@oculum/scanner 1.0.9 → 1.0.11

package/dist/layer2/ai-package-hallucination.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-package-hallucination.js","sourceRoot":"","sources":["../../src/layer2/ai-package-hallucination.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;AAsoBH,oEAoIC;AAvwBD,8DAMiC;AAEjC,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,2BAA2B,GAAgB,IAAI,GAAG,CAAC;IACvD,+DAA+D;IAC/D,cAAc,EAAY,kCAAkC;IAC5D,cAAc,EAAY,gBAAgB;IAC1C,iBAAiB,EAAS,qBAAqB;IAC/C,WAAW,EAAe,4BAA4B;IACtD,cAAc,EAAY,gBAAgB;IAC1C,YAAY,EAAc,gBAAgB;IAC1C,YAAY,EAAc,gBAAgB;IAC1C,cAAc,EAAY,gBAAgB;IAC1C,gBAAgB,EAAU,8BAA8B;IACxD,kBAAkB,EAAQ,kCAAkC;IAC5D,kBAAkB,EAAQ,iBAAiB;IAC3C,eAAe,EAAW,uBAAuB;IACjD,sBAAsB,EAAI,8BAA8B;IACxD,eAAe,EAAW,2BAA2B;IACrD,sBAAsB,EAAI,uCAAuC;IACjE,sBAAsB,EAAI,iCAAiC;IAC3D,iBAAiB,EAAS,eAAe;IACzC,YAAY,EAAc,eAAe;IACzC,gBAAgB,EAAU,uBAAuB;IACjD,eAAe,EAAW,uCAAuC;IACjE,WAAW,EAAe,oCAAoC;IAC9D,aAAa,EAAa,mBAAmB;IAC7C,cAAc,EAAY,wCAAwC;IAClE,mBAAmB,EAAO,2BAA2B;IACrD,aAAa,EAAa,yBAAyB;IACnD,eAAe,EAAW,aAAa;IACvC,gBAAgB,EAAU,gCAAgC;IAC1D,cAAc,EAAY,oBAAoB;IAC9C,eAAe,EAAW,wBAAwB;IAClD,cAAc,EAAY,sBAAsB;IAChD,gBAAgB,EAAU,gCAAgC;IAC1D,aAAa,EAAa,sBAAsB;IAEhD,+BAA+B;IAC/B,YAAY,EAAc,cAAc;IACxC,YAAY,EAAc,uBAAuB;IACjD,SAAS,EAAiB,8BAA8B;IACxD,gBAAgB,EAAU,gBAAgB;IAC1C,gBAAgB,EAAU,gBAAgB;IAC1C,eAAe,EAAW,gBAAgB;IAC1C,aAAa,EAAa,gBAAgB;IAC1C,gBAAgB,EAAU,gBAAgB;IAC1C,aAAa,EAAa,eAAe;IACzC,UAAU,EAAgB,gBAAgB;IAC1C,UAAU,EAAgB,gBAAgB;CAC3C,CAAC,CAAA;AAEF;;GAEG;AACH,MAAM,yBAAyB,GAAgB,IAAI,GAAG,CAAC;IACrD,2BAA2B;IAC3B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU;IAC/C,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAC3C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ;IAC1C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY;IAC3C,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,OAAO;IACzC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS;IACrC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO;IACtC,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,gBAAgB;IACvD,QAAQ,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM;IACvD,OAAO,EAAE,SAAS;IAClB,QAAQ,EAAE,UAAU,EAAE,QAAQ;IAC9B,cAAc,EAAE,MAAM,EAAE,UAAU;IAClC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM;IAChC,OAAO,EAAE,MAAM,EAAE,QAAQ;IACzB,QAAQ,EAAE,SAAS;IACnB,MAAM,EAAE,SAAS;IACjB,SAAS,EAAE,WAAW,EAAE,YAAY;IACpC,SAAS,EAAE,MAAM,EAAE,QAAQ;IAC3B,QAAQ,EAAE,QAAQ,EAAE,SAAS;IAC7B,OAAO,EAAE,YAAY,EAAE,OAAO;IAC9B,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK;IACnC,UAAU,EAAE,SAAS;IACrB,MAAM,EAAE,WAAW,EAAE,QAAQ;IAC7B,UAAU,EAAE,SAAS;IACrB,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ;IAChD,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM;IACxC,QAAQ,EAAE,UAAU,EAAE,OAAO;IAC7B,YAAY,EAAE,SAAS,EAAE,KAAK;IAC9B,QAAQ,EAAE,WAAW;IACrB,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,YAAY;IACtB,SAAS;IACT,UAAU,EAAE,gBAAgB;IAC5B,UAAU;IACV,SAAS,EAAE,eAAe,EAAE,MAAM;IAClC,WAAW,EAAE,IAAI;IACjB,QAAQ,EAAE,WAAW;IACrB,YAAY,EAAE,WAAW;IACzB,iBAAiB,EAAE,QAAQ;IAC3B,SAAS,EAAE,MAAM;IACjB,0BAA0B;IAC1B,YAAY,EAAE,cAAc;IAC5B,wBAAwB;IACxB,qBAAqB,EAAE,SAAS,EAAE,WAAW,EAAE,iBAAiB,EAAE,iBAAiB;IAEnF,kBAAkB;IAClB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,SAAS;IACpD,UAAU,EAAE,OAAO,EAAE,SAAS;IAC9B,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY;IACxC,cAAc,EAAE,YAAY,EAAE,SAAS,EAAE,OAAO;IAChD,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS;IAC9C,QAAQ,EAAE,OAAO,EAAE,UAAU;IAC7B,UAAU,EAAE,aAAa;IACzB,QAAQ,EAAE,UAAU,EAAE,MAAM;IAC5B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM;IACjC,OAAO,EAAE,UAAU;IACnB,QAAQ,EAAE,eAAe;IACzB,gBAAgB,EAAE,MAAM,EAAE,QAAQ;CACnC,CAAC,CAAA;AAEF,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,8BAA8B,GAAa;IAC/C,6BAA6B;IAC7B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO;IAC5C,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IAC3C,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO;IAC1C,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK;IAC3C,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;IACpD,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ;IAChD,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;IAC5C,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO;IAC3C,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ;IAC7C,aAAa,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa;IACjD,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM;IACrC,cAAc;IACd,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;IACnD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS;IACnD,YAAY,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc;IAChD,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO;IACxC,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM;CACtC,CAAA;AAED;;GAEG;AACH,MAAM,uBAAuB,GAA4B;IACvD,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC;IACtB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC;IAC9C,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC;IACtB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC;IACtB,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC;IACtB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC;IACxB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC;IACxB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC;IACxB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC;CACzB,CAAA;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,CAAS,EAAE,CAAS;IAC/C,MAAM,MAAM,GAAe,EAAE,CAAA;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IAClB,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACxC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;YACrC,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CACrB,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EACxB,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EACpB,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CACrB,CAAA;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAA;AACnC,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,WAAmB,EAAE,cAAsB;IAC3E,qEAAqE;IACrE,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,uBAAuB,EAAE,CAAC;QACjD,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAA;QACrE,IAAI,WAAW,CAAC,WAAW,EAAE,KAAK,WAAW,CAAC,WAAW,EAAE,IAAI,WAAW,KAAK,cAAc,EAAE,CAAC;YAC9F,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CAAC,WAAmB;IAC7C,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,CAAA;IAEtC,KAAK,MAAM,OAAO,IAAI,8BAA8B,EAAE,CAAC;QACrD,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAA;QAE1C,mBAAmB;QACnB,IAAI,IAAI,KAAK,YAAY;YAAE,SAAQ;QAEnC,oDAAoD;QACpD,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAA;QAExD,IAAI,QAAQ,KAAK,CAAC,EAAE,CAAC;YACnB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,SAAS,EAAE,OAAO;gBAClB,MAAM,EAAE,qCAAqC,OAAO,GAAG;aACxD,CAAA;QACH,CAAC;QAED,IAAI,QAAQ,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3F,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,SAAS,EAAE,OAAO;gBAClB,MAAM,EAAE,oBAAoB,OAAO,uBAAuB;aAC3D,CAAA;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,wBAAwB,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;YACjD,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,SAAS,EAAE,OAAO;gBAClB,MAAM,EAAE,2CAA2C,OAAO,oBAAoB;aAC/E,CAAA;QACH,CAAC;QAED,mDAAmD;QACnD,MAAM,cAAc,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAC3E,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YACvD,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,SAAS,EAAE,OAAO;gBAClB,MAAM,EAAE,2CAA2C,OAAO,GAAG;aAC9D,CAAA;QACH,CAAC;QAED,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;QACrD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;QACjD,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;YAC/E,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,SAAS,EAAE,OAAO;gBAClB,MAAM,EAAE,8BAA8B,OAAO,GAAG;aACjD,CAAA;QACH,CAAC;QAED,2DAA2D;QAC3D,IAAI,IAAI,KAAK,GAAG,YAAY,KAAK,IAAI,IAAI,KAAK,GAAG,YAAY,IAAI;YAC7D,IAAI,KAAK,QAAQ,YAAY,EAAE,IAAI,IAAI,KAAK,GAAG,YAAY,OAAO,EAAE,CAAC;YACvE,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,SAAS,EAAE,OAAO;gBAClB,MAAM,EAAE,0DAA0D,OAAO,GAAG;aAC7E,CAAA;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,CAAA;AAC/B,CAAC;AAED,+EAA+E;AAC/E,iCAAiC;AACjC,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,sBAAsB,GAAgB,IAAI,GAAG,CAAC;IAClD,OAAO;IACP,SAAS;IACT,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,KAAK;IACL,MAAM;IACN,QAAQ;IACR,UAAU;IACV,SAAS;IACT,YAAY;CACb,CAAC,CAAA;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,OAAO;IACP,SAAS;IACT,OAAO,EAAQ,+DAA+D;IAC9E,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,UAAU;IACV,SAAS;IACT,OAAO,EAAQ,iFAAiF;IAChG,QAAQ,EAAO,uDAAuD;IACtE,MAAM,EAAS,uDAAuD;IACtE,UAAU,EAAK,uDAAuD;IACtE,SAAS;IACT,SAAS,EAAM,0CAA0C;IACzD,QAAQ,EAAO,0CAA0C;CAC1D,CAAA;AAED;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,MAAM;IACN,SAAS,EAAM,gDAAgD;IAC/D,MAAM,EAAS,qBAAqB;IACpC,MAAM;IACN,UAAU;IACV,YAAY;IACZ,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,MAAM;IACN,OAAO;IACP,WAAW;CACZ,CAAA;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,eAAe,CAAC,WAAmB;IAC1C,OAAO,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;AACpC,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,UAAkB;IAC1C,OAAO,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;AAClG,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,UAAkB;IACvC,OAAO,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;AACpC,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB;IACxC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC;QACvB,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ;QACtE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,eAAe,EAAE,SAAS,EAAE,OAAO;QACtE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM;QAClE,QAAQ,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW;QACtE,QAAQ,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,gBAAgB;QAC/D,QAAQ,EAAE,cAAc,EAAE,gBAAgB;QAC1C,iBAAiB;QACjB,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,aAAa;QAChE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa;QAChE,aAAa,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,WAAW;KACrE,CAAC,CAAA;IACF,OAAO,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;AACrE,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,aAAa,GAAG;QACpB,cAAc;QACd,kBAAkB;QAClB,SAAS;QACT,gBAAgB;QAChB,UAAU;QACV,SAAS;QACT,QAAQ;QACR,YAAY;QACZ,eAAe;KAChB,CAAA;IACD,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,WAAmB;IAC9C,0CAA0C;IAC1C,IAAI,2BAA2B,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAA;IACjF,CAAC;IAED,iCAAiC;IACjC,IAAI,yBAAyB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;IAC1C,CAAC;IAED,+BAA+B;IAC/B,IAAI,sBAAsB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC5C,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,2DAA2D,EAAE,CAAA;IAClG,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,MAAM,IAAI,mBAAmB,EAAE,CAAC;QACzC,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACnC,0CAA0C;YAC1C,KAAK,MAAM,MAAM,IAAI,mBAAmB,EAAE,CAAC;gBACzC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBACjC,wCAAwC;oBACxC,OAAO;wBACL,UAAU,EAAE,IAAI;wBAChB,MAAM,EAAE,wBAAwB,MAAM,kBAAkB,MAAM,UAAU;qBACzE,CAAA;gBACH,CAAC;YACH,CAAC;YAED,kCAAkC;YAClC,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YACjD,IAAI,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChE,OAAO;oBACL,UAAU,EAAE,IAAI;oBAChB,MAAM,EAAE,wBAAwB,MAAM,4BAA4B;iBACnE,CAAA;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,KAAK,MAAM,MAAM,IAAI,mBAAmB,EAAE,CAAC;QACzC,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YACrD,gDAAgD;YAChD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjE,OAAO;oBACL,UAAU,EAAE,IAAI;oBAChB,MAAM,EAAE,0CAA0C,MAAM,UAAU;iBACnE,CAAA;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,CAAA;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,UAAkB;IAC5C,kCAAkC;IAClC,IAAI,gBAAgB,CAAC,UAAU,CAAC,IAAI,aAAa,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,wCAAwC;IACxC,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;QAClC,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED,oDAAoD;IACpD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACnC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC;AAYD;;GAEG;AACH,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,OAAO,GAAkB,EAAE,CAAA;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,sBAAsB;IACtB,MAAM,cAAc,GAAG,0EAA0E,CAAA;IACjG,qBAAqB;IACrB,MAAM,YAAY,GAAG,uCAAuC,CAAA;IAC5D,iBAAiB;IACjB,MAAM,kBAAkB,GAAG,sCAAsC,CAAA;IAEjE,IAAI,KAA6B,CAAA;IAEjC,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACvD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACvE,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAChD,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW;gBACX,UAAU;gBACV,WAAW,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;aACjD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACrD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACvE,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAChD,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW;gBACX,UAAU;gBACV,WAAW,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;aACjD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC3D,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAA;QACvE,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAChD,IAAI,WAAW,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW;gBACX,UAAU;gBACV,WAAW,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE;aACjD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAe,EAAE,KAAe;IAC9D,MAAM,OAAO,GAAkB,EAAE,CAAA;IAEjC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAC/B,MAAM,OAAO,GAAG;YACd,GAAG,GAAG,CAAC,YAAY;YACnB,GAAG,GAAG,CAAC,eAAe;YACtB,GAAG,GAAG,CAAC,gBAAgB;YACvB,GAAG,GAAG,CAAC,oBAAoB;SAC5B,CAAA;QAED,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/C,kDAAkD;YAClD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,WAAW,GAAG,CAAC,CAAC,CAAA;YAC5E,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,IAAI,CAAC;oBACX,WAAW;oBACX,UAAU,EAAE,SAAS,GAAG,CAAC;oBACzB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE;iBACrC,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAAC,QAAgB,EAAE,KAAe;IAChE,MAAM,OAAO,GAAkB,EAAE,CAAA;IAEjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QAE5B,gCAAgC;QAChC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAQ;QAEnE,qDAAqD;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAC7C,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC;gBACX,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;gBACtD,UAAU,EAAE,CAAC,GAAG,CAAC;gBACjB,WAAW,EAAE,IAAI;aAClB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,4BAA4B,CAC1C,OAAe,EACf,QAAgB;IAEhB,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,4BAA4B;IAC5B,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAC5D,IAAI,IAAA,qCAAmB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAEzD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAC7C,MAAM,SAAS,GAAG,IAAA,oCAAkB,EAAC,QAAQ,CAAC,CAAA;IAC9C,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAA;IAE9C,qCAAqC;IACrC,IAAI,OAAO,GAAkB,EAAE,CAAA;IAE/B,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACtC,OAAO,GAAG,sBAAsB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAClD,CAAC;SAAM,IAAI,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACjD,OAAO,GAAG,uBAAuB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IACnD,CAAC;SAAM,IAAI,4BAA4B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvD,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;IACrC,CAAC;SAAM,CAAC;QACN,wCAAwC;QACxC,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,qDAAqD;IACrD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAA;IAEzC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,6CAA6C;QAC7C,IAAI,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;YAAE,SAAQ;QAElD,wDAAwD;QACxD,IAAI,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC;YAAE,SAAQ;QAE9C,gBAAgB;QAChB,IAAI,IAAA,2BAAS,EAAC,GAAG,CAAC,WAAW,CAAC;YAAE,SAAQ;QAExC,qDAAqD;QACrD,IAAI,yBAAyB,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;YAAE,SAAQ;QAE5D,wEAAwE;QACxE,MAAM,eAAe,GAAG,kBAAkB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAC3D,IAAI,eAAe,CAAC,WAAW,EAAE,CAAC;YAChC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YAEpC,IAAI,QAAQ,GAA0B,MAAM,CAAA,CAAC,sCAAsC;YAEnF,+CAA+C;YAC/C,IAAI,UAAU,EAAE,CAAC;gBACf,QAAQ,GAAG,UAAU,CAAA;YACvB,CAAC;YAED,yCAAyC;YACzC,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;gBAC5B,QAAQ,GAAG,KAAK,CAAA;YAClB,CAAC;YAED,MAAM,WAAW,GAAG,YAAY,GAAG,CAAC,WAAW,KAAK,eAAe,CAAC,MAAM,sIAAsI,CAAA;YAChN,MAAM,YAAY,GAAG,4BAA4B,eAAe,CAAC,SAAS,oBAAoB,GAAG,CAAC,WAAW,gEAAgE,eAAe,CAAC,SAAS,IAAI,CAAA;YAE1M,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,oBAAoB,QAAQ,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,WAAW,EAAE;gBACvE,QAAQ;gBACR,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,QAAQ;gBACR,QAAQ,EAAE,sBAAsB;gBAChC,KAAK,EAAE,wBAAwB,GAAG,CAAC,WAAW,gBAAgB,eAAe,CAAC,SAAS,GAAG;gBAC1F,WAAW;gBACX,YAAY;gBACZ,UAAU,EAAE,MAAM;gBAClB,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,KAAK,EAAE,yDAAyD;aACvF,CAAC,CAAA;YACF,SAAQ,CAAC,mCAAmC;QAC9C,CAAC;QAED,0DAA0D;QAC1D,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAEnE,IAAI,UAAU,EAAE,CAAC;YACf,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;YAEpC,sCAAsC;YACtC,IAAI,QAAQ,GAA0B,QAAQ,CAAA;YAE9C,2CAA2C;YAC3C,IAAI,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACrD,QAAQ,GAAG,MAAM,CAAA;YACnB,CAAC;YAED,4DAA4D;YAC5D,IAAI,UAAU,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACxC,QAAQ,GAAG,MAAM,CAAA;YACnB,CAAC;YAED,yCAAyC;YACzC,IAAI,UAAU,IAAI,SAAS,EAAE,CAAC;gBAC5B,QAAQ,GAAG,MAAM,CAAA;YACnB,CAAC;YAED,MAAM,WAAW,GAAG,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;gBAClE,CAAC,CAAC,YAAY,GAAG,CAAC,WAAW,oJAAoJ;gBACjL,CAAC,CAAC,YAAY,GAAG,CAAC,WAAW,gDAAgD,MAAM,wDAAwD,CAAA;YAE7I,MAAM,YAAY,GAAG,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;gBACnE,CAAC,CAAC,WAAW,GAAG,CAAC,WAAW,uGAAuG;gBACnI,CAAC,CAAC,WAAW,GAAG,CAAC,WAAW,2BAA2B,GAAG,CAAC,WAAW,4CAA4C,GAAG,CAAC,WAAW,uDAAuD,CAAA;YAE1L,eAAe,CAAC,IAAI,CAAC;gBACnB,EAAE,EAAE,wBAAwB,QAAQ,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,WAAW,EAAE;gBAC3E,QAAQ;gBACR,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,QAAQ;gBACR,QAAQ,EAAE,0BAA0B;gBACpC,KAAK,EAAE,qCAAqC,GAAG,CAAC,WAAW,EAAE;gBAC7D,WAAW;gBACX,YAAY;gBACZ,UAAU,EAAE,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;gBAChF,KAAK,EAAE,CAAC;gBACR,oBAAoB,EAAE,QAAQ,KAAK,MAAM,IAAI,CAAC,2BAA2B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;aAC/F,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/layer2/ai-prompt-hygiene.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ai-prompt-hygiene.d.ts","sourceRoot":"","sources":["../../src/layer2/ai-prompt-hygiene.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,UAAU,CAAA;AAQpE;;GAEG;AACH,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CA0BpE;AA8MD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,aAAa,EAAE,CAqJjB;AAGD,OAAO,EAAE,gBAAgB,EAAE,CAAA"}
+{"version":3,"file":"ai-prompt-hygiene.d.ts","sourceRoot":"","sources":["../../src/layer2/ai-prompt-hygiene.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,UAAU,CAAA;AAQpE;;GAEG;AACH,iBAAS,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CA0BpE;AA6lBD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GACf,aAAa,EAAE,CA0RjB;AAGD,OAAO,EAAE,gBAAgB,EAAE,CAAA"}

package/dist/layer2/ai-prompt-hygiene.js

@@ -108,14 +108,88 @@ const UNSAFE_INTERPOLATION_PATTERNS = [
         checkDelimiters: true,
     },
 ];
+// ============================================================================
+// Secret Patterns - Comprehensive provider-specific detection
+// ============================================================================
+/**
+ * Provider-specific secret patterns with known prefixes
+ * These are high-confidence patterns that don't need context matching
+ */
+const KNOWN_SECRET_PREFIXES = [
+    // OpenAI
+    { name: 'OpenAI API Key', pattern: /sk-[a-zA-Z0-9]{20,}/g, severity: 'critical' },
+    { name: 'OpenAI Project Key', pattern: /sk-proj-[a-zA-Z0-9]{48,}/g, severity: 'critical' },
+    // Anthropic
+    { name: 'Anthropic API Key', pattern: /sk-ant-[a-zA-Z0-9-]{20,}/g, severity: 'critical' },
+    { name: 'Anthropic Full Key', pattern: /sk-ant-api03-[a-zA-Z0-9_-]{90,}/g, severity: 'critical' },
+    // GitHub
+    { name: 'GitHub PAT', pattern: /ghp_[a-zA-Z0-9]{36,}/g, severity: 'critical' },
+    { name: 'GitHub OAuth', pattern: /gho_[a-zA-Z0-9]{36,}/g, severity: 'critical' },
+    { name: 'GitHub App Token', pattern: /ghu_[a-zA-Z0-9]{36,}/g, severity: 'critical' },
+    { name: 'GitHub Refresh Token', pattern: /ghr_[a-zA-Z0-9]{36,}/g, severity: 'critical' },
+    { name: 'GitHub Fine-grained PAT', pattern: /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/g, severity: 'critical' },
+    // Stripe
+    { name: 'Stripe Live Secret', pattern: /sk_live_[a-zA-Z0-9]{24,}/g, severity: 'critical' },
+    { name: 'Stripe Test Secret', pattern: /sk_test_[a-zA-Z0-9]{24,}/g, severity: 'medium' },
+    { name: 'Stripe Restricted Key', pattern: /rk_live_[a-zA-Z0-9]{24,}/g, severity: 'critical' },
+    // AWS
+    { name: 'AWS Access Key', pattern: /AKIA[0-9A-Z]{16}/g, severity: 'critical' },
+    { name: 'AWS Session Token', pattern: /ASIA[0-9A-Z]{16}/g, severity: 'critical' },
+    // Google
+    { name: 'Google API Key', pattern: /AIza[0-9A-Za-z-_]{35}/g, severity: 'high' },
+    // Slack
+    { name: 'Slack Bot Token', pattern: /xoxb-[0-9a-zA-Z-]{50,}/g, severity: 'critical' },
+    { name: 'Slack User Token', pattern: /xoxp-[0-9a-zA-Z-]{50,}/g, severity: 'critical' },
+    { name: 'Slack App Token', pattern: /xoxa-[0-9a-zA-Z-]{50,}/g, severity: 'critical' },
+    { name: 'Slack Legacy Token', pattern: /xox[baprs]-[0-9a-zA-Z]{10,}/g, severity: 'critical' },
+    // Twilio
+    { name: 'Twilio API Key', pattern: /SK[a-f0-9]{32}/g, severity: 'critical' },
+    { name: 'Twilio Account SID', pattern: /AC[a-f0-9]{32}/g, severity: 'high' },
+    // SendGrid
+    { name: 'SendGrid API Key', pattern: /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/g, severity: 'critical' },
+    // Mailgun
+    { name: 'Mailgun API Key', pattern: /key-[a-zA-Z0-9]{32}/g, severity: 'critical' },
+    // NPM/PyPI
+    { name: 'NPM Token', pattern: /npm_[a-zA-Z0-9]{36}/g, severity: 'critical' },
+    { name: 'PyPI Token', pattern: /pypi-[a-zA-Z0-9]{32,}/g, severity: 'critical' },
+    // Vercel/Netlify
+    { name: 'Vercel Token', pattern: /vercel_[a-zA-Z0-9]{24,}/g, severity: 'critical' },
+    { name: 'Netlify Token', pattern: /nfp_[a-zA-Z0-9]{40,}/g, severity: 'critical' },
+    // Square
+    { name: 'Square Access Token', pattern: /sq0csp-[a-zA-Z0-9-_]{43}/g, severity: 'critical' },
+    { name: 'Square OAuth Secret', pattern: /sq0csp-[a-zA-Z0-9-_]{40,}/g, severity: 'critical' },
+    // Shopify
+    { name: 'Shopify Access Token', pattern: /shpat_[a-fA-F0-9]{32}/g, severity: 'critical' },
+    { name: 'Shopify Private App', pattern: /shppa_[a-fA-F0-9]{32}/g, severity: 'critical' },
+    // Datadog
+    { name: 'Datadog API Key', pattern: /dd[a-z]{1}[a-f0-9]{39}/g, severity: 'critical' },
+    // HuggingFace
+    { name: 'HuggingFace Token', pattern: /hf_[a-zA-Z0-9]{34,}/g, severity: 'critical' },
+    // Replicate
+    { name: 'Replicate API Token', pattern: /r8_[a-zA-Z0-9]{37}/g, severity: 'critical' },
+    // OpenRouter
+    { name: 'OpenRouter Key', pattern: /sk-or-v1-[a-zA-Z0-9]{64}/g, severity: 'critical' },
+    // Cohere
+    { name: 'Cohere API Key', pattern: /[a-zA-Z0-9]{40}(?=.*cohere)/gi, severity: 'high' },
+    // Private Keys
+    { name: 'Private Key', pattern: /-----BEGIN\s+(?:RSA\s+|EC\s+|DSA\s+|OPENSSH\s+)?PRIVATE\s+KEY-----/g, severity: 'critical' },
+    // JWT Tokens (full format)
+    { name: 'JWT Token', pattern: /eyJ[a-zA-Z0-9_-]{10,}\.eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/g, severity: 'high' },
+    // Database URLs with credentials
+    { name: 'Database URL', pattern: /(mongodb|postgres|mysql|redis|amqp)(\+srv)?:\/\/[^:]+:[^@\s]+@[^\s"']+/gi, severity: 'critical' },
+    // Webhook URLs (often contain secrets)
+    { name: 'Slack Webhook', pattern: /https:\/\/hooks\.slack\.com\/services\/T[a-zA-Z0-9_]+\/B[a-zA-Z0-9_]+\/[a-zA-Z0-9_]+/g, severity: 'high' },
+    { name: 'Discord Webhook', pattern: /https:\/\/discord(?:app)?\.com\/api\/webhooks\/[0-9]+\/[a-zA-Z0-9_-]+/g, severity: 'high' },
+];
 /**
- * B3: Secrets in prompt context patterns
+ * B3: Secrets in prompt context patterns (original context-aware patterns)
+ * Note: Using [^\n;]* instead of [^;]* to prevent matching across lines
  */
 const SECRETS_IN_PROMPTS_PATTERNS = [
-    // API keys in message content
+    // API keys in message content (same line only)
     {
         name: 'API key in prompt content',
-        pattern: /(?:messages|prompt|system|content)\s*[=:][^;]*(?:sk-[a-zA-Z0-9]{20,}|api[_-]?key\s*[:=]\s*['"][^'"]{16,}['"])/gi,
+        pattern: /(?:messages|prompt|system|content)\s*[=:][^\n;]*(?:sk-[a-zA-Z0-9]{20,}|api[_-]?key\s*[:=]\s*['"][^'"]{16,}['"])/gi,
         severity: 'critical',
         description: 'API key appears to be hardcoded in prompt content. Keys in prompts may be logged, cached, or sent to model providers.',
         suggestedFix: 'Never include API keys in prompts. Use environment variables and keep them server-side only.',
@@ -123,7 +197,7 @@ const SECRETS_IN_PROMPTS_PATTERNS = [
     // AWS keys in prompts
     {
         name: 'AWS credentials in prompt',
-        pattern: /(?:messages|prompt|system|content)\s*[=:][^;]*(?:AKIA[A-Z0-9]{16}|aws[_-]?(?:secret|access)[_-]?key)/gi,
+        pattern: /(?:messages|prompt|system|content)\s*[=:][^\n;]*(?:AKIA[A-Z0-9]{16}|aws[_-]?(?:secret|access)[_-]?key)/gi,
         severity: 'critical',
         description: 'AWS credentials detected in prompt content.',
         suggestedFix: 'Remove credentials from prompts. Use IAM roles or environment variables instead.',
@@ -131,7 +205,7 @@ const SECRETS_IN_PROMPTS_PATTERNS = [
     // Database URLs with credentials
     {
         name: 'Database credentials in prompt',
-        pattern: /(?:messages|prompt|system|content).*(?:mongodb|postgres|mysql|redis):\/\/[^:]+:[^@]+@/gi,
+        pattern: /(?:messages|prompt|system|content)[^\n]*(?:mongodb|postgres|mysql|redis):\/\/[^:]+:[^@]+@/gi,
         severity: 'critical',
         description: 'Database connection string with credentials in prompt. This exposes database access.',
         suggestedFix: 'Never include connection strings in prompts. Reference data by ID instead.',
@@ -139,7 +213,7 @@ const SECRETS_IN_PROMPTS_PATTERNS = [
     // Passwords in prompt context
     {
         name: 'Password in prompt content',
-        pattern: /(?:messages|prompt|content)\s*[=:].*(?:password|passwd|pwd)\s*[:=]\s*['"`][^'"`]{8,}/gi,
+        pattern: /(?:messages|prompt|content)\s*[=:][^\n]*(?:password|passwd|pwd)\s*[:=]\s*['"`][^'"`]{8,}/gi,
         severity: 'high',
         description: 'Password appears in prompt content. This may be logged or exposed to model providers.',
         suggestedFix: 'Remove passwords from prompts. Use authentication tokens or session references instead.',
@@ -147,7 +221,7 @@ const SECRETS_IN_PROMPTS_PATTERNS = [
     // Private keys
     {
         name: 'Private key in prompt',
-        pattern: /(?:messages|prompt|content).*(?:-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----)/gi,
+        pattern: /(?:messages|prompt|content)[^\n]*(?:-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----)/gi,
         severity: 'critical',
         description: 'Private key material detected in prompt context.',
         suggestedFix: 'Never include private keys in prompts. Sign data server-side instead.',
@@ -155,12 +229,300 @@ const SECRETS_IN_PROMPTS_PATTERNS = [
     // Generic token patterns
     {
         name: 'Access token in prompt',
-        pattern: /(?:messages|prompt|content)\s*[=:].*(?:access[_-]?token|auth[_-]?token|bearer)\s*[:=]\s*['"`][a-zA-Z0-9_.-]{20,}/gi,
+        pattern: /(?:messages|prompt|content)\s*[=:][^\n]*(?:access[_-]?token|auth[_-]?token|bearer)\s*[:=]\s*['"`][a-zA-Z0-9_.-]{20,}/gi,
         severity: 'high',
         description: 'Access token detected in prompt content. Tokens in prompts risk exposure.',
         suggestedFix: 'Do not include tokens in prompts. Pass token context through secure server-side channels.',
     },
 ];
+// ============================================================================
+// Variable Flow Detection - Secrets flowing into prompts
+// ============================================================================
+/**
+ * Patterns for detecting secret variable declarations
+ */
+const SECRET_VARIABLE_PATTERNS = [
+    // Direct assignment patterns
+    /(?:const|let|var)\s+(\w*(?:key|token|secret|password|credential|apiKey|authToken|accessToken)\w*)\s*=\s*['"`]([^'"`]{16,})['"`]/gi,
+    // Object property patterns
+    /(\w*(?:key|token|secret|password|credential|apiKey|authToken|accessToken)\w*)\s*:\s*['"`]([^'"`]{16,})['"`]/gi,
+];
+/**
+ * Patterns for detecting prompt variable usage
+ */
+const PROMPT_USAGE_PATTERNS = [
+    // Template literal interpolation
+    /`[^`]*\$\{(\w+)\}[^`]*`/g,
+    // String concatenation
+    /\+\s*(\w+)\s*(?:\+|$)/g,
+    // f-string interpolation (Python)
+    /f['"][^'"]*\{(\w+)\}[^'"]*['"]/g,
+    // Format string
+    /\.format\s*\([^)]*(\w+)[^)]*\)/g,
+];
+/**
+ * Check if a variable name suggests it contains a secret
+ */
+function isSecretVariableName(varName) {
+    const secretIndicators = [
+        /api[_-]?key/i,
+        /secret[_-]?key/i,
+        /access[_-]?token/i,
+        /auth[_-]?token/i,
+        /password/i,
+        /credential/i,
+        /private[_-]?key/i,
+        /bearer/i,
+        /jwt/i,
+        /oauth/i,
+        /^sk_/i,
+        /^pk_/i,
+        /token$/i,
+        /key$/i,
+        /secret$/i,
+    ];
+    return secretIndicators.some(p => p.test(varName));
+}
+/**
+ * Detect secrets flowing from variables into prompts (variable indirection)
+ */
+function detectSecretVariableFlow(content, filePath, isTestFile) {
+    const vulnerabilities = [];
+    const lines = content.split('\n');
+    // First pass: collect all secret variable declarations
+    const secretVariables = new Map();
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if ((0, context_helpers_1.isComment)(line))
+            continue;
+        for (const pattern of SECRET_VARIABLE_PATTERNS) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(line)) !== null) {
+                const varName = match[1];
+                const value = match[2];
+                // Check if variable name suggests it's a secret
+                if (isSecretVariableName(varName)) {
+                    secretVariables.set(varName, { line: i + 1, value });
+                }
+            }
+        }
+    }
+    // Second pass: find where these variables flow into prompts
+    const promptContextPatterns = [
+        /(?:system|prompt|message|content)\s*[:=]/i,
+        /role:\s*['"`](?:system|user|assistant)['"`]/i,
+        /\.chat\.completions?\.create/i,
+        /\.messages\.create/i,
+        /messages\s*:\s*\[/i,
+    ];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if ((0, context_helpers_1.isComment)(line))
+            continue;
+        // Check if this line or nearby lines are in prompt context
+        const contextWindow = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 5)).join('\n');
+        const isPromptContext = promptContextPatterns.some(p => p.test(contextWindow));
+        if (!isPromptContext)
+            continue;
+        // Check for template interpolation of secret variables
+        const templateMatch = line.match(/\$\{(\w+)\}/);
+        if (templateMatch) {
+            const varName = templateMatch[1];
+            if (secretVariables.has(varName)) {
+                const secretInfo = secretVariables.get(varName);
+                let severity = 'high';
+                let description = `Secret variable '${varName}' (defined at line ${secretInfo.line}) is interpolated into LLM prompt. This exposes the secret to the model provider.`;
+                if (isTestFile) {
+                    severity = 'low';
+                    description += ' (in test file)';
+                }
+                vulnerabilities.push({
+                    id: `secret-flow-${filePath}-${i + 1}-${varName}`,
+                    filePath,
+                    lineNumber: i + 1,
+                    lineContent: line.trim(),
+                    severity,
+                    category: 'hardcoded_secret',
+                    title: `Secret variable '${varName}' in prompt`,
+                    description,
+                    suggestedFix: `Remove the secret from the prompt. If the AI needs to use an API, make the call server-side instead of passing credentials to the model.`,
+                    confidence: 'medium',
+                    layer: 2,
+                    requiresAIValidation: true,
+                });
+            }
+        }
+        // Check for string concatenation with secret variables
+        for (const [varName] of secretVariables) {
+            if (line.includes(`+ ${varName}`) || line.includes(`${varName} +`) || line.includes(`+ ${varName} +`)) {
+                const secretInfo = secretVariables.get(varName);
+                let severity = 'high';
+                let description = `Secret variable '${varName}' (defined at line ${secretInfo.line}) is concatenated into prompt. This exposes the secret to the model provider.`;
+                if (isTestFile) {
+                    severity = 'low';
+                    description += ' (in test file)';
+                }
+                vulnerabilities.push({
+                    id: `secret-concat-${filePath}-${i + 1}-${varName}`,
+                    filePath,
+                    lineNumber: i + 1,
+                    lineContent: line.trim(),
+                    severity,
+                    category: 'hardcoded_secret',
+                    title: `Secret variable '${varName}' concatenated in prompt`,
+                    description,
+                    suggestedFix: `Remove the secret from the prompt. If the AI needs to use an API, make the call server-side.`,
+                    confidence: 'medium',
+                    layer: 2,
+                    requiresAIValidation: true,
+                });
+            }
+        }
+    }
+    return vulnerabilities;
+}
+// ============================================================================
+// Phase 2: Indirect Prompt Injection Detection
+// ============================================================================
+/**
+ * Check if content filtering/sanitization is present for external content
+ */
+function hasContentFiltering(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 20);
+    const contextEnd = Math.min(lines.length, lineNumber + 10);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    const filteringPatterns = [
+        /filterContent|sanitizeContent|cleanContent/i,
+        /sanitizeContext|filterContext/i,
+        /contentModeration|moderateContent/i,
+        /stripInstructions|removeInstructions/i,
+        /escapePrompt|sanitizePrompt/i,
+        /validateInput|inputValidation/i,
+    ];
+    return filteringPatterns.some(p => p.test(context));
+}
+/**
+ * Check if proper delimiters are used for external content
+ */
+function hasExternalContentDelimiters(content, lineNumber) {
+    const lines = content.split('\n');
+    const contextStart = Math.max(0, lineNumber - 15);
+    const contextEnd = Math.min(lines.length, lineNumber + 15);
+    const context = lines.slice(contextStart, contextEnd).join('\n');
+    const delimiterPatterns = [
+        /<context>|<\/context>/i,
+        /<document>|<\/document>/i,
+        /<retrieved>|<\/retrieved>/i,
+        /<external>|<\/external>/i,
+        /```[^`]*context|context[^`]*```/i,
+        /---\s*(?:context|document|retrieved)/i,
+        /\[CONTEXT\]|\[\/CONTEXT\]/i,
+        /\[DOCUMENT\]|\[\/DOCUMENT\]/i,
+    ];
+    return delimiterPatterns.some(p => p.test(context));
+}
+/**
+ * Indirect prompt injection patterns - external content flowing to LLM context
+ */
+const INDIRECT_INJECTION_PATTERNS = [
+    // ========== External Fetch to Prompt ==========
+    {
+        name: 'Fetched content in prompt',
+        pattern: /fetch\s*\([^)]+\)[\s\S]{0,100}(?:\.then|await)[\s\S]{0,200}(?:prompt|messages|content\s*:)/gi,
+        severity: 'high',
+        description: 'Content fetched from external URL flows into LLM prompt. Malicious websites can embed instructions that hijack the model\'s behavior (indirect prompt injection).',
+        suggestedFix: 'Wrap external content with clear delimiters: <external_content>...</external_content>. Implement content filtering to strip instruction-like patterns.',
+        checkDelimiters: true,
+    },
+    {
+        name: 'HTTP response in system prompt',
+        pattern: /(?:axios|fetch|got|request)[\s\S]{0,150}(?:system|systemPrompt|instructions)\s*[:=+]/gi,
+        severity: 'high',
+        description: 'HTTP response content used in system prompt. External data in system prompts is especially dangerous as it can override model instructions.',
+        suggestedFix: 'Never put external content in system prompts. Use user messages with clear delimiters for context. Implement content sanitization.',
+        checkDelimiters: true,
+    },
+    // ========== RAG Vector Store to Prompt ==========
+    {
+        name: 'Vector store results in system message',
+        pattern: /(?:vectorStore|similaritySearch|query|search|retrieve)[\s\S]{0,200}role:\s*['"`]system['"`]/gi,
+        severity: 'high',
+        description: 'Vector store search results injected into system message. Poisoned documents in the corpus can hijack model behavior.',
+        suggestedFix: 'Place retrieved content in user messages, not system. Use delimiters: <retrieved_context>...</retrieved_context>. Implement document sanitization before indexing.',
+        checkDelimiters: true,
+    },
+    {
+        name: 'RAG retrieval directly in context',
+        pattern: /(?:retriever\.invoke|retrieve|getRelevantDocuments)\s*\([^)]*\)[\s\S]{0,150}(?:context|prompt|messages)/gi,
+        severity: 'high',
+        description: 'Retrieved documents flow directly into LLM context. Adversarial documents can contain prompt injection payloads.',
+        suggestedFix: 'Sanitize retrieved content before including in prompt. Use XML tags to clearly separate context from instructions.',
+        checkDelimiters: true,
+    },
+    // ========== Document Loading to LLM ==========
+    {
+        name: 'Loaded documents in LLM chain',
+        pattern: /(?:loadDocuments|DirectoryLoader|TextLoader|PDFLoader)[\s\S]{0,200}(?:chain|llm|invoke|call)/gi,
+        severity: 'high',
+        description: 'Documents loaded from files flow into LLM chain. Malicious files (PDFs, docs) can contain hidden prompt injection text.',
+        suggestedFix: 'Scan loaded documents for instruction-like patterns. Use separate document processing pipeline with content filtering.',
+        checkDelimiters: true,
+    },
+    {
+        name: 'Document content interpolated',
+        pattern: /\$\{.*(?:document|doc|file|page)(?:Content|Text|Data).*\}[\s\S]{0,50}(?:prompt|messages|llm)/gi,
+        severity: 'medium',
+        description: 'Document content interpolated into LLM prompt. Documents may contain adversarial instructions.',
+        suggestedFix: 'Wrap document content with delimiters: ```document\\n${content}\\n```. Implement text sanitization.',
+        checkDelimiters: true,
+    },
+    // ========== Web Scraping to Prompt ==========
+    {
+        name: 'Scraped content in prompt',
+        pattern: /(?:scrape|crawl|spider|puppeteer|playwright|cheerio)[\s\S]{0,200}(?:prompt|messages|context|content\s*:)/gi,
+        severity: 'high',
+        description: 'Web-scraped content flows into LLM prompt. Malicious websites can embed instructions in their HTML content.',
+        suggestedFix: 'Sanitize scraped content to remove instruction-like patterns. Use delimiters: <scraped_content url="...">...</scraped_content>',
+        checkDelimiters: true,
+    },
+    {
+        name: 'HTML content in LLM context',
+        pattern: /\.(?:html|innerHTML|textContent|innerText)\s*[\s\S]{0,100}(?:prompt|messages|system|context)/gi,
+        severity: 'medium',
+        description: 'HTML content from web pages used in LLM context. Web pages can contain hidden prompt injection in metadata, comments, or invisible text.',
+        suggestedFix: 'Extract only relevant text content. Filter out scripts, comments, and metadata. Use content sanitization.',
+        checkDelimiters: true,
+    },
+    // ========== Email/Message Content to Prompt ==========
+    {
+        name: 'Email content in prompt',
+        pattern: /(?:email|message|inbox)(?:Content|Body|Text)[\s\S]{0,150}(?:prompt|messages|llm|analyze)/gi,
+        severity: 'medium',
+        description: 'Email or message content flows into LLM prompt. Attackers can craft emails with embedded prompt injection.',
+        suggestedFix: 'Sanitize email content before LLM processing. Remove potentially malicious patterns. Use clear delimiters.',
+        checkDelimiters: true,
+    },
+    // ========== Database Content to Prompt ==========
+    {
+        name: 'Database record in system prompt',
+        pattern: /(?:findOne|findById|query|select)[\s\S]{0,150}(?:system|systemPrompt|instructions)\s*[:=]/gi,
+        severity: 'medium',
+        description: 'Database content used in system prompt. If users can modify database records, they can inject malicious instructions.',
+        suggestedFix: 'Keep system prompts static. Place database content in user messages with delimiters. Validate data before use.',
+        checkDelimiters: true,
+    },
+    // ========== Generic External Data Patterns ==========
+    {
+        name: 'External data concatenation',
+        pattern: /(?:externalData|fetchedContent|scrapedData|retrievedText)\s*\+[\s\S]{0,50}(?:prompt|system|instructions)/gi,
+        severity: 'medium',
+        description: 'External data concatenated with prompt content without clear separation.',
+        suggestedFix: 'Use structured prompts with XML/markdown delimiters to separate instructions from external content.',
+        checkDelimiters: true,
+    },
+];
 /**
  * Missing boundary patterns - prompts without clear user/system separation
  */
@@ -278,7 +640,7 @@ function detectAIPromptHygiene(content, filePath) {
             });
         }
     }
-    // Scan for secrets in prompts (B3)
+    // Scan for secrets in prompts (B3) - Original context-aware patterns
     for (const pattern of SECRETS_IN_PROMPTS_PATTERNS) {
         const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
         let match;
@@ -292,6 +654,14 @@ function detectAIPromptHygiene(content, filePath) {
             const isEnvRef = /process\.env|import\.meta\.env|os\.environ|getenv/i.test(lineContent);
             if (isEnvRef)
                 continue;
+            // Skip test variable names
+            if (/(?:const|let|var)\s+(?:TEST|MOCK|EXAMPLE|DUMMY|FAKE|SAMPLE)[_A-Z0-9]*\s*=/i.test(lineContent))
+                continue;
+            if (/(?:const|let|var)\s+\w*(?:test|mock|example|dummy|fake|sample)\w*\s*=/i.test(lineContent))
+                continue;
+            // Skip placeholder/example values in the line
+            if (/example|sample|demo|placeholder|your[_-]?api[_-]?key/i.test(lineContent))
+                continue;
             let severity = pattern.severity;
             let description = pattern.description;
             // Downgrade test files but still flag
@@ -315,6 +685,71 @@ function detectAIPromptHygiene(content, filePath) {
             });
         }
     }
+    // ========== NEW: Direct secret detection with known prefixes ==========
+    // Scan for any known secret patterns anywhere in prompt-related code
+    const seenSecretLines = new Set(); // Avoid duplicates
+    for (const secretDef of KNOWN_SECRET_PREFIXES) {
+        const regex = new RegExp(secretDef.pattern.source, secretDef.pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            const lineNumber = content.substring(0, match.index).split('\n').length;
+            const lineContent = lines[lineNumber - 1]?.trim() || '';
+            // Skip if already reported on this line
+            const lineKey = `${lineNumber}-${secretDef.name}`;
+            if (seenSecretLines.has(lineNumber))
+                continue;
+            seenSecretLines.add(lineNumber);
+            // Skip comments
+            if ((0, context_helpers_1.isComment)(lineContent))
+                continue;
+            // Skip env var references
+            if (/process\.env|import\.meta\.env|os\.environ|getenv/i.test(lineContent))
+                continue;
+            // Skip obvious placeholders/examples in the value
+            const matchValue = match[0];
+            if (/example|sample|demo|dummy|fake|mock|your[_-]|placeholder/i.test(matchValue))
+                continue;
+            if (/example|sample|demo|placeholder/i.test(lineContent))
+                continue;
+            // Skip values that contain "test" right after the prefix (e.g., sk-test..., ghp_test...)
+            // These are clearly test/development keys, not production secrets
+            if (/^(sk-|ghp_|gho_|sk_live_|sk_test_|xoxb-|SG\.)test/i.test(matchValue))
+                continue;
+            if (/[-_]test[-_0-9]/i.test(matchValue))
+                continue;
+            // Skip test variable names (e.g., TEST_API_KEY, MOCK_SECRET)
+            if (/(?:const|let|var)\s+(?:TEST|MOCK|EXAMPLE|DUMMY|FAKE|SAMPLE)[_A-Z0-9]*\s*=/i.test(lineContent))
+                continue;
+            // Skip if variable name contains test/mock/example (broader check)
+            if (/(?:const|let|var)\s+\w*(?:test|mock|example|dummy|fake|sample)\w*\s*=/i.test(lineContent))
+                continue;
+            let severity = secretDef.severity;
+            let description = `${secretDef.name} detected in LLM-related code. This secret may be exposed to the model provider, logged, or cached.`;
+            // Downgrade test files
+            if (isTestFile) {
+                severity = severity === 'critical' ? 'medium' : 'low';
+                description += ' (in test file)';
+            }
+            vulnerabilities.push({
+                id: `ai-direct-secret-${filePath}-${lineNumber}-${secretDef.name.replace(/\s+/g, '-')}`,
+                filePath,
+                lineNumber,
+                lineContent,
+                severity,
+                category: 'hardcoded_secret',
+                title: `${secretDef.name} in LLM context`,
+                description,
+                suggestedFix: 'Remove the hardcoded secret. Use environment variables server-side. Never expose secrets to LLM prompts.',
+                confidence: 'high',
+                layer: 2,
+                requiresAIValidation: false,
+            });
+        }
+    }
+    // ========== NEW: Variable flow detection ==========
+    // Detect secrets flowing from variables into prompts
+    const flowVulns = detectSecretVariableFlow(content, filePath, isTestFile);
+    vulnerabilities.push(...flowVulns);
     // Scan for missing boundary patterns (B1 continued)
     for (const pattern of MISSING_BOUNDARY_PATTERNS) {
         const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
@@ -351,6 +786,57 @@ function detectAIPromptHygiene(content, filePath) {
             });
         }
     }
+    // Scan for indirect prompt injection patterns (Phase 2)
+    for (const pattern of INDIRECT_INJECTION_PATTERNS) {
+        const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+        let match;
+        while ((match = regex.exec(content)) !== null) {
+            const lineNumber = content.substring(0, match.index).split('\n').length;
+            const lineContent = lines[lineNumber - 1]?.trim() || '';
+            // Skip comments
+            if ((0, context_helpers_1.isComment)(lineContent))
+                continue;
+            let severity = pattern.severity;
+            let description = pattern.description;
+            // Check for content filtering/sanitization
+            const hasFiltering = hasContentFiltering(content, lineNumber);
+            const hasDelimiters = hasExternalContentDelimiters(content, lineNumber);
+            if (hasFiltering && hasDelimiters) {
+                // Both mitigations present - fully mitigated
+                severity = 'info';
+                description += ' (Content filtering and delimiters detected - mitigated.)';
+            }
+            else if (hasFiltering) {
+                // Partial mitigation - filtering present
+                severity = severity === 'high' ? 'medium' : 'low';
+                description += ' (Content filtering detected.)';
+            }
+            else if (hasDelimiters) {
+                // Partial mitigation - delimiters present
+                severity = severity === 'high' ? 'medium' : 'low';
+                description += ' (External content delimiters detected.)';
+            }
+            // Downgrade test files
+            if (isTestFile) {
+                severity = 'info';
+                description += ' (in test file)';
+            }
+            vulnerabilities.push({
+                id: `ai-indirect-injection-${filePath}-${lineNumber}-${pattern.name.replace(/\s+/g, '-')}`,
+                filePath,
+                lineNumber,
+                lineContent,
+                severity,
+                category: 'ai_prompt_injection',
+                title: pattern.name + ' (Indirect Injection)',
+                description,
+                suggestedFix: pattern.suggestedFix,
+                confidence: severity === 'info' ? 'low' : 'medium',
+                layer: 2,
+                requiresAIValidation: severity !== 'info',
+            });
+        }
+    }
     return vulnerabilities;
 }
 //# sourceMappingURL=ai-prompt-hygiene.js.map