@oculum/scanner 1.0.9 → 1.0.11

package/dist/layer3/anthropic/types.js

@@ -0,0 +1,38 @@
+"use strict";
+/**
+ * Type definitions for AI validation module
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createStatsAccumulator = createStatsAccumulator;
+exports.createInitialStats = createInitialStats;
+function createStatsAccumulator() {
+    return {
+        apiCalls: 0,
+        estimatedInputTokens: 0,
+        estimatedOutputTokens: 0,
+        cacheReadTokens: 0,
+        estimatedCost: 0,
+        validatedFindings: 0,
+        confirmedFindings: 0,
+        dismissedFindings: 0,
+        downgradedFindings: 0,
+    };
+}
+function createInitialStats(totalFindings) {
+    return {
+        totalFindings,
+        validatedFindings: 0,
+        confirmedFindings: 0,
+        dismissedFindings: 0,
+        downgradedFindings: 0,
+        autoDismissedFindings: 0,
+        estimatedInputTokens: 0,
+        estimatedOutputTokens: 0,
+        estimatedCost: 0,
+        apiCalls: 0,
+        cacheCreationTokens: 0,
+        cacheReadTokens: 0,
+        cacheHitRate: 0,
+    };
+}
+//# sourceMappingURL=types.js.map

package/dist/layer3/anthropic/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/layer3/anthropic/types.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAmHH,wDAYC;AAED,gDAgBC;AA9BD,SAAgB,sBAAsB;IACpC,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,oBAAoB,EAAE,CAAC;QACvB,qBAAqB,EAAE,CAAC;QACxB,eAAe,EAAE,CAAC;QAClB,aAAa,EAAE,CAAC;QAChB,iBAAiB,EAAE,CAAC;QACpB,iBAAiB,EAAE,CAAC;QACpB,iBAAiB,EAAE,CAAC;QACpB,kBAAkB,EAAE,CAAC;KACtB,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAAC,aAAqB;IACtD,OAAO;QACL,aAAa;QACb,iBAAiB,EAAE,CAAC;QACpB,iBAAiB,EAAE,CAAC;QACpB,iBAAiB,EAAE,CAAC;QACpB,kBAAkB,EAAE,CAAC;QACrB,qBAAqB,EAAE,CAAC;QACxB,oBAAoB,EAAE,CAAC;QACvB,qBAAqB,EAAE,CAAC;QACxB,aAAa,EAAE,CAAC;QAChB,QAAQ,EAAE,CAAC;QACX,mBAAmB,EAAE,CAAC;QACtB,eAAe,EAAE,CAAC;QAClB,YAAY,EAAE,CAAC;KAChB,CAAA;AACH,CAAC"}

package/dist/layer3/anthropic/utils/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Utility Functions Index
+ *
+ * Re-exports all utility functions from the anthropic module.
+ */
+export { normalizePathForComparison, findMatchingFilePath, getLanguageFromPath, } from './path-helpers';
+export { makeAnthropicRequestWithRetry, makeOpenAIRequestWithRetry, } from './retry';
+export { parseAIResponse, parseValidationResponse, parseMultiFileValidationResponse, applyValidationResults, validateSeverity, validateCategory, getLineContent, } from './response-parser';
+//# sourceMappingURL=index.d.ts.map

package/dist/layer3/anthropic/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,gBAAgB,CAAA;AAEvB,OAAO,EACL,6BAA6B,EAC7B,0BAA0B,GAC3B,MAAM,SAAS,CAAA;AAEhB,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,gCAAgC,EAChC,sBAAsB,EACtB,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,GACf,MAAM,mBAAmB,CAAA"}

package/dist/layer3/anthropic/utils/index.js

@@ -0,0 +1,24 @@
+"use strict";
+/**
+ * Utility Functions Index
+ *
+ * Re-exports all utility functions from the anthropic module.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getLineContent = exports.validateCategory = exports.validateSeverity = exports.applyValidationResults = exports.parseMultiFileValidationResponse = exports.parseValidationResponse = exports.parseAIResponse = exports.makeOpenAIRequestWithRetry = exports.makeAnthropicRequestWithRetry = exports.getLanguageFromPath = exports.findMatchingFilePath = exports.normalizePathForComparison = void 0;
+var path_helpers_1 = require("./path-helpers");
+Object.defineProperty(exports, "normalizePathForComparison", { enumerable: true, get: function () { return path_helpers_1.normalizePathForComparison; } });
+Object.defineProperty(exports, "findMatchingFilePath", { enumerable: true, get: function () { return path_helpers_1.findMatchingFilePath; } });
+Object.defineProperty(exports, "getLanguageFromPath", { enumerable: true, get: function () { return path_helpers_1.getLanguageFromPath; } });
+var retry_1 = require("./retry");
+Object.defineProperty(exports, "makeAnthropicRequestWithRetry", { enumerable: true, get: function () { return retry_1.makeAnthropicRequestWithRetry; } });
+Object.defineProperty(exports, "makeOpenAIRequestWithRetry", { enumerable: true, get: function () { return retry_1.makeOpenAIRequestWithRetry; } });
+var response_parser_1 = require("./response-parser");
+Object.defineProperty(exports, "parseAIResponse", { enumerable: true, get: function () { return response_parser_1.parseAIResponse; } });
+Object.defineProperty(exports, "parseValidationResponse", { enumerable: true, get: function () { return response_parser_1.parseValidationResponse; } });
+Object.defineProperty(exports, "parseMultiFileValidationResponse", { enumerable: true, get: function () { return response_parser_1.parseMultiFileValidationResponse; } });
+Object.defineProperty(exports, "applyValidationResults", { enumerable: true, get: function () { return response_parser_1.applyValidationResults; } });
+Object.defineProperty(exports, "validateSeverity", { enumerable: true, get: function () { return response_parser_1.validateSeverity; } });
+Object.defineProperty(exports, "validateCategory", { enumerable: true, get: function () { return response_parser_1.validateCategory; } });
+Object.defineProperty(exports, "getLineContent", { enumerable: true, get: function () { return response_parser_1.getLineContent; } });
+//# sourceMappingURL=index.js.map

package/dist/layer3/anthropic/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,+CAIuB;AAHrB,0HAAA,0BAA0B,OAAA;AAC1B,oHAAA,oBAAoB,OAAA;AACpB,mHAAA,mBAAmB,OAAA;AAGrB,iCAGgB;AAFd,sHAAA,6BAA6B,OAAA;AAC7B,mHAAA,0BAA0B,OAAA;AAG5B,qDAQ0B;AAPxB,kHAAA,eAAe,OAAA;AACf,0HAAA,uBAAuB,OAAA;AACvB,mIAAA,gCAAgC,OAAA;AAChC,yHAAA,sBAAsB,OAAA;AACtB,mHAAA,gBAAgB,OAAA;AAChB,mHAAA,gBAAgB,OAAA;AAChB,iHAAA,cAAc,OAAA"}

package/dist/layer3/anthropic/utils/path-helpers.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Path Normalization Helpers
+ *
+ * Functions for normalizing and matching file paths in AI responses.
+ * AI models may return paths in different formats than expected.
+ */
+/**
+ * Normalize a file path for comparison purposes.
+ * Handles common variations: ./src/file.ts, src/file.ts, /src/file.ts
+ */
+export declare function normalizePathForComparison(path: string): string;
+/**
+ * Find a matching file path from expected paths, handling path format variations.
+ * AI responses may use different path formats than what we sent.
+ */
+export declare function findMatchingFilePath(responsePath: string, expectedPaths: string[]): string | null;
+/**
+ * Get language identifier from file path extension
+ */
+export declare function getLanguageFromPath(path: string): string;
+//# sourceMappingURL=path-helpers.d.ts.map

package/dist/layer3/anthropic/utils/path-helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-helpers.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/path-helpers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAK/D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,MAAM,GAAG,IAAI,CAsBjG;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAkBxD"}

package/dist/layer3/anthropic/utils/path-helpers.js

@@ -0,0 +1,69 @@
+"use strict";
+/**
+ * Path Normalization Helpers
+ *
+ * Functions for normalizing and matching file paths in AI responses.
+ * AI models may return paths in different formats than expected.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizePathForComparison = normalizePathForComparison;
+exports.findMatchingFilePath = findMatchingFilePath;
+exports.getLanguageFromPath = getLanguageFromPath;
+/**
+ * Normalize a file path for comparison purposes.
+ * Handles common variations: ./src/file.ts, src/file.ts, /src/file.ts
+ */
+function normalizePathForComparison(path) {
+    return path
+        .replace(/^\.\//, '') // Remove leading ./
+        .replace(/^\//, '') // Remove leading /
+        .replace(/\\/g, '/'); // Normalize Windows backslashes
+}
+/**
+ * Find a matching file path from expected paths, handling path format variations.
+ * AI responses may use different path formats than what we sent.
+ */
+function findMatchingFilePath(responsePath, expectedPaths) {
+    // Exact match first
+    if (expectedPaths.includes(responsePath))
+        return responsePath;
+    // Normalized match
+    const normalized = normalizePathForComparison(responsePath);
+    for (const expected of expectedPaths) {
+        if (normalizePathForComparison(expected) === normalized) {
+            console.log(`[AI Validation] Path fuzzy matched: "${responsePath}" -> "${expected}"`);
+            return expected;
+        }
+    }
+    // Basename match (only if unique) - handles cases like "file.ts" matching "src/api/file.ts"
+    const basename = responsePath.split('/').pop() || responsePath;
+    const matches = expectedPaths.filter(p => (p.split('/').pop() || p) === basename);
+    if (matches.length === 1) {
+        console.log(`[AI Validation] Path basename matched: "${responsePath}" -> "${matches[0]}"`);
+        return matches[0];
+    }
+    return null;
+}
+/**
+ * Get language identifier from file path extension
+ */
+function getLanguageFromPath(path) {
+    const ext = path.split('.').pop()?.toLowerCase();
+    const langMap = {
+        ts: 'typescript',
+        tsx: 'tsx',
+        js: 'javascript',
+        jsx: 'jsx',
+        py: 'python',
+        rb: 'ruby',
+        go: 'go',
+        java: 'java',
+        php: 'php',
+        cs: 'csharp',
+        json: 'json',
+        yaml: 'yaml',
+        yml: 'yaml',
+    };
+    return langMap[ext || ''] || ext || 'text';
+}
+//# sourceMappingURL=path-helpers.js.map

package/dist/layer3/anthropic/utils/path-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-helpers.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/path-helpers.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAMH,gEAKC;AAMD,oDAsBC;AAKD,kDAkBC;AA5DD;;;GAGG;AACH,SAAgB,0BAA0B,CAAC,IAAY;IACrD,OAAO,IAAI;SACR,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAE,oBAAoB;SAC1C,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAI,mBAAmB;SACzC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA,CAAG,gCAAgC;AAC3D,CAAC;AAED;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,YAAoB,EAAE,aAAuB;IAChF,oBAAoB;IACpB,IAAI,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,YAAY,CAAA;IAE7D,mBAAmB;IACnB,MAAM,UAAU,GAAG,0BAA0B,CAAC,YAAY,CAAC,CAAA;IAC3D,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,IAAI,0BAA0B,CAAC,QAAQ,CAAC,KAAK,UAAU,EAAE,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,wCAAwC,YAAY,SAAS,QAAQ,GAAG,CAAC,CAAA;YACrF,OAAO,QAAQ,CAAA;QACjB,CAAC;IACH,CAAC;IAED,4FAA4F;IAC5F,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,YAAY,CAAA;IAC9D,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAA;IACjF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,2CAA2C,YAAY,SAAS,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QAC1F,OAAO,OAAO,CAAC,CAAC,CAAC,CAAA;IACnB,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,CAAA;IAChD,MAAM,OAAO,GAA2B;QACtC,EAAE,EAAE,YAAY;QAChB,GAAG,EAAE,KAAK;QACV,EAAE,EAAE,YAAY;QAChB,GAAG,EAAE,KAAK;QACV,EAAE,EAAE,QAAQ;QACZ,EAAE,EAAE,MAAM;QACV,EAAE,EAAE,IAAI;QACR,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,KAAK;QACV,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,MAAM;KACZ,CAAA;IACD,OAAO,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC,IAAI,GAAG,IAAI,MAAM,CAAA;AAC5C,CAAC"}

package/dist/layer3/anthropic/utils/response-parser.d.ts

@@ -0,0 +1,40 @@
+/**
+ * AI Response Parsing Utilities
+ *
+ * Functions for parsing validation responses from AI models.
+ */
+import type { VulnerabilitySeverity, VulnerabilityCategory, Vulnerability } from '../../../types';
+import type { ValidationResult, AIFinding } from '../types';
+/**
+ * Parse AI response for single file validation
+ */
+export declare function parseAIResponse(response: string): AIFinding[];
+/**
+ * Parse single-file validation response
+ */
+export declare function parseValidationResponse(response: string): ValidationResult[];
+/**
+ * Parse multi-file validation response (Phase 2)
+ * Returns a map of file path -> validation results
+ */
+export declare function parseMultiFileValidationResponse(response: string, expectedFiles: string[]): Map<string, ValidationResult[]>;
+/**
+ * Apply validation results to findings
+ */
+export declare function applyValidationResults(findings: Vulnerability[], validationResults: ValidationResult[]): {
+    processed: Vulnerability[];
+    dismissedCount: number;
+};
+/**
+ * Validate severity value from AI response
+ */
+export declare function validateSeverity(severity: string): VulnerabilitySeverity;
+/**
+ * Validate category value from AI response
+ */
+export declare function validateCategory(category: string): VulnerabilityCategory;
+/**
+ * Get line content from file content by line number
+ */
+export declare function getLineContent(content: string, lineNumber: number): string;
+//# sourceMappingURL=response-parser.d.ts.map

package/dist/layer3/anthropic/utils/response-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-parser.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/response-parser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,aAAa,EAAoB,MAAM,gBAAgB,CAAA;AACnH,OAAO,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAwD3D;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,CAiC7D;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,GAAG,gBAAgB,EAAE,CAkC5E;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,CAC9C,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EAAE,GACtB,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAqEjC;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,aAAa,EAAE,EACzB,iBAAiB,EAAE,gBAAgB,EAAE,GACpC;IAAE,SAAS,EAAE,aAAa,EAAE,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,CA8DxD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,qBAAqB,CAKxE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,qBAAqB,CAYxE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,CAG1E"}

package/dist/layer3/anthropic/utils/response-parser.js

@@ -0,0 +1,285 @@
+"use strict";
+/**
+ * AI Response Parsing Utilities
+ *
+ * Functions for parsing validation responses from AI models.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseAIResponse = parseAIResponse;
+exports.parseValidationResponse = parseValidationResponse;
+exports.parseMultiFileValidationResponse = parseMultiFileValidationResponse;
+exports.applyValidationResults = applyValidationResults;
+exports.validateSeverity = validateSeverity;
+exports.validateCategory = validateCategory;
+exports.getLineContent = getLineContent;
+const path_helpers_1 = require("./path-helpers");
+/**
+ * Extract the first top-level JSON array from text.
+ * The model may include prose before/after the JSON.
+ */
+function extractTopLevelArray(text) {
+    const startIndex = text.indexOf('[');
+    if (startIndex === -1)
+        return null;
+    let depth = 0;
+    let inString = false;
+    let stringChar = null;
+    let escape = false;
+    for (let i = startIndex; i < text.length; i++) {
+        const ch = text[i];
+        if (inString) {
+            if (escape) {
+                escape = false;
+                continue;
+            }
+            if (ch === '\\') {
+                escape = true;
+                continue;
+            }
+            if (stringChar && ch === stringChar) {
+                inString = false;
+                stringChar = null;
+            }
+            continue;
+        }
+        if (ch === '"' || ch === "'") {
+            inString = true;
+            stringChar = ch;
+            continue;
+        }
+        if (ch === '[') {
+            depth++;
+        }
+        else if (ch === ']') {
+            depth--;
+            if (depth === 0) {
+                return text.slice(startIndex, i + 1);
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Parse AI response for single file validation
+ */
+function parseAIResponse(response) {
+    try {
+        // Try to extract JSON from the response
+        const jsonMatch = response.match(/\[[\s\S]*\]/);
+        if (!jsonMatch) {
+            return [];
+        }
+        const parsed = JSON.parse(jsonMatch[0]);
+        // Validate the structure
+        if (!Array.isArray(parsed)) {
+            return [];
+        }
+        return parsed.filter(item => typeof item.lineNumber === 'number' &&
+            typeof item.severity === 'string' &&
+            typeof item.category === 'string' &&
+            typeof item.title === 'string' &&
+            typeof item.description === 'string').map(item => ({
+            lineNumber: item.lineNumber,
+            severity: validateSeverity(item.severity),
+            category: validateCategory(item.category),
+            title: item.title,
+            description: item.description,
+            suggestedFix: item.suggestedFix || 'Review and fix the security issue',
+        }));
+    }
+    catch (error) {
+        console.error('Failed to parse AI response:', error);
+        return [];
+    }
+}
+/**
+ * Parse single-file validation response
+ */
+function parseValidationResponse(response) {
+    try {
+        const jsonSlice = extractTopLevelArray(response);
+        if (!jsonSlice)
+            return [];
+        const parsed = JSON.parse(jsonSlice);
+        if (!Array.isArray(parsed))
+            return [];
+        return parsed
+            .filter(item => typeof item.index === 'number' &&
+            typeof item.keep === 'boolean')
+            .map(item => {
+            // Normalize notes field: prefer new 'notes', fallback to legacy 'reason' or 'validationNotes'
+            const notes = item.notes || item.validationNotes || item.reason || undefined;
+            return {
+                index: item.index,
+                keep: item.keep,
+                notes,
+                adjustedSeverity: item.adjustedSeverity || null,
+                // Keep legacy fields for backward compatibility
+                reason: item.reason,
+                validationNotes: item.validationNotes,
+                // Actionable output fields (PRO-82)
+                impact: item.impact || undefined,
+                fixSuggestion: item.fixSuggestion || undefined,
+            };
+        });
+    }
+    catch (error) {
+        console.error('Failed to parse validation response:', error);
+        return [];
+    }
+}
+/**
+ * Parse multi-file validation response (Phase 2)
+ * Returns a map of file path -> validation results
+ */
+function parseMultiFileValidationResponse(response, expectedFiles) {
+    const resultMap = new Map();
+    try {
+        const jsonSlice = extractTopLevelArray(response);
+        if (!jsonSlice) {
+            console.error('[AI Validation] Multi-file: No JSON array found in response');
+            return resultMap;
+        }
+        const parsed = JSON.parse(jsonSlice);
+        if (!Array.isArray(parsed)) {
+            console.error('[AI Validation] Multi-file: Parsed result is not an array');
+            return resultMap;
+        }
+        // Process each file's results
+        for (const fileResult of parsed) {
+            if (!fileResult.file || !Array.isArray(fileResult.validations)) {
+                console.warn('[AI Validation] Multi-file: Invalid file result structure, skipping');
+                continue;
+            }
+            // Use path normalization to match AI response paths to expected paths
+            const responsePath = fileResult.file;
+            const matchedPath = (0, path_helpers_1.findMatchingFilePath)(responsePath, expectedFiles);
+            if (!matchedPath) {
+                console.warn(`[AI Validation] Multi-file: Could not match path "${responsePath}" to any expected file`);
+                continue;
+            }
+            const validations = fileResult.validations
+                .filter((item) => typeof item.index === 'number' &&
+                typeof item.keep === 'boolean')
+                .map((item) => {
+                // Normalize notes field: prefer new 'notes', fallback to legacy 'reason' or 'validationNotes'
+                const notes = item.notes || item.validationNotes || item.reason || undefined;
+                return {
+                    index: item.index,
+                    keep: item.keep,
+                    notes,
+                    adjustedSeverity: item.adjustedSeverity || null,
+                    // Keep legacy fields for backward compatibility
+                    reason: item.reason,
+                    validationNotes: item.validationNotes,
+                    // Actionable output fields (PRO-82)
+                    impact: item.impact || undefined,
+                    fixSuggestion: item.fixSuggestion || undefined,
+                };
+            });
+            resultMap.set(matchedPath, validations);
+        }
+        // Log any files that weren't in the response (these will be REJECTED by default)
+        const missingFiles = expectedFiles.filter(f => !resultMap.has(f));
+        if (missingFiles.length > 0) {
+            console.warn(`[AI Validation] Multi-file: Missing ${missingFiles.length} files from response: ${missingFiles.join(', ')}`);
+        }
+    }
+    catch (error) {
+        console.error('[AI Validation] Multi-file: Failed to parse response:', error);
+    }
+    return resultMap;
+}
+/**
+ * Apply validation results to findings
+ */
+function applyValidationResults(findings, validationResults) {
+    const processed = [];
+    let dismissedCount = 0;
+    for (let i = 0; i < findings.length; i++) {
+        const finding = findings[i];
+        const validation = validationResults.find(v => v.index === i);
+        if (!validation) {
+            // No validation result - REJECT by default (conservative approach)
+            // If AI doesn't explicitly validate a finding, assume it's a false positive
+            console.warn(`[AI Validation] No result for finding ${i}: ${finding.title} - REJECTING`);
+            dismissedCount++;
+            continue; // Don't add to processed - finding is removed
+        }
+        if (validation.keep) {
+            // Keep the finding
+            const adjustedFinding = {
+                ...finding,
+                validatedByAI: true,
+                confidence: 'high',
+            };
+            // Extract notes from optimized or legacy format
+            const validationNotes = validation.notes || validation.validationNotes || validation.reason || undefined;
+            if (validation.adjustedSeverity && validation.adjustedSeverity !== finding.severity) {
+                // Severity was adjusted
+                adjustedFinding.originalSeverity = finding.severity;
+                adjustedFinding.severity = validation.adjustedSeverity;
+                adjustedFinding.validationStatus = 'downgraded';
+                adjustedFinding.validationNotes = validationNotes || 'Severity adjusted by AI validation';
+            }
+            else {
+                // Confirmed at original severity
+                adjustedFinding.validationStatus = 'confirmed';
+                adjustedFinding.validationNotes = validationNotes;
+            }
+            // Apply AI-generated actionable fields (PRO-82)
+            if (validation.impact) {
+                adjustedFinding.impact = validation.impact;
+                adjustedFinding.aiEnhanced = true;
+            }
+            if (validation.fixSuggestion) {
+                // AI-generated fix becomes the primary fix step
+                adjustedFinding.fixSteps = [validation.fixSuggestion];
+                adjustedFinding.aiEnhanced = true;
+            }
+            processed.push(adjustedFinding);
+        }
+        else {
+            // Finding was dismissed - only log in debug mode to reduce noise
+            if (process.env.DEBUG || process.env.OCULUM_DEBUG) {
+                console.log(`[AI Validation] Rejected: ${finding.title} at ${finding.filePath}:${finding.lineNumber}`);
+            }
+            dismissedCount++;
+            // Don't add to processed - finding is removed
+        }
+    }
+    return { processed, dismissedCount };
+}
+/**
+ * Validate severity value from AI response
+ */
+function validateSeverity(severity) {
+    const valid = ['critical', 'high', 'medium', 'low', 'info'];
+    return valid.includes(severity)
+        ? severity
+        : 'medium';
+}
+/**
+ * Validate category value from AI response
+ */
+function validateCategory(category) {
+    const valid = [
+        'sql_injection', 'xss', 'command_injection', 'missing_auth',
+        'dangerous_function', 'hardcoded_secret', 'high_entropy_string',
+        'sensitive_variable', 'security_bypass', 'insecure_config',
+        'suspicious_package', 'cors_misconfiguration', 'root_container',
+        'weak_crypto', 'sensitive_url', 'ai_pattern', 'dangerous_file',
+        'data_exposure', // For logging/exposing sensitive data
+    ];
+    return valid.includes(category)
+        ? category
+        : 'dangerous_function';
+}
+/**
+ * Get line content from file content by line number
+ */
+function getLineContent(content, lineNumber) {
+    const lines = content.split('\n');
+    return lines[lineNumber - 1]?.trim() || '';
+}
+//# sourceMappingURL=response-parser.js.map

package/dist/layer3/anthropic/utils/response-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-parser.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/response-parser.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AA8DH,0CAiCC;AAKD,0DAkCC;AAMD,4EAwEC;AAKD,wDAiEC;AAKD,4CAKC;AAKD,4CAYC;AAKD,wCAGC;AAzTD,iDAAqD;AAErD;;;GAGG;AACH,SAAS,oBAAoB,CAAC,IAAY;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACpC,IAAI,UAAU,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAElC,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,IAAI,QAAQ,GAAG,KAAK,CAAA;IACpB,IAAI,UAAU,GAAqB,IAAI,CAAA;IACvC,IAAI,MAAM,GAAG,KAAK,CAAA;IAElB,KAAK,IAAI,CAAC,GAAG,UAAU,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAElB,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,GAAG,KAAK,CAAA;gBACd,SAAQ;YACV,CAAC;YAED,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;gBAChB,MAAM,GAAG,IAAI,CAAA;gBACb,SAAQ;YACV,CAAC;YAED,IAAI,UAAU,IAAI,EAAE,KAAK,UAAU,EAAE,CAAC;gBACpC,QAAQ,GAAG,KAAK,CAAA;gBAChB,UAAU,GAAG,IAAI,CAAA;YACnB,CAAC;YACD,SAAQ;QACV,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAC7B,QAAQ,GAAG,IAAI,CAAA;YACf,UAAU,GAAG,EAAe,CAAA;YAC5B,SAAQ;QACV,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,KAAK,EAAE,CAAA;QACT,CAAC;aAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACtB,KAAK,EAAE,CAAA;YACP,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBAChB,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,CAAA;YACtC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;QAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,EAAE,CAAA;QACX,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAA;QAEvC,yBAAyB;QACzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,CAAA;QACX,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAC1B,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;YACnC,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;YACjC,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;YACjC,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;YAC9B,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ,CACrC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACb,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;YACzC,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;YACzC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,mCAAmC;SACvE,CAAC,CAAC,CAAA;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAA;QACpD,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,uBAAuB,CAAC,QAAgB;IACtD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;QAChD,IAAI,CAAC,SAAS;YAAE,OAAO,EAAE,CAAA;QAEzB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACpC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,OAAO,EAAE,CAAA;QAErC,OAAO,MAAM;aACV,MAAM,CAAC,IAAI,CAAC,EAAE,CACb,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;YAC9B,OAAO,IAAI,CAAC,IAAI,KAAK,SAAS,CAC/B;aACA,GAAG,CAAC,IAAI,CAAC,EAAE;YACV,8FAA8F;YAC9F,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,MAAM,IAAI,SAAS,CAAA;YAE5E,OAAO;gBACL,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,KAAK;gBACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,IAAI;gBAC/C,gDAAgD;gBAChD,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,oCAAoC;gBACpC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;gBAChC,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,SAAS;aAC/C,CAAA;QACH,CAAC,CAAC,CAAA;IACN,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAA;QAC5D,OAAO,EAAE,CAAA;IACX,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,gCAAgC,CAC9C,QAAgB,EAChB,aAAuB;IAEvB,MAAM,SAAS,GAAG,IAAI,GAAG,EAA8B,CAAA;IAEvD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;QAChD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAA;YAC5E,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QACpC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAA;YAC1E,OAAO,SAAS,CAAA;QAClB,CAAC;QAED,8BAA8B;QAC9B,KAAK,MAAM,UAAU,IAAI,MAAM,EAAE,CAAC;YAChC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC/D,OAAO,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAA;gBACnF,SAAQ;YACV,CAAC;YAED,sEAAsE;YACtE,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAA;YACpC,MAAM,WAAW,GAAG,IAAA,mCAAoB,EAAC,YAAY,EAAE,aAAa,CAAC,CAAA;YAErE,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC,qDAAqD,YAAY,wBAAwB,CAAC,CAAA;gBACvG,SAAQ;YACV,CAAC;YAED,MAAM,WAAW,GAAuB,UAAU,CAAC,WAAW;iBAC3D,MAAM,CAAC,CAAC,IAAS,EAAE,EAAE,CACpB,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;gBAC9B,OAAO,IAAI,CAAC,IAAI,KAAK,SAAS,CAC/B;iBACA,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE;gBACjB,8FAA8F;gBAC9F,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,MAAM,IAAI,SAAS,CAAA;gBAE5E,OAAO;oBACL,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK;oBACL,gBAAgB,EAAE,IAAI,CAAC,gBAAgB,IAAI,IAAI;oBAC/C,gDAAgD;oBAChD,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,eAAe,EAAE,IAAI,CAAC,eAAe;oBACrC,oCAAoC;oBACpC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;oBAChC,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,SAAS;iBAC/C,CAAA;YACH,CAAC,CAAC,CAAA;YAEJ,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAA;QACzC,CAAC;QAED,iFAAiF;QACjF,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CAAC,uCAAuC,YAAY,CAAC,MAAM,yBAAyB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC5H,CAAC;IAEH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,uDAAuD,EAAE,KAAK,CAAC,CAAA;IAC/E,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,QAAyB,EACzB,iBAAqC;IAErC,MAAM,SAAS,GAAoB,EAAE,CAAA;IACrC,IAAI,cAAc,GAAG,CAAC,CAAA;IAEtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;QAC3B,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAA;QAE7D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,mEAAmE;YACnE,4EAA4E;YAC5E,OAAO,CAAC,IAAI,CAAC,yCAAyC,CAAC,KAAK,OAAO,CAAC,KAAK,cAAc,CAAC,CAAA;YACxF,cAAc,EAAE,CAAA;YAChB,SAAQ,CAAE,8CAA8C;QAC1D,CAAC;QAED,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,mBAAmB;YACnB,MAAM,eAAe,GAAkB;gBACrC,GAAG,OAAO;gBACV,aAAa,EAAE,IAAI;gBACnB,UAAU,EAAE,MAAM;aACnB,CAAA;YAED,gDAAgD;YAChD,MAAM,eAAe,GAAG,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,eAAe,IAAI,UAAU,CAAC,MAAM,IAAI,SAAS,CAAA;YAExG,IAAI,UAAU,CAAC,gBAAgB,IAAI,UAAU,CAAC,gBAAgB,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACpF,wBAAwB;gBACxB,eAAe,CAAC,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAA;gBACnD,eAAe,CAAC,QAAQ,GAAG,UAAU,CAAC,gBAAgB,CAAA;gBACtD,eAAe,CAAC,gBAAgB,GAAG,YAAgC,CAAA;gBACnE,eAAe,CAAC,eAAe,GAAG,eAAe,IAAI,oCAAoC,CAAA;YAC3F,CAAC;iBAAM,CAAC;gBACN,iCAAiC;gBACjC,eAAe,CAAC,gBAAgB,GAAG,WAA+B,CAAA;gBAClE,eAAe,CAAC,eAAe,GAAG,eAAe,CAAA;YACnD,CAAC;YAED,gDAAgD;YAChD,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;gBACtB,eAAe,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;gBAC1C,eAAe,CAAC,UAAU,GAAG,IAAI,CAAA;YACnC,CAAC;YACD,IAAI,UAAU,CAAC,aAAa,EAAE,CAAC;gBAC7B,gDAAgD;gBAChD,eAAe,CAAC,QAAQ,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;gBACrD,eAAe,CAAC,UAAU,GAAG,IAAI,CAAA;YACnC,CAAC;YAED,SAAS,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;QACjC,CAAC;aAAM,CAAC;YACN,iEAAiE;YACjE,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,6BAA6B,OAAO,CAAC,KAAK,OAAO,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC,CAAA;YACxG,CAAC;YACD,cAAc,EAAE,CAAA;YAChB,8CAA8C;QAChD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,CAAA;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,KAAK,GAA4B,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;IACpF,OAAO,KAAK,CAAC,QAAQ,CAAC,QAAiC,CAAC;QACtD,CAAC,CAAC,QAAiC;QACnC,CAAC,CAAC,QAAQ,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,KAAK,GAA4B;QACrC,eAAe,EAAE,KAAK,EAAE,mBAAmB,EAAE,cAAc;QAC3D,oBAAoB,EAAE,kBAAkB,EAAE,qBAAqB;QAC/D,oBAAoB,EAAE,iBAAiB,EAAE,iBAAiB;QAC1D,oBAAoB,EAAE,uBAAuB,EAAE,gBAAgB;QAC/D,aAAa,EAAE,eAAe,EAAE,YAAY,EAAE,gBAAgB;QAC9D,eAAe,EAAG,sCAAsC;KACzD,CAAA;IACD,OAAO,KAAK,CAAC,QAAQ,CAAC,QAAiC,CAAC;QACtD,CAAC,CAAC,QAAiC;QACnC,CAAC,CAAC,oBAAoB,CAAA;AAC1B,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,OAAe,EAAE,UAAkB;IAChE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,OAAO,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;AAC5C,CAAC"}

package/dist/layer3/anthropic/utils/retry.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Retry Logic for AI API Calls
+ *
+ * Implements exponential backoff for rate limit handling.
+ */
+/**
+ * Helper function to make Anthropic API calls with retry logic for rate limiting
+ * Implements exponential backoff for 429 (rate limit) errors
+ */
+export declare function makeAnthropicRequestWithRetry<T>(requestFn: () => Promise<T>, maxRetries?: number, initialDelayMs?: number): Promise<T>;
+/**
+ * Helper to make OpenAI requests with retry logic for rate limits
+ */
+export declare function makeOpenAIRequestWithRetry<T>(requestFn: () => Promise<T>, maxRetries?: number, initialDelayMs?: number): Promise<T>;
+//# sourceMappingURL=retry.d.ts.map

package/dist/layer3/anthropic/utils/retry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry.d.ts","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/retry.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,wBAAsB,6BAA6B,CAAC,CAAC,EACnD,SAAS,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAC3B,UAAU,GAAE,MAAU,EACtB,cAAc,GAAE,MAAa,GAC5B,OAAO,CAAC,CAAC,CAAC,CA0BZ;AAED;;GAEG;AACH,wBAAsB,0BAA0B,CAAC,CAAC,EAChD,SAAS,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAC3B,UAAU,SAAI,EACd,cAAc,SAAO,GACpB,OAAO,CAAC,CAAC,CAAC,CAyBZ"}

package/dist/layer3/anthropic/utils/retry.js

@@ -0,0 +1,62 @@
+"use strict";
+/**
+ * Retry Logic for AI API Calls
+ *
+ * Implements exponential backoff for rate limit handling.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.makeAnthropicRequestWithRetry = makeAnthropicRequestWithRetry;
+exports.makeOpenAIRequestWithRetry = makeOpenAIRequestWithRetry;
+/**
+ * Helper function to make Anthropic API calls with retry logic for rate limiting
+ * Implements exponential backoff for 429 (rate limit) errors
+ */
+async function makeAnthropicRequestWithRetry(requestFn, maxRetries = 3, initialDelayMs = 1000) {
+    let lastError = null;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+            return await requestFn();
+        }
+        catch (error) {
+            lastError = error;
+            // Check if it's a rate limit error (429)
+            const isRateLimit = error?.status === 429 || error?.message?.includes('rate limit');
+            if (isRateLimit && attempt < maxRetries) {
+                // Exponential backoff: 1s, 2s, 4s
+                const delayMs = initialDelayMs * Math.pow(2, attempt);
+                console.log(`[AI Validation] Rate limit hit, retrying in ${delayMs}ms (attempt ${attempt + 1}/${maxRetries})`);
+                await new Promise(resolve => setTimeout(resolve, delayMs));
+                continue;
+            }
+            // If not rate limit or max retries reached, throw
+            throw error;
+        }
+    }
+    throw lastError || new Error('Max retries exceeded');
+}
+/**
+ * Helper to make OpenAI requests with retry logic for rate limits
+ */
+async function makeOpenAIRequestWithRetry(requestFn, maxRetries = 3, initialDelayMs = 1000) {
+    let lastError = null;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        try {
+            return await requestFn();
+        }
+        catch (error) {
+            lastError = error;
+            // Check if it's a rate limit error (429) - but NOT insufficient_quota
+            const isRateLimit = error?.status === 429 && error?.code !== 'insufficient_quota';
+            if (isRateLimit && attempt < maxRetries) {
+                const delayMs = initialDelayMs * Math.pow(2, attempt);
+                console.log(`[OpenAI Validation] Rate limit hit, retrying in ${delayMs}ms (attempt ${attempt + 1}/${maxRetries})`);
+                await new Promise(resolve => setTimeout(resolve, delayMs));
+                continue;
+            }
+            // If it's a quota error or max retries reached, throw
+            throw error;
+        }
+    }
+    throw lastError || new Error('Max retries exceeded');
+}
+//# sourceMappingURL=retry.js.map

package/dist/layer3/anthropic/utils/retry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/utils/retry.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAMH,sEA8BC;AAKD,gEA6BC;AApED;;;GAGG;AACI,KAAK,UAAU,6BAA6B,CACjD,SAA2B,EAC3B,aAAqB,CAAC,EACtB,iBAAyB,IAAI;IAE7B,IAAI,SAAS,GAAiB,IAAI,CAAA;IAElC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,MAAM,SAAS,EAAE,CAAA;QAC1B,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,SAAS,GAAG,KAAK,CAAA;YAEjB,yCAAyC;YACzC,MAAM,WAAW,GAAG,KAAK,EAAE,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,YAAY,CAAC,CAAA;YAEnF,IAAI,WAAW,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;gBACxC,kCAAkC;gBAClC,MAAM,OAAO,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAA;gBACrD,OAAO,CAAC,GAAG,CAAC,+CAA+C,OAAO,eAAe,OAAO,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,CAAA;gBAC9G,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAA;gBAC1D,SAAQ;YACV,CAAC;YAED,kDAAkD;YAClD,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC;IAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;AACtD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,SAA2B,EAC3B,UAAU,GAAG,CAAC,EACd,cAAc,GAAG,IAAI;IAErB,IAAI,SAAS,GAAiB,IAAI,CAAA;IAElC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,UAAU,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,IAAI,CAAC;YACH,OAAO,MAAM,SAAS,EAAE,CAAA;QAC1B,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,SAAS,GAAG,KAAK,CAAA;YAEjB,sEAAsE;YACtE,MAAM,WAAW,GAAG,KAAK,EAAE,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,IAAI,KAAK,oBAAoB,CAAA;YAEjF,IAAI,WAAW,IAAI,OAAO,GAAG,UAAU,EAAE,CAAC;gBACxC,MAAM,OAAO,GAAG,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAA;gBACrD,OAAO,CAAC,GAAG,CAAC,mDAAmD,OAAO,eAAe,OAAO,GAAG,CAAC,IAAI,UAAU,GAAG,CAAC,CAAA;gBAClH,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAA;gBAC1D,SAAQ;YACV,CAAC;YAED,sDAAsD;YACtD,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC;IAED,MAAM,SAAS,IAAI,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;AACtD,CAAC"}

package/dist/layer3/index.d.ts

@@ -23,4 +23,5 @@ export interface Layer3Options {
 export declare function runLayer3Scan(files: ScanFile[], options?: Layer3Options): Promise<Layer3Result>;
 export { analyzeWithAI, batchAnalyzeWithAI, type Layer3Context } from './anthropic';
 export { checkPackages } from './package-check';
+export { checkPackageAdvisories } from './osv-check';
 //# sourceMappingURL=index.d.ts.map

package/dist/layer3/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/layer3/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAA;AAC1E,OAAO,EAAsB,KAAK,aAAa,EAAE,MAAM,aAAa,CAAA;AAGpE,MAAM,WAAW,YAAY;IAC3B,eAAe,EAAE,aAAa,EAAE,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;CACnB;AAcD,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,8CAA8C;IAC9C,cAAc,CAAC,EAAE,aAAa,CAAA;IAC9B,4CAA4C;IAC5C,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;CACtC;AAED,wBAAsB,aAAa,CACjC,KAAK,EAAE,QAAQ,EAAE,EACjB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC,CAgFvB;AA+BD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAA;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/layer3/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAA;AAC1E,OAAO,EAAsB,KAAK,aAAa,EAAE,MAAM,aAAa,CAAA;AAIpE,MAAM,WAAW,YAAY;IAC3B,eAAe,EAAE,aAAa,EAAE,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;CACnB;AAcD,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,8CAA8C;IAC9C,cAAc,CAAC,EAAE,aAAa,CAAA;IAC9B,4CAA4C;IAC5C,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;CACtC;AAED,wBAAsB,aAAa,CACjC,KAAK,EAAE,QAAQ,EAAE,EACjB,OAAO,GAAE,aAAkB,GAC1B,OAAO,CAAC,YAAY,CAAC,CA2FvB;AA+BD,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,KAAK,aAAa,EAAE,MAAM,aAAa,CAAA;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAA"}