@oculum/scanner 1.0.11 → 1.0.13

package/dist/layer3/anthropic/auto-dismiss.js.map

@@ -1 +1 @@
-{"version":3,"file":"auto-dismiss.js","sourceRoot":"","sources":["../../../src/layer3/anthropic/auto-dismiss.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA0KH,sDAoCC;AA1MD,iEAOoC;AACpC,uCAAgD;AAEhD,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,MAAM,kBAAkB,GAAsB;IAC5C,2EAA2E;IAC3E;QACE,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,kCAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC;QACtD,MAAM,EAAE,2BAA2B;KACpC;IAED,0CAA0C;IAC1C;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,+BAAa,EAAC,OAAO,CAAC,QAAQ,CAAC;QACnD,MAAM,EAAE,8BAA8B;KACvC;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,oBAAoB;QAC1B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,+BAA+B;KACxC;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,wCAAsB,EAAC,OAAO,CAAC,QAAQ,CAAC;QAC5D,MAAM,EAAE,iCAAiC;KAC1C;IAED,0DAA0D;IAC1D;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,kBAAkB,IAAI,OAAO,CAAC,QAAQ,KAAK,qBAAqB,EAAE,CAAC;gBAC1F,OAAO,KAAK,CAAA;YACd,CAAC;YACD,OAAO,IAAA,mCAAiB,EAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QAC/C,CAAC;QACD,MAAM,EAAE,2CAA2C;KACpD;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,uBAAuB;QAC7B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,cAAc;gBAAE,OAAO,KAAK,CAAA;YACrD,OAAO,IAAA,kCAAgB,EAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;QACD,MAAM,EAAE,kDAAkD;KAC3D;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,qBAAqB;gBAAE,OAAO,KAAK,CAAA;YAC5D,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;YAC5G,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAA;YACnD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAA;YAC9E,OAAO,UAAU,IAAI,CAAC,CAAA;QACxB,CAAC;QACD,MAAM,EAAE,qCAAqC;KAC9C;IAED,yDAAyD;IACzD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,8DAA8D;YAC9D,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,OAAO,IAAA,2BAAS,EAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QACvC,CAAC;QACD,MAAM,EAAE,+BAA+B;KACxC;IAED,8CAA8C;IAC9C,kEAAkE;IAClE,oFAAoF;IACpF,0EAA0E;IAC1E;QACE,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM;gBAAE,OAAO,KAAK,CAAA;YAC7C,6DAA6D;YAC7D,2DAA2D;YAC3D,MAAM,IAAI,GAAG,IAAA,0BAAkB,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YAChE,OAAO,IAAI,KAAK,MAAM,CAAA;QACxB,CAAC;QACD,MAAM,EAAE,wDAAwD;KACjE;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,MAAM,eAAe,GAAG;gBACtB,+EAA+E;gBAC/E,iCAAiC;gBACjC,8BAA8B;gBAC9B,yDAAyD;aAC1D,CAAA;YACD,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,EAAE,4CAA4C;KACrD;IAED,qEAAqE;IACrE;QACE,IAAI,EAAE,qBAAqB;QAC3B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAA;YAC9D,2DAA2D;YAC3D,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAA;YACnD,MAAM,eAAe,GAAG,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,0CAA0C,CAAC,CAAA;YAC3G,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,EAAE,oCAAoC;KAC7C;IAED,kEAAkE;IAClE;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,OAAO,6CAA6C,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QAChF,CAAC;QACD,MAAM,EAAE,0CAA0C;KACnD;CACF,CAAA;AAED,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,yBAAyB,EAAG,4EAA4E;CACzG,CAAC,CAAA;AAEF;;;;;;;GAOG;AACH,SAAgB,qBAAqB,CACnC,QAAyB,EACzB,OAAiC,YAAY;IAK7C,MAAM,UAAU,GAAoB,EAAE,CAAA;IACtC,MAAM,SAAS,GAAoE,EAAE,CAAA;IAErF,6BAA6B;IAC7B,MAAM,eAAe,GAAG,IAAI,KAAK,SAAS;QACxC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1E,CAAC,CAAC,kBAAkB,CAAA;IAEtB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,YAAY,GAAG,KAAK,CAAA;QAExB,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxB,SAAS,CAAC,IAAI,CAAC;oBACb,OAAO;oBACP,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB,CAAC,CAAA;gBACF,YAAY,GAAG,IAAI,CAAA;gBACnB,MAAK;YACP,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAA;AAClC,CAAC"}
+{"version":3,"file":"auto-dismiss.js","sourceRoot":"","sources":["../../../src/layer3/anthropic/auto-dismiss.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAqLH,sDAoCC;AArND,iEAOoC;AACpC,uCAAgD;AAEhD,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,MAAM,kBAAkB,GAAsB;IAC5C,2EAA2E;IAC3E;QACE,IAAI,EAAE,WAAW;QACjB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,kCAAgB,EAAC,OAAO,CAAC,QAAQ,CAAC;QACtD,MAAM,EAAE,2BAA2B;KACpC;IAED,0CAA0C;IAC1C;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,+BAAa,EAAC,OAAO,CAAC,QAAQ,CAAC;QACnD,MAAM,EAAE,8BAA8B;KACvC;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,oBAAoB;QAC1B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,+BAA+B;KACxC;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAA,wCAAsB,EAAC,OAAO,CAAC,QAAQ,CAAC;QAC5D,MAAM,EAAE,iCAAiC;KAC1C;IAED,0DAA0D;IAC1D;QACE,IAAI,EAAE,mBAAmB;QACzB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,kBAAkB,IAAI,OAAO,CAAC,QAAQ,KAAK,qBAAqB,EAAE,CAAC;gBAC1F,OAAO,KAAK,CAAA;YACd,CAAC;YACD,OAAO,IAAA,mCAAiB,EAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QAC/C,CAAC;QACD,MAAM,EAAE,2CAA2C;KACpD;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,uBAAuB;QAC7B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,cAAc;gBAAE,OAAO,KAAK,CAAA;YACrD,OAAO,IAAA,kCAAgB,EAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;QAChE,CAAC;QACD,MAAM,EAAE,kDAAkD;KAC3D;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,qBAAqB;gBAAE,OAAO,KAAK,CAAA;YAC5D,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;YAC5G,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAA;YACnD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAA;YAC9E,OAAO,UAAU,IAAI,CAAC,CAAA;QACxB,CAAC;QACD,MAAM,EAAE,qCAAqC;KAC9C;IAED,yDAAyD;IACzD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,8DAA8D;YAC9D,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,OAAO,IAAA,2BAAS,EAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QACvC,CAAC;QACD,MAAM,EAAE,+BAA+B;KACxC;IAED,8CAA8C;IAC9C,kEAAkE;IAClE,oFAAoF;IACpF,0EAA0E;IAC1E;QACE,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM;gBAAE,OAAO,KAAK,CAAA;YAC7C,6DAA6D;YAC7D,2DAA2D;YAC3D,MAAM,IAAI,GAAG,IAAA,0BAAkB,EAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;YAChE,OAAO,IAAI,KAAK,MAAM,CAAA;QACxB,CAAC;QACD,MAAM,EAAE,wDAAwD;KACjE;IAED,+CAA+C;IAC/C;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,MAAM,eAAe,GAAG;gBACtB,+EAA+E;gBAC/E,iCAAiC;gBACjC,8BAA8B;gBAC9B,yDAAyD;aAC1D,CAAA;YACD,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAA;QAC/D,CAAC;QACD,MAAM,EAAE,4CAA4C;KACrD;IAED,qEAAqE;IACrE;QACE,IAAI,EAAE,qBAAqB;QAC3B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAA;YAC9D,2DAA2D;YAC3D,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAA;YACnD,MAAM,eAAe,GAAG,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,0CAA0C,CAAC,CAAA;YAC3G,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,EAAE,oCAAoC;KAC7C;IAED,kEAAkE;IAClE;QACE,IAAI,EAAE,sBAAsB;QAC5B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,OAAO,6CAA6C,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QAChF,CAAC;QACD,MAAM,EAAE,0CAA0C;KACnD;IAED,6DAA6D;IAC7D;QACE,IAAI,EAAE,yBAAyB;QAC/B,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,OAAO,CAAC,QAAQ,KAAK,YAAY;gBAAE,OAAO,KAAK,CAAA;YACnD,OAAO,OAAO,CAAC,QAAQ,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAA;QAClE,CAAC;QACD,MAAM,EAAE,oEAAoE;KAC7E;CACF,CAAA;AAED,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,yBAAyB,EAAG,4EAA4E;IACxG,yBAAyB,EAAG,2EAA2E;CACxG,CAAC,CAAA;AAEF;;;;;;;GAOG;AACH,SAAgB,qBAAqB,CACnC,QAAyB,EACzB,OAAiC,YAAY;IAK7C,MAAM,UAAU,GAAoB,EAAE,CAAA;IACtC,MAAM,SAAS,GAAoE,EAAE,CAAA;IAErF,6BAA6B;IAC7B,MAAM,eAAe,GAAG,IAAI,KAAK,SAAS;QACxC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1E,CAAC,CAAC,kBAAkB,CAAA;IAEtB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,YAAY,GAAG,KAAK,CAAA;QAExB,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxB,SAAS,CAAC,IAAI,CAAC;oBACb,OAAO;oBACP,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB,CAAC,CAAA;gBACF,YAAY,GAAG,IAAI,CAAA;gBACnB,MAAK;YACP,CAAC;QACH,CAAC;QAED,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAA;AAClC,CAAC"}

package/dist/layer3/anthropic/prompts/index.d.ts

@@ -4,5 +4,5 @@
  * Re-exports all prompt templates and helpers.
  */
 export { SECURITY_ANALYSIS_PROMPT, buildAuthContextForPrompt, } from './semantic-analysis';
-export { HIGH_CONTEXT_VALIDATION_PROMPT, } from './validation';
+export { HIGH_CONTEXT_VALIDATION_PROMPT, assembleValidationPrompt, getFullValidationPrompt, } from './validation';
 //# sourceMappingURL=index.d.ts.map

package/dist/layer3/anthropic/prompts/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EACL,8BAA8B,GAC/B,MAAM,cAAc,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,qBAAqB,CAAA;AAE5B,OAAO,EACL,8BAA8B,EAC9B,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,cAAc,CAAA"}

package/dist/layer3/anthropic/prompts/index.js

@@ -5,10 +5,12 @@
  * Re-exports all prompt templates and helpers.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.HIGH_CONTEXT_VALIDATION_PROMPT = exports.buildAuthContextForPrompt = exports.SECURITY_ANALYSIS_PROMPT = void 0;
+exports.getFullValidationPrompt = exports.assembleValidationPrompt = exports.HIGH_CONTEXT_VALIDATION_PROMPT = exports.buildAuthContextForPrompt = exports.SECURITY_ANALYSIS_PROMPT = void 0;
 var semantic_analysis_1 = require("./semantic-analysis");
 Object.defineProperty(exports, "SECURITY_ANALYSIS_PROMPT", { enumerable: true, get: function () { return semantic_analysis_1.SECURITY_ANALYSIS_PROMPT; } });
 Object.defineProperty(exports, "buildAuthContextForPrompt", { enumerable: true, get: function () { return semantic_analysis_1.buildAuthContextForPrompt; } });
 var validation_1 = require("./validation");
 Object.defineProperty(exports, "HIGH_CONTEXT_VALIDATION_PROMPT", { enumerable: true, get: function () { return validation_1.HIGH_CONTEXT_VALIDATION_PROMPT; } });
+Object.defineProperty(exports, "assembleValidationPrompt", { enumerable: true, get: function () { return validation_1.assembleValidationPrompt; } });
+Object.defineProperty(exports, "getFullValidationPrompt", { enumerable: true, get: function () { return validation_1.getFullValidationPrompt; } });
 //# sourceMappingURL=index.js.map

package/dist/layer3/anthropic/prompts/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,yDAG4B;AAF1B,6HAAA,wBAAwB,OAAA;AACxB,8HAAA,yBAAyB,OAAA;AAG3B,2CAEqB;AADnB,4HAAA,8BAA8B,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,yDAG4B;AAF1B,6HAAA,wBAAwB,OAAA;AACxB,8HAAA,yBAAyB,OAAA;AAG3B,2CAIqB;AAHnB,4HAAA,8BAA8B,OAAA;AAC9B,sHAAA,wBAAwB,OAAA;AACxB,qHAAA,uBAAuB,OAAA"}

package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts

@@ -0,0 +1,19 @@
+/**
+ * AI Patterns Module
+ *
+ * Categories: ai_pattern, ai_prompt_injection, ai_unsafe_execution,
+ *             ai_overpermissive_tool, suspicious_package, ai_rag_exfiltration,
+ *             ai_endpoint_unprotected, ai_schema_mismatch, ai_package_hallucination,
+ *             ai_rag_corpus_poisoning, ai_rag_pii_leakage, ai_mcp_tool_poisoning,
+ *             ai_mcp_credential_issue, ai_mcp_confused_deputy,
+ *             ai_mcp_description_injection, ai_mcp_server_shadowing,
+ *             ai_mcp_config_secrets, ai_mcp_config_permissions,
+ *             ai_rag_query_injection, ai_rag_embedding_poisoning,
+ *             ai_rag_chunk_injection, ai_package_typosquat, ai_package_malicious,
+ *             ai_unsafe_model_load, ai_unverified_model, ai_unsafe_finetuning,
+ *             ai_excessive_agency
+ *
+ * Contains AI/LLM-specific patterns that require semantic AI reasoning.
+ */
+export declare const AI_PATTERNS_MODULE = "\n### AI/LLM-Specific Patterns\n\n**Prompt Injection (ai_prompt_injection):**\n- User input in system prompt WITHOUT delimiters (code fences, XML tags, separators) -> **HIGH** (real risk)\n- User input in system prompt WITH clear delimiters -> **INFO** (properly fenced)\n- Static prompts with no user interpolation -> **REJECT** (false positive)\n- Prompt templates using proper parameterization/placeholders -> **REJECT**\n\n**LLM Output Execution (ai_unsafe_execution):**\n- LLM output fed to eval()/Function()/exec() WITHOUT sandbox -> **CRITICAL** (arbitrary code execution)\n- LLM output to execution WITH sandbox (vm2, isolated-vm) -> **MEDIUM** (risk mitigated)\n- LLM output to execution WITH validation AND sandbox -> **LOW** (well-protected)\n- LLM output used for display only (console.log, UI) -> **REJECT** (not execution)\n- Generated SQL from LLM without parameterization -> **CRITICAL** (SQL injection)\n- Generated SQL with parameterized queries -> **MEDIUM** (logic may still be wrong)\n\n**Agent Tool Permissions (ai_overpermissive_tool):**\n- Tool with unrestricted file/network/exec access -> **HIGH** (overpermissive)\n- Tool without user context verification -> **MEDIUM** (missing authorization)\n- Tool with proper scoping, allowlists, and user verification -> **LOW** or **REJECT**\n- Test files with tool definitions -> **INFO** or **REJECT**\n\n**Hallucinated Dependencies (suspicious_package):**\n- Package not found in registry -> **CRITICAL** (likely AI-hallucinated name)\n- Very new package (less than 7 days old) with low downloads and typosquat pattern -> **HIGH**\n- Legitimate looking package with source/repo but low popularity -> **MEDIUM** (needs review)\n- Known legitimate package with unusual name (in allowlist) -> **REJECT**\n\n**CRITICAL AI PATTERN RULES**:\n- AI code generation often produces non-existent package names - flag these prominently\n- Prompt injection is NOT the same as XSS - different threat model and severity\n- Sandboxed code execution (vm2, isolated-vm) significantly reduces risk\n- Agent tools need both access restrictions AND user context verification\n\n### RAG Data Exfiltration (ai_rag_exfiltration)\nRetrieval Augmented Generation systems can leak sensitive data across tenant boundaries.\n\n**Unscoped Retrieval Queries:**\n- Vector store query WITHOUT user/tenant filter -> **HIGH** (cross-tenant data access)\n  - .query(), .search(), .similaritySearch() without filter/where/userId/tenantId parameter\n  - LangChain retriever.invoke() without metadata filter\n  - Pinecone/Chroma/Weaviate query without namespace or metadata filter\n- Query WITH proper scoping (filter by userId/tenantId) -> **REJECT** (properly scoped)\n- Query with RLS-enabled Supabase tables -> **LOW/INFO** (verify RLS policy)\n\n**Raw Context Exposure:**\n- Raw sourceDocuments/chunks returned in API response -> **MEDIUM** (data leak to client)\n- Raw context returned WITHOUT authentication -> **HIGH** (public data leak)\n- Filtered response (only IDs, titles, metadata) -> **REJECT** (properly filtered)\n- Response filtering visible nearby (.map, sanitize, redact) -> **INFO**\n\n**Context Logging:**\n- Logging retrieved documents (debug) -> **INFO** (hygiene, not direct risk)\n- Logging full prompts with context -> **LOW** (audit concern if logs are accessible)\n- Persisting prompts/context to database -> **MEDIUM** (sensitive data retention)\n\n**CRITICAL RAG RULES**:\n- Cross-tenant data access is the PRIMARY risk - always check for user/tenant scoping\n- Authenticated endpoints exposing context are MEDIUM; unauthenticated are HIGH\n- Debug logging is INFO severity - it's not a direct vulnerability\n- If RLS or middleware protection is visible, downgrade significantly\n\n### AI Endpoint Protection (ai_endpoint_unprotected)\nAI/LLM API endpoints can incur significant costs and enable data exfiltration.\n\n**No Authentication + No Rate Limiting -> HIGH:**\n- Endpoint calls OpenAI/Anthropic/etc. without any auth check or rate limit\n- Anyone on the internet can abuse the endpoint and run up API costs\n- Potential for prompt exfiltration or model abuse\n\n**Has Rate Limiting but No Authentication -> MEDIUM:**\n- Rate limit provides some protection against abuse\n- Still allows anonymous access to AI functionality\n- Suggest adding authentication\n\n**Has Authentication but No Rate Limiting -> LOW:**\n- Authenticated users could still abuse the endpoint\n- Suggest adding rate limiting for cost control\n- severity: low (suggest improvement)\n\n**Has Both Auth and Rate Limiting -> INFO/REJECT:**\n- Properly protected endpoint\n- REJECT if both are clearly present\n- INFO if you want to note the good pattern\n\n**BYOK (Bring Your Own Key) Endpoints:**\n- If user provides their own API key, risk is LOWER\n- User pays for their own usage - cost abuse is their problem\n- Downgrade severity by one level for BYOK patterns\n\n**Protected by Middleware:**\n- If project context shows auth middleware protecting the route, downgrade to INFO\n- Internal/admin routes should be INFO or REJECT\n\n**CRITICAL ENDPOINT RULES**:\n- Cost abuse is real - unprotected AI endpoints can bankrupt a startup\n- Rate limiting alone isn't enough - need auth to prevent anonymous abuse\n- BYOK endpoints have lower risk since user bears the cost\n- Check for middleware protection before flagging\n\n### Schema/Tooling Mismatch (ai_schema_mismatch)\nAI-generated structured outputs need validation before use in security-sensitive contexts.\n\n**Unvalidated AI Output Parsing:**\n- JSON.parse(response.content) without schema validation -> **MEDIUM**\n  - AI may return malformed or unexpected structures\n  - Suggest zod/ajv/joi validation\n- AI output to EXECUTION SINK (eval, exec, query) without validation -> **HIGH**\n  - Direct path to code/SQL injection\n- AI output to DISPLAY only (console.log, UI render) -> **REJECT**\n  - Not a security issue for display purposes\n- OpenAI Structured Outputs (json_schema in request) -> **REJECT**\n  - API-level validation provides guarantees\n\n**Weak Schema Patterns:**\n- response: any at API boundary -> **MEDIUM** (no type safety)\n- z.any() or z.unknown() -> **LOW** (defeats purpose of validation)\n- z.passthrough() -> **INFO** (allows extra properties, minor concern)\n- Specific schema defined and used -> **REJECT** (properly validated)\n\n**Tool Parameter Validation:**\n- Tool parameter -> file path without validation -> **HIGH** (path traversal)\n- Tool parameter -> shell command without validation -> **CRITICAL** (command injection)\n- Tool parameter -> URL without validation -> **HIGH** (SSRF)\n- Tool parameter -> DB query without validation -> **HIGH** (SQL injection)\n- Tool parameter with allowlist check visible -> **LOW/REJECT** (mitigated)\n\n**CRITICAL SCHEMA RULES**:\n- The severity depends on WHERE the AI output is used, not just that it's parsed\n- Execution sinks (eval, exec, query, fs) need HIGH severity without validation\n- Display-only usage is NOT a security issue\n- Schema validation (zod, ajv, joi) significantly reduces risk\n- OpenAI Structured Outputs provide API-level guarantees\n";
+//# sourceMappingURL=ai-patterns.d.ts.map

package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-patterns.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/ai-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,eAAO,MAAM,kBAAkB,2+NAsI9B,CAAA"}

package/dist/layer3/anthropic/prompts/modules/ai-patterns.js

@@ -0,0 +1,156 @@
+"use strict";
+/**
+ * AI Patterns Module
+ *
+ * Categories: ai_pattern, ai_prompt_injection, ai_unsafe_execution,
+ *             ai_overpermissive_tool, suspicious_package, ai_rag_exfiltration,
+ *             ai_endpoint_unprotected, ai_schema_mismatch, ai_package_hallucination,
+ *             ai_rag_corpus_poisoning, ai_rag_pii_leakage, ai_mcp_tool_poisoning,
+ *             ai_mcp_credential_issue, ai_mcp_confused_deputy,
+ *             ai_mcp_description_injection, ai_mcp_server_shadowing,
+ *             ai_mcp_config_secrets, ai_mcp_config_permissions,
+ *             ai_rag_query_injection, ai_rag_embedding_poisoning,
+ *             ai_rag_chunk_injection, ai_package_typosquat, ai_package_malicious,
+ *             ai_unsafe_model_load, ai_unverified_model, ai_unsafe_finetuning,
+ *             ai_excessive_agency
+ *
+ * Contains AI/LLM-specific patterns that require semantic AI reasoning.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AI_PATTERNS_MODULE = void 0;
+exports.AI_PATTERNS_MODULE = `
+### AI/LLM-Specific Patterns
+
+**Prompt Injection (ai_prompt_injection):**
+- User input in system prompt WITHOUT delimiters (code fences, XML tags, separators) -> **HIGH** (real risk)
+- User input in system prompt WITH clear delimiters -> **INFO** (properly fenced)
+- Static prompts with no user interpolation -> **REJECT** (false positive)
+- Prompt templates using proper parameterization/placeholders -> **REJECT**
+
+**LLM Output Execution (ai_unsafe_execution):**
+- LLM output fed to eval()/Function()/exec() WITHOUT sandbox -> **CRITICAL** (arbitrary code execution)
+- LLM output to execution WITH sandbox (vm2, isolated-vm) -> **MEDIUM** (risk mitigated)
+- LLM output to execution WITH validation AND sandbox -> **LOW** (well-protected)
+- LLM output used for display only (console.log, UI) -> **REJECT** (not execution)
+- Generated SQL from LLM without parameterization -> **CRITICAL** (SQL injection)
+- Generated SQL with parameterized queries -> **MEDIUM** (logic may still be wrong)
+
+**Agent Tool Permissions (ai_overpermissive_tool):**
+- Tool with unrestricted file/network/exec access -> **HIGH** (overpermissive)
+- Tool without user context verification -> **MEDIUM** (missing authorization)
+- Tool with proper scoping, allowlists, and user verification -> **LOW** or **REJECT**
+- Test files with tool definitions -> **INFO** or **REJECT**
+
+**Hallucinated Dependencies (suspicious_package):**
+- Package not found in registry -> **CRITICAL** (likely AI-hallucinated name)
+- Very new package (less than 7 days old) with low downloads and typosquat pattern -> **HIGH**
+- Legitimate looking package with source/repo but low popularity -> **MEDIUM** (needs review)
+- Known legitimate package with unusual name (in allowlist) -> **REJECT**
+
+**CRITICAL AI PATTERN RULES**:
+- AI code generation often produces non-existent package names - flag these prominently
+- Prompt injection is NOT the same as XSS - different threat model and severity
+- Sandboxed code execution (vm2, isolated-vm) significantly reduces risk
+- Agent tools need both access restrictions AND user context verification
+
+### RAG Data Exfiltration (ai_rag_exfiltration)
+Retrieval Augmented Generation systems can leak sensitive data across tenant boundaries.
+
+**Unscoped Retrieval Queries:**
+- Vector store query WITHOUT user/tenant filter -> **HIGH** (cross-tenant data access)
+  - .query(), .search(), .similaritySearch() without filter/where/userId/tenantId parameter
+  - LangChain retriever.invoke() without metadata filter
+  - Pinecone/Chroma/Weaviate query without namespace or metadata filter
+- Query WITH proper scoping (filter by userId/tenantId) -> **REJECT** (properly scoped)
+- Query with RLS-enabled Supabase tables -> **LOW/INFO** (verify RLS policy)
+
+**Raw Context Exposure:**
+- Raw sourceDocuments/chunks returned in API response -> **MEDIUM** (data leak to client)
+- Raw context returned WITHOUT authentication -> **HIGH** (public data leak)
+- Filtered response (only IDs, titles, metadata) -> **REJECT** (properly filtered)
+- Response filtering visible nearby (.map, sanitize, redact) -> **INFO**
+
+**Context Logging:**
+- Logging retrieved documents (debug) -> **INFO** (hygiene, not direct risk)
+- Logging full prompts with context -> **LOW** (audit concern if logs are accessible)
+- Persisting prompts/context to database -> **MEDIUM** (sensitive data retention)
+
+**CRITICAL RAG RULES**:
+- Cross-tenant data access is the PRIMARY risk - always check for user/tenant scoping
+- Authenticated endpoints exposing context are MEDIUM; unauthenticated are HIGH
+- Debug logging is INFO severity - it's not a direct vulnerability
+- If RLS or middleware protection is visible, downgrade significantly
+
+### AI Endpoint Protection (ai_endpoint_unprotected)
+AI/LLM API endpoints can incur significant costs and enable data exfiltration.
+
+**No Authentication + No Rate Limiting -> HIGH:**
+- Endpoint calls OpenAI/Anthropic/etc. without any auth check or rate limit
+- Anyone on the internet can abuse the endpoint and run up API costs
+- Potential for prompt exfiltration or model abuse
+
+**Has Rate Limiting but No Authentication -> MEDIUM:**
+- Rate limit provides some protection against abuse
+- Still allows anonymous access to AI functionality
+- Suggest adding authentication
+
+**Has Authentication but No Rate Limiting -> LOW:**
+- Authenticated users could still abuse the endpoint
+- Suggest adding rate limiting for cost control
+- severity: low (suggest improvement)
+
+**Has Both Auth and Rate Limiting -> INFO/REJECT:**
+- Properly protected endpoint
+- REJECT if both are clearly present
+- INFO if you want to note the good pattern
+
+**BYOK (Bring Your Own Key) Endpoints:**
+- If user provides their own API key, risk is LOWER
+- User pays for their own usage - cost abuse is their problem
+- Downgrade severity by one level for BYOK patterns
+
+**Protected by Middleware:**
+- If project context shows auth middleware protecting the route, downgrade to INFO
+- Internal/admin routes should be INFO or REJECT
+
+**CRITICAL ENDPOINT RULES**:
+- Cost abuse is real - unprotected AI endpoints can bankrupt a startup
+- Rate limiting alone isn't enough - need auth to prevent anonymous abuse
+- BYOK endpoints have lower risk since user bears the cost
+- Check for middleware protection before flagging
+
+### Schema/Tooling Mismatch (ai_schema_mismatch)
+AI-generated structured outputs need validation before use in security-sensitive contexts.
+
+**Unvalidated AI Output Parsing:**
+- JSON.parse(response.content) without schema validation -> **MEDIUM**
+  - AI may return malformed or unexpected structures
+  - Suggest zod/ajv/joi validation
+- AI output to EXECUTION SINK (eval, exec, query) without validation -> **HIGH**
+  - Direct path to code/SQL injection
+- AI output to DISPLAY only (console.log, UI render) -> **REJECT**
+  - Not a security issue for display purposes
+- OpenAI Structured Outputs (json_schema in request) -> **REJECT**
+  - API-level validation provides guarantees
+
+**Weak Schema Patterns:**
+- response: any at API boundary -> **MEDIUM** (no type safety)
+- z.any() or z.unknown() -> **LOW** (defeats purpose of validation)
+- z.passthrough() -> **INFO** (allows extra properties, minor concern)
+- Specific schema defined and used -> **REJECT** (properly validated)
+
+**Tool Parameter Validation:**
+- Tool parameter -> file path without validation -> **HIGH** (path traversal)
+- Tool parameter -> shell command without validation -> **CRITICAL** (command injection)
+- Tool parameter -> URL without validation -> **HIGH** (SSRF)
+- Tool parameter -> DB query without validation -> **HIGH** (SQL injection)
+- Tool parameter with allowlist check visible -> **LOW/REJECT** (mitigated)
+
+**CRITICAL SCHEMA RULES**:
+- The severity depends on WHERE the AI output is used, not just that it's parsed
+- Execution sinks (eval, exec, query, fs) need HIGH severity without validation
+- Display-only usage is NOT a security issue
+- Schema validation (zod, ajv, joi) significantly reduces risk
+- OpenAI Structured Outputs provide API-level guarantees
+`;
+//# sourceMappingURL=ai-patterns.js.map

package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-patterns.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/ai-patterns.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;AAEU,QAAA,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsIjC,CAAA"}

package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Auth Access Prompt Module
+ *
+ * Categories: missing_auth, security_bypass
+ * Contains contradiction handling rules that require AI reasoning.
+ * Heuristic-handled patterns (middleware awareness, throwing helpers) are NOT included.
+ */
+export declare const AUTH_ACCESS_MODULE = "\n### Authentication & Access Control\n\nFlag as REAL vulnerability (keep high severity) ONLY when:\n- Route has no visible auth check AND is NOT covered by middleware AND has no throwing auth helper\n- Sensitive operations without user scoping (cross-tenant access possible)\n- Auth checks that can be bypassed (e.g., checking wrong variable)\n\n**CRITICAL CONTRADICTION HANDLING**:\n- If we detect both \"protected by middleware\" and \"missing auth\" on the same route - REJECT the \"missing auth\" finding\n- If we detect both \"uses throwing auth helper\" and \"missing auth\" - REJECT the \"missing auth\" finding\n- Client components calling these protected API routes should NOT be flagged for \"missing auth\"\n- Adding \"if (!userId)\" after a throwing helper is a FALSE POSITIVE - reject it\n";
+//# sourceMappingURL=auth-access.d.ts.map

package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-access.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/auth-access.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,eAAO,MAAM,kBAAkB,wyBAa9B,CAAA"}

package/dist/layer3/anthropic/prompts/modules/auth-access.js

@@ -0,0 +1,25 @@
+"use strict";
+/**
+ * Auth Access Prompt Module
+ *
+ * Categories: missing_auth, security_bypass
+ * Contains contradiction handling rules that require AI reasoning.
+ * Heuristic-handled patterns (middleware awareness, throwing helpers) are NOT included.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AUTH_ACCESS_MODULE = void 0;
+exports.AUTH_ACCESS_MODULE = `
+### Authentication & Access Control
+
+Flag as REAL vulnerability (keep high severity) ONLY when:
+- Route has no visible auth check AND is NOT covered by middleware AND has no throwing auth helper
+- Sensitive operations without user scoping (cross-tenant access possible)
+- Auth checks that can be bypassed (e.g., checking wrong variable)
+
+**CRITICAL CONTRADICTION HANDLING**:
+- If we detect both "protected by middleware" and "missing auth" on the same route - REJECT the "missing auth" finding
+- If we detect both "uses throwing auth helper" and "missing auth" - REJECT the "missing auth" finding
+- Client components calling these protected API routes should NOT be flagged for "missing auth"
+- Adding "if (!userId)" after a throwing helper is a FALSE POSITIVE - reject it
+`;
+//# sourceMappingURL=auth-access.js.map

package/dist/layer3/anthropic/prompts/modules/auth-access.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-access.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/auth-access.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEU,QAAA,kBAAkB,GAAG;;;;;;;;;;;;;CAajC,CAAA"}

package/dist/layer3/anthropic/prompts/modules/common.d.ts

@@ -0,0 +1,11 @@
+/**
+ * COMMON Prompt Module
+ *
+ * Always included in every validation prompt. Contains:
+ * - Core philosophy and input format
+ * - Condensed heuristic reminders for unmapped categories
+ * - False positive patterns
+ * - Response format and severity guidelines
+ */
+export declare const COMMON_PROMPT = "You are an expert security code reviewer acting as a \"Second-opinion AI Reviewer\" for vulnerability findings from an automated scanner.\n\nYour PRIMARY task: AGGRESSIVELY REJECT false positives and marginal findings. Only keep findings that are clearly exploitable or represent real security risk.\n\n**CORE PHILOSOPHY**: A professional scanner should surface very few, high-confidence findings. When in doubt, REJECT the finding or downgrade to info.\n\n## Input Format\nYou will receive:\n1. **Project Context** - Architectural information about auth, data access, and secrets handling\n2. **Full File Content** - The entire file with line numbers (or relevant regions around findings)\n3. **Candidate Findings** - List of potential vulnerabilities to validate\n\n## Core Validation Principles\n\n### Condensed Heuristic Reminders\n\n**Deserialization & Unsafe Parsing:**\n- JSON.parse with app-controlled data in try-catch -> REJECT. External data without try-catch -> medium. request.json() -> NOT dangerous.\n- Do NOT suggest \"add try/catch\" when JSON.parse is ALREADY inside a try-catch block.\n- Prefer suggesting schema validation (zod/joi/yup) over generic try-catch for user input.\n\n**Logging & Error Handling:**\n- error.message in responses -> info (safe pattern). Stack traces/raw error objects in responses -> high. Logging errors -> info (standard practice).\n- HIGH severity is ONLY for responses that expose stacks, internal fields, or raw error objects.\n\n**DOM Sinks:**\n- innerHTML with string literals only -> info. User input to innerHTML/eval -> flag as real.\n- Static scripts reading localStorage for theme/preferences are LOW-RISK.\n\n## False Positive Patterns (ALWAYS REJECT - keep: false)\n\n1. **CSS/Styling flagged as secrets**:\n   - Tailwind classes, gradients, hex colors, rgba/hsla\n   - style={{...}} objects, CSS-in-JS\n\n2. **Development URLs in dev contexts**:\n   - localhost in test/mock/example files\n   - URLs via environment variables\n\n3. **Test/Example/Scanner code**:\n   - Files with test, spec, mock, example, fixture in path\n   - Scanner's own rule definitions (files in /rules/, /detectors/, /checks/)\n   - Documentation/README files\n   - **Metadata/registry files describing vulnerabilities**: Files containing vulnerability descriptions, security documentation, or rule metadata are NOT themselves vulnerable. E.g., a string \"DES is weak crypto\" describing a vulnerability is documentation, NOT actual DES usage.\n\n4. **TypeScript 'any' in safe contexts**:\n   - Type definitions, .d.ts files\n   - Internal utilities (not API boundaries)\n\n5. **Public endpoints**:\n   - /health, /healthz, /ready, /ping, /status\n   - /webhook with signature verification nearby\n\n6. **Generic AI patterns that are NOT security issues**:\n   - console.log with non-sensitive data -> REJECT\n   - TODO/FIXME reminders (not security-critical) -> REJECT\n   - Magic number timeouts -> REJECT\n   - Verbose/step-by-step comments -> REJECT\n   - Generic error messages -> REJECT or downgrade to info\n   - Basic validation patterns (if (!data) return) -> REJECT\n\n7. **Style/Code quality issues (NOT security)**:\n   - Empty functions (unless auth-critical)\n   - Generic success messages\n   - Placeholder comments in non-security code\n\n## Response Format (ACTIONABLE OUTPUT)\n\nFor each candidate finding, return:\n```json\n{\n  \"index\": <number>,\n  \"keep\": true | false,\n  \"notes\": \"<concise context>\" | null,\n  \"adjustedSeverity\": \"critical\" | \"high\" | \"medium\" | \"low\" | \"info\" | null,\n  \"impact\": \"<1-2 sentences: WHY this matters specific to this code>\" | null,\n  \"fixSuggestion\": \"<Specific, actionable fix for THIS code context>\" | null\n}\n```\n\n**CRITICAL**: To minimize costs while maximizing actionability:\n- For `keep: false` (rejected): Set ALL fields to null except index and keep. NO explanation needed.\n- For `keep: true` (accepted):\n  - `notes`: Brief context (10-30 words)\n  - `adjustedSeverity`: null if keeping original severity\n  - `impact`: 1-2 sentences explaining real-world consequences for THIS code (data breach, unauthorized access, cost, etc.)\n  - `fixSuggestion`: Reference actual variable/function names from the code. Be specific, not generic.\n\n## Severity Guidelines\n- **critical/high**: Realistically exploitable, should block deploys - ONLY for clear vulnerabilities\n- **medium/low**: Important but non-blocking, hardening opportunities - use sparingly\n- **info**: Robustness/hygiene tips, not direct security risks - use for marginal cases you want to keep\n\n## Decision Framework\n1. **Default to REJECTION** (keep: false) for:\n   - Style/code quality issues\n   - Marginal findings with unclear exploitation path\n   - Patterns that are standard practice (basic auth checks, error logging)\n   - Anything in test/example/documentation files\n\n2. **Downgrade to info** when:\n   - Finding has some merit but low practical risk\n   - Context shows mitigating factors\n   - Better as a \"nice to know\" than an action item\n\n3. **Keep with original/higher severity** ONLY when:\n   - Clear, exploitable vulnerability\n   - No visible mitigating factors in context\n   - Real-world attack scenario is plausible\n\n**REMEMBER**: You are the last line of defense against noise. A finding that reaches the user should be CLEARLY worth their time. When in doubt, REJECT.\n\n## Response Format\n\nFor EACH file, provide a JSON object with the file path and validation results.\nReturn a JSON array where each element has:\n- \"file\": the file path (e.g., \"src/routes/api.ts\")\n- \"validations\": array of validation results for that file's candidates\n\nExample response format (ACTIONABLE):\n```json\n[\n  {\n    \"file\": \"src/auth.ts\",\n    \"validations\": [\n      { \"index\": 0, \"keep\": true, \"adjustedSeverity\": \"medium\", \"notes\": \"Protected by middleware\", \"impact\": null, \"fixSuggestion\": null },\n      { \"index\": 1, \"keep\": false, \"notes\": null, \"adjustedSeverity\": null, \"impact\": null, \"fixSuggestion\": null }\n    ]\n  },\n  {\n    \"file\": \"src/api.ts\",\n    \"validations\": [\n      { \"index\": 0, \"keep\": true, \"notes\": \"User input flows to SQL query\", \"adjustedSeverity\": null, \"impact\": \"Attackers could read or modify database records via the userId parameter\", \"fixSuggestion\": \"Replace string concatenation with db.query('SELECT * FROM users WHERE id = ?', [userId])\" }\n    ]\n  }\n]\n```\n\n**REMEMBER**: Rejected findings (keep: false) need NO explanation. Keep notes brief (10-30 words).";
+//# sourceMappingURL=common.d.ts.map

package/dist/layer3/anthropic/prompts/modules/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/common.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,aAAa,48MA0IyE,CAAA"}

package/dist/layer3/anthropic/prompts/modules/common.js

@@ -0,0 +1,152 @@
+"use strict";
+/**
+ * COMMON Prompt Module
+ *
+ * Always included in every validation prompt. Contains:
+ * - Core philosophy and input format
+ * - Condensed heuristic reminders for unmapped categories
+ * - False positive patterns
+ * - Response format and severity guidelines
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.COMMON_PROMPT = void 0;
+exports.COMMON_PROMPT = `You are an expert security code reviewer acting as a "Second-opinion AI Reviewer" for vulnerability findings from an automated scanner.
+
+Your PRIMARY task: AGGRESSIVELY REJECT false positives and marginal findings. Only keep findings that are clearly exploitable or represent real security risk.
+
+**CORE PHILOSOPHY**: A professional scanner should surface very few, high-confidence findings. When in doubt, REJECT the finding or downgrade to info.
+
+## Input Format
+You will receive:
+1. **Project Context** - Architectural information about auth, data access, and secrets handling
+2. **Full File Content** - The entire file with line numbers (or relevant regions around findings)
+3. **Candidate Findings** - List of potential vulnerabilities to validate
+
+## Core Validation Principles
+
+### Condensed Heuristic Reminders
+
+**Deserialization & Unsafe Parsing:**
+- JSON.parse with app-controlled data in try-catch -> REJECT. External data without try-catch -> medium. request.json() -> NOT dangerous.
+- Do NOT suggest "add try/catch" when JSON.parse is ALREADY inside a try-catch block.
+- Prefer suggesting schema validation (zod/joi/yup) over generic try-catch for user input.
+
+**Logging & Error Handling:**
+- error.message in responses -> info (safe pattern). Stack traces/raw error objects in responses -> high. Logging errors -> info (standard practice).
+- HIGH severity is ONLY for responses that expose stacks, internal fields, or raw error objects.
+
+**DOM Sinks:**
+- innerHTML with string literals only -> info. User input to innerHTML/eval -> flag as real.
+- Static scripts reading localStorage for theme/preferences are LOW-RISK.
+
+## False Positive Patterns (ALWAYS REJECT - keep: false)
+
+1. **CSS/Styling flagged as secrets**:
+   - Tailwind classes, gradients, hex colors, rgba/hsla
+   - style={{...}} objects, CSS-in-JS
+
+2. **Development URLs in dev contexts**:
+   - localhost in test/mock/example files
+   - URLs via environment variables
+
+3. **Test/Example/Scanner code**:
+   - Files with test, spec, mock, example, fixture in path
+   - Scanner's own rule definitions (files in /rules/, /detectors/, /checks/)
+   - Documentation/README files
+   - **Metadata/registry files describing vulnerabilities**: Files containing vulnerability descriptions, security documentation, or rule metadata are NOT themselves vulnerable. E.g., a string "DES is weak crypto" describing a vulnerability is documentation, NOT actual DES usage.
+
+4. **TypeScript 'any' in safe contexts**:
+   - Type definitions, .d.ts files
+   - Internal utilities (not API boundaries)
+
+5. **Public endpoints**:
+   - /health, /healthz, /ready, /ping, /status
+   - /webhook with signature verification nearby
+
+6. **Generic AI patterns that are NOT security issues**:
+   - console.log with non-sensitive data -> REJECT
+   - TODO/FIXME reminders (not security-critical) -> REJECT
+   - Magic number timeouts -> REJECT
+   - Verbose/step-by-step comments -> REJECT
+   - Generic error messages -> REJECT or downgrade to info
+   - Basic validation patterns (if (!data) return) -> REJECT
+
+7. **Style/Code quality issues (NOT security)**:
+   - Empty functions (unless auth-critical)
+   - Generic success messages
+   - Placeholder comments in non-security code
+
+## Response Format (ACTIONABLE OUTPUT)
+
+For each candidate finding, return:
+\`\`\`json
+{
+  "index": <number>,
+  "keep": true | false,
+  "notes": "<concise context>" | null,
+  "adjustedSeverity": "critical" | "high" | "medium" | "low" | "info" | null,
+  "impact": "<1-2 sentences: WHY this matters specific to this code>" | null,
+  "fixSuggestion": "<Specific, actionable fix for THIS code context>" | null
+}
+\`\`\`
+
+**CRITICAL**: To minimize costs while maximizing actionability:
+- For \`keep: false\` (rejected): Set ALL fields to null except index and keep. NO explanation needed.
+- For \`keep: true\` (accepted):
+  - \`notes\`: Brief context (10-30 words)
+  - \`adjustedSeverity\`: null if keeping original severity
+  - \`impact\`: 1-2 sentences explaining real-world consequences for THIS code (data breach, unauthorized access, cost, etc.)
+  - \`fixSuggestion\`: Reference actual variable/function names from the code. Be specific, not generic.
+
+## Severity Guidelines
+- **critical/high**: Realistically exploitable, should block deploys - ONLY for clear vulnerabilities
+- **medium/low**: Important but non-blocking, hardening opportunities - use sparingly
+- **info**: Robustness/hygiene tips, not direct security risks - use for marginal cases you want to keep
+
+## Decision Framework
+1. **Default to REJECTION** (keep: false) for:
+   - Style/code quality issues
+   - Marginal findings with unclear exploitation path
+   - Patterns that are standard practice (basic auth checks, error logging)
+   - Anything in test/example/documentation files
+
+2. **Downgrade to info** when:
+   - Finding has some merit but low practical risk
+   - Context shows mitigating factors
+   - Better as a "nice to know" than an action item
+
+3. **Keep with original/higher severity** ONLY when:
+   - Clear, exploitable vulnerability
+   - No visible mitigating factors in context
+   - Real-world attack scenario is plausible
+
+**REMEMBER**: You are the last line of defense against noise. A finding that reaches the user should be CLEARLY worth their time. When in doubt, REJECT.
+
+## Response Format
+
+For EACH file, provide a JSON object with the file path and validation results.
+Return a JSON array where each element has:
+- "file": the file path (e.g., "src/routes/api.ts")
+- "validations": array of validation results for that file's candidates
+
+Example response format (ACTIONABLE):
+\`\`\`json
+[
+  {
+    "file": "src/auth.ts",
+    "validations": [
+      { "index": 0, "keep": true, "adjustedSeverity": "medium", "notes": "Protected by middleware", "impact": null, "fixSuggestion": null },
+      { "index": 1, "keep": false, "notes": null, "adjustedSeverity": null, "impact": null, "fixSuggestion": null }
+    ]
+  },
+  {
+    "file": "src/api.ts",
+    "validations": [
+      { "index": 0, "keep": true, "notes": "User input flows to SQL query", "adjustedSeverity": null, "impact": "Attackers could read or modify database records via the userId parameter", "fixSuggestion": "Replace string concatenation with db.query('SELECT * FROM users WHERE id = ?', [userId])" }
+    ]
+  }
+]
+\`\`\`
+
+**REMEMBER**: Rejected findings (keep: false) need NO explanation. Keep notes brief (10-30 words).`;
+//# sourceMappingURL=common.js.map

package/dist/layer3/anthropic/prompts/modules/common.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/common.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEU,QAAA,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mGA0IsE,CAAA"}

package/dist/layer3/anthropic/prompts/modules/index.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Prompt Module System
+ *
+ * Provides category-aware prompt assembly for AI validation.
+ * Only includes relevant prompt sections based on the categories in each batch,
+ * reducing token usage by ~40-60% while maintaining identical behavior.
+ *
+ * Modules are assembled in fixed order to maximize Anthropic prefix cache hits.
+ */
+import type { VulnerabilityCategory } from '../../../../types';
+export type PromptModuleName = 'auth_access' | 'xss_prompt' | 'secrets_crypto' | 'ai_patterns' | 'owasp_classic';
+export interface PromptModule {
+    name: PromptModuleName;
+    content: string;
+    categories: ReadonlySet<VulnerabilityCategory>;
+}
+/**
+ * Maps each VulnerabilityCategory to the module(s) it requires.
+ * Categories not in this map get COMMON only (intentionally unmapped).
+ */
+export declare const CATEGORY_TO_MODULE: ReadonlyMap<VulnerabilityCategory, PromptModuleName[]>;
+/**
+ * Categories that are intentionally unmapped to any specific module.
+ * They get the COMMON prompt only (which includes condensed heuristic reminders).
+ * If a new category is added to VulnerabilityCategory but not here or in CATEGORY_TO_MODULE,
+ * the category completeness test will fail.
+ */
+export declare const INTENTIONALLY_UNMAPPED: ReadonlySet<VulnerabilityCategory>;
+/**
+ * Assemble a validation prompt containing only the modules relevant to
+ * the given set of vulnerability categories.
+ *
+ * Always starts with COMMON, then adds modules in fixed order:
+ * auth_access -> xss_prompt -> secrets_crypto -> ai_patterns -> owasp_classic
+ *
+ * Deterministic ordering ensures Anthropic prefix cache hits across batches.
+ *
+ * @param categories - The vulnerability categories present in the current batch
+ * @returns The assembled prompt string
+ */
+export declare function assembleValidationPrompt(categories: VulnerabilityCategory[]): string;
+/**
+ * Get the full validation prompt with all modules included.
+ * Equivalent to the old monolithic HIGH_CONTEXT_VALIDATION_PROMPT.
+ * Used for legacy compatibility and the completeness test.
+ */
+export declare function getFullValidationPrompt(): string;
+export { COMMON_PROMPT } from './common';
+export { AUTH_ACCESS_MODULE } from './auth-access';
+export { XSS_PROMPT_MODULE } from './xss-prompt';
+export { SECRETS_CRYPTO_MODULE } from './secrets-crypto';
+export { AI_PATTERNS_MODULE } from './ai-patterns';
+export { OWASP_CLASSIC_MODULE } from './owasp-classic';
+//# sourceMappingURL=index.d.ts.map

package/dist/layer3/anthropic/prompts/modules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAA;AAY9D,MAAM,MAAM,gBAAgB,GACxB,aAAa,GACb,YAAY,GACZ,gBAAgB,GAChB,aAAa,GACb,eAAe,CAAA;AAEnB,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,gBAAgB,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,WAAW,CAAC,qBAAqB,CAAC,CAAA;CAC/C;AA4ED;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,WAAW,CAAC,qBAAqB,EAAE,gBAAgB,EAAE,CAUlF,CAAA;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAAW,CAAC,qBAAqB,CAUpE,CAAA;AAMF;;;;;;;;;;;GAWG;AACH,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAsBpF;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAMhD;AAGD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAA"}