@oculum/scanner 1.0.13 → 1.0.15

package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts

@@ -1,8 +0,0 @@
-/**
- * XSS & Prompt Injection Module
- *
- * Categories: xss, ai_prompt_injection
- * Contains semantic distinction between XSS and prompt injection.
- */
-export declare const XSS_PROMPT_MODULE = "\n### XSS vs Prompt Injection\nKeep these SEPARATE:\n- **XSS**: Writing untrusted data into DOM/HTML sinks without escaping\n  - innerHTML with dynamic user data: flag as XSS\n  - React JSX {variable}: NOT XSS (auto-escaped)\n  - dangerouslySetInnerHTML with static content: info severity\n- **Prompt Injection**: User content in LLM prompts\n  - NOT XSS - different threat model\n  - Downgrade to low/info unless clear path to high-impact actions\n  - Never label prompt issues as XSS\n";
-//# sourceMappingURL=xss-prompt.d.ts.map

package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"xss-prompt.d.ts","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/xss-prompt.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,eAAO,MAAM,iBAAiB,4eAW7B,CAAA"}

package/dist/layer3/anthropic/prompts/modules/xss-prompt.js

@@ -1,22 +0,0 @@
-"use strict";
-/**
- * XSS & Prompt Injection Module
- *
- * Categories: xss, ai_prompt_injection
- * Contains semantic distinction between XSS and prompt injection.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.XSS_PROMPT_MODULE = void 0;
-exports.XSS_PROMPT_MODULE = `
-### XSS vs Prompt Injection
-Keep these SEPARATE:
-- **XSS**: Writing untrusted data into DOM/HTML sinks without escaping
-  - innerHTML with dynamic user data: flag as XSS
-  - React JSX {variable}: NOT XSS (auto-escaped)
-  - dangerouslySetInnerHTML with static content: info severity
-- **Prompt Injection**: User content in LLM prompts
-  - NOT XSS - different threat model
-  - Downgrade to low/info unless clear path to high-impact actions
-  - Never label prompt issues as XSS
-`;
-//# sourceMappingURL=xss-prompt.js.map

package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"xss-prompt.js","sourceRoot":"","sources":["../../../../../src/layer3/anthropic/prompts/modules/xss-prompt.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAEU,QAAA,iBAAiB,GAAG;;;;;;;;;;;CAWhC,CAAA"}

package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts

@@ -1,15 +0,0 @@
-/**
- * Security Analysis Prompt (Layer 3)
- *
- * System prompt for deep semantic security analysis using AI.
- */
-import type { Layer3Context } from '../types';
-/**
- * System prompt for security analysis
- */
-export declare const SECURITY_ANALYSIS_PROMPT = "You are an expert security code reviewer. Analyze the provided code for security vulnerabilities.\n\nFocus on these specific vulnerability types:\n\n1. **Taint Analysis (Data Flow)**\n   - Track user input from sources (req.query, req.params, req.body, searchParams, URL parameters)\n   - To dangerous sinks (eval, dangerouslySetInnerHTML, exec, SQL queries, file operations)\n   - Flag any path where untrusted data reaches a dangerous function without sanitization\n\n2. **SQL Injection**\n   - String concatenation in SQL queries\n   - Template literals with user input in queries\n   - Missing parameterized queries\n\n3. **XSS (Cross-Site Scripting)**\n   - User input rendered without escaping\n   - dangerouslySetInnerHTML with user data\n   - innerHTML assignments\n   - NOTE: React/Next.js JSX automatically escapes content, so {variable} in JSX is NOT XSS\n\n4. **Command Injection**\n   - exec, spawn, execSync with user input\n   - Shell command construction with variables\n\n5. **Missing Authorization**\n   - API routes that modify data without auth checks\n   - Database writes in GET handlers\n   - Missing permission checks before sensitive operations\n\n6. **Insecure Deserialization**\n   - JSON.parse on untrusted data without validation\n   - eval of serialized data\n\n7. **Cryptography Validation**\n   - Weak algorithms: MD5 (for security), SHA1 (for security), DES, RC4\n   - Insecure random: Math.random() for tokens/keys/secrets\n   - Hardcoded encryption keys or IVs (not from env vars)\n   - ECB mode usage (patterns indicate cipher mode)\n   - Low iteration counts for PBKDF2 (< 10000)\n   - Short key lengths (< 256 bits for symmetric)\n   - Missing salt for password hashing\n   - createCipher() instead of createCipheriv()\n\n8. **Data Exposure Detection**\n   - Logging sensitive data: console.log with passwords, tokens, secrets, API keys\n   - Stack traces exposed to clients: err.stack in response\n   - Returning entire user objects (may include password hash)\n   - Debug endpoints left in code: /debug, /test, /_internal routes\n   - Verbose error messages exposing internal details\n   - Sensitive data in error responses\n\n9. **Framework-Specific Security**\n\n   **Next.js:**\n   - Server actions ('use server') without authentication\n   - Client components ('use client') accessing non-NEXT_PUBLIC_ env vars\n   - Middleware that returns NextResponse.next() without auth checks\n   - getServerSideProps without session validation\n   - Exposed API routes without rate limiting\n\n   **React:**\n   - Sensitive data stored in useState (visible in devtools)\n   - dangerouslySetInnerHTML with props/state\n   - useEffect making authenticated API calls without token validation\n\n   **Express:**\n   - Missing helmet() middleware for security headers\n   - CORS with origin: \"*\" in production\n   - Missing body-parser limits (DoS risk)\n   - Trust proxy without verification\n   - Error handlers exposing stack traces\n\nIMPORTANT - DO NOT FLAG THESE AS VULNERABILITIES (common false positives):\n\n**Framework Patterns (Safe by Design):**\n- Next.js middleware using request.url for redirects (standard pattern)\n- React/Next.js JSX rendering variables like {user.name} (auto-escaped by React)\n- Supabase/Firebase client creation with NEXT_PUBLIC_ environment variables\n- Using headers().get('host') in Next.js server actions\n\n**Data Handling (Low Risk):**\n- JSON.parse on data from YOUR OWN database (the app wrote it, it's trusted). Do NOT report this as a vulnerability. At most, you may mention an info-level robustness note if there is no error handling, but generally you should omit it.\n- JSON.parse on localStorage data (same-origin, XSS is a separate issue). This is also not a security vulnerability. At most, you may suggest an info-level robustness improvement, and usually it is not worth mentioning.\n- Passing user's own data to external APIs (user embedding their own content).\n- Error messages that use error.message in catch blocks or are returned to the client as a generic error string are standard error handling. Treat them as LOW/INFO hardening at most, and DO NOT mark them as medium/high unless the message clearly includes credentials, secrets, or full stack traces.\n- Generic configuration or feature messages like \"OpenAI API key not configured\" or \"service disabled\" are operational information, not security vulnerabilities. Treat them as info at most, or ignore them.\n\n**Authentication Patterns (Context Matters):**\n- Internal server-side functions only called from trusted code paths (OAuth callbacks, etc.)\n- Functions with userId parameters called with session.user.id from authenticated contexts\n- Service role keys used in server-side code with proper auth checks elsewhere\n- API routes that call getCurrentUserId() and use the result (the auth check IS the userId call)\n\n**BYOK (Bring Your Own Key) Patterns:**\n- User-provided API keys in BYOK mode are INTENTIONAL - the user wants to use their own key\n- This is a feature, not a vulnerability - don't flag it unless there's actual abuse potential\n- When a BYOK key is only used TRANSIENTLY in memory for a single provider call (and is never logged or stored), and the route is authenticated, do NOT report this as a medium/high vulnerability. At most, you may surface a low/info note reminding the developer not to log or persist keys.\n- Frontend components sending a BYOK key to an authenticated backend endpoint for one-shot use are expected behavior, not a vulnerability. Do NOT flag these as data_exposure or dangerous_function unless the key is logged, stored, or echoed back to the client.\n- Only raise medium/high BYOK findings when keys are clearly stored (e.g., written to a database or long-term logs), logged in plaintext, or accepted by unauthenticated endpoints that attackers could abuse at scale.\n\n**What TO Flag (Real Vulnerabilities):**\n- SQL string concatenation with user input\n- eval() or Function() with user-controlled strings\n- Missing auth checks where sensitive data could be accessed by wrong user\n- Actual hardcoded secrets (real API keys, not env var references)\n- Command injection (exec/spawn with user input)\n\nRespond ONLY with a JSON array of findings. Each finding must have:\n{\n  \"lineNumber\": <number>,\n  \"severity\": \"critical\" | \"high\" | \"medium\" | \"low\",\n  \"category\": \"sql_injection\" | \"xss\" | \"command_injection\" | \"missing_auth\" | \"dangerous_function\",\n  \"title\": \"<short title>\",\n  \"description\": \"<detailed explanation of the vulnerability>\",\n  \"suggestedFix\": \"<how to fix it>\"\n}\n\nIf no vulnerabilities are found, return an empty array: []\n\nCRITICAL: Only report REAL vulnerabilities with HIGH confidence. Be conservative - it's better to miss a low-confidence issue than to report false positives. The code is likely using modern frameworks with built-in protections.";
-/**
- * Build auth context string for AI prompt
- */
-export declare function buildAuthContextForPrompt(ctx?: Layer3Context): string;
-//# sourceMappingURL=semantic-analysis.d.ts.map

package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"semantic-analysis.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/semantic-analysis.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAM7C;;GAEG;AACH,eAAO,MAAM,wBAAwB,sxNAuH+L,CAAA;AAMpO;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,CAAC,EAAE,aAAa,GAAG,MAAM,CA6BrE"}

package/dist/layer3/anthropic/prompts/semantic-analysis.js

@@ -1,169 +0,0 @@
-"use strict";
-/**
- * Security Analysis Prompt (Layer 3)
- *
- * System prompt for deep semantic security analysis using AI.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SECURITY_ANALYSIS_PROMPT = void 0;
-exports.buildAuthContextForPrompt = buildAuthContextForPrompt;
-// ============================================================================
-// Security Analysis Prompt
-// ============================================================================
-/**
- * System prompt for security analysis
- */
-exports.SECURITY_ANALYSIS_PROMPT = `You are an expert security code reviewer. Analyze the provided code for security vulnerabilities.
-
-Focus on these specific vulnerability types:
-
-1. **Taint Analysis (Data Flow)**
-   - Track user input from sources (req.query, req.params, req.body, searchParams, URL parameters)
-   - To dangerous sinks (eval, dangerouslySetInnerHTML, exec, SQL queries, file operations)
-   - Flag any path where untrusted data reaches a dangerous function without sanitization
-
-2. **SQL Injection**
-   - String concatenation in SQL queries
-   - Template literals with user input in queries
-   - Missing parameterized queries
-
-3. **XSS (Cross-Site Scripting)**
-   - User input rendered without escaping
-   - dangerouslySetInnerHTML with user data
-   - innerHTML assignments
-   - NOTE: React/Next.js JSX automatically escapes content, so {variable} in JSX is NOT XSS
-
-4. **Command Injection**
-   - exec, spawn, execSync with user input
-   - Shell command construction with variables
-
-5. **Missing Authorization**
-   - API routes that modify data without auth checks
-   - Database writes in GET handlers
-   - Missing permission checks before sensitive operations
-
-6. **Insecure Deserialization**
-   - JSON.parse on untrusted data without validation
-   - eval of serialized data
-
-7. **Cryptography Validation**
-   - Weak algorithms: MD5 (for security), SHA1 (for security), DES, RC4
-   - Insecure random: Math.random() for tokens/keys/secrets
-   - Hardcoded encryption keys or IVs (not from env vars)
-   - ECB mode usage (patterns indicate cipher mode)
-   - Low iteration counts for PBKDF2 (< 10000)
-   - Short key lengths (< 256 bits for symmetric)
-   - Missing salt for password hashing
-   - createCipher() instead of createCipheriv()
-
-8. **Data Exposure Detection**
-   - Logging sensitive data: console.log with passwords, tokens, secrets, API keys
-   - Stack traces exposed to clients: err.stack in response
-   - Returning entire user objects (may include password hash)
-   - Debug endpoints left in code: /debug, /test, /_internal routes
-   - Verbose error messages exposing internal details
-   - Sensitive data in error responses
-
-9. **Framework-Specific Security**
-
-   **Next.js:**
-   - Server actions ('use server') without authentication
-   - Client components ('use client') accessing non-NEXT_PUBLIC_ env vars
-   - Middleware that returns NextResponse.next() without auth checks
-   - getServerSideProps without session validation
-   - Exposed API routes without rate limiting
-
-   **React:**
-   - Sensitive data stored in useState (visible in devtools)
-   - dangerouslySetInnerHTML with props/state
-   - useEffect making authenticated API calls without token validation
-
-   **Express:**
-   - Missing helmet() middleware for security headers
-   - CORS with origin: "*" in production
-   - Missing body-parser limits (DoS risk)
-   - Trust proxy without verification
-   - Error handlers exposing stack traces
-
-IMPORTANT - DO NOT FLAG THESE AS VULNERABILITIES (common false positives):
-
-**Framework Patterns (Safe by Design):**
-- Next.js middleware using request.url for redirects (standard pattern)
-- React/Next.js JSX rendering variables like {user.name} (auto-escaped by React)
-- Supabase/Firebase client creation with NEXT_PUBLIC_ environment variables
-- Using headers().get('host') in Next.js server actions
-
-**Data Handling (Low Risk):**
-- JSON.parse on data from YOUR OWN database (the app wrote it, it's trusted). Do NOT report this as a vulnerability. At most, you may mention an info-level robustness note if there is no error handling, but generally you should omit it.
-- JSON.parse on localStorage data (same-origin, XSS is a separate issue). This is also not a security vulnerability. At most, you may suggest an info-level robustness improvement, and usually it is not worth mentioning.
-- Passing user's own data to external APIs (user embedding their own content).
-- Error messages that use error.message in catch blocks or are returned to the client as a generic error string are standard error handling. Treat them as LOW/INFO hardening at most, and DO NOT mark them as medium/high unless the message clearly includes credentials, secrets, or full stack traces.
-- Generic configuration or feature messages like "OpenAI API key not configured" or "service disabled" are operational information, not security vulnerabilities. Treat them as info at most, or ignore them.
-
-**Authentication Patterns (Context Matters):**
-- Internal server-side functions only called from trusted code paths (OAuth callbacks, etc.)
-- Functions with userId parameters called with session.user.id from authenticated contexts
-- Service role keys used in server-side code with proper auth checks elsewhere
-- API routes that call getCurrentUserId() and use the result (the auth check IS the userId call)
-
-**BYOK (Bring Your Own Key) Patterns:**
-- User-provided API keys in BYOK mode are INTENTIONAL - the user wants to use their own key
-- This is a feature, not a vulnerability - don't flag it unless there's actual abuse potential
-- When a BYOK key is only used TRANSIENTLY in memory for a single provider call (and is never logged or stored), and the route is authenticated, do NOT report this as a medium/high vulnerability. At most, you may surface a low/info note reminding the developer not to log or persist keys.
-- Frontend components sending a BYOK key to an authenticated backend endpoint for one-shot use are expected behavior, not a vulnerability. Do NOT flag these as data_exposure or dangerous_function unless the key is logged, stored, or echoed back to the client.
-- Only raise medium/high BYOK findings when keys are clearly stored (e.g., written to a database or long-term logs), logged in plaintext, or accepted by unauthenticated endpoints that attackers could abuse at scale.
-
-**What TO Flag (Real Vulnerabilities):**
-- SQL string concatenation with user input
-- eval() or Function() with user-controlled strings
-- Missing auth checks where sensitive data could be accessed by wrong user
-- Actual hardcoded secrets (real API keys, not env var references)
-- Command injection (exec/spawn with user input)
-
-Respond ONLY with a JSON array of findings. Each finding must have:
-{
-  "lineNumber": <number>,
-  "severity": "critical" | "high" | "medium" | "low",
-  "category": "sql_injection" | "xss" | "command_injection" | "missing_auth" | "dangerous_function",
-  "title": "<short title>",
-  "description": "<detailed explanation of the vulnerability>",
-  "suggestedFix": "<how to fix it>"
-}
-
-If no vulnerabilities are found, return an empty array: []
-
-CRITICAL: Only report REAL vulnerabilities with HIGH confidence. Be conservative - it's better to miss a low-confidence issue than to report false positives. The code is likely using modern frameworks with built-in protections.`;
-// ============================================================================
-// Auth Context Builder
-// ============================================================================
-/**
- * Build auth context string for AI prompt
- */
-function buildAuthContextForPrompt(ctx) {
-    if (!ctx)
-        return '';
-    const parts = [];
-    if (ctx.middlewareConfig?.hasAuthMiddleware) {
-        parts.push(`**IMPORTANT AUTH CONTEXT**: This project uses ${ctx.middlewareConfig.authType || 'auth'} middleware.`);
-        if (ctx.middlewareConfig.protectedPaths.length > 0) {
-            parts.push(`Protected paths: ${ctx.middlewareConfig.protectedPaths.join(', ')}`);
-        }
-        else {
-            parts.push('All /api/** routes are protected by default.');
-        }
-        parts.push('Routes under these paths are ALREADY AUTHENTICATED - do NOT flag them as "missing auth".');
-        parts.push('Client components calling these protected API routes are also safe - the backend handles auth.');
-    }
-    if (ctx.authHelpers?.hasThrowingHelpers) {
-        parts.push('');
-        parts.push('**AUTH HELPER FUNCTIONS**: This project uses throwing auth helpers that guarantee authenticated context:');
-        parts.push(ctx.authHelpers.summary);
-        parts.push('Code after these helper calls is GUARANTEED to be authenticated. Do NOT flag "missing auth" after these calls.');
-    }
-    if (ctx.additionalContext) {
-        parts.push('');
-        parts.push(ctx.additionalContext);
-    }
-    return parts.length > 0 ? '\n\n' + parts.join('\n') : '';
-}
-//# sourceMappingURL=semantic-analysis.js.map

package/dist/layer3/anthropic/prompts/semantic-analysis.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"semantic-analysis.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/semantic-analysis.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AA2IH,8DA6BC;AApKD,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;GAEG;AACU,QAAA,wBAAwB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oOAuH4L,CAAA;AAEpO,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,yBAAyB,CAAC,GAAmB;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAA;IAEnB,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,IAAI,GAAG,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,iDAAiD,GAAG,CAAC,gBAAgB,CAAC,QAAQ,IAAI,MAAM,cAAc,CAAC,CAAA;QAClH,IAAI,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnD,KAAK,CAAC,IAAI,CAAC,oBAAoB,GAAG,CAAC,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAClF,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;QAC5D,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAA;QACtG,KAAK,CAAC,IAAI,CAAC,gGAAgG,CAAC,CAAA;IAC9G,CAAC;IAED,IAAI,GAAG,CAAC,WAAW,EAAE,kBAAkB,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,0GAA0G,CAAC,CAAA;QACtH,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QACnC,KAAK,CAAC,IAAI,CAAC,gHAAgH,CAAC,CAAA;IAC9H,CAAC;IAED,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;IACnC,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;AAC1D,CAAC"}

package/dist/layer3/anthropic/prompts/validation.d.ts

@@ -1,18 +0,0 @@
-/**
- * High-Context Validation Prompt
- *
- * Comprehensive validation prompt with generalised security rules.
- * Used for validating Layer 1/2 findings with full file context.
- *
- * Now backed by the modular prompt system. The monolithic constant is
- * generated from all modules combined for backward compatibility.
- */
-export { assembleValidationPrompt, getFullValidationPrompt } from './modules';
-/**
- * Legacy backward-compatible constant.
- * Equivalent to getFullValidationPrompt() — all modules combined.
- * Kept so any code importing this constant continues to work.
- */
-export { getFullValidationPrompt as _getFullPrompt } from './modules';
-export declare const HIGH_CONTEXT_VALIDATION_PROMPT: string;
-//# sourceMappingURL=validation.d.ts.map

package/dist/layer3/anthropic/prompts/validation.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/validation.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAA;AAE7E;;;;GAIG;AACH,OAAO,EAAE,uBAAuB,IAAI,cAAc,EAAE,MAAM,WAAW,CAAA;AAErE,eAAO,MAAM,8BAA8B,QAA4B,CAAA"}

package/dist/layer3/anthropic/prompts/validation.js

@@ -1,25 +0,0 @@
-"use strict";
-/**
- * High-Context Validation Prompt
- *
- * Comprehensive validation prompt with generalised security rules.
- * Used for validating Layer 1/2 findings with full file context.
- *
- * Now backed by the modular prompt system. The monolithic constant is
- * generated from all modules combined for backward compatibility.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.HIGH_CONTEXT_VALIDATION_PROMPT = exports._getFullPrompt = exports.getFullValidationPrompt = exports.assembleValidationPrompt = void 0;
-var modules_1 = require("./modules");
-Object.defineProperty(exports, "assembleValidationPrompt", { enumerable: true, get: function () { return modules_1.assembleValidationPrompt; } });
-Object.defineProperty(exports, "getFullValidationPrompt", { enumerable: true, get: function () { return modules_1.getFullValidationPrompt; } });
-/**
- * Legacy backward-compatible constant.
- * Equivalent to getFullValidationPrompt() — all modules combined.
- * Kept so any code importing this constant continues to work.
- */
-var modules_2 = require("./modules");
-Object.defineProperty(exports, "_getFullPrompt", { enumerable: true, get: function () { return modules_2.getFullValidationPrompt; } });
-const modules_3 = require("./modules");
-exports.HIGH_CONTEXT_VALIDATION_PROMPT = (0, modules_3.getFullValidationPrompt)();
-//# sourceMappingURL=validation.js.map

package/dist/layer3/anthropic/prompts/validation.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/prompts/validation.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEH,qCAA6E;AAApE,mHAAA,wBAAwB,OAAA;AAAE,kHAAA,uBAAuB,OAAA;AAE1D;;;;GAIG;AACH,qCAAqE;AAA5D,yGAAA,uBAAuB,OAAkB;AAClD,uCAAmD;AACtC,QAAA,8BAA8B,GAAG,IAAA,iCAAuB,GAAE,CAAA"}

package/dist/layer3/anthropic/providers/anthropic.d.ts

@@ -1,21 +0,0 @@
-/**
- * Anthropic Provider Implementation
- *
- * Validation using Anthropic Claude 3.5 Haiku model.
- */
-import type { Vulnerability, ScanFile } from '../../../types';
-import type { ProjectContext } from '../../../utils/project-context-builder';
-import type { ValidationStats, AIValidationResult } from '../types';
-/**
- * Validate findings using Anthropic Claude 3.5 Haiku
- */
-export declare function validateWithAnthropic(findings: Vulnerability[], files: ScanFile[], projectContext: ProjectContext | undefined, stats: ValidationStats, onProgress?: (progress: {
-    filesProcessed: number;
-    totalFiles: number;
-    status: string;
-}) => void): Promise<AIValidationResult>;
-/**
- * Clear cached project context (called after validation complete)
- */
-export declare function clearAnthropicCache(): void;
-//# sourceMappingURL=anthropic.d.ts.map

package/dist/layer3/anthropic/providers/anthropic.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"anthropic.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/providers/anthropic.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAoB,MAAM,gBAAgB,CAAA;AAC/E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wCAAwC,CAAA;AAE5E,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAUnE;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,aAAa,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,cAAc,EAAE,cAAc,GAAG,SAAS,EAC1C,KAAK,EAAE,eAAe,EACtB,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE;IAAE,cAAc,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,KAAK,IAAI,GAC9F,OAAO,CAAC,kBAAkB,CAAC,CAyR7B;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C"}

package/dist/layer3/anthropic/providers/anthropic.js

@@ -1,269 +0,0 @@
-"use strict";
-/**
- * Anthropic Provider Implementation
- *
- * Validation using Anthropic Claude 3.5 Haiku model.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateWithAnthropic = validateWithAnthropic;
-exports.clearAnthropicCache = clearAnthropicCache;
-const project_context_builder_1 = require("../../../utils/project-context-builder");
-const clients_1 = require("../clients");
-const retry_1 = require("../utils/retry");
-const response_parser_1 = require("../utils/response-parser");
-const request_builder_1 = require("../request-builder");
-const validation_1 = require("../prompts/validation");
-// Cache for project context (built once per scan)
-let cachedProjectContext = null;
-/**
- * Validate findings using Anthropic Claude 3.5 Haiku
- */
-async function validateWithAnthropic(findings, files, projectContext, stats, onProgress) {
-    console.log('[AI Validation] Initializing Anthropic client...');
-    const client = (0, clients_1.getAnthropicClient)();
-    // Build or use cached project context
-    const context = projectContext || cachedProjectContext || (0, project_context_builder_1.buildProjectContext)(files);
-    if (!projectContext && !cachedProjectContext) {
-        cachedProjectContext = context;
-        console.log('[AI Validation] Built project context:', {
-            hasAuthMiddleware: context.auth.hasGlobalMiddleware,
-            authProvider: context.auth.authProvider,
-            orm: context.dataAccess.orm,
-            framework: context.frameworks.primary,
-        });
-    }
-    // Group findings by file for efficient validation
-    const findingsByFile = new Map();
-    for (const finding of findings) {
-        const existing = findingsByFile.get(finding.filePath) || [];
-        existing.push(finding);
-        findingsByFile.set(finding.filePath, existing);
-    }
-    const validatedFindings = [];
-    // Phase 2: Multi-file batching
-    const fileEntries = Array.from(findingsByFile.entries());
-    // Track metrics
-    let totalBatchWaitTime = 0;
-    let totalApiBatches = 0;
-    const totalFileBatches = Math.ceil(fileEntries.length / clients_1.FILES_PER_API_BATCH);
-    console.log(`[AI Validation] Phase 2: Processing ${fileEntries.length} files in ${totalFileBatches} API batch(es) (${clients_1.FILES_PER_API_BATCH} files/batch)`);
-    // Track files processed for progress reporting
-    let filesValidated = 0;
-    // Process files in batches - each batch is ONE API call with multiple files
-    for (let batchStart = 0; batchStart < fileEntries.length; batchStart += clients_1.FILES_PER_API_BATCH) {
-        const fileBatch = fileEntries.slice(batchStart, batchStart + clients_1.FILES_PER_API_BATCH);
-        const batchNum = Math.floor(batchStart / clients_1.FILES_PER_API_BATCH) + 1;
-        // Report progress before processing batch
-        if (onProgress) {
-            onProgress({
-                filesProcessed: filesValidated,
-                totalFiles: fileEntries.length,
-                status: `AI validating batch ${batchNum}/${totalFileBatches}`,
-            });
-        }
-        console.log(`[AI Validation] API Batch ${batchNum}/${totalFileBatches}: ${fileBatch.length} files`);
-        // Prepare file data for batch request
-        const fileDataList = [];
-        const filesWithoutContent = [];
-        for (const [filePath, fileFindings] of fileBatch) {
-            const file = files.find(f => f.path === filePath);
-            if (!file) {
-                filesWithoutContent.push({ filePath, findings: fileFindings });
-            }
-            else {
-                fileDataList.push({ file, findings: fileFindings, filePath });
-            }
-        }
-        // Handle files without content - mark as not validated
-        for (const { findings } of filesWithoutContent) {
-            for (const f of findings) {
-                validatedFindings.push({
-                    ...f,
-                    validatedByAI: false,
-                    validationStatus: 'not_validated',
-                    validationNotes: 'File content not available for validation',
-                });
-            }
-        }
-        // Skip API call if no files with content
-        if (fileDataList.length === 0) {
-            continue;
-        }
-        const batchStartTime = Date.now();
-        try {
-            // Build multi-file validation request with scoped context
-            const validationRequest = (0, request_builder_1.buildMultiFileValidationRequest)(fileDataList.map(({ file, findings }) => ({ file, findings })), context, { contextMode: 'scoped' });
-            // Assemble category-aware prompt for this batch
-            const batchCategories = [...new Set(fileBatch.flatMap(([, fileFindings]) => fileFindings.map(f => f.category)))];
-            const systemPrompt = (0, validation_1.assembleValidationPrompt)(batchCategories);
-            // Use Anthropic prompt caching with multi-file request
-            const response = await (0, retry_1.makeAnthropicRequestWithRetry)(() => client.messages.create({
-                model: 'claude-3-5-haiku-20241022',
-                max_tokens: 1500, // Reduced from 4096 - optimized format needs less output
-                system: [
-                    {
-                        type: 'text',
-                        text: systemPrompt,
-                        cache_control: { type: 'ephemeral' }, // Cache for 5 minutes
-                    },
-                ],
-                messages: [{ role: 'user', content: validationRequest }],
-            }));
-            // Track API call stats
-            stats.apiCalls++;
-            totalApiBatches++;
-            // Extract cache metrics from usage
-            const usage = response.usage;
-            if (usage) {
-                // DEBUG: Log full usage object to understand token breakdown
-                console.log(`[DEBUG] Batch ${batchNum} - Full API Response Usage:`);
-                console.log(JSON.stringify(usage, null, 2));
-                console.log(`[DEBUG] Breakdown:`);
-                console.log(`  - input_tokens: ${usage.input_tokens || 0}`);
-                console.log(`  - output_tokens: ${usage.output_tokens || 0}`);
-                // @ts-ignore
-                console.log(`  - cache_creation_input_tokens: ${usage.cache_creation_input_tokens || 0}`);
-                // @ts-ignore
-                console.log(`  - cache_read_input_tokens: ${usage.cache_read_input_tokens || 0}`);
-                stats.estimatedInputTokens += usage.input_tokens || 0;
-                stats.estimatedOutputTokens += usage.output_tokens || 0;
-                // @ts-ignore - cache fields not in types yet
-                const cacheCreation = usage.cache_creation_input_tokens || 0;
-                // @ts-ignore
-                const cacheRead = usage.cache_read_input_tokens || 0;
-                stats.cacheCreationTokens += cacheCreation;
-                stats.cacheReadTokens += cacheRead;
-            }
-            const textContent = response.content.find((block) => block.type === 'text');
-            if (!textContent || textContent.type !== 'text') {
-                // No valid response - mark all findings as not validated
-                for (const { findings } of fileDataList) {
-                    for (const f of findings) {
-                        validatedFindings.push({
-                            ...f,
-                            validatedByAI: false,
-                            validationStatus: 'not_validated',
-                            validationNotes: 'No valid response from AI',
-                        });
-                    }
-                }
-                continue;
-            }
-            // Parse multi-file response
-            const expectedFiles = fileDataList.map(({ filePath }) => filePath);
-            const validationResultsMap = (0, response_parser_1.parseMultiFileValidationResponse)(textContent.text, expectedFiles);
-            // Apply results per file
-            for (const { filePath, findings } of fileDataList) {
-                const fileResults = validationResultsMap.get(filePath);
-                if (!fileResults || fileResults.length === 0) {
-                    // No results for this file - try single-file parsing as fallback
-                    const singleFileResults = (0, response_parser_1.parseValidationResponse)(textContent.text);
-                    if (singleFileResults.length > 0 && fileDataList.length === 1) {
-                        // Single file in batch, use single-file parsing
-                        const { processed: processedFindings, dismissedCount } = (0, response_parser_1.applyValidationResults)(findings, singleFileResults);
-                        stats.validatedFindings += processedFindings.length + dismissedCount;
-                        stats.dismissedFindings += dismissedCount;
-                        for (const processed of processedFindings) {
-                            if (processed.validationStatus === 'confirmed') {
-                                stats.confirmedFindings++;
-                            }
-                            else if (processed.validationStatus === 'downgraded') {
-                                stats.downgradedFindings++;
-                            }
-                            validatedFindings.push(processed);
-                        }
-                    }
-                    else {
-                        // No validation results - REJECT all findings for this file (conservative approach)
-                        console.warn(`[AI Validation] No results for ${filePath} - REJECTING ${findings.length} findings`);
-                        stats.validatedFindings += findings.length;
-                        stats.dismissedFindings += findings.length;
-                        // Don't add to validatedFindings - findings are rejected
-                    }
-                }
-                else {
-                    // Apply validation results for this file
-                    const { processed: processedFindings, dismissedCount } = (0, response_parser_1.applyValidationResults)(findings, fileResults);
-                    stats.validatedFindings += processedFindings.length + dismissedCount;
-                    stats.dismissedFindings += dismissedCount;
-                    for (const processed of processedFindings) {
-                        if (processed.validationStatus === 'confirmed') {
-                            stats.confirmedFindings++;
-                        }
-                        else if (processed.validationStatus === 'downgraded') {
-                            stats.downgradedFindings++;
-                        }
-                        validatedFindings.push(processed);
-                    }
-                }
-            }
-        }
-        catch (error) {
-            console.error(`[AI Validation] Error in batch ${batchNum}:`, error);
-            // Fallback: keep all findings but mark as not validated
-            for (const { findings } of fileDataList) {
-                for (const f of findings) {
-                    validatedFindings.push({
-                        ...f,
-                        validatedByAI: false,
-                        validationStatus: 'not_validated',
-                        validationNotes: 'Validation failed due to API error',
-                    });
-                }
-            }
-        }
-        const batchDuration = Date.now() - batchStartTime;
-        totalBatchWaitTime += batchDuration;
-        // Update files validated counter
-        filesValidated += fileBatch.length;
-        // Report progress after batch completion
-        if (onProgress) {
-            onProgress({
-                filesProcessed: filesValidated,
-                totalFiles: fileEntries.length,
-                status: `AI validation complete for batch ${batchNum}/${totalFileBatches}`,
-            });
-        }
-    }
-    // Calculate cache hit rate
-    const totalCacheableTokens = stats.cacheCreationTokens + stats.cacheReadTokens;
-    stats.cacheHitRate = totalCacheableTokens > 0
-        ? stats.cacheReadTokens / totalCacheableTokens
-        : 0;
-    // Calculate estimated cost with cache pricing
-    const freshInputCost = (stats.estimatedInputTokens * clients_1.HAIKU_PRICING.input) / 1000000;
-    const cacheWriteCost = (stats.cacheCreationTokens * clients_1.HAIKU_PRICING.cacheWrite) / 1000000;
-    const cacheReadCost = (stats.cacheReadTokens * clients_1.HAIKU_PRICING.cacheRead) / 1000000;
-    const outputCost = (stats.estimatedOutputTokens * clients_1.HAIKU_PRICING.output) / 1000000;
-    stats.estimatedCost = freshInputCost + cacheWriteCost + cacheReadCost + outputCost;
-    // Log validation stats with cache metrics and performance
-    console.log(`[AI Validation] Stats:`);
-    console.log(`  - Total findings: ${stats.totalFindings}`);
-    console.log(`  - AI validated: ${stats.validatedFindings}`);
-    console.log(`  - Confirmed: ${stats.confirmedFindings}`);
-    console.log(`  - Dismissed: ${stats.dismissedFindings}`);
-    console.log(`  - Downgraded: ${stats.downgradedFindings}`);
-    console.log(`  - API calls: ${stats.apiCalls}`);
-    console.log(`  - Performance:`);
-    console.log(`    - Total duration: ${(totalBatchWaitTime / 1000).toFixed(1)}s`);
-    console.log(`    - Total API batches: ${totalApiBatches}`);
-    console.log(`    - Avg time per file: ${fileEntries.length > 0 ? (totalBatchWaitTime / fileEntries.length).toFixed(0) : 0}ms`);
-    console.log(`  - Cache metrics:`);
-    console.log(`    - Cache writes: ${stats.cacheCreationTokens.toLocaleString()} tokens`);
-    console.log(`    - Cache reads: ${stats.cacheReadTokens.toLocaleString()} tokens`);
-    console.log(`    - Cache hit rate: ${(stats.cacheHitRate * 100).toFixed(1)}%`);
-    console.log(`  - Token usage:`);
-    console.log(`    - Input (total): ${stats.estimatedInputTokens.toLocaleString()} tokens`);
-    console.log(`    - Output: ${stats.estimatedOutputTokens.toLocaleString()} tokens`);
-    console.log(`  - Estimated cost: $${stats.estimatedCost.toFixed(4)}`);
-    // Clear cache after validation complete
-    cachedProjectContext = null;
-    return { vulnerabilities: validatedFindings, stats };
-}
-/**
- * Clear cached project context (called after validation complete)
- */
-function clearAnthropicCache() {
-    cachedProjectContext = null;
-}
-//# sourceMappingURL=anthropic.js.map

package/dist/layer3/anthropic/providers/anthropic.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"anthropic.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/providers/anthropic.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAkBH,sDA+RC;AAKD,kDAEC;AApTD,oFAA4E;AAE5E,wCAAmF;AACnF,0CAA8D;AAC9D,8DAA4H;AAC5H,wDAAoE;AACpE,sDAAgE;AAEhE,kDAAkD;AAClD,IAAI,oBAAoB,GAA0B,IAAI,CAAA;AAEtD;;GAEG;AACI,KAAK,UAAU,qBAAqB,CACzC,QAAyB,EACzB,KAAiB,EACjB,cAA0C,EAC1C,KAAsB,EACtB,UAA+F;IAE/F,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAA;IAC/D,MAAM,MAAM,GAAG,IAAA,4BAAkB,GAAE,CAAA;IAEnC,sCAAsC;IACtC,MAAM,OAAO,GAAG,cAAc,IAAI,oBAAoB,IAAI,IAAA,6CAAmB,EAAC,KAAK,CAAC,CAAA;IACpF,IAAI,CAAC,cAAc,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC7C,oBAAoB,GAAG,OAAO,CAAA;QAC9B,OAAO,CAAC,GAAG,CAAC,wCAAwC,EAAE;YACpD,iBAAiB,EAAE,OAAO,CAAC,IAAI,CAAC,mBAAmB;YACnD,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,YAAY;YACvC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG;YAC3B,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO;SACtC,CAAC,CAAA;IACJ,CAAC;IAED,kDAAkD;IAClD,MAAM,cAAc,GAAG,IAAI,GAAG,EAA2B,CAAA;IACzD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QAC3D,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACtB,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,iBAAiB,GAAoB,EAAE,CAAA;IAE7C,+BAA+B;IAC/B,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAA;IAExD,gBAAgB;IAChB,IAAI,kBAAkB,GAAG,CAAC,CAAA;IAC1B,IAAI,eAAe,GAAG,CAAC,CAAA;IAEvB,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,6BAAmB,CAAC,CAAA;IAC5E,OAAO,CAAC,GAAG,CAAC,uCAAuC,WAAW,CAAC,MAAM,aAAa,gBAAgB,mBAAmB,6BAAmB,eAAe,CAAC,CAAA;IAExJ,+CAA+C;IAC/C,IAAI,cAAc,GAAG,CAAC,CAAA;IAEtB,4EAA4E;IAC5E,KAAK,IAAI,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,WAAW,CAAC,MAAM,EAAE,UAAU,IAAI,6BAAmB,EAAE,CAAC;QAC5F,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,UAAU,EAAE,UAAU,GAAG,6BAAmB,CAAC,CAAA;QACjF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,6BAAmB,CAAC,GAAG,CAAC,CAAA;QAEjE,0CAA0C;QAC1C,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC;gBACT,cAAc,EAAE,cAAc;gBAC9B,UAAU,EAAE,WAAW,CAAC,MAAM;gBAC9B,MAAM,EAAE,uBAAuB,QAAQ,IAAI,gBAAgB,EAAE;aAC9D,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,IAAI,gBAAgB,KAAK,SAAS,CAAC,MAAM,QAAQ,CAAC,CAAA;QAEnG,sCAAsC;QACtC,MAAM,YAAY,GAA2E,EAAE,CAAA;QAC/F,MAAM,mBAAmB,GAA2D,EAAE,CAAA;QAEtF,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAA;YACjD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAA;YAChE,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAA;YAC/D,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,KAAK,MAAM,EAAE,QAAQ,EAAE,IAAI,mBAAmB,EAAE,CAAC;YAC/C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,iBAAiB,CAAC,IAAI,CAAC;oBACrB,GAAG,CAAC;oBACJ,aAAa,EAAE,KAAK;oBACpB,gBAAgB,EAAE,eAAmC;oBACrD,eAAe,EAAE,2CAA2C;iBAC7D,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,SAAQ;QACV,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAEjC,IAAI,CAAC;YACH,0DAA0D;YAC1D,MAAM,iBAAiB,GAAG,IAAA,iDAA+B,EACvD,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,EAC9D,OAAO,EACP,EAAE,WAAW,EAAE,QAAQ,EAAE,CAC1B,CAAA;YAED,gDAAgD;YAChD,MAAM,eAAe,GAAG,CAAC,GAAG,IAAI,GAAG,CACjC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAC3E,CAAC,CAAA;YACF,MAAM,YAAY,GAAG,IAAA,qCAAwB,EAAC,eAAe,CAAC,CAAA;YAE9D,uDAAuD;YACvD,MAAM,QAAQ,GAAG,MAAM,IAAA,qCAA6B,EAAC,GAAG,EAAE,CACxD,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACrB,KAAK,EAAE,2BAA2B;gBAClC,UAAU,EAAE,IAAI,EAAE,yDAAyD;gBAC3E,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,YAAY;wBAClB,aAAa,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,sBAAsB;qBAC7D;iBACF;gBACD,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;aACzD,CAAC,CACH,CAAA;YAED,uBAAuB;YACvB,KAAK,CAAC,QAAQ,EAAE,CAAA;YAChB,eAAe,EAAE,CAAA;YAEjB,mCAAmC;YACnC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAA;YAC5B,IAAI,KAAK,EAAE,CAAC;gBACV,6DAA6D;gBAC7D,OAAO,CAAC,GAAG,CAAC,iBAAiB,QAAQ,6BAA6B,CAAC,CAAA;gBACnE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;gBAC3C,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;gBACjC,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,CAAC,YAAY,IAAI,CAAC,EAAE,CAAC,CAAA;gBAC3D,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,CAAC,aAAa,IAAI,CAAC,EAAE,CAAC,CAAA;gBAC7D,aAAa;gBACb,OAAO,CAAC,GAAG,CAAC,oCAAoC,KAAK,CAAC,2BAA2B,IAAI,CAAC,EAAE,CAAC,CAAA;gBACzF,aAAa;gBACb,OAAO,CAAC,GAAG,CAAC,gCAAgC,KAAK,CAAC,uBAAuB,IAAI,CAAC,EAAE,CAAC,CAAA;gBAEjF,KAAK,CAAC,oBAAoB,IAAI,KAAK,CAAC,YAAY,IAAI,CAAC,CAAA;gBACrD,KAAK,CAAC,qBAAqB,IAAI,KAAK,CAAC,aAAa,IAAI,CAAC,CAAA;gBAEvD,6CAA6C;gBAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,2BAA2B,IAAI,CAAC,CAAA;gBAC5D,aAAa;gBACb,MAAM,SAAS,GAAG,KAAK,CAAC,uBAAuB,IAAI,CAAC,CAAA;gBAEpD,KAAK,CAAC,mBAAmB,IAAI,aAAa,CAAA;gBAC1C,KAAK,CAAC,eAAe,IAAI,SAAS,CAAA;YACpC,CAAC;YAED,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAuB,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,CAAA;YAC7F,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBAChD,yDAAyD;gBACzD,KAAK,MAAM,EAAE,QAAQ,EAAE,IAAI,YAAY,EAAE,CAAC;oBACxC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;wBACzB,iBAAiB,CAAC,IAAI,CAAC;4BACrB,GAAG,CAAC;4BACJ,aAAa,EAAE,KAAK;4BACpB,gBAAgB,EAAE,eAAmC;4BACrD,eAAe,EAAE,2BAA2B;yBAC7C,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;gBACD,SAAQ;YACV,CAAC;YAED,4BAA4B;YAC5B,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAA;YAClE,MAAM,oBAAoB,GAAG,IAAA,kDAAgC,EAAC,WAAW,CAAC,IAAI,EAAE,aAAa,CAAC,CAAA;YAE9F,yBAAyB;YACzB,KAAK,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,YAAY,EAAE,CAAC;gBAClD,MAAM,WAAW,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;gBAEtD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC7C,iEAAiE;oBACjE,MAAM,iBAAiB,GAAG,IAAA,yCAAuB,EAAC,WAAW,CAAC,IAAI,CAAC,CAAA;oBAEnE,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC9D,gDAAgD;wBAChD,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,GAAG,IAAA,wCAAsB,EAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAA;wBAC5G,KAAK,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,MAAM,GAAG,cAAc,CAAA;wBACpE,KAAK,CAAC,iBAAiB,IAAI,cAAc,CAAA;wBACzC,KAAK,MAAM,SAAS,IAAI,iBAAiB,EAAE,CAAC;4BAC1C,IAAI,SAAS,CAAC,gBAAgB,KAAK,WAAW,EAAE,CAAC;gCAC/C,KAAK,CAAC,iBAAiB,EAAE,CAAA;4BAC3B,CAAC;iCAAM,IAAI,SAAS,CAAC,gBAAgB,KAAK,YAAY,EAAE,CAAC;gCACvD,KAAK,CAAC,kBAAkB,EAAE,CAAA;4BAC5B,CAAC;4BACD,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;wBACnC,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,oFAAoF;wBACpF,OAAO,CAAC,IAAI,CAAC,kCAAkC,QAAQ,gBAAgB,QAAQ,CAAC,MAAM,WAAW,CAAC,CAAA;wBAClG,KAAK,CAAC,iBAAiB,IAAI,QAAQ,CAAC,MAAM,CAAA;wBAC1C,KAAK,CAAC,iBAAiB,IAAI,QAAQ,CAAC,MAAM,CAAA;wBAC1C,yDAAyD;oBAC3D,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,yCAAyC;oBACzC,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,GAAG,IAAA,wCAAsB,EAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;oBACtG,KAAK,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,MAAM,GAAG,cAAc,CAAA;oBACpE,KAAK,CAAC,iBAAiB,IAAI,cAAc,CAAA;oBACzC,KAAK,MAAM,SAAS,IAAI,iBAAiB,EAAE,CAAC;wBAC1C,IAAI,SAAS,CAAC,gBAAgB,KAAK,WAAW,EAAE,CAAC;4BAC/C,KAAK,CAAC,iBAAiB,EAAE,CAAA;wBAC3B,CAAC;6BAAM,IAAI,SAAS,CAAC,gBAAgB,KAAK,YAAY,EAAE,CAAC;4BACvD,KAAK,CAAC,kBAAkB,EAAE,CAAA;wBAC5B,CAAC;wBACD,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;oBACnC,CAAC;gBACH,CAAC;YACH,CAAC;QAEH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAA;YACnE,wDAAwD;YACxD,KAAK,MAAM,EAAE,QAAQ,EAAE,IAAI,YAAY,EAAE,CAAC;gBACxC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACzB,iBAAiB,CAAC,IAAI,CAAC;wBACrB,GAAG,CAAC;wBACJ,aAAa,EAAE,KAAK;wBACpB,gBAAgB,EAAE,eAAmC;wBACrD,eAAe,EAAE,oCAAoC;qBACtD,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAA;QACjD,kBAAkB,IAAI,aAAa,CAAA;QAEnC,iCAAiC;QACjC,cAAc,IAAI,SAAS,CAAC,MAAM,CAAA;QAElC,yCAAyC;QACzC,IAAI,UAAU,EAAE,CAAC;YACf,UAAU,CAAC;gBACT,cAAc,EAAE,cAAc;gBAC9B,UAAU,EAAE,WAAW,CAAC,MAAM;gBAC9B,MAAM,EAAE,oCAAoC,QAAQ,IAAI,gBAAgB,EAAE;aAC3E,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,oBAAoB,GAAG,KAAK,CAAC,mBAAmB,GAAG,KAAK,CAAC,eAAe,CAAA;IAC9E,KAAK,CAAC,YAAY,GAAG,oBAAoB,GAAG,CAAC;QAC3C,CAAC,CAAC,KAAK,CAAC,eAAe,GAAG,oBAAoB;QAC9C,CAAC,CAAC,CAAC,CAAA;IAEL,8CAA8C;IAC9C,MAAM,cAAc,GAAG,CAAC,KAAK,CAAC,oBAAoB,GAAG,uBAAa,CAAC,KAAK,CAAC,GAAG,OAAS,CAAA;IACrF,MAAM,cAAc,GAAG,CAAC,KAAK,CAAC,mBAAmB,GAAG,uBAAa,CAAC,UAAU,CAAC,GAAG,OAAS,CAAA;IACzF,MAAM,aAAa,GAAG,CAAC,KAAK,CAAC,eAAe,GAAG,uBAAa,CAAC,SAAS,CAAC,GAAG,OAAS,CAAA;IACnF,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,qBAAqB,GAAG,uBAAa,CAAC,MAAM,CAAC,GAAG,OAAS,CAAA;IAEnF,KAAK,CAAC,aAAa,GAAG,cAAc,GAAG,cAAc,GAAG,aAAa,GAAG,UAAU,CAAA;IAElF,0DAA0D;IAC1D,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAA;IACrC,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,CAAC,aAAa,EAAE,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAA;IAC3D,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACxD,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACxD,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,kBAAkB,EAAE,CAAC,CAAA;IAC1D,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC/C,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC/B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IAC/E,OAAO,CAAC,GAAG,CAAC,4BAA4B,eAAe,EAAE,CAAC,CAAA;IAC1D,OAAO,CAAC,GAAG,CAAC,4BAA4B,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;IAC9H,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAA;IACjC,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,CAAC,mBAAmB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAA;IACvF,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,CAAC,eAAe,CAAC,cAAc,EAAE,SAAS,CAAC,CAAA;IAClF,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,KAAK,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IAC9E,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC/B,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,CAAC,oBAAoB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAA;IACzF,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,qBAAqB,CAAC,cAAc,EAAE,SAAS,CAAC,CAAA;IACnF,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;IAErE,wCAAwC;IACxC,oBAAoB,GAAG,IAAI,CAAA;IAE3B,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB;IACjC,oBAAoB,GAAG,IAAI,CAAA;AAC7B,CAAC"}

package/dist/layer3/anthropic/providers/index.d.ts

@@ -1,8 +0,0 @@
-/**
- * AI Providers Index
- *
- * Re-exports all AI provider implementations.
- */
-export { validateWithOpenAI, clearOpenAICache } from './openai';
-export { validateWithAnthropic, clearAnthropicCache } from './anthropic';
-//# sourceMappingURL=index.d.ts.map

package/dist/layer3/anthropic/providers/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/providers/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAC/D,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA"}