@oculum/scanner 1.0.13 → 1.0.15

package/dist/tiers.d.ts

@@ -7,7 +7,7 @@
  * - Route AI validation budget toward Tier B
  *
  * Security reasoning:
- * - Makes it explicit which detectors are safe to expose in cheap scans
+ * - Makes it explicit which detectors are safe to expose in local scans
  * - Avoids "accidental promotion" of an experimental heuristic to production output
  */
 import type { VulnerabilityCategory } from './shared/types';
@@ -15,7 +15,7 @@ import type { VulnerabilityCategory } from './shared/types';
  * Detector tiers control visibility and trust level:
  *
  * - core: High-precision SAST + core AI-safety detectors. Visible in all scan depths.
- * - ai_assisted: Context-heavy heuristics that need AI validation. Shown in validated/deep.
+ * - ai_assisted: Context-heavy heuristics that need AI validation. Shown in verified/deep.
  * - experimental: High-noise signals used only for internal scoring/AI hints. Hidden from users.
  */
 export type DetectorTier = 'core' | 'ai_assisted' | 'experimental';

package/dist/tiers.js

@@ -8,7 +8,7 @@
  * - Route AI validation budget toward Tier B
  *
  * Security reasoning:
- * - Makes it explicit which detectors are safe to expose in cheap scans
+ * - Makes it explicit which detectors are safe to expose in local scans
  * - Avoids "accidental promotion" of an experimental heuristic to production output
  */
 Object.defineProperty(exports, "__esModule", { value: true });

package/dist/validate/clients.d.ts

@@ -39,6 +39,7 @@ export declare const FILES_PER_API_BATCH = 8;
  * Number of API batches to process in parallel (Phase 3 optimization)
  * Higher values = faster scans but more API load
  * OpenAI/GPT-5-mini handles this well
+ * Note: was 6, reduced to 2 for stability, settled on 4 as balance
  */
-export declare const PARALLEL_API_BATCHES = 6;
+export declare const PARALLEL_API_BATCHES = 4;
 //# sourceMappingURL=clients.d.ts.map

package/dist/validate/clients.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"clients.d.ts","sourceRoot":"","sources":["../../src/validate/clients.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,SAAS,MAAM,mBAAmB,CAAA;AACzC,OAAO,MAAM,MAAM,QAAQ,CAAA;AAM3B;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,SAAS,CAM9C;AASD;;GAEG;AACH,wBAAgB,eAAe,IAAI,MAAM,CASxC;AAMD;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;CAKzB,CAAA;AAMD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,IAAI,CAAA;AAEpC;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,IAAI,CAAA"}
+{"version":3,"file":"clients.d.ts","sourceRoot":"","sources":["../../src/validate/clients.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,SAAS,MAAM,mBAAmB,CAAA;AACzC,OAAO,MAAM,MAAM,QAAQ,CAAA;AAM3B;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,SAAS,CAM9C;AASD;;GAEG;AACH,wBAAgB,eAAe,IAAI,MAAM,CASxC;AAMD;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;CAI7B,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;CAKzB,CAAA;AAMD;;;GAGG;AACH,eAAO,MAAM,mBAAmB,IAAI,CAAA;AAEpC;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,IAAI,CAAA"}

package/dist/validate/clients.js

@@ -40,7 +40,7 @@ function getOpenAIClient() {
         if (!apiKey) {
             throw new Error('OPENAI_API_KEY environment variable is not set');
         }
-        openaiClient = new openai_1.default({ apiKey });
+        openaiClient = new openai_1.default({ apiKey, timeout: 120000 });
     }
     return openaiClient;
 }
@@ -76,6 +76,7 @@ exports.FILES_PER_API_BATCH = 8;
  * Number of API batches to process in parallel (Phase 3 optimization)
  * Higher values = faster scans but more API load
  * OpenAI/GPT-5-mini handles this well
+ * Note: was 6, reduced to 2 for stability, settled on 4 as balance
  */
-exports.PARALLEL_API_BATCHES = 6;
+exports.PARALLEL_API_BATCHES = 4;
 //# sourceMappingURL=clients.js.map

package/dist/validate/clients.js.map

@@ -1 +1 @@
-{"version":3,"file":"clients.js","sourceRoot":"","sources":["../../src/validate/clients.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;AAYH,gDAMC;AAYD,0CASC;AArCD,4DAAyC;AACzC,oDAA2B;AAE3B,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,kBAAkB;IAChC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;IACtE,CAAC;IACD,OAAO,IAAI,aAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;AAClC,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,0CAA0C;AAC1C,IAAI,YAAY,GAAkB,IAAI,CAAA;AAEtC;;GAEG;AACH,SAAgB,eAAe;IAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;QACnE,CAAC;QACD,YAAY,GAAG,IAAI,gBAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;IACvC,CAAC;IACD,OAAO,YAAY,CAAA;AACrB,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACU,QAAA,iBAAiB,GAAG;IAC/B,KAAK,EAAE,IAAI,EAAO,sBAAsB;IACxC,MAAM,EAAE,KAAK,EAAK,sCAAsC;IACxD,MAAM,EAAE,IAAI,EAAM,sBAAsB;CACzC,CAAA;AAED;;GAEG;AACU,QAAA,aAAa,GAAG;IAC3B,KAAK,EAAE,IAAI,EAAQ,sBAAsB;IACzC,UAAU,EAAE,IAAI,EAAG,iCAAiC;IACpD,SAAS,EAAE,IAAI,EAAI,sBAAsB;IACzC,MAAM,EAAE,IAAI,EAAO,sBAAsB;CAC1C,CAAA;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,mBAAmB,GAAG,CAAC,CAAA;AAEpC;;;;GAIG;AACU,QAAA,oBAAoB,GAAG,CAAC,CAAA"}
+{"version":3,"file":"clients.js","sourceRoot":"","sources":["../../src/validate/clients.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;AAYH,gDAMC;AAYD,0CASC;AArCD,4DAAyC;AACzC,oDAA2B;AAE3B,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,kBAAkB;IAChC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;IACtE,CAAC;IACD,OAAO,IAAI,aAAS,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;AAClC,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,0CAA0C;AAC1C,IAAI,YAAY,GAAkB,IAAI,CAAA;AAEtC;;GAEG;AACH,SAAgB,eAAe;IAC7B,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAA;QACzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;QACnE,CAAC;QACD,YAAY,GAAG,IAAI,gBAAM,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,MAAO,EAAE,CAAC,CAAA;IACzD,CAAC;IACD,OAAO,YAAY,CAAA;AACrB,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACU,QAAA,iBAAiB,GAAG;IAC/B,KAAK,EAAE,IAAI,EAAO,sBAAsB;IACxC,MAAM,EAAE,KAAK,EAAK,sCAAsC;IACxD,MAAM,EAAE,IAAI,EAAM,sBAAsB;CACzC,CAAA;AAED;;GAEG;AACU,QAAA,aAAa,GAAG;IAC3B,KAAK,EAAE,IAAI,EAAQ,sBAAsB;IACzC,UAAU,EAAE,IAAI,EAAG,iCAAiC;IACpD,SAAS,EAAE,IAAI,EAAI,sBAAsB;IACzC,MAAM,EAAE,IAAI,EAAO,sBAAsB;CAC1C,CAAA;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;GAGG;AACU,QAAA,mBAAmB,GAAG,CAAC,CAAA;AAEpC;;;;;GAKG;AACU,QAAA,oBAAoB,GAAG,CAAC,CAAA"}

package/dist/validate/index.d.ts

@@ -11,11 +11,10 @@
  *
  * Also provides high-context validation for Layer 1/2 findings.
  */
-import type { Vulnerability, ScanFile } from '../shared/types';
-import type { ContextEngineResult } from '../model/taint-types';
-import type { AIValidationResult, Layer3Context } from './types';
-export type { ValidationStats, AIValidationResult, Layer3Context } from './types';
-export { applyAutoDismissRules } from '../score/auto-dismiss';
+import type { Vulnerability, ScanFile } from "../shared/types";
+import type { ContextEngineResult } from "../model/taint-types";
+import type { AIValidationResult, Layer3Context } from "./types";
+export type { ValidationStats, AIValidationResult, Layer3Context, } from "./types";
 /**
  * Analyze a single file using AI for deep security analysis (Layer 3)
  */
@@ -37,5 +36,5 @@ export declare function validateFindingsWithAI(findings: Vulnerability[], files:
     filesProcessed: number;
     totalFiles: number;
     status: string;
-}) => void): Promise<AIValidationResult>;
+}) => void, quiet?: boolean): Promise<AIValidationResult>;
 //# sourceMappingURL=index.d.ts.map

package/dist/validate/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/validate/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC9D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAG/D,OAAO,KAAK,EAAmB,kBAAkB,EAAE,aAAa,EAAa,MAAM,SAAS,CAAA;AAS5F,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AACjF,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAM7D;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,QAAQ,EACd,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,aAAa,EAAE,CAAC,CA+D1B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,QAAQ,EAAE,EACjB,OAAO,CAAC,EAAE,aAAa,EACvB,aAAa,GAAE,MAAU,GACxB,OAAO,CAAC,aAAa,EAAE,CAAC,CAqB1B;AAMD;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CAC1C,QAAQ,EAAE,aAAa,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,QAAQ,CAAC,EAAE,mBAAmB,EAC9B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE;IAAE,cAAc,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,KAAK,IAAI,GAC9F,OAAO,CAAC,kBAAkB,CAAC,CAiB7B"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/validate/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAGhE,OAAO,KAAK,EAEV,kBAAkB,EAClB,aAAa,EAEd,MAAM,SAAS,CAAC;AAiBjB,YAAY,EACV,eAAe,EACf,kBAAkB,EAClB,aAAa,GACd,MAAM,SAAS,CAAC;AAMjB;;GAEG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,QAAQ,EACd,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,aAAa,EAAE,CAAC,CAiE1B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,QAAQ,EAAE,EACjB,OAAO,CAAC,EAAE,aAAa,EACvB,aAAa,GAAE,MAAU,GACxB,OAAO,CAAC,aAAa,EAAE,CAAC,CAuB1B;AAMD;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CAC1C,QAAQ,EAAE,aAAa,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,QAAQ,CAAC,EAAE,mBAAmB,EAC9B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB,KAAK,IAAI,EACV,KAAK,GAAE,OAAc,GACpB,OAAO,CAAC,kBAAkB,CAAC,CA4B7B"}

package/dist/validate/index.js

@@ -13,7 +13,6 @@
  * Also provides high-context validation for Layer 1/2 findings.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.applyAutoDismissRules = void 0;
 exports.analyzeWithAI = analyzeWithAI;
 exports.batchAnalyzeWithAI = batchAnalyzeWithAI;
 exports.validateFindingsWithAI = validateFindingsWithAI;
@@ -23,8 +22,6 @@ const response_parser_1 = require("./utils/response-parser");
 const semantic_analysis_1 = require("./prompts/semantic-analysis");
 const openai_1 = require("./providers/openai");
 const anthropic_1 = require("./providers/anthropic");
-var auto_dismiss_1 = require("../score/auto-dismiss");
-Object.defineProperty(exports, "applyAutoDismissRules", { enumerable: true, get: function () { return auto_dismiss_1.applyAutoDismissRules; } });
 // ============================================================================
 // Layer 3: Deep AI Analysis
 // ============================================================================
@@ -35,9 +32,9 @@ async function analyzeWithAI(file, context) {
     const client = (0, clients_1.getAnthropicClient)();
     // Prepare the code with line numbers for reference
     const numberedCode = file.content
-        .split('\n')
+        .split("\n")
         .map((line, i) => `${i + 1}: ${line}`)
-        .join('\n');
+        .join("\n");
     // Build auth context for the prompt
     const authContext = (0, semantic_analysis_1.buildAuthContextForPrompt)(context);
     const userMessage = `Analyze this ${file.language} file for security vulnerabilities:
@@ -51,20 +48,20 @@ ${numberedCode}
 Return ONLY a JSON array of findings.`;
     try {
         const response = await client.messages.create({
-            model: 'claude-3-5-haiku-20241022',
+            model: "claude-3-5-haiku-20241022",
             max_tokens: 4096,
             system: semantic_analysis_1.SECURITY_ANALYSIS_PROMPT,
             messages: [
                 {
-                    role: 'user',
+                    role: "user",
                     content: userMessage,
                 },
             ],
         });
         // Extract text content from response
-        const textContent = response.content.find((block) => block.type === 'text');
-        if (!textContent || textContent.type !== 'text') {
-            console.error('No text content in AI response');
+        const textContent = response.content.find((block) => block.type === "text");
+        if (!textContent || textContent.type !== "text") {
+            console.error("No text content in AI response");
             return [];
         }
         // Parse the JSON response
@@ -80,12 +77,12 @@ Return ONLY a JSON array of findings.`;
             title: finding.title,
             description: finding.description,
             suggestedFix: finding.suggestedFix,
-            confidence: 'high',
+            confidence: "high",
             layer: 3,
         }));
     }
     catch (error) {
-        console.error('AI analysis error:', error);
+        console.error("AI analysis error:", error);
         return [];
     }
 }
@@ -98,14 +95,14 @@ async function batchAnalyzeWithAI(files, context, maxConcurrent = 3) {
     // Process files in batches to avoid rate limits
     for (let i = 0; i < files.length; i += maxConcurrent) {
         const batch = files.slice(i, i + maxConcurrent);
-        const results = await Promise.all(batch.map(file => analyzeWithAI(file, context).catch(err => {
+        const results = await Promise.all(batch.map((file) => analyzeWithAI(file, context).catch((err) => {
             console.error(`AI analysis failed for ${file.path}:`, err);
             return [];
         })));
         vulnerabilities.push(...results.flat());
         // Small delay between batches to avoid rate limits
         if (i + maxConcurrent < files.length) {
-            await new Promise(resolve => setTimeout(resolve, 500));
+            await new Promise((resolve) => setTimeout(resolve, 500));
         }
     }
     return vulnerabilities;
@@ -121,21 +118,25 @@ async function batchAnalyzeWithAI(files, context, maxConcurrent = 3) {
  * 2. Includes PROJECT CONTEXT (auth patterns, data access, etc.)
  * 3. Uses generalised rules from Section 3 of the security model
  */
-async function validateFindingsWithAI(findings, files, ceResult, onProgress) {
+async function validateFindingsWithAI(findings, files, ceResult, onProgress, quiet = true) {
+    const log = (msg, ...args) => {
+        if (!quiet)
+            console.error(msg, ...args);
+    };
     // Initialize stats tracking
     const stats = (0, types_1.createInitialStats)(findings.length);
     if (findings.length === 0) {
         return { vulnerabilities: [], stats };
     }
     // Check for provider override (GPT-5-mini is default for 47% cost savings)
-    const aiProvider = process.env.AI_PROVIDER || 'openai';
-    if (aiProvider === 'anthropic') {
-        console.log('[AI Validation] Using Anthropic provider (Claude 3.5 Haiku)');
-        return (0, anthropic_1.validateWithAnthropic)(findings, files, ceResult, stats, onProgress);
+    const aiProvider = process.env.AI_PROVIDER || "openai";
+    if (aiProvider === "anthropic") {
+        log("[AI Validation] Using Anthropic provider (Claude 3.5 Haiku)");
+        return (0, anthropic_1.validateWithAnthropic)(findings, files, ceResult, stats, onProgress, quiet);
     }
     else {
-        console.log('[AI Validation] Using OpenAI provider (GPT-5-mini)');
-        return (0, openai_1.validateWithOpenAI)(findings, files, ceResult, stats);
+        log("[AI Validation] Using OpenAI provider (GPT-5-mini)");
+        return (0, openai_1.validateWithOpenAI)(findings, files, ceResult, stats, quiet);
     }
 }
 //# sourceMappingURL=index.js.map

package/dist/validate/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/validate/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAyBH,sCAkEC;AAMD,gDAyBC;AAcD,wDAsBC;AAvJD,mCAA4C;AAC5C,uCAA8C;AAC9C,6DAA6G;AAC7G,mEAAiG;AACjG,+CAAuD;AACvD,qDAA6D;AAI7D,sDAA6D;AAApD,qHAAA,qBAAqB,OAAA;AAE9B,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,IAAc,EACd,OAAuB;IAEvB,MAAM,MAAM,GAAG,IAAA,4BAAkB,GAAE,CAAA;IAEnC,mDAAmD;IACnD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO;SAC9B,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;SACrC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,oCAAoC;IACpC,MAAM,WAAW,GAAG,IAAA,6CAAyB,EAAC,OAAO,CAAC,CAAA;IAEtD,MAAM,WAAW,GAAG,gBAAgB,IAAI,CAAC,QAAQ;;QAE3C,IAAI,CAAC,IAAI,GAAG,WAAW;;QAEvB,IAAI,CAAC,QAAQ;EACnB,YAAY;;;sCAGwB,CAAA;IAEpC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,2BAA2B;YAClC,UAAU,EAAE,IAAI;YAChB,MAAM,EAAE,4CAAwB;YAChC,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,WAAW;iBACrB;aACF;SACF,CAAC,CAAA;QAEF,qCAAqC;QACrC,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAuB,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,CAAA;QAC7F,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;YAC/C,OAAO,EAAE,CAAA;QACX,CAAC;QAED,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,IAAA,iCAAe,EAAC,WAAW,CAAC,IAAI,CAAC,CAAA;QAElD,kCAAkC;QAClC,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YACvC,EAAE,EAAE,MAAM,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,UAAU,IAAI,KAAK,EAAE;YACpD,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,WAAW,EAAE,IAAA,gCAAc,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC;YAC7D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,UAAU,EAAE,MAAe;YAC3B,KAAK,EAAE,CAAU;SAClB,CAAC,CAAC,CAAA;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;QAC1C,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,kBAAkB,CACtC,KAAiB,EACjB,OAAuB,EACvB,gBAAwB,CAAC;IAEzB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,gDAAgD;IAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,CAAA;QAC/C,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;YACzD,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,CAAC,IAAI,GAAG,EAAE,GAAG,CAAC,CAAA;YAC1D,OAAO,EAAE,CAAA;QACX,CAAC,CAAC,CAAC,CACJ,CAAA;QACD,eAAe,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAA;QAEvC,mDAAmD;QACnD,IAAI,CAAC,GAAG,aAAa,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YACrC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAA;QACxD,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;;;;;;GAOG;AACI,KAAK,UAAU,sBAAsB,CAC1C,QAAyB,EACzB,KAAiB,EACjB,QAA8B,EAC9B,UAA+F;IAE/F,4BAA4B;IAC5B,MAAM,KAAK,GAAoB,IAAA,0BAAkB,EAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IAElE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;IACvC,CAAC;IAED,2EAA2E;IAC3E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,QAAQ,CAAA;IACtD,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAA;QAC1E,OAAO,IAAA,iCAAqB,EAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,CAAA;IAC5E,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAA;QACjE,OAAO,IAAA,2BAAkB,EAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAA;IAC7D,CAAC;AACH,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/validate/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;AAyCH,sCAoEC;AAMD,gDA2BC;AAcD,wDAsCC;AAtLD,mCAA6C;AAC7C,uCAA+C;AAC/C,6DAKiC;AACjC,mEAGqC;AACrC,+CAAwD;AACxD,qDAA8D;AAS9D,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;GAEG;AACI,KAAK,UAAU,aAAa,CACjC,IAAc,EACd,OAAuB;IAEvB,MAAM,MAAM,GAAG,IAAA,4BAAkB,GAAE,CAAC;IAEpC,mDAAmD;IACnD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO;SAC9B,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;SACrC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,oCAAoC;IACpC,MAAM,WAAW,GAAG,IAAA,6CAAyB,EAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,WAAW,GAAG,gBAAgB,IAAI,CAAC,QAAQ;;QAE3C,IAAI,CAAC,IAAI,GAAG,WAAW;;QAEvB,IAAI,CAAC,QAAQ;EACnB,YAAY;;;sCAGwB,CAAC;IAErC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,KAAK,EAAE,2BAA2B;YAClC,UAAU,EAAE,IAAI;YAChB,MAAM,EAAE,4CAAwB;YAChC,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE,WAAW;iBACrB;aACF;SACF,CAAC,CAAC;QAEH,qCAAqC;QACrC,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CACvC,CAAC,KAAuB,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,MAAM,CACnD,CAAC;QACF,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChD,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,IAAA,iCAAe,EAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEnD,kCAAkC;QAClC,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;YACvC,EAAE,EAAE,MAAM,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,UAAU,IAAI,KAAK,EAAE;YACpD,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,WAAW,EAAE,IAAA,gCAAc,EAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,UAAU,CAAC;YAC7D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,UAAU,EAAE,MAAe;YAC3B,KAAK,EAAE,CAAU;SAClB,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;QAC3C,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,kBAAkB,CACtC,KAAiB,EACjB,OAAuB,EACvB,gBAAwB,CAAC;IAEzB,MAAM,eAAe,GAAoB,EAAE,CAAC;IAE5C,gDAAgD;IAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,aAAa,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACjB,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACzC,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,CAAC,IAAI,GAAG,EAAE,GAAG,CAAC,CAAC;YAC3D,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CACH,CACF,CAAC;QACF,eAAe,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAExC,mDAAmD;QACnD,IAAI,CAAC,GAAG,aAAa,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YACrC,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,+EAA+E;AAC/E,qCAAqC;AACrC,+EAA+E;AAE/E;;;;;;;GAOG;AACI,KAAK,UAAU,sBAAsB,CAC1C,QAAyB,EACzB,KAAiB,EACjB,QAA8B,EAC9B,UAIU,EACV,QAAiB,IAAI;IAErB,MAAM,GAAG,GAAG,CAAC,GAAW,EAAE,GAAG,IAAe,EAAE,EAAE;QAC9C,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,CAAC,CAAC;IAEF,4BAA4B;IAC5B,MAAM,KAAK,GAAoB,IAAA,0BAAkB,EAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAEnE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,eAAe,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC;IACxC,CAAC;IAED,2EAA2E;IAC3E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,QAAQ,CAAC;IACvD,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;QAC/B,GAAG,CAAC,6DAA6D,CAAC,CAAC;QACnE,OAAO,IAAA,iCAAqB,EAC1B,QAAQ,EACR,KAAK,EACL,QAAQ,EACR,KAAK,EACL,UAAU,EACV,KAAK,CACN,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,oDAAoD,CAAC,CAAC;QAC1D,OAAO,IAAA,2BAAkB,EAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;IACrE,CAAC;AACH,CAAC"}

package/dist/validate/prompts/modules/ai-patterns.d.ts

@@ -15,5 +15,5 @@
  *
  * Contains AI/LLM-specific patterns that require semantic AI reasoning.
  */
-export declare const AI_PATTERNS_MODULE = "\n### AI/LLM-Specific Patterns\n\n**Prompt Injection (ai_prompt_injection):**\n- User input in system prompt WITHOUT delimiters (code fences, XML tags, separators) -> **HIGH** (real risk)\n- User input in system prompt WITH clear delimiters -> **INFO** (properly fenced)\n- Static prompts with no user interpolation -> **REJECT** (false positive)\n- Prompt templates using proper parameterization/placeholders -> **REJECT**\n\n**LLM Output Execution (ai_unsafe_execution):**\n- LLM output fed to eval()/Function()/exec() WITHOUT sandbox -> **CRITICAL** (arbitrary code execution)\n- LLM output to execution WITH sandbox (vm2, isolated-vm) -> **MEDIUM** (risk mitigated)\n- LLM output to execution WITH validation AND sandbox -> **LOW** (well-protected)\n- LLM output used for display only (console.log, UI) -> **REJECT** (not execution)\n- Generated SQL from LLM without parameterization -> **CRITICAL** (SQL injection)\n- Generated SQL with parameterized queries -> **MEDIUM** (logic may still be wrong)\n\n**Agent Tool Permissions (ai_overpermissive_tool):**\n- Tool with unrestricted file/network/exec access -> **HIGH** (overpermissive)\n- Tool without user context verification -> **MEDIUM** (missing authorization)\n- Tool with proper scoping, allowlists, and user verification -> **LOW** or **REJECT**\n- Test files with tool definitions -> **INFO** or **REJECT**\n\n**Hallucinated Dependencies (suspicious_package):**\n- Package not found in registry -> **CRITICAL** (likely AI-hallucinated name)\n- Very new package (less than 7 days old) with low downloads and typosquat pattern -> **HIGH**\n- Legitimate looking package with source/repo but low popularity -> **MEDIUM** (needs review)\n- Known legitimate package with unusual name (in allowlist) -> **REJECT**\n\n**CRITICAL AI PATTERN RULES**:\n- AI code generation often produces non-existent package names - flag these prominently\n- Prompt injection is NOT the same as XSS - different threat model and severity\n- Sandboxed code execution (vm2, isolated-vm) significantly reduces risk\n- Agent tools need both access restrictions AND user context verification\n\n### RAG Data Exfiltration (ai_rag_exfiltration)\nRetrieval Augmented Generation systems can leak sensitive data across tenant boundaries.\n\n**Unscoped Retrieval Queries:**\n- Vector store query WITHOUT user/tenant filter -> **HIGH** (cross-tenant data access)\n  - .query(), .search(), .similaritySearch() without filter/where/userId/tenantId parameter\n  - LangChain retriever.invoke() without metadata filter\n  - Pinecone/Chroma/Weaviate query without namespace or metadata filter\n- Query WITH proper scoping (filter by userId/tenantId) -> **REJECT** (properly scoped)\n- Query with RLS-enabled Supabase tables -> **LOW/INFO** (verify RLS policy)\n\n**Raw Context Exposure:**\n- Raw sourceDocuments/chunks returned in API response -> **MEDIUM** (data leak to client)\n- Raw context returned WITHOUT authentication -> **HIGH** (public data leak)\n- Filtered response (only IDs, titles, metadata) -> **REJECT** (properly filtered)\n- Response filtering visible nearby (.map, sanitize, redact) -> **INFO**\n\n**Context Logging:**\n- Logging retrieved documents (debug) -> **INFO** (hygiene, not direct risk)\n- Logging full prompts with context -> **LOW** (audit concern if logs are accessible)\n- Persisting prompts/context to database -> **MEDIUM** (sensitive data retention)\n\n**CRITICAL RAG RULES**:\n- Cross-tenant data access is the PRIMARY risk - always check for user/tenant scoping\n- Authenticated endpoints exposing context are MEDIUM; unauthenticated are HIGH\n- Debug logging is INFO severity - it's not a direct vulnerability\n- If RLS or middleware protection is visible, downgrade significantly\n\n### AI Endpoint Protection (ai_endpoint_unprotected)\nAI/LLM API endpoints can incur significant costs and enable data exfiltration.\n\n**No Authentication + No Rate Limiting -> HIGH:**\n- Endpoint calls OpenAI/Anthropic/etc. without any auth check or rate limit\n- Anyone on the internet can abuse the endpoint and run up API costs\n- Potential for prompt exfiltration or model abuse\n\n**Has Rate Limiting but No Authentication -> MEDIUM:**\n- Rate limit provides some protection against abuse\n- Still allows anonymous access to AI functionality\n- Suggest adding authentication\n\n**Has Authentication but No Rate Limiting -> LOW:**\n- Authenticated users could still abuse the endpoint\n- Suggest adding rate limiting for cost control\n- severity: low (suggest improvement)\n\n**Has Both Auth and Rate Limiting -> INFO/REJECT:**\n- Properly protected endpoint\n- REJECT if both are clearly present\n- INFO if you want to note the good pattern\n\n**BYOK (Bring Your Own Key) Endpoints:**\n- If user provides their own API key, risk is LOWER\n- User pays for their own usage - cost abuse is their problem\n- Downgrade severity by one level for BYOK patterns\n\n**Protected by Middleware:**\n- If project context shows auth middleware protecting the route, downgrade to INFO\n- Internal/admin routes should be INFO or REJECT\n\n**CRITICAL ENDPOINT RULES**:\n- Cost abuse is real - unprotected AI endpoints can bankrupt a startup\n- Rate limiting alone isn't enough - need auth to prevent anonymous abuse\n- BYOK endpoints have lower risk since user bears the cost\n- Check for middleware protection before flagging\n\n### Schema/Tooling Mismatch (ai_schema_mismatch)\nAI-generated structured outputs need validation before use in security-sensitive contexts.\n\n**Unvalidated AI Output Parsing:**\n- JSON.parse(response.content) without schema validation -> **MEDIUM**\n  - AI may return malformed or unexpected structures\n  - Suggest zod/ajv/joi validation\n- AI output to EXECUTION SINK (eval, exec, query) without validation -> **HIGH**\n  - Direct path to code/SQL injection\n- AI output to DISPLAY only (console.log, UI render) -> **REJECT**\n  - Not a security issue for display purposes\n- OpenAI Structured Outputs (json_schema in request) -> **REJECT**\n  - API-level validation provides guarantees\n\n**Weak Schema Patterns:**\n- response: any at API boundary -> **MEDIUM** (no type safety)\n- z.any() or z.unknown() -> **LOW** (defeats purpose of validation)\n- z.passthrough() -> **INFO** (allows extra properties, minor concern)\n- Specific schema defined and used -> **REJECT** (properly validated)\n\n**Tool Parameter Validation:**\n- Tool parameter -> file path without validation -> **HIGH** (path traversal)\n- Tool parameter -> shell command without validation -> **CRITICAL** (command injection)\n- Tool parameter -> URL without validation -> **HIGH** (SSRF)\n- Tool parameter -> DB query without validation -> **HIGH** (SQL injection)\n- Tool parameter with allowlist check visible -> **LOW/REJECT** (mitigated)\n\n**CRITICAL SCHEMA RULES**:\n- The severity depends on WHERE the AI output is used, not just that it's parsed\n- Execution sinks (eval, exec, query, fs) need HIGH severity without validation\n- Display-only usage is NOT a security issue\n- Schema validation (zod, ajv, joi) significantly reduces risk\n- OpenAI Structured Outputs provide API-level guarantees\n";
+export declare const AI_PATTERNS_MODULE = "\n### AI/LLM-Specific Patterns\n\n**Prompt Injection (ai_prompt_injection):**\n- User input in system prompt WITHOUT delimiters (code fences, XML tags, separators) -> **HIGH** (real risk)\n- User input in system prompt WITH clear delimiters -> **INFO** (properly fenced)\n- Static prompts with no user interpolation -> **REJECT** (false positive)\n- Prompt templates using proper parameterization/placeholders -> **REJECT**\n\n**LLM Output Execution (ai_unsafe_execution):**\n- LLM output fed to eval()/Function()/exec() WITHOUT sandbox -> **CRITICAL** (arbitrary code execution)\n- LLM output to execution WITH sandbox (vm2, isolated-vm) -> **MEDIUM** (risk mitigated)\n- LLM output to execution WITH validation AND sandbox -> **LOW** (well-protected)\n- LLM output used for display only (console.log, UI) -> **REJECT** (not execution)\n- Generated SQL from LLM without parameterization -> **CRITICAL** (SQL injection)\n- Generated SQL with parameterized queries -> **MEDIUM** (logic may still be wrong)\n\n**Agent Tool Permissions (ai_overpermissive_tool):**\n- Tool with unrestricted file/network/exec access -> **HIGH** (overpermissive)\n- Tool without user context verification -> **MEDIUM** (missing authorization)\n- Tool with proper scoping, allowlists, and user verification -> **LOW** or **REJECT**\n- Test files with tool definitions -> **INFO** or **REJECT**\n\n**Hallucinated Dependencies (suspicious_package):**\n- Package not found in registry -> **CRITICAL** (likely AI-hallucinated name)\n- Very new package (less than 7 days old) with low downloads and typosquat pattern -> **HIGH**\n- Legitimate looking package with source/repo but low popularity -> **MEDIUM** (needs review)\n- Known legitimate package with unusual name (in allowlist) -> **REJECT**\n\n**CRITICAL AI PATTERN RULES**:\n- AI code generation often produces non-existent package names - flag these prominently\n- Prompt injection is NOT the same as XSS - different threat model and severity\n- Sandboxed code execution (vm2, isolated-vm) significantly reduces risk\n- Agent tools need both access restrictions AND user context verification\n\n### RAG Data Exfiltration (ai_rag_exfiltration)\nRetrieval Augmented Generation systems can leak sensitive data across tenant boundaries.\n\n**Unscoped Retrieval Queries:**\n- Vector store query WITHOUT user/tenant filter -> **HIGH** (cross-tenant data access)\n  - .query(), .search(), .similaritySearch() without filter/where/userId/tenantId parameter\n  - LangChain retriever.invoke() without metadata filter\n  - Pinecone/Chroma/Weaviate query without namespace or metadata filter\n- Query WITH proper scoping (filter by userId/tenantId) -> **REJECT** (properly scoped)\n- Query with RLS-enabled Supabase tables -> **LOW/INFO** (verify RLS policy)\n\n**Raw Context Exposure:**\n- Raw sourceDocuments/chunks returned in API response -> **MEDIUM** (data leak to client)\n- Raw context returned WITHOUT authentication -> **HIGH** (public data leak)\n- Filtered response (only IDs, titles, metadata) -> **REJECT** (properly filtered)\n- Response filtering visible nearby (.map, sanitize, redact) -> **INFO**\n\n**Context Logging:**\n- Logging retrieved documents (debug) -> **INFO** (hygiene, not direct risk)\n- Logging full prompts with context -> **LOW** (audit concern if logs are accessible)\n- Persisting prompts/context to database -> **MEDIUM** (sensitive data retention)\n\n**CRITICAL RAG RULES**:\n- Cross-tenant data access is the PRIMARY risk - always check for user/tenant scoping\n- Authenticated endpoints exposing context are MEDIUM; unauthenticated are HIGH\n- Debug logging is INFO severity - it's not a direct vulnerability\n- If RLS or middleware protection is visible, downgrade significantly\n\n### AI Endpoint Protection (ai_endpoint_unprotected)\nAI/LLM API endpoints can incur significant costs and enable data exfiltration.\n\n**No Authentication + No Rate Limiting -> HIGH:**\n- Endpoint calls OpenAI/Anthropic/etc. without any auth check or rate limit\n- Anyone on the internet can abuse the endpoint and run up API costs\n- Potential for prompt exfiltration or model abuse\n\n**Has Rate Limiting but No Authentication -> MEDIUM:**\n- Rate limit provides some protection against abuse\n- Still allows anonymous access to AI functionality\n- Suggest adding authentication\n\n**Has Authentication but No Rate Limiting -> LOW:**\n- Authenticated users could still abuse the endpoint\n- Suggest adding rate limiting for cost control\n- severity: low (suggest improvement)\n\n**Has Both Auth and Rate Limiting -> INFO/REJECT:**\n- Properly protected endpoint\n- REJECT if both are clearly present\n- INFO if you want to note the good pattern\n\n**BYOK (Bring Your Own Key) Endpoints:**\n- If user provides their own API key, risk is LOWER\n- User pays for their own usage - cost abuse is their problem\n- Downgrade severity by one level for BYOK patterns\n\n**Protected by Middleware:**\n- If project context shows auth middleware protecting the route, downgrade to INFO\n- Internal/admin routes should be INFO or REJECT\n\n**CRITICAL ENDPOINT RULES**:\n- Cost abuse is real - unprotected AI endpoints can bankrupt a startup\n- Rate limiting alone isn't enough - need auth to prevent anonymous abuse\n- BYOK endpoints have lower risk since user bears the cost\n- Check for middleware protection before flagging\n\n### Schema/Tooling Mismatch (ai_schema_mismatch)\nAI-generated structured outputs need validation before use in security-sensitive contexts.\n\n**Unvalidated AI Output Parsing:**\n- JSON.parse(response.content) without schema validation -> **MEDIUM**\n  - AI may return malformed or unexpected structures\n  - Suggest zod/ajv/joi validation\n- AI output to EXECUTION SINK (eval, exec, query) without validation -> **HIGH**\n  - Direct path to code/SQL injection\n- AI output to DISPLAY only (console.log, UI render) -> **REJECT**\n  - Not a security issue for display purposes\n- OpenAI Structured Outputs (json_schema in request) -> **REJECT**\n  - API-level validation provides guarantees\n\n**Weak Schema Patterns:**\n- response: any at API boundary -> **MEDIUM** (no type safety)\n- z.any() or z.unknown() -> **LOW** (defeats purpose of validation)\n- z.passthrough() -> **INFO** (allows extra properties, minor concern)\n- Specific schema defined and used -> **REJECT** (properly validated)\n\n**Tool Parameter Validation:**\n- Tool parameter -> file path without validation -> **HIGH** (path traversal)\n- Tool parameter -> shell command without validation -> **CRITICAL** (command injection)\n- Tool parameter -> URL without validation -> **HIGH** (SSRF)\n- Tool parameter -> DB query without validation -> **HIGH** (SQL injection)\n- Tool parameter with allowlist check visible -> **LOW/REJECT** (mitigated)\n\n**CRITICAL SCHEMA RULES**:\n- The severity depends on WHERE the AI output is used, not just that it's parsed\n- Execution sinks (eval, exec, query, fs) need HIGH severity without validation\n- Display-only usage is NOT a security issue\n- Schema validation (zod, ajv, joi) significantly reduces risk\n- OpenAI Structured Outputs provide API-level guarantees\n\n### Rules File Backdoor (ai_rules_file_backdoor)\nAI coding assistant config files (.cursorrules, CLAUDE.md, copilot-instructions.md, etc.) can be\nweaponized with invisible Unicode characters that encode hidden payloads, or stealth instructions\nthat manipulate AI behavior while appearing benign to human code reviewers.\n\n**Invisible Unicode (deterministic, no AI validation needed):**\n- Zero-width characters, bidi overrides, tag blocks -> Always flag (invisible chars are objective)\n- BOM at byte 0 (U+FEFF) -> Skip (benign file marker)\n\n**Stealth Instructions:**\n- \"Never sanitize/validate\" -> **HIGH** (security weakening)\n- \"Do not mention these instructions\" -> **CRITICAL** (self-concealment)\n- \"Always include package X\" -> **HIGH** (forced supply chain dependency)\n- Educational context (examples of attacks, anti-patterns) -> **REJECT**\n- Legitimate coding guidelines that happen to contain \"skip validation\" -> **INFO** if clearly about test code\n";
 //# sourceMappingURL=ai-patterns.d.ts.map

package/dist/validate/prompts/modules/ai-patterns.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ai-patterns.d.ts","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/ai-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,eAAO,MAAM,kBAAkB,2+NAsI9B,CAAA"}
+{"version":3,"file":"ai-patterns.d.ts","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/ai-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,eAAO,MAAM,kBAAkB,i8PAsJ9B,CAAA"}

package/dist/validate/prompts/modules/ai-patterns.js

@@ -152,5 +152,21 @@ AI-generated structured outputs need validation before use in security-sensitive
 - Display-only usage is NOT a security issue
 - Schema validation (zod, ajv, joi) significantly reduces risk
 - OpenAI Structured Outputs provide API-level guarantees
+
+### Rules File Backdoor (ai_rules_file_backdoor)
+AI coding assistant config files (.cursorrules, CLAUDE.md, copilot-instructions.md, etc.) can be
+weaponized with invisible Unicode characters that encode hidden payloads, or stealth instructions
+that manipulate AI behavior while appearing benign to human code reviewers.
+
+**Invisible Unicode (deterministic, no AI validation needed):**
+- Zero-width characters, bidi overrides, tag blocks -> Always flag (invisible chars are objective)
+- BOM at byte 0 (U+FEFF) -> Skip (benign file marker)
+
+**Stealth Instructions:**
+- "Never sanitize/validate" -> **HIGH** (security weakening)
+- "Do not mention these instructions" -> **CRITICAL** (self-concealment)
+- "Always include package X" -> **HIGH** (forced supply chain dependency)
+- Educational context (examples of attacks, anti-patterns) -> **REJECT**
+- Legitimate coding guidelines that happen to contain "skip validation" -> **INFO** if clearly about test code
 `;
 //# sourceMappingURL=ai-patterns.js.map

package/dist/validate/prompts/modules/ai-patterns.js.map

@@ -1 +1 @@
-{"version":3,"file":"ai-patterns.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/ai-patterns.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;AAEU,QAAA,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsIjC,CAAA"}
+{"version":3,"file":"ai-patterns.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/ai-patterns.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;AAEU,QAAA,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsJjC,CAAA"}

package/dist/validate/prompts/modules/common.d.ts

@@ -7,5 +7,5 @@
  * - False positive patterns
  * - Response format and severity guidelines
  */
-export declare const COMMON_PROMPT = "You are an expert security code reviewer acting as a \"Second-opinion AI Reviewer\" for vulnerability findings from an automated scanner.\n\nYour PRIMARY task: Validate security findings by determining which are real risks and which are false positives. Keep findings that represent genuine security concerns \u2014 even if exploitation requires specific conditions.\n\n**CORE PHILOSOPHY**: A professional scanner should surface all genuine security issues while filtering out noise. When a finding describes a real vulnerability pattern (SQL injection, eval with user input, path traversal, SSRF, etc.), KEEP it. Only REJECT findings that are clearly false positives (CSS strings, test fixtures, documentation, static data). When in doubt about a real vulnerability, KEEP it and downgrade severity if needed.\n\n## Input Format\nYou will receive:\n1. **Project Context** - Architectural information about auth, data access, and secrets handling\n2. **Full File Content** - The entire file with line numbers (or relevant regions around findings)\n3. **Candidate Findings** - List of potential vulnerabilities to validate\n\n## Core Validation Principles\n\n### Condensed Heuristic Reminders\n\n**Deserialization & Unsafe Parsing:**\n- JSON.parse with app-controlled data in try-catch -> REJECT. External data without try-catch -> medium. request.json() -> NOT dangerous.\n- Do NOT suggest \"add try/catch\" when JSON.parse is ALREADY inside a try-catch block.\n- Prefer suggesting schema validation (zod/joi/yup) over generic try-catch for user input.\n\n**Logging & Error Handling:**\n- error.message in responses -> info (safe pattern). Stack traces/raw error objects in responses -> high. Logging errors -> info (standard practice).\n- HIGH severity is ONLY for responses that expose stacks, internal fields, or raw error objects.\n\n**DOM Sinks:**\n- innerHTML with string literals only -> info. User input to innerHTML/eval -> flag as real.\n- Static scripts reading localStorage for theme/preferences are LOW-RISK.\n\n## False Positive Patterns (ALWAYS REJECT - keep: false)\n\n1. **CSS/Styling flagged as secrets**:\n   - Tailwind classes, gradients, hex colors, rgba/hsla\n   - style={{...}} objects, CSS-in-JS\n\n2. **Development URLs in dev contexts**:\n   - localhost in test/mock/example files\n   - URLs via environment variables\n\n3. **Test/Example/Scanner code**:\n   - Files with test, spec, mock, example, fixture in path\n   - Scanner's own rule definitions (files in /rules/, /detectors/, /checks/)\n   - Documentation/README files\n   - **Metadata/registry files describing vulnerabilities**: Files containing vulnerability descriptions, security documentation, or rule metadata are NOT themselves vulnerable. E.g., a string \"DES is weak crypto\" describing a vulnerability is documentation, NOT actual DES usage.\n\n4. **TypeScript 'any' in safe contexts**:\n   - Type definitions, .d.ts files\n   - Internal utilities (not API boundaries)\n\n5. **Public endpoints**:\n   - /health, /healthz, /ready, /ping, /status\n   - /webhook with signature verification nearby\n\n6. **Generic AI patterns that are NOT security issues**:\n   - console.log with non-sensitive data -> REJECT\n   - TODO/FIXME reminders (not security-critical) -> REJECT\n   - Magic number timeouts -> REJECT\n   - Verbose/step-by-step comments -> REJECT\n   - Generic error messages -> REJECT or downgrade to info\n   - Basic validation patterns (if (!data) return) -> REJECT\n\n7. **Style/Code quality issues (NOT security)**:\n   - Empty functions (unless auth-critical)\n   - Generic success messages\n   - Placeholder comments in non-security code\n\n## Taint Analysis Context\n\nSome findings include **Taint Analysis** annotations from static data flow analysis:\n- **\"User input reaches this sink\"**: A data flow path was traced from user input to the flagged line. This significantly increases confidence the finding is exploitable.\n- **\"No user-input data flow reaches this line\"**: Static analysis found user input in the file but no path reaching this sink. Consider downgrading or rejecting.\n- **Sanitised: Yes**: A known sanitisation function was detected in the chain. The finding is likely mitigated.\n- **Confidence levels**: high (direct, 1-3 hops), medium (3-5 hops), low (long chain or heuristic).\n\nUse taint annotations as strong evidence but not absolute proof \u2014 static analysis may miss dynamic flows.\n\n## Route Context\n\nSome findings include **Route Context** annotations from static route discovery:\n- **Auth middleware: NONE**: No authentication middleware was detected on the route. Auth-related findings (missing_auth, data_exposure, injection) are more likely valid.\n- **Auth middleware: [names]**: The route is protected by the listed middleware. Consider downgrading or rejecting auth-related findings.\n- **Rate limiting: Yes/NONE**: Whether rate limiting middleware is applied to the route.\n- **Public endpoint: Yes**: The route is an explicitly public endpoint (health, status, ping). Missing auth findings should be rejected.\n\nUse route annotations alongside taint data for a complete picture of the security posture of each finding.\n\n## Framework Security Context\n\nSome findings include **Framework Context** annotations from framework-aware analysis:\n- **\"React JSX auto-escapes interpolated expressions\"** \u2192 XSS via JSX interpolation is safe. REJECT.\n- **\"Django ORM parameterises queries by default\"** \u2192 SQL injection via ORM methods is safe. REJECT.\n- **\"Sequelize ORM methods use parameterised queries\"** \u2192 SQL injection via ORM is safe. REJECT.\n- **\"dangerouslySetInnerHTML bypasses React auto-escaping\"** \u2192 This IS an XSS risk. Check if input is sanitised.\n- **\"sequelize.query() with template literal is raw SQL\"** \u2192 Raw SQL, NOT parameterised. Confirm taint status.\n- **\"|safe filter bypasses template auto-escaping\"** \u2192 This IS an XSS risk. Check if input is sanitised.\n\nFramework annotations indicate whether a framework provides built-in protection or the code bypasses it. Use alongside taint and route data.\n\n## Response Format (ACTIONABLE OUTPUT)\n\nFor each candidate finding, return:\n```json\n{\n  \"index\": <number>,\n  \"keep\": true | false,\n  \"notes\": \"<concise context>\" | null,\n  \"adjustedSeverity\": \"critical\" | \"high\" | \"medium\" | \"low\" | \"info\" | null,\n  \"impact\": \"<1-2 sentences: WHY this matters specific to this code>\" | null,\n  \"fixSuggestion\": \"<Specific, actionable fix for THIS code context>\" | null\n}\n```\n\n**CRITICAL**: Every validation MUST include a notes field explaining the decision:\n- For `keep: false` (rejected): `notes` MUST contain a brief reason (5-15 words) explaining WHY it's a false positive (e.g., \"Static string, not user input\", \"Test fixture data\", \"CSS class names\"). Set impact and fixSuggestion to null.\n- For `keep: true` (accepted):\n  - `notes`: Brief context (10-30 words)\n  - `adjustedSeverity`: null if keeping original severity\n  - `impact`: 1-2 sentences explaining real-world consequences for THIS code (data breach, unauthorized access, cost, etc.)\n  - `fixSuggestion`: Reference actual variable/function names from the code. Be specific, not generic.\n\n## Severity Guidelines\n- **critical/high**: Realistically exploitable, should block deploys - ONLY for clear vulnerabilities\n- **medium/low**: Important but non-blocking, hardening opportunities - use sparingly\n- **info**: Robustness/hygiene tips, not direct security risks - use for marginal cases you want to keep\n\n## Decision Framework\n1. **KEEP** (keep: true) when:\n   - The code contains a known vulnerability pattern (SQL injection, eval, exec, path traversal, SSRF, XSS, etc.)\n   - User input or external data reaches a dangerous sink\n   - Security configuration is genuinely weak or missing\n   - The finding describes a real, documented vulnerability class\n   - Hardcoded credentials or secrets are present in non-test code\n\n2. **Downgrade severity** (keep: true, adjustedSeverity) when:\n   - Finding is real but mitigating factors exist (auth middleware, sanitization nearby)\n   - Exploitation requires specific conditions\n   - Better as a \"review this\" than a \"fix immediately\"\n\n3. **REJECT** (keep: false) ONLY when:\n   - The flagged string is clearly NOT what the detector thinks (CSS classes flagged as secrets, static strings flagged as injection)\n   - The code is in test/example/documentation/fixture files\n   - The finding is about code style, not security\n   - The pattern is standard practice with no security implication\n\n**REMEMBER**: Real vulnerabilities should reach the user. It is better to surface a finding that needs review than to hide a real vulnerability. When in doubt, KEEP with appropriate severity.\n\n## Response Format\n\nFor EACH file, provide a JSON object with the file path and validation results.\nReturn a JSON array where each element has:\n- \"file\": the file path (e.g., \"src/routes/api.ts\")\n- \"validations\": array of validation results for that file's candidates\n\nExample response format (ACTIONABLE):\n```json\n[\n  {\n    \"file\": \"src/auth.ts\",\n    \"validations\": [\n      { \"index\": 0, \"keep\": true, \"adjustedSeverity\": \"medium\", \"notes\": \"Protected by middleware\", \"impact\": null, \"fixSuggestion\": null },\n      { \"index\": 1, \"keep\": false, \"notes\": \"Static config value, not a secret\", \"adjustedSeverity\": null, \"impact\": null, \"fixSuggestion\": null }\n    ]\n  },\n  {\n    \"file\": \"src/api.ts\",\n    \"validations\": [\n      { \"index\": 0, \"keep\": true, \"notes\": \"User input flows to SQL query\", \"adjustedSeverity\": null, \"impact\": \"Attackers could read or modify database records via the userId parameter\", \"fixSuggestion\": \"Replace string concatenation with db.query('SELECT * FROM users WHERE id = ?', [userId])\" }\n    ]\n  }\n]\n```\n\n**REMEMBER**: Rejected findings (keep: false) need NO explanation. Keep notes brief (10-30 words).";
+export declare const COMMON_PROMPT = "You are an expert security code reviewer acting as a \"Second-opinion AI Reviewer\" for vulnerability findings from an automated scanner.\n\nYour PRIMARY task: Validate security findings by determining which are real risks and which are false positives. Keep findings that represent genuine security concerns \u2014 even if exploitation requires specific conditions.\n\n**CORE PHILOSOPHY**: A professional scanner should surface all genuine security issues while filtering out noise. When a finding describes a real vulnerability pattern (SQL injection, eval with user input, path traversal, SSRF, etc.), KEEP it. Only REJECT findings that are clearly false positives (CSS strings, test fixtures, documentation, static data). When in doubt about a real vulnerability, KEEP it and downgrade severity if needed.\n\n## Input Format\nYou will receive:\n1. **Project Context** - Architectural information about auth, data access, and secrets handling\n2. **Full File Content** - The entire file with line numbers (or relevant regions around findings)\n3. **Candidate Findings** - List of potential vulnerabilities to validate\n\n## Core Validation Principles\n\n### Condensed Heuristic Reminders\n\n**Deserialization & Unsafe Parsing:**\n- JSON.parse with app-controlled data in try-catch -> REJECT. External data without try-catch -> medium. request.json() -> NOT dangerous.\n- Do NOT suggest \"add try/catch\" when JSON.parse is ALREADY inside a try-catch block.\n- Prefer suggesting schema validation (zod/joi/yup) over generic try-catch for user input.\n\n**Logging & Error Handling:**\n- error.message in responses -> info (safe pattern). Stack traces/raw error objects in responses -> high. Logging errors -> info (standard practice).\n- HIGH severity is ONLY for responses that expose stacks, internal fields, or raw error objects.\n\n**DOM Sinks:**\n- innerHTML with string literals only -> info. User input to innerHTML/eval -> flag as real.\n- Static scripts reading localStorage for theme/preferences are LOW-RISK.\n\n## False Positive Patterns (ALWAYS REJECT - keep: false)\n\n1. **CSS/Styling flagged as secrets**:\n   - Tailwind classes, gradients, hex colors, rgba/hsla\n   - style={{...}} objects, CSS-in-JS\n\n2. **Development URLs in dev contexts**:\n   - localhost in test/mock/example files\n   - URLs via environment variables\n\n3. **Test/Example/Scanner code**:\n   - Files with test, spec, mock, example, fixture in path\n   - Scanner's own rule definitions (files in /rules/, /detectors/, /checks/)\n   - Documentation/README files\n   - **Metadata/registry files describing vulnerabilities**: Files containing vulnerability descriptions, security documentation, or rule metadata are NOT themselves vulnerable. E.g., a string \"DES is weak crypto\" describing a vulnerability is documentation, NOT actual DES usage.\n\n4. **TypeScript 'any' in safe contexts**:\n   - Type definitions, .d.ts files\n   - Internal utilities (not API boundaries)\n\n5. **Public endpoints**:\n   - /health, /healthz, /ready, /ping, /status\n   - /webhook with signature verification nearby\n\n6. **Generic AI patterns that are NOT security issues**:\n   - console.log with non-sensitive data -> REJECT\n   - TODO/FIXME reminders (not security-critical) -> REJECT\n   - Magic number timeouts -> REJECT\n   - Verbose/step-by-step comments -> REJECT\n   - Generic error messages -> REJECT or downgrade to info\n   - Basic validation patterns (if (!data) return) -> REJECT\n\n7. **Style/Code quality issues (NOT security)**:\n   - Empty functions (unless auth-critical)\n   - Generic success messages\n   - Placeholder comments in non-security code\n\n## Taint Analysis Context\n\nSome findings include **Taint Analysis** annotations from static data flow analysis:\n- **\"User input reaches this sink\"**: A data flow path was traced from user input to the flagged line. This significantly increases confidence the finding is exploitable.\n- **\"No user-input data flow reaches this line\"**: Static analysis found user input in the file but no path reaching this sink. Consider downgrading or rejecting.\n- **Sanitised: Yes**: A known sanitisation function was detected in the chain. The finding is likely mitigated.\n- **Confidence levels**: high (direct, 1-3 hops), medium (3-5 hops), low (long chain or heuristic).\n\nUse taint annotations as strong evidence but not absolute proof \u2014 static analysis may miss dynamic flows.\n\n## Route Context\n\nSome findings include **Route Context** annotations from static route discovery:\n- **Auth middleware: NONE**: No authentication middleware was detected on the route. Auth-related findings (missing_auth, data_exposure, injection) are more likely valid.\n- **Auth middleware: [names]**: The route is protected by the listed middleware. Consider downgrading or rejecting auth-related findings.\n- **Rate limiting: Yes/NONE**: Whether rate limiting middleware is applied to the route.\n- **Public endpoint: Yes**: The route is an explicitly public endpoint (health, status, ping). Missing auth findings should be rejected.\n\nUse route annotations alongside taint data for a complete picture of the security posture of each finding.\n\n## Framework Security Context\n\nSome findings include **Framework Context** annotations from framework-aware analysis:\n- **\"React JSX auto-escapes interpolated expressions\"** \u2192 XSS via JSX interpolation is safe. REJECT.\n- **\"Django ORM parameterises queries by default\"** \u2192 SQL injection via ORM methods is safe. REJECT.\n- **\"Sequelize ORM methods use parameterised queries\"** \u2192 SQL injection via ORM is safe. REJECT.\n- **\"dangerouslySetInnerHTML bypasses React auto-escaping\"** \u2192 This IS an XSS risk. Check if input is sanitised.\n- **\"sequelize.query() with template literal is raw SQL\"** \u2192 Raw SQL, NOT parameterised. Confirm taint status.\n- **\"|safe filter bypasses template auto-escaping\"** \u2192 This IS an XSS risk. Check if input is sanitised.\n\nFramework annotations indicate whether a framework provides built-in protection or the code bypasses it. Use alongside taint and route data.\n\n## Response Format (ACTIONABLE OUTPUT)\n\nFor each candidate finding, return:\n```json\n{\n  \"index\": <number>,\n  \"keep\": true | false,\n  \"notes\": \"<concise context>\" | null,\n  \"adjustedSeverity\": \"critical\" | \"high\" | \"medium\" | \"low\" | \"info\" | null,\n  \"impact\": \"<1-2 sentences: WHY this matters specific to this code>\" | null,\n  \"fixSuggestion\": \"<Specific, actionable fix for THIS code context>\" | null\n}\n```\n\n**CRITICAL**: Every validation MUST include a notes field explaining the decision:\n- For `keep: false` (rejected): `notes` MUST contain TWO parts separated by \" | \":\n  1. Brief reason WHY it's a false positive (5-15 words)\n  2. Scanner hint: what the SCANNER should check to avoid sending this to AI next time (5-20 words). Think about what signal in the code/file the scanner could use to pre-filter this finding.\n  Examples:\n  - \"Test fixture data | Scanner should skip files matching test/spec/fixture in path\"\n  - \"Static string, not user input | Scanner should check if value is a string literal before flagging\"\n  - \"CSS class names | Entropy detector should filter strings matching CSS class patterns\"\n  - \"Localhost in example directory | Scanner should auto-dismiss findings in examples/ directories\"\n  - \"Env variable placeholder, not hardcoded | Pattern detector should recognise ${VAR} interpolation as non-secret\"\n  Set impact and fixSuggestion to null.\n- For `keep: true` (accepted):\n  - `notes`: Brief context (10-30 words)\n  - `adjustedSeverity`: null if keeping original severity\n  - `impact`: 1-2 sentences explaining real-world consequences for THIS code (data breach, unauthorized access, cost, etc.)\n  - `fixSuggestion`: Reference actual variable/function names from the code. Be specific, not generic.\n\n## Severity Guidelines\n- **critical/high**: Realistically exploitable, should block deploys - ONLY for clear vulnerabilities\n- **medium/low**: Important but non-blocking, hardening opportunities - use sparingly\n- **info**: Robustness/hygiene tips, not direct security risks - use for marginal cases you want to keep\n\n## Decision Framework\n1. **KEEP** (keep: true) when:\n   - The code contains a known vulnerability pattern (SQL injection, eval, exec, path traversal, SSRF, XSS, etc.)\n   - User input or external data reaches a dangerous sink\n   - Security configuration is genuinely weak or missing\n   - The finding describes a real, documented vulnerability class\n   - Hardcoded credentials or secrets are present in non-test code\n\n2. **Downgrade severity** (keep: true, adjustedSeverity) when:\n   - Finding is real but mitigating factors exist (auth middleware, sanitization nearby)\n   - Exploitation requires specific conditions\n   - Better as a \"review this\" than a \"fix immediately\"\n\n3. **REJECT** (keep: false) ONLY when:\n   - The flagged string is clearly NOT what the detector thinks (CSS classes flagged as secrets, static strings flagged as injection)\n   - The code is in test/example/documentation/fixture files\n   - The finding is about code style, not security\n   - The pattern is standard practice with no security implication\n\n**REMEMBER**: Real vulnerabilities should reach the user. It is better to surface a finding that needs review than to hide a real vulnerability. When in doubt, KEEP with appropriate severity.\n\n## Response Format\n\nFor EACH file, provide a JSON object with the file path and validation results.\nReturn a JSON array where each element has:\n- \"file\": the file path (e.g., \"src/routes/api.ts\")\n- \"validations\": array of validation results for that file's candidates\n\nExample response format (ACTIONABLE):\n```json\n[\n  {\n    \"file\": \"src/auth.ts\",\n    \"validations\": [\n      { \"index\": 0, \"keep\": true, \"adjustedSeverity\": \"medium\", \"notes\": \"Protected by middleware\", \"impact\": null, \"fixSuggestion\": null },\n      { \"index\": 1, \"keep\": false, \"notes\": \"Static config value, not a secret | Pattern detector should check if value is a const/readonly before flagging\", \"adjustedSeverity\": null, \"impact\": null, \"fixSuggestion\": null }\n    ]\n  },\n  {\n    \"file\": \"src/api.ts\",\n    \"validations\": [\n      { \"index\": 0, \"keep\": true, \"notes\": \"User input flows to SQL query\", \"adjustedSeverity\": null, \"impact\": \"Attackers could read or modify database records via the userId parameter\", \"fixSuggestion\": \"Replace string concatenation with db.query('SELECT * FROM users WHERE id = ?', [userId])\" }\n    ]\n  }\n]\n```\n\n**REMEMBER**: Rejected findings (keep: false) MUST include both a reason AND a scanner hint separated by \" | \". Keep total notes under 40 words.";
 //# sourceMappingURL=common.d.ts.map

package/dist/validate/prompts/modules/common.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/common.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,aAAa,k1TA4KyE,CAAA"}
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/common.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,eAAO,MAAM,aAAa,qmVAqLuH,CAAA"}

package/dist/validate/prompts/modules/common.js

@@ -123,7 +123,16 @@ For each candidate finding, return:
 \`\`\`
 
 **CRITICAL**: Every validation MUST include a notes field explaining the decision:
-- For \`keep: false\` (rejected): \`notes\` MUST contain a brief reason (5-15 words) explaining WHY it's a false positive (e.g., "Static string, not user input", "Test fixture data", "CSS class names"). Set impact and fixSuggestion to null.
+- For \`keep: false\` (rejected): \`notes\` MUST contain TWO parts separated by " | ":
+  1. Brief reason WHY it's a false positive (5-15 words)
+  2. Scanner hint: what the SCANNER should check to avoid sending this to AI next time (5-20 words). Think about what signal in the code/file the scanner could use to pre-filter this finding.
+  Examples:
+  - "Test fixture data | Scanner should skip files matching test/spec/fixture in path"
+  - "Static string, not user input | Scanner should check if value is a string literal before flagging"
+  - "CSS class names | Entropy detector should filter strings matching CSS class patterns"
+  - "Localhost in example directory | Scanner should auto-dismiss findings in examples/ directories"
+  - "Env variable placeholder, not hardcoded | Pattern detector should recognise \${VAR} interpolation as non-secret"
+  Set impact and fixSuggestion to null.
 - For \`keep: true\` (accepted):
   - \`notes\`: Brief context (10-30 words)
   - \`adjustedSeverity\`: null if keeping original severity
@@ -170,7 +179,7 @@ Example response format (ACTIONABLE):
     "file": "src/auth.ts",
     "validations": [
       { "index": 0, "keep": true, "adjustedSeverity": "medium", "notes": "Protected by middleware", "impact": null, "fixSuggestion": null },
-      { "index": 1, "keep": false, "notes": "Static config value, not a secret", "adjustedSeverity": null, "impact": null, "fixSuggestion": null }
+      { "index": 1, "keep": false, "notes": "Static config value, not a secret | Pattern detector should check if value is a const/readonly before flagging", "adjustedSeverity": null, "impact": null, "fixSuggestion": null }
     ]
   },
   {
@@ -182,5 +191,5 @@ Example response format (ACTIONABLE):
 ]
 \`\`\`
 
-**REMEMBER**: Rejected findings (keep: false) need NO explanation. Keep notes brief (10-30 words).`;
+**REMEMBER**: Rejected findings (keep: false) MUST include both a reason AND a scanner hint separated by " | ". Keep total notes under 40 words.`;
 //# sourceMappingURL=common.js.map

package/dist/validate/prompts/modules/common.js.map

@@ -1 +1 @@
-{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/common.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEU,QAAA,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mGA4KsE,CAAA"}
+{"version":3,"file":"common.js","sourceRoot":"","sources":["../../../../src/validate/prompts/modules/common.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAEU,QAAA,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iJAqLoH,CAAA"}

package/dist/validate/providers/anthropic.d.ts

@@ -3,9 +3,9 @@
  *
  * Validation using Anthropic Claude 3.5 Haiku model.
  */
-import type { Vulnerability, ScanFile } from '../../shared/types';
-import type { ContextEngineResult } from '../../model/taint-types';
-import type { ValidationStats, AIValidationResult } from '../types';
+import type { Vulnerability, ScanFile } from "../../shared/types";
+import type { ContextEngineResult } from "../../model/taint-types";
+import type { ValidationStats, AIValidationResult } from "../types";
 /**
  * Validate findings using Anthropic Claude 3.5 Haiku
  */
@@ -13,5 +13,5 @@ export declare function validateWithAnthropic(findings: Vulnerability[], files:
     filesProcessed: number;
     totalFiles: number;
     status: string;
-}) => void): Promise<AIValidationResult>;
+}) => void, quiet?: boolean): Promise<AIValidationResult>;
 //# sourceMappingURL=anthropic.d.ts.map

package/dist/validate/providers/anthropic.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"anthropic.d.ts","sourceRoot":"","sources":["../../../src/validate/providers/anthropic.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAoB,MAAM,oBAAoB,CAAA;AACnF,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAA;AAGlE,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAOnE;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,aAAa,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,QAAQ,EAAE,mBAAmB,GAAG,SAAS,EACzC,KAAK,EAAE,eAAe,EACtB,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE;IAAE,cAAc,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,KAAK,IAAI,GAC9F,OAAO,CAAC,kBAAkB,CAAC,CA4R7B"}
+{"version":3,"file":"anthropic.d.ts","sourceRoot":"","sources":["../../../src/validate/providers/anthropic.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,QAAQ,EAET,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAGnE,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAgBpE;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,aAAa,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,QAAQ,EAAE,mBAAmB,GAAG,SAAS,EACzC,KAAK,EAAE,eAAe,EACtB,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB,KAAK,IAAI,EACV,KAAK,GAAE,OAAc,GACpB,OAAO,CAAC,kBAAkB,CAAC,CAoX7B"}