@oculum/scanner 1.0.11 → 1.0.13

package/dist/validate/prompts/modules/index.js

@@ -0,0 +1,186 @@
+"use strict";
+/**
+ * Prompt Module System
+ *
+ * Provides category-aware prompt assembly for AI validation.
+ * Only includes relevant prompt sections based on the categories in each batch,
+ * reducing token usage by ~40-60% while maintaining identical behavior.
+ *
+ * Modules are assembled in fixed order to maximize Anthropic prefix cache hits.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OWASP_CLASSIC_MODULE = exports.AI_PATTERNS_MODULE = exports.SECRETS_CRYPTO_MODULE = exports.XSS_PROMPT_MODULE = exports.AUTH_ACCESS_MODULE = exports.COMMON_PROMPT = exports.INTENTIONALLY_UNMAPPED = exports.CATEGORY_TO_MODULE = void 0;
+exports.assembleValidationPrompt = assembleValidationPrompt;
+exports.getFullValidationPrompt = getFullValidationPrompt;
+const common_1 = require("./common");
+const auth_access_1 = require("./auth-access");
+const xss_prompt_1 = require("./xss-prompt");
+const secrets_crypto_1 = require("./secrets-crypto");
+const ai_patterns_1 = require("./ai-patterns");
+const owasp_classic_1 = require("./owasp-classic");
+// ============================================================================
+// Module Definitions (fixed order for prefix cache hits)
+// ============================================================================
+const MODULES = [
+    {
+        name: 'auth_access',
+        content: auth_access_1.AUTH_ACCESS_MODULE,
+        categories: new Set(['missing_auth', 'security_bypass']),
+    },
+    {
+        name: 'xss_prompt',
+        content: xss_prompt_1.XSS_PROMPT_MODULE,
+        categories: new Set(['xss', 'ai_prompt_injection']),
+    },
+    {
+        name: 'secrets_crypto',
+        content: secrets_crypto_1.SECRETS_CRYPTO_MODULE,
+        categories: new Set([
+            'hardcoded_secret',
+            'high_entropy_string',
+            'sensitive_variable',
+            'weak_crypto',
+        ]),
+    },
+    {
+        name: 'ai_patterns',
+        content: ai_patterns_1.AI_PATTERNS_MODULE,
+        categories: new Set([
+            'ai_pattern',
+            'ai_prompt_injection',
+            'ai_unsafe_execution',
+            'ai_overpermissive_tool',
+            'suspicious_package',
+            'ai_rag_exfiltration',
+            'ai_endpoint_unprotected',
+            'ai_schema_mismatch',
+            'ai_package_hallucination',
+            'ai_rag_corpus_poisoning',
+            'ai_rag_pii_leakage',
+            'ai_mcp_tool_poisoning',
+            'ai_mcp_credential_issue',
+            'ai_mcp_confused_deputy',
+            'ai_mcp_description_injection',
+            'ai_mcp_server_shadowing',
+            'ai_mcp_config_secrets',
+            'ai_mcp_config_permissions',
+            'ai_rag_query_injection',
+            'ai_rag_embedding_poisoning',
+            'ai_rag_chunk_injection',
+            'ai_package_typosquat',
+            'ai_package_malicious',
+            'ai_unsafe_model_load',
+            'ai_unverified_model',
+            'ai_unsafe_finetuning',
+            'ai_excessive_agency',
+            'ai_skill_injection',
+        ]),
+    },
+    {
+        name: 'owasp_classic',
+        content: owasp_classic_1.OWASP_CLASSIC_MODULE,
+        categories: new Set([
+            'missing_security_headers',
+            'ssrf',
+            'log_injection',
+            'xxe',
+        ]),
+    },
+];
+// ============================================================================
+// Category-to-Module Mapping
+// ============================================================================
+/**
+ * Maps each VulnerabilityCategory to the module(s) it requires.
+ * Categories not in this map get COMMON only (intentionally unmapped).
+ */
+exports.CATEGORY_TO_MODULE = (() => {
+    const map = new Map();
+    for (const mod of MODULES) {
+        for (const cat of mod.categories) {
+            const existing = map.get(cat) || [];
+            existing.push(mod.name);
+            map.set(cat, existing);
+        }
+    }
+    return map;
+})();
+/**
+ * Categories that are intentionally unmapped to any specific module.
+ * They get the COMMON prompt only (which includes condensed heuristic reminders).
+ * If a new category is added to VulnerabilityCategory but not here or in CATEGORY_TO_MODULE,
+ * the category completeness test will fail.
+ */
+exports.INTENTIONALLY_UNMAPPED = new Set([
+    'dangerous_function',
+    'sql_injection',
+    'command_injection',
+    'insecure_config',
+    'cors_misconfiguration',
+    'root_container',
+    'dangerous_file',
+    'sensitive_url',
+    'data_exposure',
+]);
+// ============================================================================
+// Assembler Functions
+// ============================================================================
+/**
+ * Assemble a validation prompt containing only the modules relevant to
+ * the given set of vulnerability categories.
+ *
+ * Always starts with COMMON, then adds modules in fixed order:
+ * auth_access -> xss_prompt -> secrets_crypto -> ai_patterns -> owasp_classic
+ *
+ * Deterministic ordering ensures Anthropic prefix cache hits across batches.
+ *
+ * @param categories - The vulnerability categories present in the current batch
+ * @returns The assembled prompt string
+ */
+function assembleValidationPrompt(categories) {
+    // Determine which modules are needed
+    const neededModules = new Set();
+    for (const cat of categories) {
+        const modules = exports.CATEGORY_TO_MODULE.get(cat);
+        if (modules) {
+            for (const mod of modules) {
+                neededModules.add(mod);
+            }
+        }
+        // Unmapped categories just get COMMON (no additional module)
+    }
+    // Build prompt: COMMON first, then modules in fixed order
+    const parts = [common_1.COMMON_PROMPT];
+    for (const mod of MODULES) {
+        if (neededModules.has(mod.name)) {
+            parts.push(mod.content);
+        }
+    }
+    return parts.join('\n');
+}
+/**
+ * Get the full validation prompt with all modules included.
+ * Equivalent to the old monolithic HIGH_CONTEXT_VALIDATION_PROMPT.
+ * Used for legacy compatibility and the completeness test.
+ */
+function getFullValidationPrompt() {
+    const parts = [common_1.COMMON_PROMPT];
+    for (const mod of MODULES) {
+        parts.push(mod.content);
+    }
+    return parts.join('\n');
+}
+// Re-export module constants for direct access in tests
+var common_2 = require("./common");
+Object.defineProperty(exports, "COMMON_PROMPT", { enumerable: true, get: function () { return common_2.COMMON_PROMPT; } });
+var auth_access_2 = require("./auth-access");
+Object.defineProperty(exports, "AUTH_ACCESS_MODULE", { enumerable: true, get: function () { return auth_access_2.AUTH_ACCESS_MODULE; } });
+var xss_prompt_2 = require("./xss-prompt");
+Object.defineProperty(exports, "XSS_PROMPT_MODULE", { enumerable: true, get: function () { return xss_prompt_2.XSS_PROMPT_MODULE; } });
+var secrets_crypto_2 = require("./secrets-crypto");
+Object.defineProperty(exports, "SECRETS_CRYPTO_MODULE", { enumerable: true, get: function () { return secrets_crypto_2.SECRETS_CRYPTO_MODULE; } });
+var ai_patterns_2 = require("./ai-patterns");
+Object.defineProperty(exports, "AI_PATTERNS_MODULE", { enumerable: true, get: function () { return ai_patterns_2.AI_PATTERNS_MODULE; } });
+var owasp_classic_2 = require("./owasp-classic");
+Object.defineProperty(exports, "OWASP_CLASSIC_MODULE", { enumerable: true, get: function () { return owasp_classic_2.OWASP_CLASSIC_MODULE; } });
+//# sourceMappingURL=index.js.map

package/dist/validate/prompts/modules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAwJH,4DAsBC;AAOD,0DAMC;AAxLD,qCAAwC;AACxC,+CAAkD;AAClD,6CAAgD;AAChD,qDAAwD;AACxD,+CAAkD;AAClD,mDAAsD;AAmBtD,+EAA+E;AAC/E,yDAAyD;AACzD,+EAA+E;AAE/E,MAAM,OAAO,GAA4B;IACvC;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,gCAAkB;QAC3B,UAAU,EAAE,IAAI,GAAG,CAAwB,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;KAChF;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,8BAAiB;QAC1B,UAAU,EAAE,IAAI,GAAG,CAAwB,CAAC,KAAK,EAAE,qBAAqB,CAAC,CAAC;KAC3E;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,sCAAqB;QAC9B,UAAU,EAAE,IAAI,GAAG,CAAwB;YACzC,kBAAkB;YAClB,qBAAqB;YACrB,oBAAoB;YACpB,aAAa;SACd,CAAC;KACH;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,gCAAkB;QAC3B,UAAU,EAAE,IAAI,GAAG,CAAwB;YACzC,YAAY;YACZ,qBAAqB;YACrB,qBAAqB;YACrB,wBAAwB;YACxB,oBAAoB;YACpB,qBAAqB;YACrB,yBAAyB;YACzB,oBAAoB;YACpB,0BAA0B;YAC1B,yBAAyB;YACzB,oBAAoB;YACpB,uBAAuB;YACvB,yBAAyB;YACzB,wBAAwB;YACxB,8BAA8B;YAC9B,yBAAyB;YACzB,uBAAuB;YACvB,2BAA2B;YAC3B,wBAAwB;YACxB,4BAA4B;YAC5B,wBAAwB;YACxB,sBAAsB;YACtB,sBAAsB;YACtB,sBAAsB;YACtB,qBAAqB;YACrB,sBAAsB;YACtB,qBAAqB;YACrB,oBAAoB;SACrB,CAAC;KACH;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,oCAAoB;QAC7B,UAAU,EAAE,IAAI,GAAG,CAAwB;YACzC,0BAA0B;YAC1B,MAAM;YACN,eAAe;YACf,KAAK;SACN,CAAC;KACH;CACO,CAAA;AAEV,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,kBAAkB,GAA2D,CAAC,GAAG,EAAE;IAC9F,MAAM,GAAG,GAAG,IAAI,GAAG,EAA6C,CAAA;IAChE,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;YACnC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACvB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAC,EAAE,CAAA;AAEJ;;;;;GAKG;AACU,QAAA,sBAAsB,GAAuC,IAAI,GAAG,CAAC;IAChF,oBAAoB;IACpB,eAAe;IACf,mBAAmB;IACnB,iBAAiB;IACjB,uBAAuB;IACvB,gBAAgB;IAChB,gBAAgB;IAChB,eAAe;IACf,eAAe;CAChB,CAAC,CAAA;AAEF,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACH,SAAgB,wBAAwB,CAAC,UAAmC;IAC1E,qCAAqC;IACrC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAoB,CAAA;IACjD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,0BAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC3C,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACxB,CAAC;QACH,CAAC;QACD,6DAA6D;IAC/D,CAAC;IAED,0DAA0D;IAC1D,MAAM,KAAK,GAAa,CAAC,sBAAa,CAAC,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB;IACrC,MAAM,KAAK,GAAa,CAAC,sBAAa,CAAC,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACzB,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED,wDAAwD;AACxD,mCAAwC;AAA/B,uGAAA,aAAa,OAAA;AACtB,6CAAkD;AAAzC,iHAAA,kBAAkB,OAAA;AAC3B,2CAAgD;AAAvC,+GAAA,iBAAiB,OAAA;AAC1B,mDAAwD;AAA/C,uHAAA,qBAAqB,OAAA;AAC9B,6CAAkD;AAAzC,iHAAA,kBAAkB,OAAA;AAC3B,iDAAsD;AAA7C,qHAAA,oBAAoB,OAAA"}

package/dist/validate/prompts/modules/owasp-classic.d.ts

@@ -0,0 +1,8 @@
+/**
+ * OWASP Classic Module
+ *
+ * Categories: missing_security_headers, ssrf, log_injection, xxe
+ * Contains rules for classic OWASP vulnerabilities added in Workstream 1.
+ */
+export declare const OWASP_CLASSIC_MODULE = "\n### Missing Security Headers (missing_security_headers)\nHTTP security headers protect against common web attacks.\n\n**CDN/Reverse Proxy Headers:**\n- If project deploys behind Cloudflare, Vercel, AWS CloudFront -> **REJECT** (CDN adds headers)\n- If Vercel deployment (Next.js) and using middleware for headers -> **REJECT**\n- Dev-only server config -> **INFO** (not production-facing)\n\n**Express without Helmet:**\n- No helmet AND no manual header setting -> **MEDIUM** (real gap)\n- Has helmet but CSP disabled -> **LOW** (partial protection)\n- Framework adds headers automatically (e.g., Fastify with @fastify/helmet) -> **REJECT**\n\n**Next.js Config:**\n- No headers() but uses middleware.ts for headers -> **REJECT** (headers set in middleware)\n- No headers() and no middleware -> **MEDIUM** (suggest adding)\n\n### Server-Side Request Forgery (ssrf)\nSSRF allows servers to make requests to unintended destinations.\n\n**Direct Taint (req.body/query -> fetch/axios):**\n- User input directly in HTTP request -> **HIGH** (clear SSRF)\n- URL from environment variable (process.env) -> **REJECT** (not user-controlled)\n- URL from config object/constant -> **REJECT** (not user-controlled)\n- URL from database with auth-scoped query -> **LOW** (indirect, needs review)\n\n**Mitigations:**\n- Allowlist/whitelist validation nearby -> **REJECT** or **INFO**\n- URL validation with hostname/origin check -> **LOW** (partial mitigation)\n- IP range checking (isPrivateIP, block 10.x/192.168.x) -> **REJECT** (properly mitigated)\n\n**SSRF is Server-Only:**\n- Client-side fetch() in browser -> **REJECT** (not SSRF, browser makes the request)\n- 'use client' files -> **REJECT**\n\n### Log Injection (log_injection)\nUnsanitized user input in logs can forge entries.\n\n**Structured Logging:**\n- JSON-formatted structured logging (pino, winston JSON) with redaction -> **REJECT**\n- Structured logging without redaction -> **INFO** (good pattern, suggest redaction)\n\n**Request Data in Logs:**\n- req.headers in console.log -> **MEDIUM** (CRLF injection risk)\n- req.body field in console.log -> **LOW** (log forging)\n- req.ip, req.method, req.url -> **REJECT** (server-controlled, standard logging)\n\n**Not Log Injection:**\n- Error objects in catch blocks (console.error(err)) -> **REJECT**\n- Internal IDs (userId, sessionId) -> **REJECT** (not from request)\n- Static strings -> **REJECT**\n- Morgan/express-winston middleware -> **REJECT** (intentional access logging)\n\n### XML External Entity (xxe)\nXXE allows attackers to read server files via XML parsing.\n\n**Python:**\n- defusedxml imported anywhere in file -> **REJECT** (safe library)\n- Standard xml.etree/lxml without defusedxml -> **HIGH** (Python XML is vulnerable by default)\n\n**Java:**\n- DocumentBuilderFactory with disallow-doctype-decl feature -> **REJECT** (safe)\n- Without feature -> **HIGH** (Java defaults are unsafe)\n\n**Node.js:**\n- xml2js v0.5+: safer defaults -> **MEDIUM** (may still be vulnerable on older versions)\n- fast-xml-parser with processEntities: false -> **REJECT** (safe)\n- DOMParser in browser/client -> **REJECT** (browsers block XXE)\n\n**PHP:**\n- libxml_disable_entity_loader(true) before parsing -> **REJECT** (safe)\n- Without disable -> **HIGH**\n";
+//# sourceMappingURL=owasp-classic.d.ts.map

package/dist/validate/prompts/modules/owasp-classic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"owasp-classic.d.ts","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/owasp-classic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,oBAAoB,6sGAyEhC,CAAA"}

package/dist/validate/prompts/modules/owasp-classic.js

@@ -0,0 +1,84 @@
+"use strict";
+/**
+ * OWASP Classic Module
+ *
+ * Categories: missing_security_headers, ssrf, log_injection, xxe
+ * Contains rules for classic OWASP vulnerabilities added in Workstream 1.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OWASP_CLASSIC_MODULE = void 0;
+exports.OWASP_CLASSIC_MODULE = `
+### Missing Security Headers (missing_security_headers)
+HTTP security headers protect against common web attacks.
+
+**CDN/Reverse Proxy Headers:**
+- If project deploys behind Cloudflare, Vercel, AWS CloudFront -> **REJECT** (CDN adds headers)
+- If Vercel deployment (Next.js) and using middleware for headers -> **REJECT**
+- Dev-only server config -> **INFO** (not production-facing)
+
+**Express without Helmet:**
+- No helmet AND no manual header setting -> **MEDIUM** (real gap)
+- Has helmet but CSP disabled -> **LOW** (partial protection)
+- Framework adds headers automatically (e.g., Fastify with @fastify/helmet) -> **REJECT**
+
+**Next.js Config:**
+- No headers() but uses middleware.ts for headers -> **REJECT** (headers set in middleware)
+- No headers() and no middleware -> **MEDIUM** (suggest adding)
+
+### Server-Side Request Forgery (ssrf)
+SSRF allows servers to make requests to unintended destinations.
+
+**Direct Taint (req.body/query -> fetch/axios):**
+- User input directly in HTTP request -> **HIGH** (clear SSRF)
+- URL from environment variable (process.env) -> **REJECT** (not user-controlled)
+- URL from config object/constant -> **REJECT** (not user-controlled)
+- URL from database with auth-scoped query -> **LOW** (indirect, needs review)
+
+**Mitigations:**
+- Allowlist/whitelist validation nearby -> **REJECT** or **INFO**
+- URL validation with hostname/origin check -> **LOW** (partial mitigation)
+- IP range checking (isPrivateIP, block 10.x/192.168.x) -> **REJECT** (properly mitigated)
+
+**SSRF is Server-Only:**
+- Client-side fetch() in browser -> **REJECT** (not SSRF, browser makes the request)
+- 'use client' files -> **REJECT**
+
+### Log Injection (log_injection)
+Unsanitized user input in logs can forge entries.
+
+**Structured Logging:**
+- JSON-formatted structured logging (pino, winston JSON) with redaction -> **REJECT**
+- Structured logging without redaction -> **INFO** (good pattern, suggest redaction)
+
+**Request Data in Logs:**
+- req.headers in console.log -> **MEDIUM** (CRLF injection risk)
+- req.body field in console.log -> **LOW** (log forging)
+- req.ip, req.method, req.url -> **REJECT** (server-controlled, standard logging)
+
+**Not Log Injection:**
+- Error objects in catch blocks (console.error(err)) -> **REJECT**
+- Internal IDs (userId, sessionId) -> **REJECT** (not from request)
+- Static strings -> **REJECT**
+- Morgan/express-winston middleware -> **REJECT** (intentional access logging)
+
+### XML External Entity (xxe)
+XXE allows attackers to read server files via XML parsing.
+
+**Python:**
+- defusedxml imported anywhere in file -> **REJECT** (safe library)
+- Standard xml.etree/lxml without defusedxml -> **HIGH** (Python XML is vulnerable by default)
+
+**Java:**
+- DocumentBuilderFactory with disallow-doctype-decl feature -> **REJECT** (safe)
+- Without feature -> **HIGH** (Java defaults are unsafe)
+
+**Node.js:**
+- xml2js v0.5+: safer defaults -> **MEDIUM** (may still be vulnerable on older versions)
+- fast-xml-parser with processEntities: false -> **REJECT** (safe)
+- DOMParser in browser/client -> **REJECT** (browsers block XXE)
+
+**PHP:**
+- libxml_disable_entity_loader(true) before parsing -> **REJECT** (safe)
+- Without disable -> **HIGH**
+`;
+//# sourceMappingURL=owasp-classic.js.map

package/dist/validate/prompts/modules/owasp-classic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"owasp-classic.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/owasp-classic.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyEnC,CAAA"}

package/dist/validate/prompts/modules/secrets-crypto.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Secrets & Cryptography Module
+ *
+ * Categories: hardcoded_secret, high_entropy_string, sensitive_variable, weak_crypto
+ * Contains rules for secrets, BYOK, Math.random(), and weak crypto that need AI reasoning.
+ */
+export declare const SECRETS_CRYPTO_MODULE = "\n### Secrets, BYOK, and External Services\nDistinguish these patterns:\n- **Hardcoded secrets**: Real API keys in code = critical/high\n- **Environment variables**: process.env.SECRET = safe (REJECT finding)\n- **BYOK (Bring Your Own Key)**: This is a FEATURE, not a vulnerability.\n  - Transient use (request -> API call -> discarded) = info. Do NOT describe as \"stored without encryption\".\n  - Key storage without encryption = suggest encryption. Unauthenticated BYOK = medium (cost abuse).\n  - Authenticated + transient use: info (feature). Cross-tenant storage: medium (data isolation).\n\n**Math.random() for Security:**\nDistinguish legitimate uses from security-critical misuse:\n- **Seed/Data Generation Files**: Files in /seed/, /fixtures/, /factories/, datacreator.ts, *.fixture.* are for test data generation\n  - Math.random() in seed files is acceptable - these are never production security code\n  - REJECT findings from seed/data generation files entirely\n- **Vulnerability Training Files**: Files in /intentionally-vulnerable/ paths or named insecurity.ts\n  - Only REJECT if the file path literally contains \"intentionally-vulnerable\" as a directory\n  - Do NOT reject files just because they contain known vulnerability patterns \u2014 that is what the scanner is designed to find\n- **UUID/Identifier Generation**: Functions named generateUUID(), createId(), correlationId(), etc.\n  - Use Math.random() for UI correlation, React keys, element IDs\n  - Short toString(36).substring(2, 9) patterns are for UI correlation, NOT security tokens\n  - REJECT unless function name explicitly indicates security (generateToken, createSessionId, generateSecret)\n- **CAPTCHA/Puzzle Generation**: Math.random() for CAPTCHA questions, puzzle difficulty, game mechanics\n  - These don't need cryptographic randomness - legitimate non-security use\n  - REJECT findings in CAPTCHA/puzzle generation functions\n- **Security-Sensitive Context**: Only keep as HIGH/CRITICAL when:\n  - Variable names indicate security: token, secret, key, auth, session, password\n  - Function names indicate security: generateToken, createSession, makeSecret\n  - Used in security-critical files: auth.ts, crypto.ts, session.ts\n  - Long toString() patterns without truncation (potential token generation)\n\n**Severity Ladder for Math.random():**\n- Seed/fixture files: REJECT (not production code)\n- UUID/CAPTCHA functions: REJECT (legitimate use)\n- Short UI IDs (toString(36).substring(2, 9)): INFO (UI correlation, suggest crypto.randomUUID())\n- Business IDs: LOW (suggest crypto.randomUUID() for collision resistance)\n- Security contexts (tokens/secrets/keys): HIGH (cryptographic weakness)\n- Unknown context: MEDIUM (needs manual review)\n\n**Weak Cryptography (weak_crypto):**\nDistinguish actual USAGE from DOCUMENTATION or REFERENCE:\n- **Actual function calls** (crypto.createCipheriv('des'), MD5.hash()): Keep finding, these are real usage\n- **Documentation strings** describing vulnerabilities: REJECT\n  - \"DES can be brute-forced\" is explaining why DES is bad, NOT using DES\n  - Strings in metadata, comments, or error messages describing weak algorithms are informational\n  - Rule registries, security scanners, and documentation files contain vulnerability descriptions\n- **Configuration/Constants**: Strings like 'DES', 'MD5' in config keys or identifiers\n  - Need context: is this SELECTING an algorithm or just naming something?\n  - \"algorithm: 'des'\" in crypto options = real usage\n  - \"category: 'weak_crypto'\" or \"rule: 'DES_DETECTION'\" = metadata, REJECT\n- **Import statements**: Importing a weak crypto library needs context\n  - Used for hashing passwords = HIGH\n  - Used for checksums or compatibility = LOW/INFO\n  - In test/migration files = INFO\n\n**CRITICAL weak_crypto RULE**:\nFiles in /rules/, /detectors/, /checks/, /metadata/ directories that DESCRIBE security vulnerabilities are NOT themselves vulnerable. A security scanner documenting \"DES is weak\" is providing education, not using weak crypto.\n";
+//# sourceMappingURL=secrets-crypto.d.ts.map

package/dist/validate/prompts/modules/secrets-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-crypto.d.ts","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/secrets-crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,qBAAqB,69HAyDjC,CAAA"}

package/dist/validate/prompts/modules/secrets-crypto.js

@@ -0,0 +1,68 @@
+"use strict";
+/**
+ * Secrets & Cryptography Module
+ *
+ * Categories: hardcoded_secret, high_entropy_string, sensitive_variable, weak_crypto
+ * Contains rules for secrets, BYOK, Math.random(), and weak crypto that need AI reasoning.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECRETS_CRYPTO_MODULE = void 0;
+exports.SECRETS_CRYPTO_MODULE = `
+### Secrets, BYOK, and External Services
+Distinguish these patterns:
+- **Hardcoded secrets**: Real API keys in code = critical/high
+- **Environment variables**: process.env.SECRET = safe (REJECT finding)
+- **BYOK (Bring Your Own Key)**: This is a FEATURE, not a vulnerability.
+  - Transient use (request -> API call -> discarded) = info. Do NOT describe as "stored without encryption".
+  - Key storage without encryption = suggest encryption. Unauthenticated BYOK = medium (cost abuse).
+  - Authenticated + transient use: info (feature). Cross-tenant storage: medium (data isolation).
+
+**Math.random() for Security:**
+Distinguish legitimate uses from security-critical misuse:
+- **Seed/Data Generation Files**: Files in /seed/, /fixtures/, /factories/, datacreator.ts, *.fixture.* are for test data generation
+  - Math.random() in seed files is acceptable - these are never production security code
+  - REJECT findings from seed/data generation files entirely
+- **Vulnerability Training Files**: Files in /intentionally-vulnerable/ paths or named insecurity.ts
+  - Only REJECT if the file path literally contains "intentionally-vulnerable" as a directory
+  - Do NOT reject files just because they contain known vulnerability patterns — that is what the scanner is designed to find
+- **UUID/Identifier Generation**: Functions named generateUUID(), createId(), correlationId(), etc.
+  - Use Math.random() for UI correlation, React keys, element IDs
+  - Short toString(36).substring(2, 9) patterns are for UI correlation, NOT security tokens
+  - REJECT unless function name explicitly indicates security (generateToken, createSessionId, generateSecret)
+- **CAPTCHA/Puzzle Generation**: Math.random() for CAPTCHA questions, puzzle difficulty, game mechanics
+  - These don't need cryptographic randomness - legitimate non-security use
+  - REJECT findings in CAPTCHA/puzzle generation functions
+- **Security-Sensitive Context**: Only keep as HIGH/CRITICAL when:
+  - Variable names indicate security: token, secret, key, auth, session, password
+  - Function names indicate security: generateToken, createSession, makeSecret
+  - Used in security-critical files: auth.ts, crypto.ts, session.ts
+  - Long toString() patterns without truncation (potential token generation)
+
+**Severity Ladder for Math.random():**
+- Seed/fixture files: REJECT (not production code)
+- UUID/CAPTCHA functions: REJECT (legitimate use)
+- Short UI IDs (toString(36).substring(2, 9)): INFO (UI correlation, suggest crypto.randomUUID())
+- Business IDs: LOW (suggest crypto.randomUUID() for collision resistance)
+- Security contexts (tokens/secrets/keys): HIGH (cryptographic weakness)
+- Unknown context: MEDIUM (needs manual review)
+
+**Weak Cryptography (weak_crypto):**
+Distinguish actual USAGE from DOCUMENTATION or REFERENCE:
+- **Actual function calls** (crypto.createCipheriv('des'), MD5.hash()): Keep finding, these are real usage
+- **Documentation strings** describing vulnerabilities: REJECT
+  - "DES can be brute-forced" is explaining why DES is bad, NOT using DES
+  - Strings in metadata, comments, or error messages describing weak algorithms are informational
+  - Rule registries, security scanners, and documentation files contain vulnerability descriptions
+- **Configuration/Constants**: Strings like 'DES', 'MD5' in config keys or identifiers
+  - Need context: is this SELECTING an algorithm or just naming something?
+  - "algorithm: 'des'" in crypto options = real usage
+  - "category: 'weak_crypto'" or "rule: 'DES_DETECTION'" = metadata, REJECT
+- **Import statements**: Importing a weak crypto library needs context
+  - Used for hashing passwords = HIGH
+  - Used for checksums or compatibility = LOW/INFO
+  - In test/migration files = INFO
+
+**CRITICAL weak_crypto RULE**:
+Files in /rules/, /detectors/, /checks/, /metadata/ directories that DESCRIBE security vulnerabilities are NOT themselves vulnerable. A security scanner documenting "DES is weak" is providing education, not using weak crypto.
+`;
+//# sourceMappingURL=secrets-crypto.js.map

package/dist/validate/prompts/modules/secrets-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-crypto.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/secrets-crypto.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyDpC,CAAA"}

package/dist/validate/prompts/modules/xss-prompt.d.ts

@@ -0,0 +1,8 @@
+/**
+ * XSS & Prompt Injection Module
+ *
+ * Categories: xss, ai_prompt_injection
+ * Contains semantic distinction between XSS and prompt injection.
+ */
+export declare const XSS_PROMPT_MODULE = "\n### XSS vs Prompt Injection\nKeep these SEPARATE:\n- **XSS**: Writing untrusted data into DOM/HTML sinks without escaping\n  - innerHTML with dynamic user data: flag as XSS\n  - React JSX {variable}: NOT XSS (auto-escaped)\n  - dangerouslySetInnerHTML with static content: info severity\n- **Prompt Injection**: User content in LLM prompts\n  - NOT XSS - different threat model\n  - Downgrade to low/info unless clear path to high-impact actions\n  - Never label prompt issues as XSS\n";
+//# sourceMappingURL=xss-prompt.d.ts.map

package/dist/validate/prompts/modules/xss-prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss-prompt.d.ts","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/xss-prompt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,iBAAiB,4eAW7B,CAAA"}

package/dist/validate/prompts/modules/xss-prompt.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * XSS & Prompt Injection Module
+ *
+ * Categories: xss, ai_prompt_injection
+ * Contains semantic distinction between XSS and prompt injection.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.XSS_PROMPT_MODULE = void 0;
+exports.XSS_PROMPT_MODULE = `
+### XSS vs Prompt Injection
+Keep these SEPARATE:
+- **XSS**: Writing untrusted data into DOM/HTML sinks without escaping
+  - innerHTML with dynamic user data: flag as XSS
+  - React JSX {variable}: NOT XSS (auto-escaped)
+  - dangerouslySetInnerHTML with static content: info severity
+- **Prompt Injection**: User content in LLM prompts
+  - NOT XSS - different threat model
+  - Downgrade to low/info unless clear path to high-impact actions
+  - Never label prompt issues as XSS
+`;
+//# sourceMappingURL=xss-prompt.js.map

package/dist/validate/prompts/modules/xss-prompt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss-prompt.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/xss-prompt.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,iBAAiB,GAAG;;;;;;;;;;;CAWhC,CAAA"}

package/dist/validate/prompts/semantic-analysis.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Security Analysis Prompt (Layer 3)
+ *
+ * System prompt for deep semantic security analysis using AI.
+ */
+import type { Layer3Context } from '../types';
+/**
+ * System prompt for security analysis
+ */
+export declare const SECURITY_ANALYSIS_PROMPT = "You are an expert security code reviewer. Analyze the provided code for security vulnerabilities.\n\nFocus on these specific vulnerability types:\n\n1. **Taint Analysis (Data Flow)**\n   - Track user input from sources (req.query, req.params, req.body, searchParams, URL parameters)\n   - To dangerous sinks (eval, dangerouslySetInnerHTML, exec, SQL queries, file operations)\n   - Flag any path where untrusted data reaches a dangerous function without sanitization\n\n2. **SQL Injection**\n   - String concatenation in SQL queries\n   - Template literals with user input in queries\n   - Missing parameterized queries\n\n3. **XSS (Cross-Site Scripting)**\n   - User input rendered without escaping\n   - dangerouslySetInnerHTML with user data\n   - innerHTML assignments\n   - NOTE: React/Next.js JSX automatically escapes content, so {variable} in JSX is NOT XSS\n\n4. **Command Injection**\n   - exec, spawn, execSync with user input\n   - Shell command construction with variables\n\n5. **Missing Authorization**\n   - API routes that modify data without auth checks\n   - Database writes in GET handlers\n   - Missing permission checks before sensitive operations\n\n6. **Insecure Deserialization**\n   - JSON.parse on untrusted data without validation\n   - eval of serialized data\n\n7. **Cryptography Validation**\n   - Weak algorithms: MD5 (for security), SHA1 (for security), DES, RC4\n   - Insecure random: Math.random() for tokens/keys/secrets\n   - Hardcoded encryption keys or IVs (not from env vars)\n   - ECB mode usage (patterns indicate cipher mode)\n   - Low iteration counts for PBKDF2 (< 10000)\n   - Short key lengths (< 256 bits for symmetric)\n   - Missing salt for password hashing\n   - createCipher() instead of createCipheriv()\n\n8. **Data Exposure Detection**\n   - Logging sensitive data: console.log with passwords, tokens, secrets, API keys\n   - Stack traces exposed to clients: err.stack in response\n   - Returning entire user objects (may include password hash)\n   - Debug endpoints left in code: /debug, /test, /_internal routes\n   - Verbose error messages exposing internal details\n   - Sensitive data in error responses\n\n9. **Framework-Specific Security**\n\n   **Next.js:**\n   - Server actions ('use server') without authentication\n   - Client components ('use client') accessing non-NEXT_PUBLIC_ env vars\n   - Middleware that returns NextResponse.next() without auth checks\n   - getServerSideProps without session validation\n   - Exposed API routes without rate limiting\n\n   **React:**\n   - Sensitive data stored in useState (visible in devtools)\n   - dangerouslySetInnerHTML with props/state\n   - useEffect making authenticated API calls without token validation\n\n   **Express:**\n   - Missing helmet() middleware for security headers\n   - CORS with origin: \"*\" in production\n   - Missing body-parser limits (DoS risk)\n   - Trust proxy without verification\n   - Error handlers exposing stack traces\n\nIMPORTANT - DO NOT FLAG THESE AS VULNERABILITIES (common false positives):\n\n**Framework Patterns (Safe by Design):**\n- Next.js middleware using request.url for redirects (standard pattern)\n- React/Next.js JSX rendering variables like {user.name} (auto-escaped by React)\n- Supabase/Firebase client creation with NEXT_PUBLIC_ environment variables\n- Using headers().get('host') in Next.js server actions\n\n**Data Handling (Low Risk):**\n- JSON.parse on data from YOUR OWN database (the app wrote it, it's trusted). Do NOT report this as a vulnerability. At most, you may mention an info-level robustness note if there is no error handling, but generally you should omit it.\n- JSON.parse on localStorage data (same-origin, XSS is a separate issue). This is also not a security vulnerability. At most, you may suggest an info-level robustness improvement, and usually it is not worth mentioning.\n- Passing user's own data to external APIs (user embedding their own content).\n- Error messages that use error.message in catch blocks or are returned to the client as a generic error string are standard error handling. Treat them as LOW/INFO hardening at most, and DO NOT mark them as medium/high unless the message clearly includes credentials, secrets, or full stack traces.\n- Generic configuration or feature messages like \"OpenAI API key not configured\" or \"service disabled\" are operational information, not security vulnerabilities. Treat them as info at most, or ignore them.\n\n**Authentication Patterns (Context Matters):**\n- Internal server-side functions only called from trusted code paths (OAuth callbacks, etc.)\n- Functions with userId parameters called with session.user.id from authenticated contexts\n- Service role keys used in server-side code with proper auth checks elsewhere\n- API routes that call getCurrentUserId() and use the result (the auth check IS the userId call)\n\n**BYOK (Bring Your Own Key) Patterns:**\n- User-provided API keys in BYOK mode are INTENTIONAL - the user wants to use their own key\n- This is a feature, not a vulnerability - don't flag it unless there's actual abuse potential\n- When a BYOK key is only used TRANSIENTLY in memory for a single provider call (and is never logged or stored), and the route is authenticated, do NOT report this as a medium/high vulnerability. At most, you may surface a low/info note reminding the developer not to log or persist keys.\n- Frontend components sending a BYOK key to an authenticated backend endpoint for one-shot use are expected behavior, not a vulnerability. Do NOT flag these as data_exposure or dangerous_function unless the key is logged, stored, or echoed back to the client.\n- Only raise medium/high BYOK findings when keys are clearly stored (e.g., written to a database or long-term logs), logged in plaintext, or accepted by unauthenticated endpoints that attackers could abuse at scale.\n\n**What TO Flag (Real Vulnerabilities):**\n- SQL string concatenation with user input\n- eval() or Function() with user-controlled strings\n- Missing auth checks where sensitive data could be accessed by wrong user\n- Actual hardcoded secrets (real API keys, not env var references)\n- Command injection (exec/spawn with user input)\n\nRespond ONLY with a JSON array of findings. Each finding must have:\n{\n  \"lineNumber\": <number>,\n  \"severity\": \"critical\" | \"high\" | \"medium\" | \"low\",\n  \"category\": \"sql_injection\" | \"xss\" | \"command_injection\" | \"missing_auth\" | \"dangerous_function\",\n  \"title\": \"<short title>\",\n  \"description\": \"<detailed explanation of the vulnerability>\",\n  \"suggestedFix\": \"<how to fix it>\"\n}\n\nIf no vulnerabilities are found, return an empty array: []\n\nCRITICAL: Only report REAL vulnerabilities with HIGH confidence. Be conservative - it's better to miss a low-confidence issue than to report false positives. The code is likely using modern frameworks with built-in protections.";
+/**
+ * Build auth context string for AI prompt
+ */
+export declare function buildAuthContextForPrompt(ctx?: Layer3Context): string;
+//# sourceMappingURL=semantic-analysis.d.ts.map

package/dist/validate/prompts/semantic-analysis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semantic-analysis.d.ts","sourceRoot":"","sources":["../../../src/validate/prompts/semantic-analysis.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAM7C;;GAEG;AACH,eAAO,MAAM,wBAAwB,sxNAuH+L,CAAA;AAMpO;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,CAAC,EAAE,aAAa,GAAG,MAAM,CA6BrE"}

package/dist/validate/prompts/semantic-analysis.js

@@ -0,0 +1,169 @@
+"use strict";
+/**
+ * Security Analysis Prompt (Layer 3)
+ *
+ * System prompt for deep semantic security analysis using AI.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECURITY_ANALYSIS_PROMPT = void 0;
+exports.buildAuthContextForPrompt = buildAuthContextForPrompt;
+// ============================================================================
+// Security Analysis Prompt
+// ============================================================================
+/**
+ * System prompt for security analysis
+ */
+exports.SECURITY_ANALYSIS_PROMPT = `You are an expert security code reviewer. Analyze the provided code for security vulnerabilities.
+
+Focus on these specific vulnerability types:
+
+1. **Taint Analysis (Data Flow)**
+   - Track user input from sources (req.query, req.params, req.body, searchParams, URL parameters)
+   - To dangerous sinks (eval, dangerouslySetInnerHTML, exec, SQL queries, file operations)
+   - Flag any path where untrusted data reaches a dangerous function without sanitization
+
+2. **SQL Injection**
+   - String concatenation in SQL queries
+   - Template literals with user input in queries
+   - Missing parameterized queries
+
+3. **XSS (Cross-Site Scripting)**
+   - User input rendered without escaping
+   - dangerouslySetInnerHTML with user data
+   - innerHTML assignments
+   - NOTE: React/Next.js JSX automatically escapes content, so {variable} in JSX is NOT XSS
+
+4. **Command Injection**
+   - exec, spawn, execSync with user input
+   - Shell command construction with variables
+
+5. **Missing Authorization**
+   - API routes that modify data without auth checks
+   - Database writes in GET handlers
+   - Missing permission checks before sensitive operations
+
+6. **Insecure Deserialization**
+   - JSON.parse on untrusted data without validation
+   - eval of serialized data
+
+7. **Cryptography Validation**
+   - Weak algorithms: MD5 (for security), SHA1 (for security), DES, RC4
+   - Insecure random: Math.random() for tokens/keys/secrets
+   - Hardcoded encryption keys or IVs (not from env vars)
+   - ECB mode usage (patterns indicate cipher mode)
+   - Low iteration counts for PBKDF2 (< 10000)
+   - Short key lengths (< 256 bits for symmetric)
+   - Missing salt for password hashing
+   - createCipher() instead of createCipheriv()
+
+8. **Data Exposure Detection**
+   - Logging sensitive data: console.log with passwords, tokens, secrets, API keys
+   - Stack traces exposed to clients: err.stack in response
+   - Returning entire user objects (may include password hash)
+   - Debug endpoints left in code: /debug, /test, /_internal routes
+   - Verbose error messages exposing internal details
+   - Sensitive data in error responses
+
+9. **Framework-Specific Security**
+
+   **Next.js:**
+   - Server actions ('use server') without authentication
+   - Client components ('use client') accessing non-NEXT_PUBLIC_ env vars
+   - Middleware that returns NextResponse.next() without auth checks
+   - getServerSideProps without session validation
+   - Exposed API routes without rate limiting
+
+   **React:**
+   - Sensitive data stored in useState (visible in devtools)
+   - dangerouslySetInnerHTML with props/state
+   - useEffect making authenticated API calls without token validation
+
+   **Express:**
+   - Missing helmet() middleware for security headers
+   - CORS with origin: "*" in production
+   - Missing body-parser limits (DoS risk)
+   - Trust proxy without verification
+   - Error handlers exposing stack traces
+
+IMPORTANT - DO NOT FLAG THESE AS VULNERABILITIES (common false positives):
+
+**Framework Patterns (Safe by Design):**
+- Next.js middleware using request.url for redirects (standard pattern)
+- React/Next.js JSX rendering variables like {user.name} (auto-escaped by React)
+- Supabase/Firebase client creation with NEXT_PUBLIC_ environment variables
+- Using headers().get('host') in Next.js server actions
+
+**Data Handling (Low Risk):**
+- JSON.parse on data from YOUR OWN database (the app wrote it, it's trusted). Do NOT report this as a vulnerability. At most, you may mention an info-level robustness note if there is no error handling, but generally you should omit it.
+- JSON.parse on localStorage data (same-origin, XSS is a separate issue). This is also not a security vulnerability. At most, you may suggest an info-level robustness improvement, and usually it is not worth mentioning.
+- Passing user's own data to external APIs (user embedding their own content).
+- Error messages that use error.message in catch blocks or are returned to the client as a generic error string are standard error handling. Treat them as LOW/INFO hardening at most, and DO NOT mark them as medium/high unless the message clearly includes credentials, secrets, or full stack traces.
+- Generic configuration or feature messages like "OpenAI API key not configured" or "service disabled" are operational information, not security vulnerabilities. Treat them as info at most, or ignore them.
+
+**Authentication Patterns (Context Matters):**
+- Internal server-side functions only called from trusted code paths (OAuth callbacks, etc.)
+- Functions with userId parameters called with session.user.id from authenticated contexts
+- Service role keys used in server-side code with proper auth checks elsewhere
+- API routes that call getCurrentUserId() and use the result (the auth check IS the userId call)
+
+**BYOK (Bring Your Own Key) Patterns:**
+- User-provided API keys in BYOK mode are INTENTIONAL - the user wants to use their own key
+- This is a feature, not a vulnerability - don't flag it unless there's actual abuse potential
+- When a BYOK key is only used TRANSIENTLY in memory for a single provider call (and is never logged or stored), and the route is authenticated, do NOT report this as a medium/high vulnerability. At most, you may surface a low/info note reminding the developer not to log or persist keys.
+- Frontend components sending a BYOK key to an authenticated backend endpoint for one-shot use are expected behavior, not a vulnerability. Do NOT flag these as data_exposure or dangerous_function unless the key is logged, stored, or echoed back to the client.
+- Only raise medium/high BYOK findings when keys are clearly stored (e.g., written to a database or long-term logs), logged in plaintext, or accepted by unauthenticated endpoints that attackers could abuse at scale.
+
+**What TO Flag (Real Vulnerabilities):**
+- SQL string concatenation with user input
+- eval() or Function() with user-controlled strings
+- Missing auth checks where sensitive data could be accessed by wrong user
+- Actual hardcoded secrets (real API keys, not env var references)
+- Command injection (exec/spawn with user input)
+
+Respond ONLY with a JSON array of findings. Each finding must have:
+{
+  "lineNumber": <number>,
+  "severity": "critical" | "high" | "medium" | "low",
+  "category": "sql_injection" | "xss" | "command_injection" | "missing_auth" | "dangerous_function",
+  "title": "<short title>",
+  "description": "<detailed explanation of the vulnerability>",
+  "suggestedFix": "<how to fix it>"
+}
+
+If no vulnerabilities are found, return an empty array: []
+
+CRITICAL: Only report REAL vulnerabilities with HIGH confidence. Be conservative - it's better to miss a low-confidence issue than to report false positives. The code is likely using modern frameworks with built-in protections.`;
+// ============================================================================
+// Auth Context Builder
+// ============================================================================
+/**
+ * Build auth context string for AI prompt
+ */
+function buildAuthContextForPrompt(ctx) {
+    if (!ctx)
+        return '';
+    const parts = [];
+    if (ctx.middlewareConfig?.hasAuthMiddleware) {
+        parts.push(`**IMPORTANT AUTH CONTEXT**: This project uses ${ctx.middlewareConfig.authType || 'auth'} middleware.`);
+        if (ctx.middlewareConfig.protectedPaths.length > 0) {
+            parts.push(`Protected paths: ${ctx.middlewareConfig.protectedPaths.join(', ')}`);
+        }
+        else {
+            parts.push('All /api/** routes are protected by default.');
+        }
+        parts.push('Routes under these paths are ALREADY AUTHENTICATED - do NOT flag them as "missing auth".');
+        parts.push('Client components calling these protected API routes are also safe - the backend handles auth.');
+    }
+    if (ctx.authHelpers?.hasThrowingHelpers) {
+        parts.push('');
+        parts.push('**AUTH HELPER FUNCTIONS**: This project uses throwing auth helpers that guarantee authenticated context:');
+        parts.push(ctx.authHelpers.summary);
+        parts.push('Code after these helper calls is GUARANTEED to be authenticated. Do NOT flag "missing auth" after these calls.');
+    }
+    if (ctx.additionalContext) {
+        parts.push('');
+        parts.push(ctx.additionalContext);
+    }
+    return parts.length > 0 ? '\n\n' + parts.join('\n') : '';
+}
+//# sourceMappingURL=semantic-analysis.js.map

package/dist/validate/prompts/semantic-analysis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"semantic-analysis.js","sourceRoot":"","sources":["../../../src/validate/prompts/semantic-analysis.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AA2IH,8DA6BC;AApKD,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;GAEG;AACU,QAAA,wBAAwB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oOAuH4L,CAAA;AAEpO,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,yBAAyB,CAAC,GAAmB;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAA;IAEnB,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,IAAI,GAAG,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,iDAAiD,GAAG,CAAC,gBAAgB,CAAC,QAAQ,IAAI,MAAM,cAAc,CAAC,CAAA;QAClH,IAAI,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnD,KAAK,CAAC,IAAI,CAAC,oBAAoB,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAClF,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;QAC5D,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAA;QACtG,KAAK,CAAC,IAAI,CAAC,gGAAgG,CAAC,CAAA;IAC9G,CAAC;IAED,IAAI,GAAG,CAAC,WAAW,EAAE,kBAAkB,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,0GAA0G,CAAC,CAAA;QACtH,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QACnC,KAAK,CAAC,IAAI,CAAC,gHAAgH,CAAC,CAAA;IAC9H,CAAC;IAED,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;IACnC,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;AAC1D,CAAC"}