circle-ir-ai 1.1.0

package/dist/agents/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/agents/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAMlE,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,CAAC;AAEtE,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,WAAW,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD,MAAM,WAAW,eAAe;IAE9B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IAGjB,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAGlB,cAAc,EAAE,WAAW,EAAE,CAAC;IAC9B,YAAY,EAAE,SAAS,EAAE,CAAC;IAG1B,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;IAGpC,mBAAmB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IAGtD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAMD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,eAAe,CAAC;IACzB,OAAO,CAAC,EAAE;QACR,eAAe,CAAC,EAAE,OAAO,CAAC;QAC1B,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,aAAa,CAAC,EAAE,OAAO,CAAC;QACxB,mBAAmB,CAAC,EAAE,OAAO,CAAC;KAC/B,CAAC;CACH;AAED,MAAM,WAAW,qBAAqB;IACpC,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAMD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,GAAG,EAAE,MAAM,CAAC;QACZ,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;KACzB,CAAC;IACF,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,eAAe,CAAC;IACzB,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC9B,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,qBAAqB,CAAC,EAAE,MAAM,CAAC;KAChC,CAAC;CACH;AAED,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IACzC,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAMD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,oBAAoB,CAAC;CAChC;AAED,MAAM,WAAW,oBAAoB;IAEnC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAG7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAGhC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAElC,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,KAAK,EAAE,SAAS,EAAE,CAAC;IAGnB,eAAe,EAAE,qBAAqB,EAAE,CAAC;IAGzC,KAAK,EAAE,aAAa,CAAC;IAGrB,OAAO,EAAE,eAAe,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,WAAW,CAAC;IACpB,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,EAAE,kBAAkB,CAAC;IACjC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAMD,MAAM,MAAM,aAAa,GACrB,OAAO,GACP,eAAe,GACf,QAAQ,GACR,OAAO,GACP,QAAQ,GACR,QAAQ,CAAC;AAEb,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,aAAa,CAAC;IACrB,MAAM,EAAE,WAAW,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,aAAa,CAAC;IAC5B,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,OAAO,EAAE,eAAe,CAAC;CAC1B;AAMD,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAExD,MAAM,WAAW,cAAc;IAE7B,kBAAkB,EAAE,eAAe,CAAC;IAGpC,WAAW,EAAE,eAAe,CAAC;IAG7B,qBAAqB,EAAE,eAAe,CAAC;IACvC,uBAAuB,EAAE,eAAe,CAAC;IACzC,oBAAoB,EAAE,eAAe,CAAC;IAGtC,YAAY,EAAE,QAAQ,CAAC;CACxB;AAED,eAAO,MAAM,qBAAqB,EAAE,cAOnC,CAAC;AAMF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,mCAAmC;IACnC,OAAO,EAAE,UAAU,GAAG,YAAY,GAAG,QAAQ,GAAG,OAAO,GAAG,YAAY,GAAG,OAAO,CAAC;IACjF,qCAAqC;IACrC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,OAAO,CAAC,EAAE,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,eAAe,GAAG,aAAa,CAAC;CAChG;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,KAAK,CAAC;IACjF,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,yBAAyB;IACzB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACjE,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oBAAoB;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,aAAa,GAAG,UAAU,CAAC;CACxE;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,QAAQ,GAAG,YAAY,GAAG,SAAS,GAAG,YAAY,CAAC;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,gCAAgC;IAChC,IAAI,EAAE,OAAO,WAAW,EAAE,QAAQ,CAAC;IAEnC,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IAEnB,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IAEjB,+BAA+B;IAC/B,QAAQ,EAAE,WAAW,EAAE,CAAC;IAExB,0BAA0B;IAC1B,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAE7B,iCAAiC;IACjC,SAAS,EAAE,YAAY,EAAE,CAAC;IAE1B,wBAAwB;IACxB,SAAS,EAAE,QAAQ,EAAE,CAAC;IAEtB,4BAA4B;IAC5B,YAAY,EAAE,cAAc,EAAE,CAAC;IAE/B,uBAAuB;IACvB,KAAK,EAAE,QAAQ,EAAE,CAAC;IAElB,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAMD;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,cAAc,GACd,SAAS,GACT,eAAe,GACf,cAAc,GACd,aAAa,CAAC;AAElB;;GAEG;AACH,MAAM,WAAW,gBAAgB,CAAC,CAAC,GAAG,OAAO;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,aAAa,CAAC;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,CAAC,EAAE,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc,CAAC,CAAC,GAAG,OAAO;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,aAAa,CAAC;IAExB;;OAEG;IACH,OAAO,CAAC,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;CACxF;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,gCAAgC;IAChC,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,wCAAwC;IACxC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,iCAAiC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAMD;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,iDAAiD;IACjD,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,iBAAiB,GAAG,aAAa,CAAC;AAE/F;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE;QACP,aAAa,EAAE,MAAM,CAAC;QACtB,UAAU,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAC1C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACjC,CAAC;CACH;AAMD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACxC,IAAI,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,WAAW;IACjD,QAAQ,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,GAAG,YAAY,GAAG,aAAa,CAAC;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,WAAY,SAAQ,WAAW;IAC9C,QAAQ,EAAE,SAAS,GAAG,UAAU,GAAG,YAAY,GAAG,WAAW,CAAC;IAC9D,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,QAAQ,EAAE,SAAS,GAAG,eAAe,GAAG,YAAY,GAAG,aAAa,CAAC;IACrE,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,oBAAoB,EAAE,MAAM,CAAC;CAC9B"}

package/dist/agents/types.js

@@ -0,0 +1,14 @@
+/**
+ * Agent Type Definitions
+ *
+ * Types for the Mastra-based agent orchestration system.
+ */
+export const defaultDecisionMatrix = {
+    patternAndLLMAgree: 'high',
+    patternOnly: 'medium',
+    llmOnlyHighConfidence: 'high',
+    llmOnlyMediumConfidence: 'medium',
+    llmOnlyLowConfidence: 'low',
+    disagreement: 'verify',
+};
+//# sourceMappingURL=types.js.map

package/dist/agents/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/agents/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA+NH,MAAM,CAAC,MAAM,qBAAqB,GAAmB;IACnD,kBAAkB,EAAE,MAAM;IAC1B,WAAW,EAAE,QAAQ;IACrB,qBAAqB,EAAE,MAAM;IAC7B,uBAAuB,EAAE,QAAQ;IACjC,oBAAoB,EAAE,KAAK;IAC3B,YAAY,EAAE,QAAQ;CACvB,CAAC"}

package/dist/agents/verification-agent.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Verification Agent
+ *
+ * Uses Phase 2 LLM (powerful) to verify vulnerability exploitability.
+ * Determines TRUE_POSITIVE, FALSE_POSITIVE, or UNCERTAIN for each finding.
+ */
+import type { VerificationAgentInput, VerificationAgentOutput, VerificationTarget, AnalysisContext } from './types.js';
+/**
+ * Run verification on identified targets
+ */
+export declare function runVerification(input: VerificationAgentInput): Promise<VerificationAgentOutput>;
+/**
+ * Generate verification targets from sources and sinks
+ */
+export declare function generateVerificationTargets(context: AnalysisContext, options?: {
+    maxTargets?: number;
+    prioritizeHighSeverity?: boolean;
+}): VerificationTarget[];
+/**
+ * Update analysis context with verification results
+ */
+export declare function applyVerificationToContext(context: AnalysisContext, output: VerificationAgentOutput): AnalysisContext;
+//# sourceMappingURL=verification-agent.d.ts.map

package/dist/agents/verification-agent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verification-agent.d.ts","sourceRoot":"","sources":["../../src/agents/verification-agent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,KAAK,EACV,sBAAsB,EACtB,uBAAuB,EACvB,kBAAkB,EAClB,eAAe,EAChB,MAAM,YAAY,CAAC;AAMpB;;GAEG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,sBAAsB,GAC5B,OAAO,CAAC,uBAAuB,CAAC,CAuDlC;AA6DD;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,eAAe,EACxB,OAAO,CAAC,EAAE;IACR,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sBAAsB,CAAC,EAAE,OAAO,CAAC;CAClC,GACA,kBAAkB,EAAE,CA0FtB;AA8BD;;GAEG;AACH,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,eAAe,EACxB,MAAM,EAAE,uBAAuB,GAC9B,eAAe,CAKjB"}

package/dist/agents/verification-agent.js

@@ -0,0 +1,217 @@
+/**
+ * Verification Agent
+ *
+ * Uses Phase 2 LLM (powerful) to verify vulnerability exploitability.
+ * Determines TRUE_POSITIVE, FALSE_POSITIVE, or UNCERTAIN for each finding.
+ */
+import { getVerificationEngine, } from '../llm/index.js';
+// ============================================================================
+// Verification Logic
+// ============================================================================
+/**
+ * Run verification on identified targets
+ */
+export async function runVerification(input) {
+    const startTime = Date.now();
+    const engine = getVerificationEngine();
+    const options = {
+        batchSize: 5,
+        parallelVerifications: 3,
+        ...input.options,
+    };
+    const results = new Map();
+    let truePositives = 0;
+    let falsePositives = 0;
+    let uncertain = 0;
+    // Process targets in batches
+    const batches = batchArray(input.targets, options.batchSize);
+    for (const batch of batches) {
+        // Process batch with limited parallelism
+        const batchResults = await Promise.all(batch.map(target => verifyTarget(engine, target, input.context)));
+        // Collect results
+        for (let i = 0; i < batch.length; i++) {
+            const target = batch[i];
+            const result = batchResults[i];
+            const key = `${target.sourceId}:${target.sinkId}`;
+            results.set(key, result);
+            switch (result.verdict) {
+                case 'TRUE_POSITIVE':
+                    truePositives++;
+                    break;
+                case 'FALSE_POSITIVE':
+                    falsePositives++;
+                    break;
+                case 'UNCERTAIN':
+                    uncertain++;
+                    break;
+            }
+        }
+    }
+    const processingTimeMs = Date.now() - startTime;
+    return {
+        results,
+        truePositives,
+        falsePositives,
+        uncertain,
+        processingTimeMs,
+    };
+}
+/**
+ * Verify a single target
+ */
+async function verifyTarget(engine, target, context) {
+    const verificationInput = {
+        source: {
+            line: target.source.line,
+            code: extractLineCode(context.sourceCode, target.source.line),
+            type: target.source.type,
+            variable: target.source.variable,
+        },
+        sink: {
+            line: target.sink.line,
+            code: extractLineCode(context.sourceCode, target.sink.line),
+            type: target.sink.type,
+            cwe: target.sink.cwe,
+            method: target.sink.method,
+        },
+        methodCode: target.methodCode,
+        methodName: target.methodName,
+        className: target.className,
+        annotations: [],
+        pathExists: true,
+        sanitizersInPath: [],
+    };
+    return engine.verify(verificationInput);
+}
+/**
+ * Extract code at a specific line
+ */
+function extractLineCode(sourceCode, line) {
+    const lines = sourceCode.split('\n');
+    if (line > 0 && line <= lines.length) {
+        return lines[line - 1].trim();
+    }
+    return '';
+}
+/**
+ * Split array into batches
+ */
+function batchArray(items, batchSize) {
+    const batches = [];
+    for (let i = 0; i < items.length; i += batchSize) {
+        batches.push(items.slice(i, i + batchSize));
+    }
+    return batches;
+}
+// ============================================================================
+// Target Generation
+// ============================================================================
+/**
+ * Generate verification targets from sources and sinks
+ */
+export function generateVerificationTargets(context, options) {
+    const targets = [];
+    const opts = {
+        maxTargets: 50,
+        prioritizeHighSeverity: true,
+        ...options,
+    };
+    // Combine pattern and LLM sources
+    const allSources = context.patternSources.map(s => ({
+        line: s.line,
+        type: s.type,
+        variable: s.variable,
+        method: s.method,
+    }));
+    if (context.enrichmentResult) {
+        for (const llmSource of context.enrichmentResult.additionalSources) {
+            allSources.push({
+                line: llmSource.line,
+                type: llmSource.type,
+                variable: llmSource.variable,
+                method: llmSource.method,
+            });
+        }
+    }
+    // Combine pattern and LLM sinks
+    const allSinks = context.patternSinks.map(s => ({
+        line: s.line,
+        type: s.type,
+        method: s.method,
+        cwe: s.cwe,
+        argPositions: s.argPositions,
+    }));
+    if (context.enrichmentResult) {
+        for (const llmSink of context.enrichmentResult.additionalSinks) {
+            allSinks.push({
+                line: llmSink.line,
+                type: llmSink.type,
+                method: llmSink.method,
+                cwe: llmSink.cwe,
+                argPositions: llmSink.argPositions,
+            });
+        }
+    }
+    // Generate source-sink pairs within same method
+    for (const type of context.types) {
+        for (const method of type.methods) {
+            const methodSources = allSources.filter(s => s.line >= method.start_line && s.line <= method.end_line);
+            const methodSinks = allSinks.filter(s => s.line >= method.start_line && s.line <= method.end_line);
+            // Extract method code
+            const methodCode = extractMethodCode(context.sourceCode, method.start_line, method.end_line);
+            for (const source of methodSources) {
+                for (const sink of methodSinks) {
+                    // Only pair if source comes before sink
+                    if (source.line < sink.line) {
+                        targets.push({
+                            sourceId: `src:${source.line}:${source.type}`,
+                            sinkId: `sink:${sink.line}:${sink.type}`,
+                            source,
+                            sink,
+                            methodCode,
+                            methodName: method.name,
+                            className: type.name,
+                        });
+                    }
+                }
+            }
+        }
+    }
+    // Prioritize and limit
+    if (opts.prioritizeHighSeverity) {
+        targets.sort((a, b) => getSeverityScore(b.sink.cwe) - getSeverityScore(a.sink.cwe));
+    }
+    return targets.slice(0, opts.maxTargets);
+}
+/**
+ * Extract method code from source
+ */
+function extractMethodCode(sourceCode, startLine, endLine) {
+    const lines = sourceCode.split('\n');
+    return lines.slice(startLine - 1, endLine).join('\n');
+}
+/**
+ * Get severity score for prioritization
+ */
+function getSeverityScore(cwe) {
+    const highSeverity = ['CWE-78', 'CWE-89', 'CWE-94', 'CWE-502'];
+    const mediumSeverity = ['CWE-79', 'CWE-22', 'CWE-90', 'CWE-643'];
+    if (highSeverity.some(c => cwe.includes(c)))
+        return 3;
+    if (mediumSeverity.some(c => cwe.includes(c)))
+        return 2;
+    return 1;
+}
+// ============================================================================
+// Context Update Helper
+// ============================================================================
+/**
+ * Update analysis context with verification results
+ */
+export function applyVerificationToContext(context, output) {
+    return {
+        ...context,
+        verificationResults: output.results,
+    };
+}
+//# sourceMappingURL=verification-agent.js.map

package/dist/agents/verification-agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verification-agent.js","sourceRoot":"","sources":["../../src/agents/verification-agent.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EACL,qBAAqB,GAGtB,MAAM,iBAAiB,CAAC;AAQzB,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAA6B;IAE7B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,qBAAqB,EAAE,CAAC;IAEvC,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,CAAC;QACZ,qBAAqB,EAAE,CAAC;QACxB,GAAG,KAAK,CAAC,OAAO;KACjB,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IACtD,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,6BAA6B;IAC7B,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAE7D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,yCAAyC;QACzC,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CACjE,CAAC;QAEF,kBAAkB;QAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACxB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAElD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAEzB,QAAQ,MAAM,CAAC,OAAO,EAAE,CAAC;gBACvB,KAAK,eAAe;oBAClB,aAAa,EAAE,CAAC;oBAChB,MAAM;gBACR,KAAK,gBAAgB;oBACnB,cAAc,EAAE,CAAC;oBACjB,MAAM;gBACR,KAAK,WAAW;oBACd,SAAS,EAAE,CAAC;oBACZ,MAAM;YACV,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAEhD,OAAO;QACL,OAAO;QACP,aAAa;QACb,cAAc;QACd,SAAS;QACT,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,YAAY,CACzB,MAAgD,EAChD,MAA0B,EAC1B,OAAwB;IAExB,MAAM,iBAAiB,GAAsB;QAC3C,MAAM,EAAE;YACN,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI;YACxB,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;YAC7D,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI;YACxB,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;SACjC;QACD,IAAI,EAAE;YACJ,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;YACtB,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;YAC3D,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI;YACtB,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG;YACpB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM;SAC3B;QACD,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,WAAW,EAAE,EAAE;QACf,UAAU,EAAE,IAAI;QAChB,gBAAgB,EAAE,EAAE;KACrB,CAAC;IAEF,OAAO,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,UAAkB,EAAE,IAAY;IACvD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACrC,OAAO,KAAK,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAI,KAAU,EAAE,SAAiB;IAClD,MAAM,OAAO,GAAU,EAAE,CAAC;IAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,2BAA2B,CACzC,OAAwB,EACxB,OAGC;IAED,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG;QACX,UAAU,EAAE,EAAE;QACd,sBAAsB,EAAE,IAAI;QAC5B,GAAG,OAAO;KACX,CAAC;IAEF,kCAAkC;IAClC,MAAM,UAAU,GACd,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC/B,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM;KACjB,CAAC,CAAC,CAAC;IACN,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,KAAK,MAAM,SAAS,IAAI,OAAO,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;YACnE,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,MAAM,EAAE,SAAS,CAAC,MAAM;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,QAAQ,GACZ,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC7B,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,YAAY,EAAE,CAAC,CAAC,YAAY;KAC7B,CAAC,CAAC,CAAC;IACN,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;QAC7B,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,gBAAgB,CAAC,eAAe,EAAE,CAAC;YAC/D,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,YAAY,EAAE,OAAO,CAAC,YAAY;aACnC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,CAC9D,CAAC;YACF,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CACjC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,QAAQ,CAC9D,CAAC;YAEF,sBAAsB;YACtB,MAAM,UAAU,GAAG,iBAAiB,CAClC,OAAO,CAAC,UAAU,EAClB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,QAAQ,CAChB,CAAC;YAEF,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;gBACnC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC/B,wCAAwC;oBACxC,IAAI,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;wBAC5B,OAAO,CAAC,IAAI,CAAC;4BACX,QAAQ,EAAE,OAAO,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE;4BAC7C,MAAM,EAAE,QAAQ,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE;4BACxC,MAAM;4BACN,IAAI;4BACJ,UAAU;4BACV,UAAU,EAAE,MAAM,CAAC,IAAI;4BACvB,SAAS,EAAE,IAAI,CAAC,IAAI;yBACrB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CACxB,UAAkB,EAClB,SAAiB,EACjB,OAAe;IAEf,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,KAAK,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC/D,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAEjE,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACtD,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACxD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,OAAwB,EACxB,MAA+B;IAE/B,OAAO;QACL,GAAG,OAAO;QACV,mBAAmB,EAAE,MAAM,CAAC,OAAO;KACpC,CAAC;AACJ,CAAC"}

package/dist/agents/workflow.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Workflow Definition
+ *
+ * Defines the hybrid analysis pipeline workflow.
+ * Pipeline: Parse → Pattern Match → Enrich → Merge → Verify → Report
+ */
+import type { WorkflowState, WorkflowPhase, AnalysisContext, SecurityAgentOutput } from './types.js';
+import type { TaintSource, TaintSink, TypeInfo } from 'circle-ir';
+/**
+ * Run the complete hybrid analysis workflow
+ *
+ * This is the main entry point for running security analysis.
+ * It integrates pattern matching with LLM enrichment and verification.
+ */
+export declare function runHybridAnalysis(filePath: string, sourceCode: string, patternSources: TaintSource[], patternSinks: TaintSink[], types: TypeInfo[], imports: string[], options?: {
+    language?: string;
+    enableEnrichment?: boolean;
+    enableVerification?: boolean;
+    confidenceThreshold?: number;
+    maxVerificationTargets?: number;
+}): Promise<SecurityAgentOutput>;
+/**
+ * Create initial workflow state
+ */
+export declare function createWorkflowState(context: AnalysisContext): WorkflowState;
+/**
+ * Update workflow state with step result
+ */
+export declare function updateWorkflowState(state: WorkflowState, phase: WorkflowPhase, result: unknown, error?: string): WorkflowState;
+//# sourceMappingURL=workflow.d.ts.map

package/dist/agents/workflow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow.d.ts","sourceRoot":"","sources":["../../src/agents/workflow.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,aAAa,EAEb,eAAe,EACf,mBAAmB,EACpB,MAAM,YAAY,CAAC;AAEpB,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAMlE;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,WAAW,EAAE,EAC7B,YAAY,EAAE,SAAS,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,OAAO,EAAE,MAAM,EAAE,EACjB,OAAO,CAAC,EAAE;IACR,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,MAAM,CAAC;CACjC,GACA,OAAO,CAAC,mBAAmB,CAAC,CAkB9B;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,eAAe,GACvB,aAAa,CAMf;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,aAAa,EACpB,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,OAAO,EACf,KAAK,CAAC,EAAE,MAAM,GACb,aAAa,CAef"}

package/dist/agents/workflow.js

@@ -0,0 +1,79 @@
+/**
+ * Workflow Definition
+ *
+ * Defines the hybrid analysis pipeline workflow.
+ * Pipeline: Parse → Pattern Match → Enrich → Merge → Verify → Report
+ */
+import { runSecurityAnalysis } from './security-agent.js';
+// ============================================================================
+// Simplified Workflow Runner
+// ============================================================================
+/**
+ * Run the complete hybrid analysis workflow
+ *
+ * This is the main entry point for running security analysis.
+ * It integrates pattern matching with LLM enrichment and verification.
+ */
+export async function runHybridAnalysis(filePath, sourceCode, patternSources, patternSinks, types, imports, options) {
+    return runSecurityAnalysis({
+        filePath,
+        sourceCode,
+        language: options?.language,
+        options: {
+            enableEnrichment: options?.enableEnrichment,
+            enableVerification: options?.enableVerification,
+            confidenceThreshold: options?.confidenceThreshold,
+            maxVerificationTargets: options?.maxVerificationTargets,
+        },
+    }, patternSources, patternSinks, types, imports);
+}
+// ============================================================================
+// Workflow State Management
+// ============================================================================
+/**
+ * Create initial workflow state
+ */
+export function createWorkflowState(context) {
+    return {
+        currentPhase: 'parse',
+        steps: [],
+        context,
+    };
+}
+/**
+ * Update workflow state with step result
+ */
+export function updateWorkflowState(state, phase, result, error) {
+    const step = {
+        phase,
+        status: error ? 'failed' : 'completed',
+        startedAt: new Date().toISOString(),
+        completedAt: new Date().toISOString(),
+        result,
+        error,
+    };
+    return {
+        ...state,
+        currentPhase: getNextPhase(phase),
+        steps: [...state.steps, step],
+    };
+}
+/**
+ * Get next phase in workflow
+ */
+function getNextPhase(current) {
+    const phases = [
+        'parse',
+        'pattern-match',
+        'enrich',
+        'merge',
+        'verify',
+        'report',
+    ];
+    const currentIndex = phases.indexOf(current);
+    if (currentIndex < phases.length - 1) {
+        return phases[currentIndex + 1];
+    }
+    return 'report';
+}
+//# sourceMappingURL=workflow.js.map

package/dist/agents/workflow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"workflow.js","sourceRoot":"","sources":["../../src/agents/workflow.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAG1D,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,UAAkB,EAClB,cAA6B,EAC7B,YAAyB,EACzB,KAAiB,EACjB,OAAiB,EACjB,OAMC;IAED,OAAO,mBAAmB,CACxB;QACE,QAAQ;QACR,UAAU;QACV,QAAQ,EAAE,OAAO,EAAE,QAAQ;QAC3B,OAAO,EAAE;YACP,gBAAgB,EAAE,OAAO,EAAE,gBAAgB;YAC3C,kBAAkB,EAAE,OAAO,EAAE,kBAAkB;YAC/C,mBAAmB,EAAE,OAAO,EAAE,mBAAmB;YACjD,sBAAsB,EAAE,OAAO,EAAE,sBAAsB;SACxD;KACF,EACD,cAAc,EACd,YAAY,EACZ,KAAK,EACL,OAAO,CACR,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAwB;IAExB,OAAO;QACL,YAAY,EAAE,OAAO;QACrB,KAAK,EAAE,EAAE;QACT,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAoB,EACpB,KAAoB,EACpB,MAAe,EACf,KAAc;IAEd,MAAM,IAAI,GAAiB;QACzB,KAAK;QACL,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW;QACtC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,MAAM;QACN,KAAK;KACN,CAAC;IAEF,OAAO;QACL,GAAG,KAAK;QACR,YAAY,EAAE,YAAY,CAAC,KAAK,CAAC;QACjC,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,OAAsB;IAC1C,MAAM,MAAM,GAAoB;QAC9B,OAAO;QACP,eAAe;QACf,QAAQ;QACR,OAAO;QACP,QAAQ;QACR,QAAQ;KACT,CAAC;IAEF,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,IAAI,YAAY,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrC,OAAO,MAAM,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/analysis/enriched.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Enriched section builder
+ *
+ * Provides structure for LLM-enhanced metadata:
+ * - Function roles (controller, service, repository)
+ * - Risk levels
+ * - Trust boundaries
+ * - Additional sources/sinks discovered by analysis
+ */
+import type { TypeInfo, CallInfo, TaintSource, TaintSink, Enriched } from 'circle-ir';
+/**
+ * Build the enriched section with heuristic-based analysis.
+ * This provides a baseline that LLM can enhance.
+ */
+export declare function buildEnriched(types: TypeInfo[], calls: CallInfo[], existingSources: TaintSource[], existingSinks: TaintSink[]): Enriched;
+//# sourceMappingURL=enriched.d.ts.map

package/dist/analysis/enriched.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enriched.d.ts","sourceRoot":"","sources":["../../src/analysis/enriched.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,QAAQ,EACR,WAAW,EACX,SAAS,EACT,QAAQ,EAIT,MAAM,WAAW,CAAC;AAEnB;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,KAAK,EAAE,QAAQ,EAAE,EACjB,KAAK,EAAE,QAAQ,EAAE,EACjB,eAAe,EAAE,WAAW,EAAE,EAC9B,aAAa,EAAE,SAAS,EAAE,GACzB,QAAQ,CAYV"}