package/dist/layer3/package-check.d.ts.map +1 -0
package/dist/layer3/package-check.js +508 -0
package/dist/layer3/package-check.js.map +1 -0
package/dist/modes/incremental.d.ts +66 -0
package/dist/modes/incremental.d.ts.map +1 -0
package/dist/modes/incremental.js +200 -0
package/dist/modes/incremental.js.map +1 -0
package/dist/tiers.d.ts +125 -0
package/dist/tiers.d.ts.map +1 -0
package/dist/tiers.js +234 -0
package/dist/tiers.js.map +1 -0
package/dist/types.d.ts +175 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +50 -0
package/dist/types.js.map +1 -0
package/dist/utils/auth-helper-detector.d.ts +56 -0
package/dist/utils/auth-helper-detector.d.ts.map +1 -0
package/dist/utils/auth-helper-detector.js +360 -0
package/dist/utils/auth-helper-detector.js.map +1 -0
package/dist/utils/context-helpers.d.ts +96 -0
package/dist/utils/context-helpers.d.ts.map +1 -0
package/dist/utils/context-helpers.js +493 -0
package/dist/utils/context-helpers.js.map +1 -0
package/dist/utils/diff-detector.d.ts +53 -0
package/dist/utils/diff-detector.d.ts.map +1 -0
package/dist/utils/diff-detector.js +104 -0
package/dist/utils/diff-detector.js.map +1 -0
package/dist/utils/diff-parser.d.ts +80 -0
package/dist/utils/diff-parser.d.ts.map +1 -0
package/dist/utils/diff-parser.js +202 -0
package/dist/utils/diff-parser.js.map +1 -0
package/dist/utils/imported-auth-detector.d.ts +37 -0
package/dist/utils/imported-auth-detector.d.ts.map +1 -0
package/dist/utils/imported-auth-detector.js +251 -0
package/dist/utils/imported-auth-detector.js.map +1 -0
package/dist/utils/middleware-detector.d.ts +55 -0
package/dist/utils/middleware-detector.d.ts.map +1 -0
package/dist/utils/middleware-detector.js +260 -0
package/dist/utils/middleware-detector.js.map +1 -0
package/dist/utils/oauth-flow-detector.d.ts +41 -0
package/dist/utils/oauth-flow-detector.d.ts.map +1 -0
package/dist/utils/oauth-flow-detector.js +202 -0
package/dist/utils/oauth-flow-detector.js.map +1 -0
package/dist/utils/path-exclusions.d.ts +55 -0
package/dist/utils/path-exclusions.d.ts.map +1 -0
package/dist/utils/path-exclusions.js +222 -0
package/dist/utils/path-exclusions.js.map +1 -0
package/dist/utils/project-context-builder.d.ts +119 -0
package/dist/utils/project-context-builder.d.ts.map +1 -0
package/dist/utils/project-context-builder.js +534 -0
package/dist/utils/project-context-builder.js.map +1 -0
package/dist/utils/registry-clients.d.ts +93 -0
package/dist/utils/registry-clients.d.ts.map +1 -0
package/dist/utils/registry-clients.js +273 -0
package/dist/utils/registry-clients.js.map +1 -0
package/dist/utils/trpc-analyzer.d.ts +78 -0
package/dist/utils/trpc-analyzer.d.ts.map +1 -0
package/dist/utils/trpc-analyzer.js +297 -0
package/dist/utils/trpc-analyzer.js.map +1 -0
package/package.json +45 -0
package/src/__tests__/benchmark/fixtures/false-positives.ts +227 -0
package/src/__tests__/benchmark/fixtures/index.ts +68 -0
package/src/__tests__/benchmark/fixtures/layer1/config-audit.ts +364 -0
package/src/__tests__/benchmark/fixtures/layer1/hardcoded-secrets.ts +173 -0
package/src/__tests__/benchmark/fixtures/layer1/high-entropy.ts +234 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +31 -0
package/src/__tests__/benchmark/fixtures/layer1/sensitive-urls.ts +90 -0
package/src/__tests__/benchmark/fixtures/layer1/weak-crypto.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-agent-tools.ts +170 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-endpoint-protection.ts +418 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +189 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-fingerprinting.ts +316 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-prompt-hygiene.ts +178 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-rag-safety.ts +184 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-schema-validation.ts +434 -0
package/src/__tests__/benchmark/fixtures/layer2/auth-antipatterns.ts +159 -0
package/src/__tests__/benchmark/fixtures/layer2/byok-patterns.ts +112 -0
package/src/__tests__/benchmark/fixtures/layer2/dangerous-functions.ts +246 -0
package/src/__tests__/benchmark/fixtures/layer2/data-exposure.ts +168 -0
package/src/__tests__/benchmark/fixtures/layer2/framework-checks.ts +346 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +67 -0
package/src/__tests__/benchmark/fixtures/layer2/injection-vulnerabilities.ts +239 -0
package/src/__tests__/benchmark/fixtures/layer2/logic-gates.ts +246 -0
package/src/__tests__/benchmark/fixtures/layer2/risky-imports.ts +231 -0
package/src/__tests__/benchmark/fixtures/layer2/variables.ts +167 -0
package/src/__tests__/benchmark/index.ts +29 -0
package/src/__tests__/benchmark/run-benchmark.ts +144 -0
package/src/__tests__/benchmark/run-depth-validation.ts +206 -0
package/src/__tests__/benchmark/run-real-world-test.ts +243 -0
package/src/__tests__/benchmark/security-benchmark-script.ts +1737 -0
package/src/__tests__/benchmark/tier-integration-script.ts +177 -0
package/src/__tests__/benchmark/types.ts +144 -0
package/src/__tests__/benchmark/utils/test-runner.ts +475 -0
package/src/__tests__/regression/known-false-positives.test.ts +467 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +178 -0
package/src/__tests__/snapshots/scan-depth.test.ts +258 -0
package/src/__tests__/validation/analyze-results.ts +542 -0
package/src/__tests__/validation/extract-for-triage.ts +146 -0
package/src/__tests__/validation/fp-deep-analysis.ts +327 -0
package/src/__tests__/validation/run-validation.ts +364 -0
package/src/__tests__/validation/triage-template.md +132 -0
package/src/formatters/cli-terminal.ts +446 -0
package/src/formatters/github-comment.ts +382 -0
package/src/formatters/grouping.ts +190 -0
package/src/formatters/index.ts +47 -0
package/src/formatters/vscode-diagnostic.ts +243 -0
package/src/index.ts +823 -0
package/src/layer1/comments.ts +218 -0
package/src/layer1/config-audit.ts +289 -0
package/src/layer1/entropy.ts +583 -0
package/src/layer1/file-flags.ts +127 -0
package/src/layer1/index.ts +181 -0
package/src/layer1/patterns.ts +516 -0
package/src/layer1/urls.ts +334 -0
package/src/layer1/weak-crypto.ts +328 -0
package/src/layer2/ai-agent-tools.ts +601 -0
package/src/layer2/ai-endpoint-protection.ts +387 -0
package/src/layer2/ai-execution-sinks.ts +580 -0
package/src/layer2/ai-fingerprinting.ts +758 -0
package/src/layer2/ai-prompt-hygiene.ts +411 -0
package/src/layer2/ai-rag-safety.ts +511 -0
package/src/layer2/ai-schema-validation.ts +421 -0
package/src/layer2/auth-antipatterns.ts +394 -0
package/src/layer2/byok-patterns.ts +336 -0
package/src/layer2/dangerous-functions.ts +1563 -0
package/src/layer2/data-exposure.ts +315 -0
package/src/layer2/framework-checks.ts +433 -0
package/src/layer2/index.ts +473 -0
package/src/layer2/logic-gates.ts +206 -0
package/src/layer2/risky-imports.ts +186 -0
package/src/layer2/variables.ts +166 -0
package/src/layer3/anthropic.ts +2030 -0
package/src/layer3/index.ts +130 -0
package/src/layer3/package-check.ts +604 -0
package/src/modes/incremental.ts +293 -0
package/src/tiers.ts +318 -0
package/src/types.ts +284 -0
package/src/utils/auth-helper-detector.ts +443 -0
package/src/utils/context-helpers.ts +535 -0
package/src/utils/diff-detector.ts +135 -0
package/src/utils/diff-parser.ts +272 -0
package/src/utils/imported-auth-detector.ts +320 -0
package/src/utils/middleware-detector.ts +333 -0
package/src/utils/oauth-flow-detector.ts +246 -0
package/src/utils/path-exclusions.ts +266 -0
package/src/utils/project-context-builder.ts +707 -0
package/src/utils/registry-clients.ts +351 -0
package/src/utils/trpc-analyzer.ts +382 -0

package/src/layer2/ai-rag-safety.ts ADDED Viewed

@@ -0,0 +1,511 @@
+/**
+ * Layer 2: RAG Data Safety Detection
+ * Detects data exfiltration risks in Retrieval Augmented Generation systems
+ *
+ * Covers:
+ * - M5.1: RAG data exfiltration (cross-tenant retrieval, raw context exposure)
+ * - Unscoped vector store queries
+ * - Raw retrieved context in responses
+ * - Context logging risks
+ */
+import type { Vulnerability, VulnerabilitySeverity } from '../types'
+import {
+  isComment,
+  isTestOrMockFile,
+  isDocumentationFile,
+  isScannerOrFixtureFile,
+  isExampleDirectory,
+  isLibraryCode,
+} from '../utils/context-helpers'
+// ============================================================================
+// Context Detection
+// ============================================================================
+/**
+ * Check if file uses client-side fuzzy search libraries (not vector stores)
+ * These are safe local search implementations, not cross-tenant data access risks
+ */
+function isClientSideFuzzySearch(content: string): boolean {
+  const fuzzySearchPatterns = [
+    // Fuse.js - client-side fuzzy search
+    /import.*from\s+['"]fuse\.js['"]/i,
+    /require\s*\(\s*['"]fuse\.js['"]\s*\)/i,
+    /new\s+Fuse\s*\(/i,
+    // Other client-side search libraries
+    /import.*from\s+['"]flexsearch['"]/i,
+    /import.*from\s+['"]lunr['"]/i,
+    /import.*from\s+['"]minisearch['"]/i,
+    /import.*from\s+['"]fuzzysort['"]/i,
+    /import.*from\s+['"]match-sorter['"]/i,
+  ]
+  return fuzzySearchPatterns.some(p => p.test(content))
+}
+/**
+ * Check if a line contains a generic query pattern that is NOT a vector store query
+ * These are common web framework patterns that should not be flagged as RAG issues
+ */
+function isGenericQueryPattern(lineContent: string): boolean {
+  const genericQueryPatterns = [
+    // Express/Hono/Koa query params
+    /req\.query\s*\(/i,
+    /c\.req\.query\s*\(/i,
+    /ctx\.query\s*\(/i,
+    /request\.query\s*\(/i,
+    // URL search params
+    /searchParams\.get\s*\(/i,
+    /url\.searchParams/i,
+    /URLSearchParams/i,
+    // Query string parsing
+    /querystring\.parse/i,
+    /qs\.parse/i,
+    // Database query builders (not vector stores)
+    /\.query\s*\(\s*['"`]SELECT/i,
+    /\.query\s*\(\s*['"`]INSERT/i,
+    /\.query\s*\(\s*['"`]UPDATE/i,
+    /\.query\s*\(\s*['"`]DELETE/i,
+    // GraphQL queries
+    /graphql.*query/i,
+    /useQuery\s*\(/i,
+    /useLazyQuery\s*\(/i,
+    // tRPC/React Query
+    /trpc\.\w+\.\w+\.query/i,
+    /\.useQuery\s*\(/i,
+    // Prisma/Drizzle queries
+    /prisma\.\w+\.findMany/i,
+    /db\.query\./i,
+    // Generic method chaining that isn't vector search
+    /\.query\s*\(\s*\)/i,  // Empty query call
+  ]
+  return genericQueryPatterns.some(p => p.test(lineContent))
+}
+/**
+ * Check if file has vector store imports (required for RAG detection)
+ */
+function hasVectorStoreImport(content: string): boolean {
+  const vectorStoreImports = [
+    /from\s+['"]pinecone/i,
+    /from\s+['"]@pinecone-database/i,
+    /from\s+['"]weaviate/i,
+    /from\s+['"]chromadb/i,
+    /from\s+['"]@qdrant/i,
+    /from\s+['"]qdrant/i,
+    /from\s+['"]@langchain\/vectorstores/i,
+    /from\s+['"]langchain\/vectorstores/i,
+    /from\s+['"]faiss/i,
+    /from\s+['"]milvus/i,
+    /from\s+['"]@supabase.*vector/i,
+    /pgvector/i,
+    /VectorStore/i,
+    /Embeddings/i,
+  ]
+  return vectorStoreImports.some(p => p.test(content))
+}
+/**
+ * Check if a file is in a RAG/retrieval context based on path and content
+ */
+function isRAGContextFile(filePath: string, content: string): boolean {
+  // Skip client-side fuzzy search libraries - these are NOT vector stores
+  if (isClientSideFuzzySearch(content)) {
+    return false
+  }
+  // Must have vector store imports to be considered RAG context
+  if (!hasVectorStoreImport(content)) {
+    return false
+  }
+  // File path indicators of RAG code
+  const ragPathPatterns = [
+    /\/(rag|retrieval|retriever|embedding|vector|knowledge)\//i,
+    /\/(search|index|indexer|embeddings?)\//i,
+    /(rag|retriever|embedding|vector|knowledge).*\.(ts|js|tsx|jsx|py)$/i,
+    /(search|retrieval|indexer).*\.(ts|js|tsx|jsx|py)$/i,
+  ]
+  if (ragPathPatterns.some(p => p.test(filePath))) {
+    return true
+  }
+  // Content patterns suggesting RAG usage - must be actual vector store clients
+  const ragContentPatterns = [
+    // Vector store patterns - specific to actual vector DBs
+    /VectorStore|Embeddings?|Retriever/i,
+    /similaritySearch|query_engine|retriever/i,
+    /vectorStore|embeddingModel|documentLoader/i,
+    // Framework imports - actual vector store SDKs
+    /from\s+['"](?:langchain|llama[-_]?index|@pinecone|@qdrant|chromadb|weaviate)/i,
+    /import.*(?:Pinecone|Chroma|Weaviate|Qdrant|Milvus|PGVector)/i,
+    // Vercel AI SDK RAG
+    /VercelKVVectorStore|SupabaseVectorStore|createEmbedding/i,
+    // Query patterns - but NOT generic .search() which could be Fuse.js
+    /\.retrieve\(|\.query\(/i,
+    /sourceDocuments|retrievedDocs|retrievedChunks/i,
+    // Supabase vector search
+    /\.rpc\s*\(\s*['"`]match_documents/i,
+    /pgvector|embedding.*vector/i,
+  ]
+  return ragContentPatterns.some(p => p.test(content))
+}
+/**
+ * Check if line/context has access control scoping
+ */
+function hasAccessControlScoping(context: string): boolean {
+  const accessPatterns = [
+    // User/tenant scoping
+    /userId|user_id|user\.id|currentUser/i,
+    /tenantId|tenant_id|tenant\.id|orgId|org_id|workspaceId/i,
+    // Filter parameters
+    /filter\s*[:=]\s*\{[^}]*(?:user|tenant|org)/i,
+    /where\s*[:=].*(?:user|tenant|org)/i,
+    /metadata\s*[:=].*(?:user|tenant|org)/i,
+    /namespace\s*[:=]/i,
+    // Access check functions
+    /checkAccess|verifyPermission|canRead|canAccess|hasAccess/i,
+    /getAuthorized|filterByUser|filterByTenant/i,
+  ]
+  return accessPatterns.some(p => p.test(context))
+}
+/**
+ * Check if response is filtered/processed before return
+ */
+function hasResponseFiltering(context: string): boolean {
+  const filterPatterns = [
+    // Content filtering
+    /\.map\s*\([^)]*\.(title|name|id|metadata)\)/i,
+    /\.filter\s*\(/i,
+    /sanitize|redact|mask|strip/i,
+    // Only returning specific fields
+    /return\s*\{[^}]*(?:id|title|summary)[^}]*\}(?![^}]*content)/i,
+  ]
+  return filterPatterns.some(p => p.test(context))
+}
+/**
+ * Check if there's authentication in the route/function
+ */
+function hasAuthenticationInContext(content: string): boolean {
+  const authPatterns = [
+    /getSession|getCurrentUser|getServerSession/i,
+    /auth\(\)|requireAuth|verifyToken/i,
+    /req\.user|request\.user|context\.user/i,
+    /isAuthenticated|checkAuth|withAuth/i,
+    /Authorization.*Bearer/i,
+    /userId|user\.id|currentUserId/i,
+  ]
+  return authPatterns.some(p => p.test(content))
+}
+/**
+ * Get surrounding context lines
+ */
+function getSurroundingContext(content: string, lineIndex: number, windowSize: number = 25): string {
+  const lines = content.split('\n')
+  const start = Math.max(0, lineIndex - windowSize)
+  const end = Math.min(lines.length, lineIndex + windowSize)
+  return lines.slice(start, end).join('\n')
+}
+// ============================================================================
+// Pattern Definitions
+// ============================================================================
+interface RAGSafetyPattern {
+  name: string
+  pattern: RegExp
+  riskType: 'unscoped_retrieval' | 'context_exposure' | 'context_logging'
+  baseSeverity: VulnerabilitySeverity
+  description: string
+  suggestedFix: string
+}
+/**
+ * Unscoped retrieval query patterns
+ * Detects vector store queries without user/tenant filtering
+ */
+const UNSCOPED_RETRIEVAL_PATTERNS: RAGSafetyPattern[] = [
+  // Generic vector store queries
+  {
+    name: 'Unscoped vector store query',
+    pattern: /\.(?:query|search|similaritySearch|retrieve)\s*\(\s*(?:["'`][^"'`]+["'`]|[a-zA-Z_]\w*)\s*\)/gi,
+    riskType: 'unscoped_retrieval',
+    baseSeverity: 'high',
+    description: 'Vector store query without user/tenant scoping. Retrieved documents may belong to other users, enabling cross-tenant data access.',
+    suggestedFix: 'Add filter/metadata parameter to scope queries: .query(query, { filter: { userId: currentUser.id } })',
+  },
+  // LangChain retriever invoke
+  {
+    name: 'LangChain retriever without filter',
+    pattern: /retriever\.(?:invoke|getRelevantDocuments)\s*\(\s*(?:["'`][^"'`]+["'`]|[a-zA-Z_]\w*)\s*\)/gi,
+    riskType: 'unscoped_retrieval',
+    baseSeverity: 'high',
+    description: 'LangChain retriever invocation without metadata filter. Documents from all users may be retrieved.',
+    suggestedFix: 'Use a filtered retriever or add metadata filter: retriever.invoke(query, { filter: { userId } })',
+  },
+  // LlamaIndex query engine
+  {
+    name: 'LlamaIndex query engine without filter',
+    pattern: /query_engine\.query\s*\(\s*["'`][^"'`]+["'`]\s*\)/gi,
+    riskType: 'unscoped_retrieval',
+    baseSeverity: 'high',
+    description: 'LlamaIndex query without node postprocessors or filters. All indexed documents are searchable.',
+    suggestedFix: 'Add node_postprocessors to filter by user/tenant metadata before retrieval.',
+  },
+  // Pinecone query
+  {
+    name: 'Pinecone query without metadata filter',
+    pattern: /\.query\s*\(\s*\{[^}]*(?:vector|topK)[^}]*\}\s*\)/gi,
+    riskType: 'unscoped_retrieval',
+    baseSeverity: 'medium',
+    description: 'Pinecone query may lack metadata filtering. Verify namespace or filter is set.',
+    suggestedFix: 'Add filter parameter: .query({ vector, topK, filter: { userId: { $eq: currentUserId } } })',
+  },
+  // Chroma query
+  {
+    name: 'Chroma collection query',
+    pattern: /collection\.query\s*\(\s*\{[^}]*query_texts[^}]*\}\s*\)/gi,
+    riskType: 'unscoped_retrieval',
+    baseSeverity: 'medium',
+    description: 'ChromaDB query without where filter. All documents in collection are searchable.',
+    suggestedFix: 'Add where parameter: collection.query({ query_texts, where: { userId: currentUserId } })',
+  },
+  // Weaviate search
+  {
+    name: 'Weaviate search without filter',
+    pattern: /\.nearText\s*\([^)]+\)\.(?:do|withLimit)/gi,
+    riskType: 'unscoped_retrieval',
+    baseSeverity: 'medium',
+    description: 'Weaviate nearText search without where filter. Results may include other users\' data.',
+    suggestedFix: 'Add .withWhere() to filter by user: .nearText({...}).withWhere({ path: ["userId"], operator: "Equal", valueString: userId })',
+  },
+  // Supabase vector search
+  {
+    name: 'Supabase vector search without RLS',
+    pattern: /\.rpc\s*\(\s*['"`]match_documents['"`]/gi,
+    riskType: 'unscoped_retrieval',
+    baseSeverity: 'medium',
+    description: 'Supabase vector search function called. Ensure RLS policies filter by user.',
+    suggestedFix: 'Verify Row Level Security (RLS) is enabled and filters documents by authenticated user.',
+  },
+]
+/**
+ * Raw context exposure patterns
+ * Detects retrieved documents being returned directly to clients
+ */
+const CONTEXT_EXPOSURE_PATTERNS: RAGSafetyPattern[] = [
+  // Returning sourceDocuments in response
+  {
+    name: 'Source documents in API response',
+    pattern: /(?:res\.json|NextResponse\.json|return)\s*\([^)]*(?:sourceDocuments|retrievedDocs|documents|chunks)/gi,
+    riskType: 'context_exposure',
+    baseSeverity: 'medium',
+    description: 'Raw retrieved documents returned in API response. Source content may leak sensitive information from the knowledge base.',
+    suggestedFix: 'Return only synthesized response or document IDs/titles. If source attribution needed, filter to metadata only.',
+  },
+  // Spreading documents into response
+  {
+    name: 'Retrieved context spread in response',
+    pattern: /(?:res\.json|return)\s*\(\s*\{[^}]*\.\.\.(?:docs|documents|chunks|sourceDocuments|context)/gi,
+    riskType: 'context_exposure',
+    baseSeverity: 'medium',
+    description: 'Retrieved document objects spread into response. Full document content may be exposed.',
+    suggestedFix: 'Extract and return only safe fields: { sources: docs.map(d => ({ id: d.id, title: d.title })) }',
+  },
+  // Returning raw context in response object
+  {
+    name: 'Raw retrieval context in response',
+    pattern: /return\s*\{[^}]*(?:context|retrievedContext|ragContext)\s*:/gi,
+    riskType: 'context_exposure',
+    baseSeverity: 'low',
+    description: 'Retrieved context included in response object. Review what data is actually exposed.',
+    suggestedFix: 'Ensure context field contains only safe, summarized content - not raw document text.',
+  },
+  // WebSocket/stream context exposure
+  {
+    name: 'Context in streaming response',
+    pattern: /(?:socket|ws|stream)\.(?:send|emit|write)\s*\([^)]*(?:sourceDocuments|context|chunks)/gi,
+    riskType: 'context_exposure',
+    baseSeverity: 'medium',
+    description: 'Retrieved context sent via streaming/WebSocket. Clients receive raw source data.',
+    suggestedFix: 'Stream only AI-generated text. Send source attribution separately with filtered metadata.',
+  },
+]
+/**
+ * Context logging patterns
+ * Detects logging of retrieved documents or prompts with context
+ */
+const CONTEXT_LOGGING_PATTERNS: RAGSafetyPattern[] = [
+  // Logging retrieved documents
+  {
+    name: 'Retrieved documents logged',
+    pattern: /(?:console|logger)\.\w+\s*\([^)]*(?:retrievedDocs|sourceDocuments|documents|chunks)/gi,
+    riskType: 'context_logging',
+    baseSeverity: 'info',
+    description: 'Retrieved documents logged. If logs are accessible, sensitive document content may be exposed.',
+    suggestedFix: 'Log document IDs/titles only: console.log("Retrieved:", docs.map(d => d.id))',
+  },
+  // Logging full prompt with context
+  {
+    name: 'Full prompt with context logged',
+    pattern: /(?:console|logger)\.\w+\s*\([^)]*(?:fullPrompt|promptWithContext|augmentedPrompt)/gi,
+    riskType: 'context_logging',
+    baseSeverity: 'low',
+    description: 'Full prompt (including retrieved context) logged. May expose sensitive document content in logs.',
+    suggestedFix: 'Log prompt length/metadata only. Avoid logging full prompt content in production.',
+  },
+  // Debug logging of RAG context
+  {
+    name: 'RAG context debug logging',
+    pattern: /(?:console\.(?:debug|log)|logger\.debug)\s*\([^)]*(?:context|ragContext|retrievalContext)/gi,
+    riskType: 'context_logging',
+    baseSeverity: 'info',
+    description: 'RAG context logged for debugging. Ensure debug logging is disabled in production.',
+    suggestedFix: 'Use conditional logging: if (process.env.NODE_ENV !== "production") console.debug(...)',
+  },
+  // Storing prompts with context
+  {
+    name: 'Prompt with context persisted',
+    pattern: /(?:\.create|\.insert|\.save)\s*\([^)]*(?:fullPrompt|promptWithContext|augmentedPrompt)/gi,
+    riskType: 'context_logging',
+    baseSeverity: 'medium',
+    description: 'Full prompt with retrieved context being persisted. May store sensitive document content.',
+    suggestedFix: 'Store user query and response separately. Do not persist raw retrieved context.',
+  },
+]
+// ============================================================================
+// Main Detection Function
+// ============================================================================
+/**
+ * Main detection function for RAG data safety issues
+ */
+export function detectRAGSafetyIssues(
+  content: string,
+  filePath: string
+): Vulnerability[] {
+  const vulnerabilities: Vulnerability[] = []
+  // Skip non-applicable files
+  if (isScannerOrFixtureFile(filePath)) return vulnerabilities
+  if (isDocumentationFile(filePath)) return vulnerabilities
+  // Only scan files in RAG context
+  if (!isRAGContextFile(filePath, content)) {
+    return vulnerabilities
+  }
+  const lines = content.split('\n')
+  const isTestFile = isTestOrMockFile(filePath)
+  const isExample = isExampleDirectory(filePath)
+  const isLibrary = isLibraryCode(filePath)
+  const hasAuth = hasAuthenticationInContext(content)
+  // Process all pattern categories
+  const allPatterns: RAGSafetyPattern[] = [
+    ...UNSCOPED_RETRIEVAL_PATTERNS,
+    ...CONTEXT_EXPOSURE_PATTERNS,
+    ...CONTEXT_LOGGING_PATTERNS,
+  ]
+  for (const pattern of allPatterns) {
+    const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags)
+    let match
+    while ((match = regex.exec(content)) !== null) {
+      const lineNumber = content.substring(0, match.index).split('\n').length
+      const lineContent = lines[lineNumber - 1]?.trim() || ''
+      // Skip comments
+      if (isComment(lineContent)) continue
+      // Skip generic query patterns (req.query, searchParams, etc.)
+      if (isGenericQueryPattern(lineContent)) continue
+      // Get surrounding context for analysis
+      const context = getSurroundingContext(content, lineNumber - 1, 25)
+      // Calculate severity based on context
+      let severity = pattern.baseSeverity
+      let description = pattern.description
+      const notes: string[] = []
+      // Apply context-aware severity adjustments
+      if (pattern.riskType === 'unscoped_retrieval') {
+        // Check for access control in surrounding context
+        if (hasAccessControlScoping(context)) {
+          severity = 'info'
+          notes.push('Access control scoping detected nearby')
+        } else if (!hasAuth) {
+          // No auth at all - higher risk
+          if (severity === 'medium') severity = 'high'
+          notes.push('No authentication detected in this file')
+        }
+      }
+      if (pattern.riskType === 'context_exposure') {
+        // Check if response is filtered
+        if (hasResponseFiltering(context)) {
+          severity = 'info'
+          notes.push('Response filtering detected')
+        } else if (!hasAuth) {
+          // Unauthenticated endpoint exposing context - higher risk
+          if (severity === 'medium') severity = 'high'
+          notes.push('Endpoint may be unauthenticated')
+        }
+      }
+      // Downgrade test files
+      if (isTestFile) {
+        severity = 'info'
+        notes.push('in test file')
+      }
+      // Downgrade example/demo directories
+      if (isExample && severity !== 'info') {
+        severity = 'info'
+        notes.push('in example/demo directory')
+      }
+      // Downgrade library code - base classes are intentionally generic
+      if (isLibrary && severity !== 'info') {
+        severity = 'info'
+        notes.push('library code - consumers add access controls')
+      }
+      // Build final description
+      if (notes.length > 0) {
+        description += ` (${notes.join('; ')})`
+      }
+      vulnerabilities.push({
+        id: `ai-rag-${filePath}-${lineNumber}-${pattern.name.replace(/\s+/g, '-')}`,
+        filePath,
+        lineNumber,
+        lineContent,
+        severity,
+        category: 'ai_rag_exfiltration',
+        title: pattern.name,
+        description,
+        suggestedFix: pattern.suggestedFix,
+        confidence: severity === 'info' ? 'low' : 'medium',
+        layer: 2,
+        requiresAIValidation: severity !== 'info' && pattern.riskType !== 'context_logging',
+      })
+    }
+  }
+  return vulnerabilities
+}
+// Export helper for use in other modules
+export { isRAGContextFile }