npm - circle-ir-ai - Versions diffs - 1.1.0 - Mend

circle-ir-ai 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (420) hide show

package/CHANGELOG.md +105 -0
package/LICENSE +15 -0
package/README.md +336 -0
package/dist/action-queue/aggregator.d.ts +40 -0
package/dist/action-queue/aggregator.d.ts.map +1 -0
package/dist/action-queue/aggregator.js +375 -0
package/dist/action-queue/aggregator.js.map +1 -0
package/dist/action-queue/index.d.ts +14 -0
package/dist/action-queue/index.d.ts.map +1 -0
package/dist/action-queue/index.js +17 -0
package/dist/action-queue/index.js.map +1 -0
package/dist/action-queue/queue.d.ts +74 -0
package/dist/action-queue/queue.d.ts.map +1 -0
package/dist/action-queue/queue.js +433 -0
package/dist/action-queue/queue.js.map +1 -0
package/dist/action-queue/types.d.ts +162 -0
package/dist/action-queue/types.d.ts.map +1 -0
package/dist/action-queue/types.js +44 -0
package/dist/action-queue/types.js.map +1 -0
package/dist/agents/enrichment-agent.d.ts +16 -0
package/dist/agents/enrichment-agent.d.ts.map +1 -0
package/dist/agents/enrichment-agent.js +102 -0
package/dist/agents/enrichment-agent.js.map +1 -0
package/dist/agents/index.d.ts +12 -0
package/dist/agents/index.d.ts.map +1 -0
package/dist/agents/index.js +15 -0
package/dist/agents/index.js.map +1 -0
package/dist/agents/mastra/agents.d.ts +373 -0
package/dist/agents/mastra/agents.d.ts.map +1 -0
package/dist/agents/mastra/agents.js +347 -0
package/dist/agents/mastra/agents.js.map +1 -0
package/dist/agents/mastra/index.d.ts +12 -0
package/dist/agents/mastra/index.d.ts.map +1 -0
package/dist/agents/mastra/index.js +17 -0
package/dist/agents/mastra/index.js.map +1 -0
package/dist/agents/mastra/instance.d.ts +383 -0
package/dist/agents/mastra/instance.d.ts.map +1 -0
package/dist/agents/mastra/instance.js +37 -0
package/dist/agents/mastra/instance.js.map +1 -0
package/dist/agents/mastra/steps.d.ts +300 -0
package/dist/agents/mastra/steps.d.ts.map +1 -0
package/dist/agents/mastra/steps.js +468 -0
package/dist/agents/mastra/steps.js.map +1 -0
package/dist/agents/mastra/swarm.d.ts +106 -0
package/dist/agents/mastra/swarm.d.ts.map +1 -0
package/dist/agents/mastra/swarm.js +501 -0
package/dist/agents/mastra/swarm.js.map +1 -0
package/dist/agents/mastra/workflow.d.ts +81 -0
package/dist/agents/mastra/workflow.d.ts.map +1 -0
package/dist/agents/mastra/workflow.js +460 -0
package/dist/agents/mastra/workflow.js.map +1 -0
package/dist/agents/multi/agents/security.d.ts +29 -0
package/dist/agents/multi/agents/security.d.ts.map +1 -0
package/dist/agents/multi/agents/security.js +830 -0
package/dist/agents/multi/agents/security.js.map +1 -0
package/dist/agents/multi/extractor.d.ts +21 -0
package/dist/agents/multi/extractor.d.ts.map +1 -0
package/dist/agents/multi/extractor.js +483 -0
package/dist/agents/multi/extractor.js.map +1 -0
package/dist/agents/multi/index.d.ts +32 -0
package/dist/agents/multi/index.d.ts.map +1 -0
package/dist/agents/multi/index.js +34 -0
package/dist/agents/multi/index.js.map +1 -0
package/dist/agents/multi/runner.d.ts +79 -0
package/dist/agents/multi/runner.d.ts.map +1 -0
package/dist/agents/multi/runner.js +323 -0
package/dist/agents/multi/runner.js.map +1 -0
package/dist/agents/security-agent.d.ts +16 -0
package/dist/agents/security-agent.d.ts.map +1 -0
package/dist/agents/security-agent.js +299 -0
package/dist/agents/security-agent.js.map +1 -0
package/dist/agents/types.d.ts +373 -0
package/dist/agents/types.d.ts.map +1 -0
package/dist/agents/types.js +14 -0
package/dist/agents/types.js.map +1 -0
package/dist/agents/verification-agent.d.ts +23 -0
package/dist/agents/verification-agent.d.ts.map +1 -0
package/dist/agents/verification-agent.js +217 -0
package/dist/agents/verification-agent.js.map +1 -0
package/dist/agents/workflow.d.ts +30 -0
package/dist/agents/workflow.d.ts.map +1 -0
package/dist/agents/workflow.js +79 -0
package/dist/agents/workflow.js.map +1 -0
package/dist/analysis/enriched.d.ts +16 -0
package/dist/analysis/enriched.d.ts.map +1 -0
package/dist/analysis/enriched.js +297 -0
package/dist/analysis/enriched.js.map +1 -0
package/dist/analysis/llm-correlated-predicates.d.ts +80 -0
package/dist/analysis/llm-correlated-predicates.d.ts.map +1 -0
package/dist/analysis/llm-correlated-predicates.js +255 -0
package/dist/analysis/llm-correlated-predicates.js.map +1 -0
package/dist/analysis/llm-cross-file-taint.d.ts +86 -0
package/dist/analysis/llm-cross-file-taint.d.ts.map +1 -0
package/dist/analysis/llm-cross-file-taint.js +264 -0
package/dist/analysis/llm-cross-file-taint.js.map +1 -0
package/dist/analysis/pattern-discovery.d.ts +79 -0
package/dist/analysis/pattern-discovery.d.ts.map +1 -0
package/dist/analysis/pattern-discovery.js +447 -0
package/dist/analysis/pattern-discovery.js.map +1 -0
package/dist/cache/file-cache.d.ts +89 -0
package/dist/cache/file-cache.d.ts.map +1 -0
package/dist/cache/file-cache.js +208 -0
package/dist/cache/file-cache.js.map +1 -0
package/dist/cache/index.d.ts +6 -0
package/dist/cache/index.d.ts.map +1 -0
package/dist/cache/index.js +5 -0
package/dist/cache/index.js.map +1 -0
package/dist/cli/args.d.ts +52 -0
package/dist/cli/args.d.ts.map +1 -0
package/dist/cli/args.js +422 -0
package/dist/cli/args.js.map +1 -0
package/dist/cli/colors.d.ts +31 -0
package/dist/cli/colors.d.ts.map +1 -0
package/dist/cli/colors.js +80 -0
package/dist/cli/colors.js.map +1 -0
package/dist/cli/commands/analyze-skill.d.ts +33 -0
package/dist/cli/commands/analyze-skill.d.ts.map +1 -0
package/dist/cli/commands/analyze-skill.js +217 -0
package/dist/cli/commands/analyze-skill.js.map +1 -0
package/dist/cli/commands/analyze.d.ts +18 -0
package/dist/cli/commands/analyze.d.ts.map +1 -0
package/dist/cli/commands/analyze.js +30 -0
package/dist/cli/commands/analyze.js.map +1 -0
package/dist/cli/commands/benchmark-runner.d.ts +42 -0
package/dist/cli/commands/benchmark-runner.d.ts.map +1 -0
package/dist/cli/commands/benchmark-runner.js +18 -0
package/dist/cli/commands/benchmark-runner.js.map +1 -0
package/dist/cli/commands/benchmark.d.ts +11 -0
package/dist/cli/commands/benchmark.d.ts.map +1 -0
package/dist/cli/commands/benchmark.js +90 -0
package/dist/cli/commands/benchmark.js.map +1 -0
package/dist/cli/commands/dead-code.d.ts +11 -0
package/dist/cli/commands/dead-code.d.ts.map +1 -0
package/dist/cli/commands/dead-code.js +65 -0
package/dist/cli/commands/dead-code.js.map +1 -0
package/dist/cli/commands/generate-spec.d.ts +11 -0
package/dist/cli/commands/generate-spec.d.ts.map +1 -0
package/dist/cli/commands/generate-spec.js +67 -0
package/dist/cli/commands/generate-spec.js.map +1 -0
package/dist/cli/commands/health.d.ts +11 -0
package/dist/cli/commands/health.d.ts.map +1 -0
package/dist/cli/commands/health.js +67 -0
package/dist/cli/commands/health.js.map +1 -0
package/dist/cli/commands/project.d.ts +21 -0
package/dist/cli/commands/project.d.ts.map +1 -0
package/dist/cli/commands/project.js +92 -0
package/dist/cli/commands/project.js.map +1 -0
package/dist/cli/commands/scan.d.ts +11 -0
package/dist/cli/commands/scan.d.ts.map +1 -0
package/dist/cli/commands/scan.js +68 -0
package/dist/cli/commands/scan.js.map +1 -0
package/dist/cli/commands/secrets.d.ts +11 -0
package/dist/cli/commands/secrets.d.ts.map +1 -0
package/dist/cli/commands/secrets.js +71 -0
package/dist/cli/commands/secrets.js.map +1 -0
package/dist/cli/commands/swarm.d.ts +20 -0
package/dist/cli/commands/swarm.d.ts.map +1 -0
package/dist/cli/commands/swarm.js +174 -0
package/dist/cli/commands/swarm.js.map +1 -0
package/dist/cli/config.d.ts +103 -0
package/dist/cli/config.d.ts.map +1 -0
package/dist/cli/config.js +307 -0
package/dist/cli/config.js.map +1 -0
package/dist/cli/discovery.d.ts +31 -0
package/dist/cli/discovery.d.ts.map +1 -0
package/dist/cli/discovery.js +212 -0
package/dist/cli/discovery.js.map +1 -0
package/dist/cli/formatters/index.d.ts +15 -0
package/dist/cli/formatters/index.d.ts.map +1 -0
package/dist/cli/formatters/index.js +51 -0
package/dist/cli/formatters/index.js.map +1 -0
package/dist/cli/formatters/json.d.ts +11 -0
package/dist/cli/formatters/json.d.ts.map +1 -0
package/dist/cli/formatters/json.js +12 -0
package/dist/cli/formatters/json.js.map +1 -0
package/dist/cli/formatters/project-json.d.ts +11 -0
package/dist/cli/formatters/project-json.d.ts.map +1 -0
package/dist/cli/formatters/project-json.js +12 -0
package/dist/cli/formatters/project-json.js.map +1 -0
package/dist/cli/formatters/project-sarif.d.ts +11 -0
package/dist/cli/formatters/project-sarif.d.ts.map +1 -0
package/dist/cli/formatters/project-sarif.js +127 -0
package/dist/cli/formatters/project-sarif.js.map +1 -0
package/dist/cli/formatters/project-summary.d.ts +11 -0
package/dist/cli/formatters/project-summary.d.ts.map +1 -0
package/dist/cli/formatters/project-summary.js +202 -0
package/dist/cli/formatters/project-summary.js.map +1 -0
package/dist/cli/formatters/sarif-shared.d.ts +101 -0
package/dist/cli/formatters/sarif-shared.d.ts.map +1 -0
package/dist/cli/formatters/sarif-shared.js +57 -0
package/dist/cli/formatters/sarif-shared.js.map +1 -0
package/dist/cli/formatters/sarif.d.ts +12 -0
package/dist/cli/formatters/sarif.d.ts.map +1 -0
package/dist/cli/formatters/sarif.js +92 -0
package/dist/cli/formatters/sarif.js.map +1 -0
package/dist/cli/formatters/summary.d.ts +11 -0
package/dist/cli/formatters/summary.d.ts.map +1 -0
package/dist/cli/formatters/summary.js +240 -0
package/dist/cli/formatters/summary.js.map +1 -0
package/dist/cli/formatters/two-phase-summary.d.ts +11 -0
package/dist/cli/formatters/two-phase-summary.d.ts.map +1 -0
package/dist/cli/formatters/two-phase-summary.js +188 -0
package/dist/cli/formatters/two-phase-summary.js.map +1 -0
package/dist/cli/index.d.ts +15 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +555 -0
package/dist/cli/index.js.map +1 -0
package/dist/components/clustering.d.ts +60 -0
package/dist/components/clustering.d.ts.map +1 -0
package/dist/components/clustering.js +129 -0
package/dist/components/clustering.js.map +1 -0
package/dist/components/enrichment.d.ts +45 -0
package/dist/components/enrichment.d.ts.map +1 -0
package/dist/components/enrichment.js +193 -0
package/dist/components/enrichment.js.map +1 -0
package/dist/components/index.d.ts +29 -0
package/dist/components/index.d.ts.map +1 -0
package/dist/components/index.js +56 -0
package/dist/components/index.js.map +1 -0
package/dist/dead-code/detector.d.ts +200 -0
package/dist/dead-code/detector.d.ts.map +1 -0
package/dist/dead-code/detector.js +1003 -0
package/dist/dead-code/detector.js.map +1 -0
package/dist/dead-code/index.d.ts +7 -0
package/dist/dead-code/index.d.ts.map +1 -0
package/dist/dead-code/index.js +7 -0
package/dist/dead-code/index.js.map +1 -0
package/dist/extractors/index.d.ts +15 -0
package/dist/extractors/index.d.ts.map +1 -0
package/dist/extractors/index.js +14 -0
package/dist/extractors/index.js.map +1 -0
package/dist/extractors/natural-language.d.ts +46 -0
package/dist/extractors/natural-language.d.ts.map +1 -0
package/dist/extractors/natural-language.js +228 -0
package/dist/extractors/natural-language.js.map +1 -0
package/dist/extractors/tree-sitter.d.ts +33 -0
package/dist/extractors/tree-sitter.d.ts.map +1 -0
package/dist/extractors/tree-sitter.js +69 -0
package/dist/extractors/tree-sitter.js.map +1 -0
package/dist/extractors/types.d.ts +62 -0
package/dist/extractors/types.d.ts.map +1 -0
package/dist/extractors/types.js +54 -0
package/dist/extractors/types.js.map +1 -0
package/dist/health-score/calculator.d.ts +123 -0
package/dist/health-score/calculator.d.ts.map +1 -0
package/dist/health-score/calculator.js +444 -0
package/dist/health-score/calculator.js.map +1 -0
package/dist/health-score/index.d.ts +12 -0
package/dist/health-score/index.d.ts.map +1 -0
package/dist/health-score/index.js +14 -0
package/dist/health-score/index.js.map +1 -0
package/dist/health-score/metrics.d.ts +142 -0
package/dist/health-score/metrics.d.ts.map +1 -0
package/dist/health-score/metrics.js +332 -0
package/dist/health-score/metrics.js.map +1 -0
package/dist/index.d.ts +26 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +43 -0
package/dist/index.js.map +1 -0
package/dist/llm/ax-client.d.ts +477 -0
package/dist/llm/ax-client.d.ts.map +1 -0
package/dist/llm/ax-client.js +1641 -0
package/dist/llm/ax-client.js.map +1 -0
package/dist/llm/config.d.ts +58 -0
package/dist/llm/config.d.ts.map +1 -0
package/dist/llm/config.js +97 -0
package/dist/llm/config.js.map +1 -0
package/dist/llm/discovery.d.ts +123 -0
package/dist/llm/discovery.d.ts.map +1 -0
package/dist/llm/discovery.js +505 -0
package/dist/llm/discovery.js.map +1 -0
package/dist/llm/enrichment.d.ts +108 -0
package/dist/llm/enrichment.d.ts.map +1 -0
package/dist/llm/enrichment.js +312 -0
package/dist/llm/enrichment.js.map +1 -0
package/dist/llm/index.d.ts +13 -0
package/dist/llm/index.d.ts.map +1 -0
package/dist/llm/index.js +22 -0
package/dist/llm/index.js.map +1 -0
package/dist/llm/language-context.d.ts +64 -0
package/dist/llm/language-context.d.ts.map +1 -0
package/dist/llm/language-context.js +492 -0
package/dist/llm/language-context.js.map +1 -0
package/dist/llm/pattern-verification.d.ts +39 -0
package/dist/llm/pattern-verification.d.ts.map +1 -0
package/dist/llm/pattern-verification.js +127 -0
package/dist/llm/pattern-verification.js.map +1 -0
package/dist/llm/prompt-security.d.ts +120 -0
package/dist/llm/prompt-security.d.ts.map +1 -0
package/dist/llm/prompt-security.js +301 -0
package/dist/llm/prompt-security.js.map +1 -0
package/dist/llm/prompts/index.d.ts +31 -0
package/dist/llm/prompts/index.d.ts.map +1 -0
package/dist/llm/prompts/index.js +92 -0
package/dist/llm/prompts/index.js.map +1 -0
package/dist/llm/prompts/rust.d.ts +30 -0
package/dist/llm/prompts/rust.d.ts.map +1 -0
package/dist/llm/prompts/rust.js +121 -0
package/dist/llm/prompts/rust.js.map +1 -0
package/dist/llm/schemas.d.ts +892 -0
package/dist/llm/schemas.d.ts.map +1 -0
package/dist/llm/schemas.js +258 -0
package/dist/llm/schemas.js.map +1 -0
package/dist/llm/verification.d.ts +127 -0
package/dist/llm/verification.d.ts.map +1 -0
package/dist/llm/verification.js +394 -0
package/dist/llm/verification.js.map +1 -0
package/dist/project/analyzer.d.ts +30 -0
package/dist/project/analyzer.d.ts.map +1 -0
package/dist/project/analyzer.js +358 -0
package/dist/project/analyzer.js.map +1 -0
package/dist/project/call-graph.d.ts +22 -0
package/dist/project/call-graph.d.ts.map +1 -0
package/dist/project/call-graph.js +246 -0
package/dist/project/call-graph.js.map +1 -0
package/dist/project/index.d.ts +18 -0
package/dist/project/index.d.ts.map +1 -0
package/dist/project/index.js +20 -0
package/dist/project/index.js.map +1 -0
package/dist/project/taint-paths.d.ts +22 -0
package/dist/project/taint-paths.d.ts.map +1 -0
package/dist/project/taint-paths.js +265 -0
package/dist/project/taint-paths.js.map +1 -0
package/dist/project/two-phase-analyzer.d.ts +143 -0
package/dist/project/two-phase-analyzer.d.ts.map +1 -0
package/dist/project/two-phase-analyzer.js +646 -0
package/dist/project/two-phase-analyzer.js.map +1 -0
package/dist/project/type-hierarchy.d.ts +28 -0
package/dist/project/type-hierarchy.d.ts.map +1 -0
package/dist/project/type-hierarchy.js +218 -0
package/dist/project/type-hierarchy.js.map +1 -0
package/dist/secret-scan/index.d.ts +12 -0
package/dist/secret-scan/index.d.ts.map +1 -0
package/dist/secret-scan/index.js +14 -0
package/dist/secret-scan/index.js.map +1 -0
package/dist/secret-scan/patterns.d.ts +38 -0
package/dist/secret-scan/patterns.d.ts.map +1 -0
package/dist/secret-scan/patterns.js +473 -0
package/dist/secret-scan/patterns.js.map +1 -0
package/dist/secret-scan/scanner.d.ts +162 -0
package/dist/secret-scan/scanner.d.ts.map +1 -0
package/dist/secret-scan/scanner.js +511 -0
package/dist/secret-scan/scanner.js.map +1 -0
package/dist/security-scan/index.d.ts +12 -0
package/dist/security-scan/index.d.ts.map +1 -0
package/dist/security-scan/index.js +15 -0
package/dist/security-scan/index.js.map +1 -0
package/dist/security-scan/owasp-mapping.d.ts +29 -0
package/dist/security-scan/owasp-mapping.d.ts.map +1 -0
package/dist/security-scan/owasp-mapping.js +246 -0
package/dist/security-scan/owasp-mapping.js.map +1 -0
package/dist/security-scan/scanner.d.ts +204 -0
package/dist/security-scan/scanner.d.ts.map +1 -0
package/dist/security-scan/scanner.js +693 -0
package/dist/security-scan/scanner.js.map +1 -0
package/dist/security-scan/trend-tracker.d.ts +150 -0
package/dist/security-scan/trend-tracker.d.ts.map +1 -0
package/dist/security-scan/trend-tracker.js +299 -0
package/dist/security-scan/trend-tracker.js.map +1 -0
package/dist/skills/bundle-loader.d.ts +26 -0
package/dist/skills/bundle-loader.d.ts.map +1 -0
package/dist/skills/bundle-loader.js +284 -0
package/dist/skills/bundle-loader.js.map +1 -0
package/dist/skills/capability-mismatch.d.ts +21 -0
package/dist/skills/capability-mismatch.d.ts.map +1 -0
package/dist/skills/capability-mismatch.js +188 -0
package/dist/skills/capability-mismatch.js.map +1 -0
package/dist/skills/index.d.ts +10 -0
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/index.js +9 -0
package/dist/skills/index.js.map +1 -0
package/dist/skills/skill-analyzer.d.ts +16 -0
package/dist/skills/skill-analyzer.d.ts.map +1 -0
package/dist/skills/skill-analyzer.js +361 -0
package/dist/skills/skill-analyzer.js.map +1 -0
package/dist/skills/types.d.ts +195 -0
package/dist/skills/types.d.ts.map +1 -0
package/dist/skills/types.js +7 -0
package/dist/skills/types.js.map +1 -0
package/dist/specifica/conflict-resolver.d.ts +23 -0
package/dist/specifica/conflict-resolver.d.ts.map +1 -0
package/dist/specifica/conflict-resolver.js +129 -0
package/dist/specifica/conflict-resolver.js.map +1 -0
package/dist/specifica/evidence-aggregator.d.ts +33 -0
package/dist/specifica/evidence-aggregator.d.ts.map +1 -0
package/dist/specifica/evidence-aggregator.js +236 -0
package/dist/specifica/evidence-aggregator.js.map +1 -0
package/dist/specifica/evidence-extractor.d.ts +13 -0
package/dist/specifica/evidence-extractor.d.ts.map +1 -0
package/dist/specifica/evidence-extractor.js +431 -0
package/dist/specifica/evidence-extractor.js.map +1 -0
package/dist/specifica/feature-clustering.d.ts +19 -0
package/dist/specifica/feature-clustering.d.ts.map +1 -0
package/dist/specifica/feature-clustering.js +231 -0
package/dist/specifica/feature-clustering.js.map +1 -0
package/dist/specifica/generator.d.ts +16 -0
package/dist/specifica/generator.d.ts.map +1 -0
package/dist/specifica/generator.js +277 -0
package/dist/specifica/generator.js.map +1 -0
package/dist/specifica/index.d.ts +15 -0
package/dist/specifica/index.d.ts.map +1 -0
package/dist/specifica/index.js +18 -0
package/dist/specifica/index.js.map +1 -0
package/dist/specifica/prompts.d.ts +21 -0
package/dist/specifica/prompts.d.ts.map +1 -0
package/dist/specifica/prompts.js +196 -0
package/dist/specifica/prompts.js.map +1 -0
package/dist/specifica/spec-generator.d.ts +22 -0
package/dist/specifica/spec-generator.d.ts.map +1 -0
package/dist/specifica/spec-generator.js +229 -0
package/dist/specifica/spec-generator.js.map +1 -0
package/dist/specifica/types.d.ts +213 -0
package/dist/specifica/types.d.ts.map +1 -0
package/dist/specifica/types.js +7 -0
package/dist/specifica/types.js.map +1 -0
package/dist/utils/logger.d.ts +17 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +51 -0
package/dist/utils/logger.js.map +1 -0
package/package.json +99 -0

package/dist/agents/security-agent.js ADDED Viewed

@@ -0,0 +1,299 @@
+/**
+ * Security Agent
+ *
+ * Main orchestration agent that coordinates the hybrid analysis pipeline:
+ * 1. Pattern matching (Track 1)
+ * 2. LLM enrichment (Track 2)
+ * 3. Merge and verify
+ * 4. Generate report
+ */
+import { runEnrichment, applyEnrichmentToContext, } from './enrichment-agent.js';
+import { runVerification, generateVerificationTargets, applyVerificationToContext, } from './verification-agent.js';
+// ============================================================================
+// Default Options
+// ============================================================================
+const defaultOptions = {
+    enableEnrichment: true,
+    enableVerification: true,
+    confidenceThreshold: 0.7,
+    maxVerificationTargets: 50,
+    parallelEnrichment: false,
+    parallelVerification: true,
+};
+// ============================================================================
+// Main Orchestration
+// ============================================================================
+/**
+ * Run the complete security analysis pipeline
+ */
+export async function runSecurityAnalysis(input, patternSources, patternSinks, types, imports) {
+    const startTime = Date.now();
+    const options = { ...defaultOptions, ...input.options };
+    // Initialize context
+    let context = {
+        filePath: input.filePath,
+        sourceCode: input.sourceCode,
+        language: input.language || 'java',
+        types,
+        imports,
+        patternSources,
+        patternSinks,
+        analysisStartedAt: new Date().toISOString(),
+    };
+    let enrichmentTimeMs = 0;
+    let verificationTimeMs = 0;
+    // Phase 1: Enrichment (if enabled)
+    if (options.enableEnrichment) {
+        const enrichmentStart = Date.now();
+        const enrichmentOutput = await runEnrichment({
+            context,
+            options: {
+                discoverSources: true,
+                discoverSinks: true,
+                classifyRoles: true,
+                resolveVirtualCalls: true,
+            },
+        });
+        context = applyEnrichmentToContext(context, enrichmentOutput);
+        enrichmentTimeMs = Date.now() - enrichmentStart;
+    }
+    // Phase 2: Merge sources and sinks
+    const { sources, sinks } = mergeSources(context, options.confidenceThreshold);
+    // Phase 3: Generate verification targets
+    const targets = generateVerificationTargets(context, {
+        maxTargets: options.maxVerificationTargets,
+        prioritizeHighSeverity: true,
+    });
+    // Phase 4: Verification (if enabled)
+    if (options.enableVerification && targets.length > 0) {
+        const verificationStart = Date.now();
+        const verificationOutput = await runVerification({
+            context,
+            targets,
+            options: {
+                batchSize: 5,
+                parallelVerifications: options.parallelVerification ? 3 : 1,
+            },
+        });
+        context = applyVerificationToContext(context, verificationOutput);
+        verificationTimeMs = Date.now() - verificationStart;
+    }
+    // Phase 5: Generate vulnerabilities report
+    const vulnerabilities = generateVulnerabilities(context, sources, sinks);
+    // Finalize context
+    context.analysisCompletedAt = new Date().toISOString();
+    // Compute statistics
+    const stats = computeStats(context, sources, sinks, vulnerabilities, Date.now() - startTime, enrichmentTimeMs, verificationTimeMs);
+    return {
+        sources,
+        sinks,
+        vulnerabilities,
+        stats,
+        context,
+    };
+}
+// ============================================================================
+// Source/Sink Merging
+// ============================================================================
+/**
+ * Merge pattern-matched and LLM-discovered sources/sinks
+ */
+function mergeSources(context, confidenceThreshold) {
+    const sourcesByLine = new Map();
+    const sinksByLine = new Map();
+    // Add pattern sources (higher confidence when both pattern and LLM agree)
+    for (const source of context.patternSources) {
+        sourcesByLine.set(source.line, { ...source });
+    }
+    // Add LLM sources
+    if (context.enrichmentResult) {
+        for (const llmSource of context.enrichmentResult.additionalSources) {
+            const existing = sourcesByLine.get(llmSource.line);
+            if (existing) {
+                // Pattern + LLM agree → boost confidence
+                sourcesByLine.set(llmSource.line, {
+                    ...existing,
+                    confidence: Math.min(1.0, existing.confidence + 0.2),
+                });
+            }
+            else if (llmSource.confidence >= confidenceThreshold) {
+                // LLM only with sufficient confidence
+                sourcesByLine.set(llmSource.line, {
+                    line: llmSource.line,
+                    type: llmSource.type,
+                    location: `LLM-discovered at line ${llmSource.line}`,
+                    severity: 'medium',
+                    confidence: llmSource.confidence,
+                    variable: llmSource.variable,
+                    method: llmSource.method,
+                });
+            }
+        }
+    }
+    // Add pattern sinks
+    for (const sink of context.patternSinks) {
+        sinksByLine.set(sink.line, { ...sink });
+    }
+    // Add LLM sinks
+    if (context.enrichmentResult) {
+        for (const llmSink of context.enrichmentResult.additionalSinks) {
+            const existing = sinksByLine.get(llmSink.line);
+            if (existing) {
+                // Pattern + LLM agree → boost confidence
+                sinksByLine.set(llmSink.line, {
+                    ...existing,
+                    confidence: Math.min(1.0, existing.confidence + 0.2),
+                });
+            }
+            else if (llmSink.confidence >= confidenceThreshold) {
+                // LLM only with sufficient confidence
+                sinksByLine.set(llmSink.line, {
+                    line: llmSink.line,
+                    type: llmSink.type,
+                    cwe: llmSink.cwe,
+                    location: `LLM-discovered at line ${llmSink.line}`,
+                    confidence: llmSink.confidence,
+                    method: llmSink.method,
+                    argPositions: llmSink.argPositions,
+                });
+            }
+        }
+    }
+    return {
+        sources: Array.from(sourcesByLine.values()),
+        sinks: Array.from(sinksByLine.values()),
+    };
+}
+// ============================================================================
+// Vulnerability Generation
+// ============================================================================
+/**
+ * Generate verified vulnerabilities from analysis results
+ */
+function generateVulnerabilities(context, sources, sinks) {
+    const vulnerabilities = [];
+    if (!context.verificationResults) {
+        return vulnerabilities;
+    }
+    // Check each verified result
+    for (const [key, verification] of context.verificationResults) {
+        if (verification.verdict !== 'TRUE_POSITIVE') {
+            continue;
+        }
+        // Parse key to get source and sink info
+        const parts = key.split(':');
+        // Key format: "src:LINE:TYPE:sink:LINE:TYPE"
+        const sourceLine = parseInt(parts[1], 10);
+        const sinkLine = parseInt(parts[4], 10);
+        const source = sources.find(s => s.line === sourceLine);
+        const sink = sinks.find(s => s.line === sinkLine);
+        if (!source || !sink) {
+            continue;
+        }
+        vulnerabilities.push({
+            id: `vuln:${key}`,
+            source,
+            sink,
+            verification,
+            severity: mapExploitabilityToSeverity(verification.exploitability),
+            cwe: sink.cwe,
+            description: generateDescription(source, sink, verification),
+        });
+    }
+    // Sort by severity
+    vulnerabilities.sort((a, b) => severityScore(b.severity) - severityScore(a.severity));
+    return vulnerabilities;
+}
+/**
+ * Map exploitability to severity
+ */
+function mapExploitabilityToSeverity(exploitability) {
+    switch (exploitability) {
+        case 'high':
+            return 'critical';
+        case 'medium':
+            return 'high';
+        case 'low':
+            return 'medium';
+        default:
+            return 'low';
+    }
+}
+/**
+ * Get numeric severity score
+ */
+function severityScore(severity) {
+    switch (severity) {
+        case 'critical':
+            return 4;
+        case 'high':
+            return 3;
+        case 'medium':
+            return 2;
+        case 'low':
+            return 1;
+        default:
+            return 0;
+    }
+}
+/**
+ * Generate vulnerability description
+ */
+function generateDescription(source, sink, verification) {
+    const sourceDesc = source.variable
+        ? `User input from ${source.type} (${source.variable})`
+        : `User input from ${source.type}`;
+    const sinkDesc = sink.method
+        ? `dangerous ${sink.type} operation (${sink.method})`
+        : `dangerous ${sink.type} operation`;
+    let desc = `${sourceDesc} at line ${source.line} flows to ${sinkDesc} at line ${sink.line}.`;
+    if (verification.attackVector) {
+        desc += ` Attack vector: ${verification.attackVector}.`;
+    }
+    if (verification.prerequisites && verification.prerequisites.length > 0) {
+        desc += ` Prerequisites: ${verification.prerequisites.join(', ')}.`;
+    }
+    return desc;
+}
+// ============================================================================
+// Statistics
+// ============================================================================
+/**
+ * Compute analysis statistics
+ */
+function computeStats(context, sources, sinks, vulnerabilities, totalTimeMs, enrichmentTimeMs, verificationTimeMs) {
+    const llmSourcesFound = context.enrichmentResult?.additionalSources.length || 0;
+    const llmSinksFound = context.enrichmentResult?.additionalSinks.length || 0;
+    let truePositives = 0;
+    let falsePositives = 0;
+    let uncertain = 0;
+    if (context.verificationResults) {
+        for (const result of context.verificationResults.values()) {
+            switch (result.verdict) {
+                case 'TRUE_POSITIVE':
+                    truePositives++;
+                    break;
+                case 'FALSE_POSITIVE':
+                    falsePositives++;
+                    break;
+                case 'UNCERTAIN':
+                    uncertain++;
+                    break;
+            }
+        }
+    }
+    return {
+        patternSourcesFound: context.patternSources.length,
+        patternSinksFound: context.patternSinks.length,
+        llmSourcesFound,
+        llmSinksFound,
+        targetsVerified: context.verificationResults?.size || 0,
+        truePositives,
+        falsePositives,
+        uncertain,
+        totalTimeMs,
+        enrichmentTimeMs,
+        verificationTimeMs,
+    };
+}
+//# sourceMappingURL=security-agent.js.map

package/dist/agents/security-agent.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security-agent.js","sourceRoot":"","sources":["../../src/agents/security-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,OAAO,EACL,aAAa,EACb,wBAAwB,GACzB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,eAAe,EACf,2BAA2B,EAC3B,0BAA0B,GAC3B,MAAM,yBAAyB,CAAC;AAIjC,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E,MAAM,cAAc,GAAmC;IACrD,gBAAgB,EAAE,IAAI;IACtB,kBAAkB,EAAE,IAAI;IACxB,mBAAmB,EAAE,GAAG;IACxB,sBAAsB,EAAE,EAAE;IAC1B,kBAAkB,EAAE,KAAK;IACzB,oBAAoB,EAAE,IAAI;CAC3B,CAAC;AAEF,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAyB,EACzB,cAA6B,EAC7B,YAAyB,EACzB,KAAiB,EACjB,OAAiB;IAEjB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,KAAK,CAAC,OAAO,EAAE,CAAC;IAExD,qBAAqB;IACrB,IAAI,OAAO,GAAoB;QAC7B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,MAAM;QAClC,KAAK;QACL,OAAO;QACP,cAAc;QACd,YAAY;QACZ,iBAAiB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KAC5C,CAAC;IAEF,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAE3B,mCAAmC;IACnC,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,gBAAgB,GAAG,MAAM,aAAa,CAAC;YAC3C,OAAO;YACP,OAAO,EAAE;gBACP,eAAe,EAAE,IAAI;gBACrB,aAAa,EAAE,IAAI;gBACnB,aAAa,EAAE,IAAI;gBACnB,mBAAmB,EAAE,IAAI;aAC1B;SACF,CAAC,CAAC;QAEH,OAAO,GAAG,wBAAwB,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAC9D,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IAClD,CAAC;IAED,mCAAmC;IACnC,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAE9E,yCAAyC;IACzC,MAAM,OAAO,GAAG,2BAA2B,CAAC,OAAO,EAAE;QACnD,UAAU,EAAE,OAAO,CAAC,sBAAsB;QAC1C,sBAAsB,EAAE,IAAI;KAC7B,CAAC,CAAC;IAEH,qCAAqC;IACrC,IAAI,OAAO,CAAC,kBAAkB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrD,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAErC,MAAM,kBAAkB,GAAG,MAAM,eAAe,CAAC;YAC/C,OAAO;YACP,OAAO;YACP,OAAO,EAAE;gBACP,SAAS,EAAE,CAAC;gBACZ,qBAAqB,EAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC5D;SACF,CAAC,CAAC;QAEH,OAAO,GAAG,0BAA0B,CAAC,OAAO,EAAE,kBAAkB,CAAC,CAAC;QAClE,kBAAkB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,iBAAiB,CAAC;IACtD,CAAC;IAED,2CAA2C;IAC3C,MAAM,eAAe,GAAG,uBAAuB,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAEzE,mBAAmB;IACnB,OAAO,CAAC,mBAAmB,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAEvD,qBAAqB;IACrB,MAAM,KAAK,GAAG,YAAY,CACxB,OAAO,EACP,OAAO,EACP,KAAK,EACL,eAAe,EACf,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EACtB,gBAAgB,EAChB,kBAAkB,CACnB,CAAC;IAEF,OAAO;QACL,OAAO;QACP,KAAK;QACL,eAAe;QACf,KAAK;QACL,OAAO;KACR,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E;;GAEG;AACH,SAAS,YAAY,CACnB,OAAwB,EACxB,mBAA2B;IAE3B,MAAM,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IACrD,MAAM,WAAW,GAAG,IAAI,GAAG,EAAqB,CAAC;IAEjD,0EAA0E;IAC1E,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC5C,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,kBAAkB;IAClB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,KAAK,MAAM,SAAS,IAAI,OAAO,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;YACnE,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAEnD,IAAI,QAAQ,EAAE,CAAC;gBACb,yCAAyC;gBACzC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE;oBAChC,GAAG,QAAQ;oBACX,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;iBACrD,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,SAAS,CAAC,UAAU,IAAI,mBAAmB,EAAE,CAAC;gBACvD,sCAAsC;gBACtC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE;oBAChC,IAAI,EAAE,SAAS,CAAC,IAAI;oBACpB,IAAI,EAAE,SAAS,CAAC,IAA2B;oBAC3C,QAAQ,EAAE,0BAA0B,SAAS,CAAC,IAAI,EAAE;oBACpD,QAAQ,EAAE,QAAQ;oBAClB,UAAU,EAAE,SAAS,CAAC,UAAU;oBAChC,QAAQ,EAAE,SAAS,CAAC,QAAQ;oBAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACxC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,gBAAgB;IAChB,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,gBAAgB,CAAC,eAAe,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE/C,IAAI,QAAQ,EAAE,CAAC;gBACb,yCAAyC;gBACzC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;oBAC5B,GAAG,QAAQ;oBACX,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,UAAU,GAAG,GAAG,CAAC;iBACrD,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,OAAO,CAAC,UAAU,IAAI,mBAAmB,EAAE,CAAC;gBACrD,sCAAsC;gBACtC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;oBAC5B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAyB;oBACvC,GAAG,EAAE,OAAO,CAAC,GAAG;oBAChB,QAAQ,EAAE,0BAA0B,OAAO,CAAC,IAAI,EAAE;oBAClD,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;QAC3C,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E;;GAEG;AACH,SAAS,uBAAuB,CAC9B,OAAwB,EACxB,OAAsB,EACtB,KAAkB;IAElB,MAAM,eAAe,GAA4B,EAAE,CAAC;IAEpD,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;QACjC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,YAAY,CAAC,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;QAC9D,IAAI,YAAY,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;YAC7C,SAAS;QACX,CAAC;QAED,wCAAwC;QACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,6CAA6C;QAC7C,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAExC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC;QACxD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QAElD,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACrB,SAAS;QACX,CAAC;QAED,eAAe,CAAC,IAAI,CAAC;YACnB,EAAE,EAAE,QAAQ,GAAG,EAAE;YACjB,MAAM;YACN,IAAI;YACJ,YAAY;YACZ,QAAQ,EAAE,2BAA2B,CAAC,YAAY,CAAC,cAAc,CAAC;YAClE,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,WAAW,EAAE,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,YAAY,CAAC;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,mBAAmB;IACnB,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEtF,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAClC,cAAsB;IAEtB,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,MAAM;YACT,OAAO,UAAU,CAAC;QACpB,KAAK,QAAQ;YACX,OAAO,MAAM,CAAC;QAChB,KAAK,KAAK;YACR,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,QAAgB;IACrC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,CAAC,CAAC;QACX,KAAK,MAAM;YACT,OAAO,CAAC,CAAC;QACX,KAAK,QAAQ;YACX,OAAO,CAAC,CAAC;QACX,KAAK,KAAK;YACR,OAAO,CAAC,CAAC;QACX;YACE,OAAO,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAC1B,MAAmB,EACnB,IAAe,EACf,YAAgC;IAEhC,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ;QAChC,CAAC,CAAC,mBAAmB,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,GAAG;QACvD,CAAC,CAAC,mBAAmB,MAAM,CAAC,IAAI,EAAE,CAAC;IAErC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM;QAC1B,CAAC,CAAC,aAAa,IAAI,CAAC,IAAI,eAAe,IAAI,CAAC,MAAM,GAAG;QACrD,CAAC,CAAC,aAAa,IAAI,CAAC,IAAI,YAAY,CAAC;IAEvC,IAAI,IAAI,GAAG,GAAG,UAAU,YAAY,MAAM,CAAC,IAAI,aAAa,QAAQ,YAAY,IAAI,CAAC,IAAI,GAAG,CAAC;IAE7F,IAAI,YAAY,CAAC,YAAY,EAAE,CAAC;QAC9B,IAAI,IAAI,mBAAmB,YAAY,CAAC,YAAY,GAAG,CAAC;IAC1D,CAAC;IAED,IAAI,YAAY,CAAC,aAAa,IAAI,YAAY,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxE,IAAI,IAAI,mBAAmB,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IACtE,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E;;GAEG;AACH,SAAS,YAAY,CACnB,OAAwB,EACxB,OAAsB,EACtB,KAAkB,EAClB,eAAwC,EACxC,WAAmB,EACnB,gBAAwB,EACxB,kBAA0B;IAE1B,MAAM,eAAe,GAAG,OAAO,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,MAAM,IAAI,CAAC,CAAC;IAChF,MAAM,aAAa,GAAG,OAAO,CAAC,gBAAgB,EAAE,eAAe,CAAC,MAAM,IAAI,CAAC,CAAC;IAE5E,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;QAChC,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,mBAAmB,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1D,QAAQ,MAAM,CAAC,OAAO,EAAE,CAAC;gBACvB,KAAK,eAAe;oBAClB,aAAa,EAAE,CAAC;oBAChB,MAAM;gBACR,KAAK,gBAAgB;oBACnB,cAAc,EAAE,CAAC;oBACjB,MAAM;gBACR,KAAK,WAAW;oBACd,SAAS,EAAE,CAAC;oBACZ,MAAM;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,mBAAmB,EAAE,OAAO,CAAC,cAAc,CAAC,MAAM;QAClD,iBAAiB,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM;QAC9C,eAAe;QACf,aAAa;QACb,eAAe,EAAE,OAAO,CAAC,mBAAmB,EAAE,IAAI,IAAI,CAAC;QACvD,aAAa;QACb,cAAc;QACd,SAAS;QACT,WAAW;QACX,gBAAgB;QAChB,kBAAkB;KACnB,CAAC;AACJ,CAAC"}

package/dist/agents/types.d.ts ADDED Viewed

@@ -0,0 +1,373 @@
+/**
+ * Agent Type Definitions
+ *
+ * Types for the Mastra-based agent orchestration system.
+ */
+import type { EnrichmentResult, VerificationResult } from '../llm/index.js';
+import type { TaintSource, TaintSink, TypeInfo } from 'circle-ir';
+export type AgentStatus = 'idle' | 'running' | 'completed' | 'failed';
+export interface AgentState {
+    status: AgentStatus;
+    startedAt?: string;
+    completedAt?: string;
+    error?: string;
+}
+export interface AnalysisContext {
+    filePath: string;
+    sourceCode: string;
+    language: string;
+    types: TypeInfo[];
+    imports: string[];
+    patternSources: TaintSource[];
+    patternSinks: TaintSink[];
+    enrichmentResult?: EnrichmentResult;
+    verificationResults?: Map<string, VerificationResult>;
+    analysisStartedAt: string;
+    analysisCompletedAt?: string;
+}
+export interface EnrichmentAgentInput {
+    context: AnalysisContext;
+    options?: {
+        discoverSources?: boolean;
+        discoverSinks?: boolean;
+        classifyRoles?: boolean;
+        resolveVirtualCalls?: boolean;
+    };
+}
+export interface EnrichmentAgentOutput {
+    enrichmentResult: EnrichmentResult;
+    additionalSourcesCount: number;
+    additionalSinksCount: number;
+    processingTimeMs: number;
+}
+export interface VerificationTarget {
+    sourceId: string;
+    sinkId: string;
+    source: {
+        line: number;
+        type: string;
+        variable?: string;
+        method?: string;
+    };
+    sink: {
+        line: number;
+        type: string;
+        method?: string;
+        cwe: string;
+        argPositions?: number[];
+    };
+    methodCode: string;
+    methodName: string;
+    className: string;
+}
+export interface VerificationAgentInput {
+    context: AnalysisContext;
+    targets: VerificationTarget[];
+    options?: {
+        batchSize?: number;
+        parallelVerifications?: number;
+    };
+}
+export interface VerificationAgentOutput {
+    results: Map<string, VerificationResult>;
+    truePositives: number;
+    falsePositives: number;
+    uncertain: number;
+    processingTimeMs: number;
+}
+export interface SecurityAgentInput {
+    filePath: string;
+    sourceCode: string;
+    language?: string;
+    options?: SecurityAgentOptions;
+}
+export interface SecurityAgentOptions {
+    enableEnrichment?: boolean;
+    enableVerification?: boolean;
+    confidenceThreshold?: number;
+    maxVerificationTargets?: number;
+    parallelEnrichment?: boolean;
+    parallelVerification?: boolean;
+}
+export interface SecurityAgentOutput {
+    sources: TaintSource[];
+    sinks: TaintSink[];
+    vulnerabilities: VerifiedVulnerability[];
+    stats: AnalysisStats;
+    context: AnalysisContext;
+}
+export interface VerifiedVulnerability {
+    id: string;
+    source: TaintSource;
+    sink: TaintSink;
+    verification: VerificationResult;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    cwe: string;
+    description: string;
+}
+export interface AnalysisStats {
+    patternSourcesFound: number;
+    patternSinksFound: number;
+    llmSourcesFound: number;
+    llmSinksFound: number;
+    targetsVerified: number;
+    truePositives: number;
+    falsePositives: number;
+    uncertain: number;
+    totalTimeMs: number;
+    enrichmentTimeMs: number;
+    verificationTimeMs: number;
+}
+export type WorkflowPhase = 'parse' | 'pattern-match' | 'enrich' | 'merge' | 'verify' | 'report';
+export interface WorkflowStep {
+    phase: WorkflowPhase;
+    status: AgentStatus;
+    startedAt?: string;
+    completedAt?: string;
+    result?: unknown;
+    error?: string;
+}
+export interface WorkflowState {
+    currentPhase: WorkflowPhase;
+    steps: WorkflowStep[];
+    context: AnalysisContext;
+}
+export type ConfidenceLevel = 'high' | 'medium' | 'low';
+export interface DecisionMatrix {
+    patternAndLLMAgree: ConfidenceLevel;
+    patternOnly: ConfidenceLevel;
+    llmOnlyHighConfidence: ConfidenceLevel;
+    llmOnlyMediumConfidence: ConfidenceLevel;
+    llmOnlyLowConfidence: ConfidenceLevel;
+    disagreement: 'verify';
+}
+export declare const defaultDecisionMatrix: DecisionMatrix;
+/**
+ * Comment extracted from source code.
+ */
+export interface CommentInfo {
+    type: 'line' | 'block' | 'javadoc';
+    text: string;
+    line: number;
+    endLine?: number;
+    /** Associated element (method, class, field) */
+    associatedWith?: string;
+}
+/**
+ * String literal extracted from source code.
+ */
+export interface StringLiteralInfo {
+    value: string;
+    raw: string;
+    line: number;
+    column: number;
+    /** Context where string appears */
+    context: 'argument' | 'assignment' | 'return' | 'field' | 'annotation' | 'other';
+    /** Method containing this literal */
+    inMethod?: string;
+    /** Detected pattern type */
+    pattern?: 'sql' | 'url' | 'path' | 'regex' | 'html' | 'json' | 'error_message' | 'log_message';
+}
+/**
+ * API endpoint detected from annotations/patterns.
+ */
+export interface EndpointInfo {
+    path: string;
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'OPTIONS' | 'HEAD' | 'ANY';
+    handlerMethod: string;
+    handlerClass: string;
+    line: number;
+    /** Request parameters */
+    params: Array<{
+        name: string;
+        type: string;
+        required: boolean;
+    }>;
+    /** Request body type */
+    bodyType?: string;
+    /** Response type */
+    responseType?: string;
+}
+/**
+ * Method call relationship for call graph.
+ */
+export interface CallEdge {
+    caller: string;
+    callee: string;
+    line: number;
+    callType: 'direct' | 'virtual' | 'static' | 'constructor' | 'external';
+}
+/**
+ * Dependency information.
+ */
+export interface DependencyInfo {
+    name: string;
+    version?: string;
+    type: 'import' | 'annotation' | 'extends' | 'implements';
+    usageCount: number;
+    lines: number[];
+}
+/**
+ * TODO/FIXME item extracted from comments.
+ */
+export interface TodoItem {
+    type: 'TODO' | 'FIXME' | 'HACK' | 'XXX' | 'NOTE';
+    text: string;
+    line: number;
+    author?: string;
+}
+/**
+ * Enriched IR with additional extractions for multi-agent analysis.
+ */
+export interface EnrichedIR {
+    /** Original circle-ir output */
+    base: import('circle-ir').CircleIR;
+    /** Source code */
+    sourceCode: string;
+    /** File path */
+    filePath: string;
+    /** All comments in the file */
+    comments: CommentInfo[];
+    /** All string literals */
+    strings: StringLiteralInfo[];
+    /** API endpoints (REST, etc.) */
+    endpoints: EndpointInfo[];
+    /** Method call graph */
+    callGraph: CallEdge[];
+    /** External dependencies */
+    dependencies: DependencyInfo[];
+    /** TODO/FIXME items */
+    todos: TodoItem[];
+    /** Extraction timing */
+    extractionTimeMs: number;
+}
+/**
+ * Agent categories for grouping.
+ */
+export type AgentCategory = 'security' | 'requirements' | 'quality' | 'documentation' | 'architecture' | 'refactoring';
+/**
+ * Result from a single agent analysis.
+ */
+export interface MultiAgentResult<T = unknown> {
+    agentId: string;
+    agentName: string;
+    category: AgentCategory;
+    success: boolean;
+    findings: T[];
+    errors?: string[];
+    processingTimeMs: number;
+}
+/**
+ * Base interface for all pluggable agents.
+ */
+export interface PluggableAgent<T = unknown> {
+    id: string;
+    name: string;
+    description: string;
+    category: AgentCategory;
+    /**
+     * Analyze the enriched IR and produce findings.
+     */
+    analyze(ir: EnrichedIR, options?: PluggableAgentOptions): Promise<MultiAgentResult<T>>;
+}
+/**
+ * Options passed to pluggable agents.
+ */
+export interface PluggableAgentOptions {
+    /** Enable LLM-based analysis */
+    useLLM?: boolean;
+    /** Confidence threshold for findings */
+    confidenceThreshold?: number;
+    /** Maximum findings to return */
+    maxFindings?: number;
+}
+/**
+ * Bundle definition - a collection of agents to run together.
+ */
+export interface BundleDefinition {
+    id: string;
+    name: string;
+    description: string;
+    /** Agent IDs or patterns (e.g., "security.*") */
+    agents: string[];
+    /** Run agents in parallel or sequential */
+    parallel?: boolean;
+}
+/**
+ * Predefined role-based bundles.
+ */
+export type RoleBundle = 'jr-dev' | 'sr-dev' | 'architect' | 'security-review' | 'full-review';
+/**
+ * Result from running a bundle.
+ */
+export interface BundleResult {
+    bundleId: string;
+    bundleName: string;
+    filePath: string;
+    results: MultiAgentResult[];
+    totalTimeMs: number;
+    summary: {
+        totalFindings: number;
+        byCategory: Record<AgentCategory, number>;
+        byAgent: Record<string, number>;
+    };
+}
+/**
+ * Base finding structure - all agents produce findings with this shape.
+ */
+export interface BaseFinding {
+    id: string;
+    type: string;
+    message: string;
+    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+    confidence: number;
+    location: {
+        file: string;
+        line: number;
+        endLine?: number;
+        column?: number;
+    };
+    /** Additional metadata specific to finding type */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Security vulnerability finding.
+ */
+export interface SecurityFinding extends BaseFinding {
+    cwe?: string;
+    owasp?: string;
+    source?: {
+        line: number;
+        type: string;
+    };
+    sink?: {
+        line: number;
+        type: string;
+    };
+    remediation?: string;
+}
+/**
+ * Code quality finding (typos, style, etc.).
+ */
+export interface QualityFinding extends BaseFinding {
+    category: 'typo' | 'style' | 'naming' | 'complexity' | 'duplication';
+    suggestion?: string;
+    autoFixable?: boolean;
+}
+/**
+ * Documentation finding.
+ */
+export interface DocsFinding extends BaseFinding {
+    category: 'missing' | 'outdated' | 'incomplete' | 'incorrect';
+    element: string;
+    suggestedDoc?: string;
+}
+/**
+ * Requirement/feature finding.
+ */
+export interface RequirementFinding extends BaseFinding {
+    category: 'feature' | 'business-rule' | 'constraint' | 'integration';
+    relatedMethods: string[];
+    extractedRequirement: string;
+}
+//# sourceMappingURL=types.d.ts.map