@oculum/scanner 1.0.12 → 1.0.13

package/dist/layer3/anthropic/prompts/modules/common.js

@@ -0,0 +1,152 @@
+"use strict";
+/**
+ * COMMON Prompt Module
+ *
+ * Always included in every validation prompt. Contains:
+ * - Core philosophy and input format
+ * - Condensed heuristic reminders for unmapped categories
+ * - False positive patterns
+ * - Response format and severity guidelines
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.COMMON_PROMPT = void 0;
+exports.COMMON_PROMPT = `You are an expert security code reviewer acting as a "Second-opinion AI Reviewer" for vulnerability findings from an automated scanner.
+
+Your PRIMARY task: AGGRESSIVELY REJECT false positives and marginal findings. Only keep findings that are clearly exploitable or represent real security risk.
+
+**CORE PHILOSOPHY**: A professional scanner should surface very few, high-confidence findings. When in doubt, REJECT the finding or downgrade to info.
+
+## Input Format
+You will receive:
+1. **Project Context** - Architectural information about auth, data access, and secrets handling
+2. **Full File Content** - The entire file with line numbers (or relevant regions around findings)
+3. **Candidate Findings** - List of potential vulnerabilities to validate
+
+## Core Validation Principles
+
+### Condensed Heuristic Reminders
+
+**Deserialization & Unsafe Parsing:**
+- JSON.parse with app-controlled data in try-catch -> REJECT. External data without try-catch -> medium. request.json() -> NOT dangerous.
+- Do NOT suggest "add try/catch" when JSON.parse is ALREADY inside a try-catch block.
+- Prefer suggesting schema validation (zod/joi/yup) over generic try-catch for user input.
+
+**Logging & Error Handling:**
+- error.message in responses -> info (safe pattern). Stack traces/raw error objects in responses -> high. Logging errors -> info (standard practice).
+- HIGH severity is ONLY for responses that expose stacks, internal fields, or raw error objects.
+
+**DOM Sinks:**
+- innerHTML with string literals only -> info. User input to innerHTML/eval -> flag as real.
+- Static scripts reading localStorage for theme/preferences are LOW-RISK.
+
+## False Positive Patterns (ALWAYS REJECT - keep: false)
+
+1. **CSS/Styling flagged as secrets**:
+   - Tailwind classes, gradients, hex colors, rgba/hsla
+   - style={{...}} objects, CSS-in-JS
+
+2. **Development URLs in dev contexts**:
+   - localhost in test/mock/example files
+   - URLs via environment variables
+
+3. **Test/Example/Scanner code**:
+   - Files with test, spec, mock, example, fixture in path
+   - Scanner's own rule definitions (files in /rules/, /detectors/, /checks/)
+   - Documentation/README files
+   - **Metadata/registry files describing vulnerabilities**: Files containing vulnerability descriptions, security documentation, or rule metadata are NOT themselves vulnerable. E.g., a string "DES is weak crypto" describing a vulnerability is documentation, NOT actual DES usage.
+
+4. **TypeScript 'any' in safe contexts**:
+   - Type definitions, .d.ts files
+   - Internal utilities (not API boundaries)
+
+5. **Public endpoints**:
+   - /health, /healthz, /ready, /ping, /status
+   - /webhook with signature verification nearby
+
+6. **Generic AI patterns that are NOT security issues**:
+   - console.log with non-sensitive data -> REJECT
+   - TODO/FIXME reminders (not security-critical) -> REJECT
+   - Magic number timeouts -> REJECT
+   - Verbose/step-by-step comments -> REJECT
+   - Generic error messages -> REJECT or downgrade to info
+   - Basic validation patterns (if (!data) return) -> REJECT
+
+7. **Style/Code quality issues (NOT security)**:
+   - Empty functions (unless auth-critical)
+   - Generic success messages
+   - Placeholder comments in non-security code
+
+## Response Format (ACTIONABLE OUTPUT)
+
+For each candidate finding, return:
+\`\`\`json
+{
+  "index": <number>,
+  "keep": true | false,
+  "notes": "<concise context>" | null,
+  "adjustedSeverity": "critical" | "high" | "medium" | "low" | "info" | null,
+  "impact": "<1-2 sentences: WHY this matters specific to this code>" | null,
+  "fixSuggestion": "<Specific, actionable fix for THIS code context>" | null
+}
+\`\`\`
+
+**CRITICAL**: To minimize costs while maximizing actionability:
+- For \`keep: false\` (rejected): Set ALL fields to null except index and keep. NO explanation needed.
+- For \`keep: true\` (accepted):
+  - \`notes\`: Brief context (10-30 words)
+  - \`adjustedSeverity\`: null if keeping original severity
+  - \`impact\`: 1-2 sentences explaining real-world consequences for THIS code (data breach, unauthorized access, cost, etc.)
+  - \`fixSuggestion\`: Reference actual variable/function names from the code. Be specific, not generic.
+
+## Severity Guidelines
+- **critical/high**: Realistically exploitable, should block deploys - ONLY for clear vulnerabilities
+- **medium/low**: Important but non-blocking, hardening opportunities - use sparingly
+- **info**: Robustness/hygiene tips, not direct security risks - use for marginal cases you want to keep
+
+## Decision Framework
+1. **Default to REJECTION** (keep: false) for:
+   - Style/code quality issues
+   - Marginal findings with unclear exploitation path
+   - Patterns that are standard practice (basic auth checks, error logging)
+   - Anything in test/example/documentation files
+
+2. **Downgrade to info** when:
+   - Finding has some merit but low practical risk
+   - Context shows mitigating factors
+   - Better as a "nice to know" than an action item
+
+3. **Keep with original/higher severity** ONLY when:
+   - Clear, exploitable vulnerability
+   - No visible mitigating factors in context
+   - Real-world attack scenario is plausible
+
+**REMEMBER**: You are the last line of defense against noise. A finding that reaches the user should be CLEARLY worth their time. When in doubt, REJECT.
+
+## Response Format
+
+For EACH file, provide a JSON object with the file path and validation results.
+Return a JSON array where each element has:
+- "file": the file path (e.g., "src/routes/api.ts")
+- "validations": array of validation results for that file's candidates
+
+Example response format (ACTIONABLE):
+\`\`\`json
+[
+  {
+    "file": "src/auth.ts",
+    "validations": [
+      { "index": 0, "keep": true, "adjustedSeverity": "medium", "notes": "Protected by middleware", "impact": null, "fixSuggestion": null },
+      { "index": 1, "keep": false, "notes": null, "adjustedSeverity": null, "impact": null, "fixSuggestion": null }
+    ]
+  },
+  {
+    "file": "src/api.ts",
+    "validations": [
+      { "index": 0, "keep": true, "notes": "User input flows to SQL query", "adjustedSeverity": null, "impact": "Attackers could read or modify database records via the userId parameter", "fixSuggestion": "Replace string concatenation with db.query('SELECT * FROM users WHERE id = ?', [userId])" }
+    ]
+  }
+]
+\`\`\`
+
+**REMEMBER**: Rejected findings (keep: false) need NO explanation. Keep notes brief (10-30 words).`;
+//# sourceMappingURL=common.js.map

package/dist/layer3/anthropic/prompts/modules/common.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/common.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEU,QAAA,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mGA0IsE,CAAA"}

package/dist/layer3/anthropic/prompts/modules/index.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Prompt Module System
+ *
+ * Provides category-aware prompt assembly for AI validation.
+ * Only includes relevant prompt sections based on the categories in each batch,
+ * reducing token usage by ~40-60% while maintaining identical behavior.
+ *
+ * Modules are assembled in fixed order to maximize Anthropic prefix cache hits.
+ */
+import type { VulnerabilityCategory } from '../../../../types';
+export type PromptModuleName = 'auth_access' | 'xss_prompt' | 'secrets_crypto' | 'ai_patterns' | 'owasp_classic';
+export interface PromptModule {
+    name: PromptModuleName;
+    content: string;
+    categories: ReadonlySet<VulnerabilityCategory>;
+}
+/**
+ * Maps each VulnerabilityCategory to the module(s) it requires.
+ * Categories not in this map get COMMON only (intentionally unmapped).
+ */
+export declare const CATEGORY_TO_MODULE: ReadonlyMap<VulnerabilityCategory, PromptModuleName[]>;
+/**
+ * Categories that are intentionally unmapped to any specific module.
+ * They get the COMMON prompt only (which includes condensed heuristic reminders).
+ * If a new category is added to VulnerabilityCategory but not here or in CATEGORY_TO_MODULE,
+ * the category completeness test will fail.
+ */
+export declare const INTENTIONALLY_UNMAPPED: ReadonlySet<VulnerabilityCategory>;
+/**
+ * Assemble a validation prompt containing only the modules relevant to
+ * the given set of vulnerability categories.
+ *
+ * Always starts with COMMON, then adds modules in fixed order:
+ * auth_access -> xss_prompt -> secrets_crypto -> ai_patterns -> owasp_classic
+ *
+ * Deterministic ordering ensures Anthropic prefix cache hits across batches.
+ *
+ * @param categories - The vulnerability categories present in the current batch
+ * @returns The assembled prompt string
+ */
+export declare function assembleValidationPrompt(categories: VulnerabilityCategory[]): string;
+/**
+ * Get the full validation prompt with all modules included.
+ * Equivalent to the old monolithic HIGH_CONTEXT_VALIDATION_PROMPT.
+ * Used for legacy compatibility and the completeness test.
+ */
+export declare function getFullValidationPrompt(): string;
+export { COMMON_PROMPT } from './common';
+export { AUTH_ACCESS_MODULE } from './auth-access';
+export { XSS_PROMPT_MODULE } from './xss-prompt';
+export { SECRETS_CRYPTO_MODULE } from './secrets-crypto';
+export { AI_PATTERNS_MODULE } from './ai-patterns';
+export { OWASP_CLASSIC_MODULE } from './owasp-classic';
+//# sourceMappingURL=index.d.ts.map

package/dist/layer3/anthropic/prompts/modules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAA;AAY9D,MAAM,MAAM,gBAAgB,GACxB,aAAa,GACb,YAAY,GACZ,gBAAgB,GAChB,aAAa,GACb,eAAe,CAAA;AAEnB,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,gBAAgB,CAAA;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,WAAW,CAAC,qBAAqB,CAAC,CAAA;CAC/C;AA4ED;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,WAAW,CAAC,qBAAqB,EAAE,gBAAgB,EAAE,CAUlF,CAAA;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAAW,CAAC,qBAAqB,CAUpE,CAAA;AAMF;;;;;;;;;;;GAWG;AACH,wBAAgB,wBAAwB,CAAC,UAAU,EAAE,qBAAqB,EAAE,GAAG,MAAM,CAsBpF;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAMhD;AAGD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAA;AAChD,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAA;AACxD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAA"}

package/dist/layer3/anthropic/prompts/modules/index.js

@@ -0,0 +1,185 @@
+"use strict";
+/**
+ * Prompt Module System
+ *
+ * Provides category-aware prompt assembly for AI validation.
+ * Only includes relevant prompt sections based on the categories in each batch,
+ * reducing token usage by ~40-60% while maintaining identical behavior.
+ *
+ * Modules are assembled in fixed order to maximize Anthropic prefix cache hits.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OWASP_CLASSIC_MODULE = exports.AI_PATTERNS_MODULE = exports.SECRETS_CRYPTO_MODULE = exports.XSS_PROMPT_MODULE = exports.AUTH_ACCESS_MODULE = exports.COMMON_PROMPT = exports.INTENTIONALLY_UNMAPPED = exports.CATEGORY_TO_MODULE = void 0;
+exports.assembleValidationPrompt = assembleValidationPrompt;
+exports.getFullValidationPrompt = getFullValidationPrompt;
+const common_1 = require("./common");
+const auth_access_1 = require("./auth-access");
+const xss_prompt_1 = require("./xss-prompt");
+const secrets_crypto_1 = require("./secrets-crypto");
+const ai_patterns_1 = require("./ai-patterns");
+const owasp_classic_1 = require("./owasp-classic");
+// ============================================================================
+// Module Definitions (fixed order for prefix cache hits)
+// ============================================================================
+const MODULES = [
+    {
+        name: 'auth_access',
+        content: auth_access_1.AUTH_ACCESS_MODULE,
+        categories: new Set(['missing_auth', 'security_bypass']),
+    },
+    {
+        name: 'xss_prompt',
+        content: xss_prompt_1.XSS_PROMPT_MODULE,
+        categories: new Set(['xss', 'ai_prompt_injection']),
+    },
+    {
+        name: 'secrets_crypto',
+        content: secrets_crypto_1.SECRETS_CRYPTO_MODULE,
+        categories: new Set([
+            'hardcoded_secret',
+            'high_entropy_string',
+            'sensitive_variable',
+            'weak_crypto',
+        ]),
+    },
+    {
+        name: 'ai_patterns',
+        content: ai_patterns_1.AI_PATTERNS_MODULE,
+        categories: new Set([
+            'ai_pattern',
+            'ai_prompt_injection',
+            'ai_unsafe_execution',
+            'ai_overpermissive_tool',
+            'suspicious_package',
+            'ai_rag_exfiltration',
+            'ai_endpoint_unprotected',
+            'ai_schema_mismatch',
+            'ai_package_hallucination',
+            'ai_rag_corpus_poisoning',
+            'ai_rag_pii_leakage',
+            'ai_mcp_tool_poisoning',
+            'ai_mcp_credential_issue',
+            'ai_mcp_confused_deputy',
+            'ai_mcp_description_injection',
+            'ai_mcp_server_shadowing',
+            'ai_mcp_config_secrets',
+            'ai_mcp_config_permissions',
+            'ai_rag_query_injection',
+            'ai_rag_embedding_poisoning',
+            'ai_rag_chunk_injection',
+            'ai_package_typosquat',
+            'ai_package_malicious',
+            'ai_unsafe_model_load',
+            'ai_unverified_model',
+            'ai_unsafe_finetuning',
+            'ai_excessive_agency',
+        ]),
+    },
+    {
+        name: 'owasp_classic',
+        content: owasp_classic_1.OWASP_CLASSIC_MODULE,
+        categories: new Set([
+            'missing_security_headers',
+            'ssrf',
+            'log_injection',
+            'xxe',
+        ]),
+    },
+];
+// ============================================================================
+// Category-to-Module Mapping
+// ============================================================================
+/**
+ * Maps each VulnerabilityCategory to the module(s) it requires.
+ * Categories not in this map get COMMON only (intentionally unmapped).
+ */
+exports.CATEGORY_TO_MODULE = (() => {
+    const map = new Map();
+    for (const mod of MODULES) {
+        for (const cat of mod.categories) {
+            const existing = map.get(cat) || [];
+            existing.push(mod.name);
+            map.set(cat, existing);
+        }
+    }
+    return map;
+})();
+/**
+ * Categories that are intentionally unmapped to any specific module.
+ * They get the COMMON prompt only (which includes condensed heuristic reminders).
+ * If a new category is added to VulnerabilityCategory but not here or in CATEGORY_TO_MODULE,
+ * the category completeness test will fail.
+ */
+exports.INTENTIONALLY_UNMAPPED = new Set([
+    'dangerous_function',
+    'sql_injection',
+    'command_injection',
+    'insecure_config',
+    'cors_misconfiguration',
+    'root_container',
+    'dangerous_file',
+    'sensitive_url',
+    'data_exposure',
+]);
+// ============================================================================
+// Assembler Functions
+// ============================================================================
+/**
+ * Assemble a validation prompt containing only the modules relevant to
+ * the given set of vulnerability categories.
+ *
+ * Always starts with COMMON, then adds modules in fixed order:
+ * auth_access -> xss_prompt -> secrets_crypto -> ai_patterns -> owasp_classic
+ *
+ * Deterministic ordering ensures Anthropic prefix cache hits across batches.
+ *
+ * @param categories - The vulnerability categories present in the current batch
+ * @returns The assembled prompt string
+ */
+function assembleValidationPrompt(categories) {
+    // Determine which modules are needed
+    const neededModules = new Set();
+    for (const cat of categories) {
+        const modules = exports.CATEGORY_TO_MODULE.get(cat);
+        if (modules) {
+            for (const mod of modules) {
+                neededModules.add(mod);
+            }
+        }
+        // Unmapped categories just get COMMON (no additional module)
+    }
+    // Build prompt: COMMON first, then modules in fixed order
+    const parts = [common_1.COMMON_PROMPT];
+    for (const mod of MODULES) {
+        if (neededModules.has(mod.name)) {
+            parts.push(mod.content);
+        }
+    }
+    return parts.join('\n');
+}
+/**
+ * Get the full validation prompt with all modules included.
+ * Equivalent to the old monolithic HIGH_CONTEXT_VALIDATION_PROMPT.
+ * Used for legacy compatibility and the completeness test.
+ */
+function getFullValidationPrompt() {
+    const parts = [common_1.COMMON_PROMPT];
+    for (const mod of MODULES) {
+        parts.push(mod.content);
+    }
+    return parts.join('\n');
+}
+// Re-export module constants for direct access in tests
+var common_2 = require("./common");
+Object.defineProperty(exports, "COMMON_PROMPT", { enumerable: true, get: function () { return common_2.COMMON_PROMPT; } });
+var auth_access_2 = require("./auth-access");
+Object.defineProperty(exports, "AUTH_ACCESS_MODULE", { enumerable: true, get: function () { return auth_access_2.AUTH_ACCESS_MODULE; } });
+var xss_prompt_2 = require("./xss-prompt");
+Object.defineProperty(exports, "XSS_PROMPT_MODULE", { enumerable: true, get: function () { return xss_prompt_2.XSS_PROMPT_MODULE; } });
+var secrets_crypto_2 = require("./secrets-crypto");
+Object.defineProperty(exports, "SECRETS_CRYPTO_MODULE", { enumerable: true, get: function () { return secrets_crypto_2.SECRETS_CRYPTO_MODULE; } });
+var ai_patterns_2 = require("./ai-patterns");
+Object.defineProperty(exports, "AI_PATTERNS_MODULE", { enumerable: true, get: function () { return ai_patterns_2.AI_PATTERNS_MODULE; } });
+var owasp_classic_2 = require("./owasp-classic");
+Object.defineProperty(exports, "OWASP_CLASSIC_MODULE", { enumerable: true, get: function () { return owasp_classic_2.OWASP_CLASSIC_MODULE; } });
+//# sourceMappingURL=index.js.map

package/dist/layer3/anthropic/prompts/modules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAuJH,4DAsBC;AAOD,0DAMC;AAvLD,qCAAwC;AACxC,+CAAkD;AAClD,6CAAgD;AAChD,qDAAwD;AACxD,+CAAkD;AAClD,mDAAsD;AAmBtD,+EAA+E;AAC/E,yDAAyD;AACzD,+EAA+E;AAE/E,MAAM,OAAO,GAA4B;IACvC;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,gCAAkB;QAC3B,UAAU,EAAE,IAAI,GAAG,CAAwB,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAC;KAChF;IACD;QACE,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,8BAAiB;QAC1B,UAAU,EAAE,IAAI,GAAG,CAAwB,CAAC,KAAK,EAAE,qBAAqB,CAAC,CAAC;KAC3E;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,sCAAqB;QAC9B,UAAU,EAAE,IAAI,GAAG,CAAwB;YACzC,kBAAkB;YAClB,qBAAqB;YACrB,oBAAoB;YACpB,aAAa;SACd,CAAC;KACH;IACD;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,gCAAkB;QAC3B,UAAU,EAAE,IAAI,GAAG,CAAwB;YACzC,YAAY;YACZ,qBAAqB;YACrB,qBAAqB;YACrB,wBAAwB;YACxB,oBAAoB;YACpB,qBAAqB;YACrB,yBAAyB;YACzB,oBAAoB;YACpB,0BAA0B;YAC1B,yBAAyB;YACzB,oBAAoB;YACpB,uBAAuB;YACvB,yBAAyB;YACzB,wBAAwB;YACxB,8BAA8B;YAC9B,yBAAyB;YACzB,uBAAuB;YACvB,2BAA2B;YAC3B,wBAAwB;YACxB,4BAA4B;YAC5B,wBAAwB;YACxB,sBAAsB;YACtB,sBAAsB;YACtB,sBAAsB;YACtB,qBAAqB;YACrB,sBAAsB;YACtB,qBAAqB;SACtB,CAAC;KACH;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,oCAAoB;QAC7B,UAAU,EAAE,IAAI,GAAG,CAAwB;YACzC,0BAA0B;YAC1B,MAAM;YACN,eAAe;YACf,KAAK;SACN,CAAC;KACH;CACO,CAAA;AAEV,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,kBAAkB,GAA2D,CAAC,GAAG,EAAE;IAC9F,MAAM,GAAG,GAAG,IAAI,GAAG,EAA6C,CAAA;IAChE,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;YACnC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YACvB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAC,EAAE,CAAA;AAEJ;;;;;GAKG;AACU,QAAA,sBAAsB,GAAuC,IAAI,GAAG,CAAC;IAChF,oBAAoB;IACpB,eAAe;IACf,mBAAmB;IACnB,iBAAiB;IACjB,uBAAuB;IACvB,gBAAgB;IAChB,gBAAgB;IAChB,eAAe;IACf,eAAe;CAChB,CAAC,CAAA;AAEF,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;;;;;;;;;;GAWG;AACH,SAAgB,wBAAwB,CAAC,UAAmC;IAC1E,qCAAqC;IACrC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAoB,CAAA;IACjD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,0BAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;QAC3C,IAAI,OAAO,EAAE,CAAC;YACZ,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACxB,CAAC;QACH,CAAC;QACD,6DAA6D;IAC/D,CAAC;IAED,0DAA0D;IAC1D,MAAM,KAAK,GAAa,CAAC,sBAAa,CAAC,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB;IACrC,MAAM,KAAK,GAAa,CAAC,sBAAa,CAAC,CAAA;IACvC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACzB,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED,wDAAwD;AACxD,mCAAwC;AAA/B,uGAAA,aAAa,OAAA;AACtB,6CAAkD;AAAzC,iHAAA,kBAAkB,OAAA;AAC3B,2CAAgD;AAAvC,+GAAA,iBAAiB,OAAA;AAC1B,mDAAwD;AAA/C,uHAAA,qBAAqB,OAAA;AAC9B,6CAAkD;AAAzC,iHAAA,kBAAkB,OAAA;AAC3B,iDAAsD;AAA7C,qHAAA,oBAAoB,OAAA"}

package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts

@@ -0,0 +1,8 @@
+/**
+ * OWASP Classic Module
+ *
+ * Categories: missing_security_headers, ssrf, log_injection, xxe
+ * Contains rules for classic OWASP vulnerabilities added in Workstream 1.
+ */
+export declare const OWASP_CLASSIC_MODULE = "\n### Missing Security Headers (missing_security_headers)\nHTTP security headers protect against common web attacks.\n\n**CDN/Reverse Proxy Headers:**\n- If project deploys behind Cloudflare, Vercel, AWS CloudFront -> **REJECT** (CDN adds headers)\n- If Vercel deployment (Next.js) and using middleware for headers -> **REJECT**\n- Dev-only server config -> **INFO** (not production-facing)\n\n**Express without Helmet:**\n- No helmet AND no manual header setting -> **MEDIUM** (real gap)\n- Has helmet but CSP disabled -> **LOW** (partial protection)\n- Framework adds headers automatically (e.g., Fastify with @fastify/helmet) -> **REJECT**\n\n**Next.js Config:**\n- No headers() but uses middleware.ts for headers -> **REJECT** (headers set in middleware)\n- No headers() and no middleware -> **MEDIUM** (suggest adding)\n\n### Server-Side Request Forgery (ssrf)\nSSRF allows servers to make requests to unintended destinations.\n\n**Direct Taint (req.body/query -> fetch/axios):**\n- User input directly in HTTP request -> **HIGH** (clear SSRF)\n- URL from environment variable (process.env) -> **REJECT** (not user-controlled)\n- URL from config object/constant -> **REJECT** (not user-controlled)\n- URL from database with auth-scoped query -> **LOW** (indirect, needs review)\n\n**Mitigations:**\n- Allowlist/whitelist validation nearby -> **REJECT** or **INFO**\n- URL validation with hostname/origin check -> **LOW** (partial mitigation)\n- IP range checking (isPrivateIP, block 10.x/192.168.x) -> **REJECT** (properly mitigated)\n\n**SSRF is Server-Only:**\n- Client-side fetch() in browser -> **REJECT** (not SSRF, browser makes the request)\n- 'use client' files -> **REJECT**\n\n### Log Injection (log_injection)\nUnsanitized user input in logs can forge entries.\n\n**Structured Logging:**\n- JSON-formatted structured logging (pino, winston JSON) with redaction -> **REJECT**\n- Structured logging without redaction -> **INFO** (good pattern, suggest redaction)\n\n**Request Data in Logs:**\n- req.headers in console.log -> **MEDIUM** (CRLF injection risk)\n- req.body field in console.log -> **LOW** (log forging)\n- req.ip, req.method, req.url -> **REJECT** (server-controlled, standard logging)\n\n**Not Log Injection:**\n- Error objects in catch blocks (console.error(err)) -> **REJECT**\n- Internal IDs (userId, sessionId) -> **REJECT** (not from request)\n- Static strings -> **REJECT**\n- Morgan/express-winston middleware -> **REJECT** (intentional access logging)\n\n### XML External Entity (xxe)\nXXE allows attackers to read server files via XML parsing.\n\n**Python:**\n- defusedxml imported anywhere in file -> **REJECT** (safe library)\n- Standard xml.etree/lxml without defusedxml -> **HIGH** (Python XML is vulnerable by default)\n\n**Java:**\n- DocumentBuilderFactory with disallow-doctype-decl feature -> **REJECT** (safe)\n- Without feature -> **HIGH** (Java defaults are unsafe)\n\n**Node.js:**\n- xml2js v0.5+: safer defaults -> **MEDIUM** (may still be vulnerable on older versions)\n- fast-xml-parser with processEntities: false -> **REJECT** (safe)\n- DOMParser in browser/client -> **REJECT** (browsers block XXE)\n\n**PHP:**\n- libxml_disable_entity_loader(true) before parsing -> **REJECT** (safe)\n- Without disable -> **HIGH**\n";
+//# sourceMappingURL=owasp-classic.d.ts.map

package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"owasp-classic.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/owasp-classic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,oBAAoB,6sGAyEhC,CAAA"}

package/dist/layer3/anthropic/prompts/modules/owasp-classic.js

@@ -0,0 +1,84 @@
+"use strict";
+/**
+ * OWASP Classic Module
+ *
+ * Categories: missing_security_headers, ssrf, log_injection, xxe
+ * Contains rules for classic OWASP vulnerabilities added in Workstream 1.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OWASP_CLASSIC_MODULE = void 0;
+exports.OWASP_CLASSIC_MODULE = `
+### Missing Security Headers (missing_security_headers)
+HTTP security headers protect against common web attacks.
+
+**CDN/Reverse Proxy Headers:**
+- If project deploys behind Cloudflare, Vercel, AWS CloudFront -> **REJECT** (CDN adds headers)
+- If Vercel deployment (Next.js) and using middleware for headers -> **REJECT**
+- Dev-only server config -> **INFO** (not production-facing)
+
+**Express without Helmet:**
+- No helmet AND no manual header setting -> **MEDIUM** (real gap)
+- Has helmet but CSP disabled -> **LOW** (partial protection)
+- Framework adds headers automatically (e.g., Fastify with @fastify/helmet) -> **REJECT**
+
+**Next.js Config:**
+- No headers() but uses middleware.ts for headers -> **REJECT** (headers set in middleware)
+- No headers() and no middleware -> **MEDIUM** (suggest adding)
+
+### Server-Side Request Forgery (ssrf)
+SSRF allows servers to make requests to unintended destinations.
+
+**Direct Taint (req.body/query -> fetch/axios):**
+- User input directly in HTTP request -> **HIGH** (clear SSRF)
+- URL from environment variable (process.env) -> **REJECT** (not user-controlled)
+- URL from config object/constant -> **REJECT** (not user-controlled)
+- URL from database with auth-scoped query -> **LOW** (indirect, needs review)
+
+**Mitigations:**
+- Allowlist/whitelist validation nearby -> **REJECT** or **INFO**
+- URL validation with hostname/origin check -> **LOW** (partial mitigation)
+- IP range checking (isPrivateIP, block 10.x/192.168.x) -> **REJECT** (properly mitigated)
+
+**SSRF is Server-Only:**
+- Client-side fetch() in browser -> **REJECT** (not SSRF, browser makes the request)
+- 'use client' files -> **REJECT**
+
+### Log Injection (log_injection)
+Unsanitized user input in logs can forge entries.
+
+**Structured Logging:**
+- JSON-formatted structured logging (pino, winston JSON) with redaction -> **REJECT**
+- Structured logging without redaction -> **INFO** (good pattern, suggest redaction)
+
+**Request Data in Logs:**
+- req.headers in console.log -> **MEDIUM** (CRLF injection risk)
+- req.body field in console.log -> **LOW** (log forging)
+- req.ip, req.method, req.url -> **REJECT** (server-controlled, standard logging)
+
+**Not Log Injection:**
+- Error objects in catch blocks (console.error(err)) -> **REJECT**
+- Internal IDs (userId, sessionId) -> **REJECT** (not from request)
+- Static strings -> **REJECT**
+- Morgan/express-winston middleware -> **REJECT** (intentional access logging)
+
+### XML External Entity (xxe)
+XXE allows attackers to read server files via XML parsing.
+
+**Python:**
+- defusedxml imported anywhere in file -> **REJECT** (safe library)
+- Standard xml.etree/lxml without defusedxml -> **HIGH** (Python XML is vulnerable by default)
+
+**Java:**
+- DocumentBuilderFactory with disallow-doctype-decl feature -> **REJECT** (safe)
+- Without feature -> **HIGH** (Java defaults are unsafe)
+
+**Node.js:**
+- xml2js v0.5+: safer defaults -> **MEDIUM** (may still be vulnerable on older versions)
+- fast-xml-parser with processEntities: false -> **REJECT** (safe)
+- DOMParser in browser/client -> **REJECT** (browsers block XXE)
+
+**PHP:**
+- libxml_disable_entity_loader(true) before parsing -> **REJECT** (safe)
+- Without disable -> **HIGH**
+`;
+//# sourceMappingURL=owasp-classic.js.map

package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"owasp-classic.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/owasp-classic.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyEnC,CAAA"}

package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Secrets & Cryptography Module
+ *
+ * Categories: hardcoded_secret, high_entropy_string, sensitive_variable, weak_crypto
+ * Contains rules for secrets, BYOK, Math.random(), and weak crypto that need AI reasoning.
+ */
+export declare const SECRETS_CRYPTO_MODULE = "\n### Secrets, BYOK, and External Services\nDistinguish these patterns:\n- **Hardcoded secrets**: Real API keys in code = critical/high\n- **Environment variables**: process.env.SECRET = safe (REJECT finding)\n- **BYOK (Bring Your Own Key)**: This is a FEATURE, not a vulnerability.\n  - Transient use (request -> API call -> discarded) = info. Do NOT describe as \"stored without encryption\".\n  - Key storage without encryption = suggest encryption. Unauthenticated BYOK = medium (cost abuse).\n  - Authenticated + transient use: info (feature). Cross-tenant storage: medium (data isolation).\n\n**Math.random() for Security:**\nDistinguish legitimate uses from security-critical misuse:\n- **Seed/Data Generation Files**: Files in /seed/, /fixtures/, /factories/, datacreator.ts, *.fixture.* are for test data generation\n  - Math.random() in seed files is acceptable - these are never production security code\n  - REJECT findings from seed/data generation files entirely\n- **Educational Vulnerability Files**: Files named insecurity.ts, vulnerable.ts, or in /intentionally-vulnerable/ paths\n  - These are OWASP Juice Shop challenges or security training examples\n  - REJECT entirely - they're intentionally vulnerable for educational purposes\n- **UUID/Identifier Generation**: Functions named generateUUID(), createId(), correlationId(), etc.\n  - Use Math.random() for UI correlation, React keys, element IDs\n  - Short toString(36).substring(2, 9) patterns are for UI correlation, NOT security tokens\n  - REJECT unless function name explicitly indicates security (generateToken, createSessionId, generateSecret)\n- **CAPTCHA/Puzzle Generation**: Math.random() for CAPTCHA questions, puzzle difficulty, game mechanics\n  - These don't need cryptographic randomness - legitimate non-security use\n  - REJECT findings in CAPTCHA/puzzle generation functions\n- **Security-Sensitive Context**: Only keep as HIGH/CRITICAL when:\n  - Variable names indicate security: token, secret, key, auth, session, password\n  - Function names indicate security: generateToken, createSession, makeSecret\n  - Used in security-critical files: auth.ts, crypto.ts, session.ts\n  - Long toString() patterns without truncation (potential token generation)\n\n**Severity Ladder for Math.random():**\n- Seed/educational files: REJECT (not production code)\n- UUID/CAPTCHA functions: REJECT (legitimate use)\n- Short UI IDs (toString(36).substring(2, 9)): INFO (UI correlation, suggest crypto.randomUUID())\n- Business IDs: LOW (suggest crypto.randomUUID() for collision resistance)\n- Security contexts (tokens/secrets/keys): HIGH (cryptographic weakness)\n- Unknown context: MEDIUM (needs manual review)\n\n**Weak Cryptography (weak_crypto):**\nDistinguish actual USAGE from DOCUMENTATION or REFERENCE:\n- **Actual function calls** (crypto.createCipheriv('des'), MD5.hash()): Keep finding, these are real usage\n- **Documentation strings** describing vulnerabilities: REJECT\n  - \"DES can be brute-forced\" is explaining why DES is bad, NOT using DES\n  - Strings in metadata, comments, or error messages describing weak algorithms are informational\n  - Rule registries, security scanners, and documentation files contain vulnerability descriptions\n- **Configuration/Constants**: Strings like 'DES', 'MD5' in config keys or identifiers\n  - Need context: is this SELECTING an algorithm or just naming something?\n  - \"algorithm: 'des'\" in crypto options = real usage\n  - \"category: 'weak_crypto'\" or \"rule: 'DES_DETECTION'\" = metadata, REJECT\n- **Import statements**: Importing a weak crypto library needs context\n  - Used for hashing passwords = HIGH\n  - Used for checksums or compatibility = LOW/INFO\n  - In test/migration files = INFO\n\n**CRITICAL weak_crypto RULE**:\nFiles in /rules/, /detectors/, /checks/, /metadata/ directories that DESCRIBE security vulnerabilities are NOT themselves vulnerable. A security scanner documenting \"DES is weak\" is providing education, not using weak crypto.\n";
+//# sourceMappingURL=secrets-crypto.d.ts.map

package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-crypto.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/secrets-crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,qBAAqB,y6HAyDjC,CAAA"}

package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js

@@ -0,0 +1,68 @@
+"use strict";
+/**
+ * Secrets & Cryptography Module
+ *
+ * Categories: hardcoded_secret, high_entropy_string, sensitive_variable, weak_crypto
+ * Contains rules for secrets, BYOK, Math.random(), and weak crypto that need AI reasoning.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECRETS_CRYPTO_MODULE = void 0;
+exports.SECRETS_CRYPTO_MODULE = `
+### Secrets, BYOK, and External Services
+Distinguish these patterns:
+- **Hardcoded secrets**: Real API keys in code = critical/high
+- **Environment variables**: process.env.SECRET = safe (REJECT finding)
+- **BYOK (Bring Your Own Key)**: This is a FEATURE, not a vulnerability.
+  - Transient use (request -> API call -> discarded) = info. Do NOT describe as "stored without encryption".
+  - Key storage without encryption = suggest encryption. Unauthenticated BYOK = medium (cost abuse).
+  - Authenticated + transient use: info (feature). Cross-tenant storage: medium (data isolation).
+
+**Math.random() for Security:**
+Distinguish legitimate uses from security-critical misuse:
+- **Seed/Data Generation Files**: Files in /seed/, /fixtures/, /factories/, datacreator.ts, *.fixture.* are for test data generation
+  - Math.random() in seed files is acceptable - these are never production security code
+  - REJECT findings from seed/data generation files entirely
+- **Educational Vulnerability Files**: Files named insecurity.ts, vulnerable.ts, or in /intentionally-vulnerable/ paths
+  - These are OWASP Juice Shop challenges or security training examples
+  - REJECT entirely - they're intentionally vulnerable for educational purposes
+- **UUID/Identifier Generation**: Functions named generateUUID(), createId(), correlationId(), etc.
+  - Use Math.random() for UI correlation, React keys, element IDs
+  - Short toString(36).substring(2, 9) patterns are for UI correlation, NOT security tokens
+  - REJECT unless function name explicitly indicates security (generateToken, createSessionId, generateSecret)
+- **CAPTCHA/Puzzle Generation**: Math.random() for CAPTCHA questions, puzzle difficulty, game mechanics
+  - These don't need cryptographic randomness - legitimate non-security use
+  - REJECT findings in CAPTCHA/puzzle generation functions
+- **Security-Sensitive Context**: Only keep as HIGH/CRITICAL when:
+  - Variable names indicate security: token, secret, key, auth, session, password
+  - Function names indicate security: generateToken, createSession, makeSecret
+  - Used in security-critical files: auth.ts, crypto.ts, session.ts
+  - Long toString() patterns without truncation (potential token generation)
+
+**Severity Ladder for Math.random():**
+- Seed/educational files: REJECT (not production code)
+- UUID/CAPTCHA functions: REJECT (legitimate use)
+- Short UI IDs (toString(36).substring(2, 9)): INFO (UI correlation, suggest crypto.randomUUID())
+- Business IDs: LOW (suggest crypto.randomUUID() for collision resistance)
+- Security contexts (tokens/secrets/keys): HIGH (cryptographic weakness)
+- Unknown context: MEDIUM (needs manual review)
+
+**Weak Cryptography (weak_crypto):**
+Distinguish actual USAGE from DOCUMENTATION or REFERENCE:
+- **Actual function calls** (crypto.createCipheriv('des'), MD5.hash()): Keep finding, these are real usage
+- **Documentation strings** describing vulnerabilities: REJECT
+  - "DES can be brute-forced" is explaining why DES is bad, NOT using DES
+  - Strings in metadata, comments, or error messages describing weak algorithms are informational
+  - Rule registries, security scanners, and documentation files contain vulnerability descriptions
+- **Configuration/Constants**: Strings like 'DES', 'MD5' in config keys or identifiers
+  - Need context: is this SELECTING an algorithm or just naming something?
+  - "algorithm: 'des'" in crypto options = real usage
+  - "category: 'weak_crypto'" or "rule: 'DES_DETECTION'" = metadata, REJECT
+- **Import statements**: Importing a weak crypto library needs context
+  - Used for hashing passwords = HIGH
+  - Used for checksums or compatibility = LOW/INFO
+  - In test/migration files = INFO
+
+**CRITICAL weak_crypto RULE**:
+Files in /rules/, /detectors/, /checks/, /metadata/ directories that DESCRIBE security vulnerabilities are NOT themselves vulnerable. A security scanner documenting "DES is weak" is providing education, not using weak crypto.
+`;
+//# sourceMappingURL=secrets-crypto.js.map

package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-crypto.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/secrets-crypto.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyDpC,CAAA"}

package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts

@@ -0,0 +1,8 @@
+/**
+ * XSS & Prompt Injection Module
+ *
+ * Categories: xss, ai_prompt_injection
+ * Contains semantic distinction between XSS and prompt injection.
+ */
+export declare const XSS_PROMPT_MODULE = "\n### XSS vs Prompt Injection\nKeep these SEPARATE:\n- **XSS**: Writing untrusted data into DOM/HTML sinks without escaping\n  - innerHTML with dynamic user data: flag as XSS\n  - React JSX {variable}: NOT XSS (auto-escaped)\n  - dangerouslySetInnerHTML with static content: info severity\n- **Prompt Injection**: User content in LLM prompts\n  - NOT XSS - different threat model\n  - Downgrade to low/info unless clear path to high-impact actions\n  - Never label prompt issues as XSS\n";
+//# sourceMappingURL=xss-prompt.d.ts.map

package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss-prompt.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/xss-prompt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,iBAAiB,4eAW7B,CAAA"}

package/dist/layer3/anthropic/prompts/modules/xss-prompt.js

@@ -0,0 +1,22 @@
+"use strict";
+/**
+ * XSS & Prompt Injection Module
+ *
+ * Categories: xss, ai_prompt_injection
+ * Contains semantic distinction between XSS and prompt injection.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.XSS_PROMPT_MODULE = void 0;
+exports.XSS_PROMPT_MODULE = `
+### XSS vs Prompt Injection
+Keep these SEPARATE:
+- **XSS**: Writing untrusted data into DOM/HTML sinks without escaping
+  - innerHTML with dynamic user data: flag as XSS
+  - React JSX {variable}: NOT XSS (auto-escaped)
+  - dangerouslySetInnerHTML with static content: info severity
+- **Prompt Injection**: User content in LLM prompts
+  - NOT XSS - different threat model
+  - Downgrade to low/info unless clear path to high-impact actions
+  - Never label prompt issues as XSS
+`;
+//# sourceMappingURL=xss-prompt.js.map

package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"xss-prompt.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/xss-prompt.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,iBAAiB,GAAG;;;;;;;;;;;CAWhC,CAAA"}