circle-ir-ai 1.1.0

package/dist/llm/ax-client.js

@@ -0,0 +1,1641 @@
+/**
+ * Ax-LLM Client
+ *
+ * DSPy-style LLM client using @ax-llm/ax library.
+ * Provides typed signatures and structured outputs.
+ */
+import { AxAIOpenAI, AxGen, AxSignature, } from '@ax-llm/ax';
+import { getDefaultLLMConfig, validateLLMConfig } from './config.js';
+import { RoleClassificationResponseSchema, SourceDiscoveryResponseSchema, SinkDiscoveryResponseSchema, VerificationResponseSchema, } from './schemas.js';
+import { sanitizeCodeForPrompt, sanitizeListForPrompt, formatSystemPrompt, logInjectionAttempt, } from './prompt-security.js';
+import { getPrompt } from './prompts/index.js';
+// ============================================================================
+// Signatures for Security Analysis
+// ============================================================================
+/**
+ * Signature for source/sink enrichment
+ */
+export const enrichmentSignature = AxSignature.create(`
+  code:string, className:string, methodName:string, existingSources:string[], existingSinks:string[] ->
+  additionalSources:object[], additionalSinks:object[], role:string, reasoning:string
+`);
+/**
+ * Signature for role classification
+ */
+export const roleClassificationSignature = AxSignature.create(`
+  className:string, methodNames:string, annotations:string, imports:string ->
+  role:string, confidence:number, reasoning:string, indicators:string[]
+`);
+/**
+ * Signature for source discovery
+ */
+export const sourceDiscoverySignature = AxSignature.create(`
+  methodCode:string, methodName:string, classRole:string, existingSources:string ->
+  additionalSources:object[]
+`);
+/**
+ * Signature for sink discovery
+ */
+export const sinkDiscoverySignature = AxSignature.create(`
+  methodCode:string, methodName:string, methodCalls:string, existingSinks:string ->
+  additionalSinks:object[]
+`);
+/**
+ * Signature for virtual call resolution
+ */
+export const virtualCallResolutionSignature = AxSignature.create(`
+  callExpression:string, interfaceType:string, availableImplementations:string, context:string ->
+  resolvedImplementation:string, confidence:number, reasoning:string
+`);
+/**
+ * Signature for pattern verification
+ */
+export const patternVerificationSignature = AxSignature.create(`
+  patterns:string, codeContext:string ->
+  verifications:object[]
+`);
+/**
+ * Signature for vulnerability verification
+ */
+export const verificationSignature = AxSignature.create(`
+  sourceCode:string, sourceLine:number, sourceType:string,
+  sinkCode:string, sinkLine:number, sinkType:string, cwe:string,
+  methodCode:string, methodName:string, className:string,
+  sanitizersInPath:string[] ->
+  verdict:string, confidence:number, reasoning:string, exploitability:string,
+  sanitizersFound:string[], attackVector:string
+`);
+/**
+ * Signature for list index tracking
+ * Uses JSON strings for compatibility with non-structured LLMs
+ */
+export const listIndexSignature = AxSignature.create(`
+  code:string, listVariable:string, operationsJson:string "JSON array of operations" ->
+  finalIndexMappingJson:string "JSON object mapping original to final indices",
+  taintedIndicesJson:string "JSON array of tainted index numbers",
+  reasoning:string
+`);
+/**
+ * Signature for correlated predicate analysis
+ * Uses JSON strings for compatibility with non-structured LLMs
+ */
+export const correlatedPredicateSignature = AxSignature.create(`
+  code:string, predicateLocationsJson:string "JSON array of predicate locations" ->
+  correlatedGroupsJson:string "JSON array of correlated predicate groups",
+  reasoning:string
+`);
+/**
+ * Signature for cross-file taint tracking
+ * Uses JSON string for taintFlows to avoid structured output requirement
+ */
+export const crossFileTaintSignature = AxSignature.create(`
+  sourceFile:string, sourceCode:string, targetFile:string, targetCode:string,
+  exportedTaintJson:string "JSON array of exported taint: [{variable, type, line}]",
+  importedSymbolsJson:string "JSON array of imported symbol names" ->
+  taintFlowsJson:string "JSON array of flows: [{sourceVar, sinkMethod, sinkLine, confidence, reasoning}]",
+  reasoning:string
+`);
+/**
+ * Maximum consecutive LLM failures before skipping further calls
+ */
+const MAX_CONSECUTIVE_FAILURES = 5;
+/**
+ * Maximum code context length to send to LLM (in characters)
+ * Prevents 400 errors from exceeding model context limits
+ */
+const MAX_CODE_CONTEXT_LENGTH = 8000;
+/**
+ * Truncate code to fit within context limits
+ */
+function truncateCode(code, maxLength = MAX_CODE_CONTEXT_LENGTH) {
+    if (code.length <= maxLength)
+        return code;
+    // Try to truncate at a line boundary
+    const truncated = code.substring(0, maxLength);
+    const lastNewline = truncated.lastIndexOf('\n');
+    if (lastNewline > maxLength * 0.8) {
+        return truncated.substring(0, lastNewline) + '\n// ... (truncated)';
+    }
+    return truncated + '\n// ... (truncated)';
+}
+/**
+ * Ax-LLM based client for Circle-IR
+ */
+export class AxLLMClient {
+    config;
+    ai;
+    generators = new Map();
+    consecutiveFailures = 0;
+    llmDisabled = false;
+    constructor(config) {
+        this.config = { ...getDefaultLLMConfig(), ...config };
+        // Validate required configuration
+        validateLLMConfig(this.config);
+        // Initialize OpenAI-compatible provider with default model
+        this.ai = new AxAIOpenAI({
+            apiKey: this.config.apiKey,
+            apiURL: this.config.baseUrl,
+            config: {
+                model: this.config.phases.enrichment.model,
+            },
+        });
+    }
+    /**
+     * Check if LLM is currently available (not disabled due to failures)
+     */
+    isAvailable() {
+        return !this.llmDisabled;
+    }
+    /**
+     * Reset the circuit breaker so LLM calls are re-enabled.
+     * Call this between files to prevent one file's failures from disabling
+     * LLM for the entire project analysis.
+     */
+    resetCircuitBreaker() {
+        this.consecutiveFailures = 0;
+        this.llmDisabled = false;
+    }
+    /**
+     * Reset failure counter (call when LLM succeeds)
+     */
+    resetFailures() {
+        this.consecutiveFailures = 0;
+    }
+    /**
+     * Track a failure and potentially disable LLM
+     */
+    trackFailure() {
+        this.consecutiveFailures++;
+        if (this.consecutiveFailures >= MAX_CONSECUTIVE_FAILURES) {
+            console.warn(`LLM disabled after ${MAX_CONSECUTIVE_FAILURES} consecutive failures`);
+            this.llmDisabled = true;
+        }
+    }
+    /**
+     * Get or create a generator for a signature
+     */
+    getGenerator(name, signature, options) {
+        if (!this.generators.has(name)) {
+            const gen = new AxGen(signature, {
+                description: options?.description,
+            });
+            this.generators.set(name, gen);
+        }
+        return this.generators.get(name);
+    }
+    /**
+     * Get category-specific guidance for verification prompts
+     */
+    getCategoryGuidance(cwe) {
+        const cweNum = cwe.replace(/\D/g, '');
+        switch (cweNum) {
+            case '501': // Trust Boundary Violation
+                return `
+TRUST BOUNDARY (CWE-501) SPECIFIC:
+- VULNERABLE: User input used as session ATTRIBUTE NAME: setAttribute(userInput, value)
+- VULNERABLE: Unvalidated user data stored in session without sanitization
+- SAFE: Constant/hardcoded attribute name with sanitized value
+- SAFE: User data that has been validated against whitelist
+- Key insight: The ATTRIBUTE NAME being user-controlled is the vulnerability, not just the value`;
+            case '79': // XSS
+            case '80':
+            case '81':
+            case '83':
+                return `
+XSS (CWE-79) SPECIFIC SANITIZERS - Mark as FALSE_POSITIVE if ANY of these are used:
+- encodeForHTML(), escapeHtml(), escapeHtml4()
+- HtmlUtils.htmlEscape(), StringEscapeUtils.escapeHtml()
+- ESAPI.encoder().encodeForHTML()
+- org.owasp.benchmark.helpers.Utils.encodeForHTML()
+- Writing to response HEADERS (not body) is generally safe
+- Check if output is HTML-encoded before reaching response.getWriter()
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  String name = request.getParameter("name");
+  response.getWriter().println("<h1>" + name + "</h1>");
+  // User input directly output without encoding -> VULNERABLE
+
+FALSE_POSITIVE:
+  String name = request.getParameter("name");
+  String safe = ESAPI.encoder().encodeForHTML(name);
+  response.getWriter().println("<h1>" + safe + "</h1>");
+  // Input is HTML-encoded before output -> SAFE`;
+            case '89': // SQL Injection
+                return `
+SQL INJECTION (CWE-89) SPECIFIC:
+- SAFE: PreparedStatement with ? placeholders and setString/setInt
+- SAFE: Parameterized queries, named parameters
+- VULNERABLE: String concatenation in SQL query
+- VULNERABLE: Statement.executeQuery(string + userInput)
+- Check if the query uses concatenation vs parameterization
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  String id = request.getParameter("id");
+  String sql = "SELECT * FROM users WHERE id = '" + id + "'";
+  stmt.executeQuery(sql);
+  // Concatenation of user input into SQL -> VULNERABLE
+
+FALSE_POSITIVE:
+  String id = request.getParameter("id");
+  PreparedStatement ps = conn.prepareStatement("SELECT * FROM users WHERE id = ?");
+  ps.setString(1, id);
+  ps.executeQuery();
+  // Parameterized query with ? placeholder -> SAFE`;
+            case '78': // Command Injection
+                return `
+COMMAND INJECTION (CWE-78) SPECIFIC:
+- SAFE: ProcessBuilder with String[] array (no shell interpretation)
+- SAFE: Runtime.exec(String[]) with separate args
+- VULNERABLE: Runtime.exec(String) with concatenated command
+- VULNERABLE: Shell commands with user input
+- Check if command is built via concatenation or array
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  String cmd = request.getParameter("cmd");
+  Runtime.getRuntime().exec(cmd);
+  // User input directly passed to exec() -> VULNERABLE
+
+FALSE_POSITIVE:
+  String filename = request.getParameter("file");
+  String[] cmd = new String[] {"ls", "-l", filename};
+  ProcessBuilder pb = new ProcessBuilder(cmd);
+  pb.start();
+  // Array-based args (no shell), but still potentially dangerous
+  // Mark UNCERTAIN if filename not validated, TRUE_POSITIVE if clearly exploitable`;
+            case '22': // Path Traversal
+                return `
+PATH TRAVERSAL (CWE-22) SPECIFIC:
+- SAFE: Path normalized with getCanonicalPath() then validated
+- SAFE: Paths validated against whitelist/base directory
+- SAFE: FilenameUtils.getName() extracts just filename
+- VULNERABLE: Direct file access with user-controlled path
+- Check for path normalization and validation
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  String file = request.getParameter("file");
+  File f = new File("/uploads/" + file);
+  FileInputStream fis = new FileInputStream(f);
+  // User input directly used in file path -> VULNERABLE (../../../etc/passwd)
+
+FALSE_POSITIVE:
+  String file = request.getParameter("file");
+  String safeName = FilenameUtils.getName(file);  // Strips directories
+  File f = new File("/uploads/" + safeName);
+  FileInputStream fis = new FileInputStream(f);
+  // Path is sanitized by extracting only filename -> SAFE`;
+            case '90': // LDAP Injection
+                return `
+LDAP INJECTION (CWE-90) SPECIFIC:
+- SAFE: LDAP search with properly escaped filter
+- SAFE: Using parameterized LDAP APIs
+- VULNERABLE: String concatenation in LDAP filter
+- Check for filter escaping functions`;
+            case '643': // XPath Injection
+                return `
+XPATH INJECTION (CWE-643) SPECIFIC:
+- SAFE: Parameterized XPath with variable binding
+- SAFE: Input validated against whitelist
+- VULNERABLE: String concatenation in XPath expression
+- Check for XPath parameterization`;
+            case '918': // SSRF
+                return `
+SSRF (CWE-918) SPECIFIC:
+- VULNERABLE: User input used in URL construction without validation
+- VULNERABLE: URL.openConnection() or HttpClient with user-controlled URL
+- VULNERABLE: RestTemplate, WebClient with user-controlled URLs
+- SAFE: URL validated against allowlist of hosts/protocols
+- SAFE: Internal-only endpoints with no external access
+- Key insight: Any user-controlled URL component is dangerous
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  String url = request.getParameter("url");
+  URL u = new URL(url);
+  HttpURLConnection conn = (HttpURLConnection) u.openConnection();
+  conn.getInputStream();
+  // User-controlled URL without validation -> VULNERABLE
+
+FALSE_POSITIVE:
+  String id = request.getParameter("id");
+  URL u = new URL("https://api.internal.com/data/" + URLEncoder.encode(id, "UTF-8"));
+  // Fixed host, only ID is user-controlled and encoded -> Generally SAFE`;
+            case '611': // XXE
+                return `
+XXE (CWE-611) SPECIFIC:
+- VULNERABLE: XMLParser without disabled external entities
+- VULNERABLE: DocumentBuilderFactory without setFeature(DISALLOW_DTD)
+- VULNERABLE: SAXParser, XMLReader without secure configuration
+- SAFE: Factory configured with FEATURE_SECURE_PROCESSING
+- SAFE: setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)
+- Key insight: Default XML parsers are often vulnerable
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+  DocumentBuilder db = dbf.newDocumentBuilder();
+  Document doc = db.parse(request.getInputStream());
+  // Default XML parser without disabling external entities -> VULNERABLE
+
+FALSE_POSITIVE:
+  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+  dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+  DocumentBuilder db = dbf.newDocumentBuilder();
+  Document doc = db.parse(request.getInputStream());
+  // External entities disabled -> SAFE`;
+            case '502': // Deserialization
+                return `
+DESERIALIZATION (CWE-502) SPECIFIC:
+- VULNERABLE: ObjectInputStream.readObject() on untrusted data
+- VULNERABLE: XMLDecoder.readObject() on untrusted input
+- VULNERABLE: Yaml.load() without SafeConstructor
+- VULNERABLE: JSON libraries with polymorphic type handling
+- SAFE: Deserialization with allowlist of classes
+- SAFE: SafeYAML, safe JSON configuration
+- Key insight: Any deserialization of untrusted data is dangerous
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  ObjectInputStream ois = new ObjectInputStream(request.getInputStream());
+  Object obj = ois.readObject();
+  // Deserializing untrusted HTTP input -> VULNERABLE
+
+FALSE_POSITIVE:
+  ObjectInputStream ois = new ObjectInputStream(fileInput);  // Internal file
+  Object obj = ois.readObject();
+  // Deserializing from trusted internal source -> Generally SAFE
+  // (but depends on whether the file content is user-controlled)`;
+            case '94': // Code Injection
+            case '95': // Eval Injection
+                return `
+CODE INJECTION (CWE-94/95) SPECIFIC:
+- VULNERABLE: ScriptEngine.eval() with user input
+- VULNERABLE: Runtime.exec() with user-controlled command
+- VULNERABLE: Reflection with user-controlled class/method names
+- VULNERABLE: Expression language with user input (OGNL, SpEL, EL)
+- SAFE: Sandboxed script execution with restricted context
+- Key insight: Any dynamic code execution with user input is dangerous
+
+FEW-SHOT EXAMPLES:
+TRUE_POSITIVE:
+  String expr = request.getParameter("expr");
+  ScriptEngine engine = new ScriptEngineManager().getEngineByName("JavaScript");
+  engine.eval(expr);
+  // User input directly executed as script -> VULNERABLE
+
+FALSE_POSITIVE:
+  String key = request.getParameter("key");
+  String value = config.get(key);  // Looking up config by key
+  // User controls config key but not code execution -> SAFE`;
+            case '327': // Weak Crypto
+            case '328': // Reversible One-Way Hash
+                return `
+WEAK CRYPTOGRAPHY (CWE-327/328) SPECIFIC:
+- VULNERABLE: MD5, SHA1 for password hashing
+- VULNERABLE: DES, 3DES, RC4 for encryption
+- VULNERABLE: ECB mode for block ciphers
+- SAFE: bcrypt, scrypt, Argon2 for passwords
+- SAFE: AES-GCM, ChaCha20-Poly1305 for encryption`;
+            case '352': // CSRF
+                return `
+CSRF (CWE-352) SPECIFIC:
+- VULNERABLE: State-changing operations without CSRF token
+- VULNERABLE: POST/PUT/DELETE endpoints without token validation
+- SAFE: CSRF token validated on state-changing requests
+- SAFE: SameSite cookie attributes with proper configuration`;
+            case '200': // Information Exposure
+            case '209': // Error Information Exposure
+                return `
+INFORMATION EXPOSURE (CWE-200/209) SPECIFIC:
+- VULNERABLE: Stack traces shown to users
+- VULNERABLE: Internal paths, database info in error messages
+- VULNERABLE: Debug information in production
+- SAFE: Generic error messages with logged details
+- SAFE: Custom error pages without sensitive info`;
+            default:
+                return '';
+        }
+    }
+    /**
+     * Make a raw JSON chat completion call
+     * Public to allow batch verification and other custom prompts
+     * @param phase - Which phase config to use ('enrichment', 'verification', or 'componentEnrichment')
+     * @param retryCount - Internal retry counter (don't set manually)
+     */
+    async chatJSON(systemPrompt, userPrompt, phase = 'enrichment', retryCount = 0) {
+        // Skip if LLM has been disabled due to repeated failures
+        if (this.llmDisabled) {
+            return null;
+        }
+        // Use the correct phase config
+        const phaseConfig = this.config.phases[phase];
+        // On retry, request fewer tokens to reduce truncation risk
+        const maxRetries = 1;
+        const maxTokens = retryCount > 0
+            ? Math.min(phaseConfig.maxTokens, 4000) // Reduced tokens on retry
+            : phaseConfig.maxTokens;
+        try {
+            // Create abort controller with timeout
+            const controller = new AbortController();
+            const timeoutMs = phaseConfig.timeout || 60000;
+            const timeoutId = setTimeout(() => controller.abort(), timeoutMs);
+            try {
+                const response = await fetch(`${this.config.baseUrl}/chat/completions`, {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'Authorization': `Bearer ${this.config.apiKey}`,
+                    },
+                    body: JSON.stringify({
+                        model: phaseConfig.model,
+                        messages: [
+                            { role: 'system', content: systemPrompt },
+                            { role: 'user', content: userPrompt },
+                        ],
+                        max_tokens: maxTokens,
+                        temperature: phaseConfig.temperature,
+                    }),
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                if (!response.ok) {
+                    console.error('LLM call failed: HTTP', response.status);
+                    this.trackFailure();
+                    return null;
+                }
+                // Success - reset failure counter
+                this.resetFailures();
+                const data = await response.json();
+                const rawContent = data.choices?.[0]?.message?.content;
+                // Handle case where LLM returns JSON object directly (not as string)
+                if (rawContent && typeof rawContent === 'object') {
+                    return rawContent;
+                }
+                const content = typeof rawContent === 'string' ? rawContent : '';
+                // Parse JSON from response (handle markdown code blocks)
+                let jsonStr = content;
+                const jsonMatch = content.match(/```(?:json)?\s*([\s\S]*?)```/);
+                if (jsonMatch) {
+                    jsonStr = jsonMatch[1];
+                }
+                // Fix common JSON issues from LLM
+                jsonStr = jsonStr.trim();
+                // Fix word-numbers (e.g., "0. nine" -> "0.9", "0. Nine" -> "0.9")
+                const wordToNum = {
+                    'zero': '0', 'one': '1', 'two': '2', 'three': '3', 'four': '4',
+                    'five': '5', 'six': '6', 'seven': '7', 'eight': '8', 'nine': '9',
+                };
+                jsonStr = jsonStr.replace(/(\d+)\.\s*(zero|one|two|three|four|five|six|seven|eight|nine)/gi, (_, int, word) => `${int}.${wordToNum[word.toLowerCase()]}`);
+                // Fix trailing decimal points followed by any non-digit (e.g., 0. -> 0.0)
+                jsonStr = jsonStr.replace(/(\d+)\.\s*([,}\]\n\r])/g, '$1.0$2');
+                // Fix decimal points followed by space then digit (e.g., 0. 5 -> 0.5)
+                jsonStr = jsonStr.replace(/(\d+)\.\s+(\d)/g, '$1.$2');
+                // Fix missing quotes around string values that look like identifiers
+                jsonStr = jsonStr.replace(/:\s*([A-Z_]+)\s*([,}\]])/g, ': "$1"$2');
+                try {
+                    return JSON.parse(jsonStr);
+                }
+                catch {
+                    // Try to recover truncated JSON by completing brackets
+                    const recovered = this.tryRecoverTruncatedJSON(jsonStr);
+                    if (recovered) {
+                        try {
+                            return JSON.parse(recovered);
+                        }
+                        catch {
+                            // Recovery failed, try verification-specific recovery
+                        }
+                    }
+                    // Try to extract verification response from truncated JSON
+                    const verificationRecovered = this.tryRecoverVerificationJSON(jsonStr);
+                    if (verificationRecovered) {
+                        return verificationRecovered;
+                    }
+                    // Log the problematic JSON for debugging
+                    console.error('Failed to parse JSON:', jsonStr.substring(0, 100));
+                    // Retry with reduced tokens if this was the first attempt
+                    if (retryCount < maxRetries) {
+                        console.log('Retrying LLM call with reduced tokens...');
+                        return this.chatJSON(systemPrompt, userPrompt, phase, retryCount + 1);
+                    }
+                    return null;
+                }
+            }
+            catch (fetchError) {
+                clearTimeout(timeoutId);
+                if (fetchError instanceof Error && fetchError.name === 'AbortError') {
+                    console.error(`LLM call timed out (attempt ${retryCount + 1}/${maxRetries + 1})`);
+                    // Retry on timeout with extended timeout
+                    if (retryCount < maxRetries) {
+                        console.log('Retrying LLM call with reduced tokens...');
+                        return this.chatJSON(systemPrompt, userPrompt, phase, retryCount + 1);
+                    }
+                }
+                else {
+                    console.error('LLM fetch failed:', fetchError);
+                    // Retry on network errors if this was the first attempt
+                    if (retryCount < maxRetries) {
+                        console.log('Retrying LLM call due to network error...');
+                        return this.chatJSON(systemPrompt, userPrompt, phase, retryCount + 1);
+                    }
+                }
+                this.trackFailure();
+                return null;
+            }
+        }
+        catch (error) {
+            console.error('LLM JSON call failed:', error);
+            this.trackFailure();
+            return null;
+        }
+    }
+    /**
+     * Try to recover truncated JSON by completing missing brackets
+     * Handles cases where LLM output was cut off mid-response
+     */
+    tryRecoverTruncatedJSON(jsonStr) {
+        // Count open brackets
+        let braces = 0;
+        let brackets = 0;
+        let inString = false;
+        let escaped = false;
+        for (const char of jsonStr) {
+            if (escaped) {
+                escaped = false;
+                continue;
+            }
+            if (char === '\\') {
+                escaped = true;
+                continue;
+            }
+            if (char === '"') {
+                inString = !inString;
+                continue;
+            }
+            if (inString)
+                continue;
+            if (char === '{')
+                braces++;
+            if (char === '}')
+                braces--;
+            if (char === '[')
+                brackets++;
+            if (char === ']')
+                brackets--;
+        }
+        // If we're truncated mid-string, close it
+        if (inString) {
+            jsonStr = jsonStr + '"';
+        }
+        // Truncate to last complete property (find last comma or colon not in value position)
+        // If we ended mid-value, try to find the last complete key-value pair
+        const lastValidEnd = this.findLastCompleteValue(jsonStr);
+        if (lastValidEnd > 0 && lastValidEnd < jsonStr.length - 1) {
+            jsonStr = jsonStr.substring(0, lastValidEnd);
+        }
+        // Add missing brackets
+        while (brackets > 0) {
+            jsonStr += ']';
+            brackets--;
+        }
+        while (braces > 0) {
+            jsonStr += '}';
+            braces--;
+        }
+        // Quick validation - should start with { or [
+        const trimmed = jsonStr.trim();
+        if (!trimmed.startsWith('{') && !trimmed.startsWith('[')) {
+            return null;
+        }
+        return jsonStr;
+    }
+    /**
+     * Find the position of the last complete JSON value
+     */
+    findLastCompleteValue(jsonStr) {
+        // Look for patterns that indicate a complete value:
+        // - number followed by comma or bracket: 0.9,  0.9]  0.9}
+        // - string followed by comma or bracket: "text",  "text"]  "text"}
+        // - boolean/null followed by comma or bracket: true,  false]  null}
+        // - closing bracket followed by comma or bracket: ],  ]]  ]}  },  }]  }}
+        let lastGoodPos = jsonStr.length;
+        let inString = false;
+        let escaped = false;
+        for (let i = jsonStr.length - 1; i >= 0; i--) {
+            const char = jsonStr[i];
+            // Handle string detection (going backwards)
+            if (char === '"' && !escaped) {
+                // Check if this quote is escaped (odd number of preceding backslashes)
+                let backslashes = 0;
+                for (let j = i - 1; j >= 0 && jsonStr[j] === '\\'; j--) {
+                    backslashes++;
+                }
+                if (backslashes % 2 === 0) {
+                    inString = !inString;
+                }
+            }
+            if (inString)
+                continue;
+            // Found a good endpoint - comma, closing bracket not followed by incomplete value
+            if (char === ',' || char === ']' || char === '}') {
+                // Check what comes before to ensure it's a complete value
+                const before = jsonStr.substring(0, i + 1).trim();
+                try {
+                    // Try to parse as partial JSON to validate
+                    JSON.parse(before + (char === ',' ? '{}]}' : ''));
+                }
+                catch {
+                    // If that fails, this is a good truncation point
+                    return i + 1;
+                }
+                return i + 1;
+            }
+        }
+        return lastGoodPos;
+    }
+    /**
+     * Try to recover a truncated verification response by extracting key fields
+     * Even if reasoning is cut off, we can still use the verdict and confidence
+     */
+    tryRecoverVerificationJSON(jsonStr) {
+        // Look for verdict pattern
+        const verdictMatch = jsonStr.match(/"verdict"\s*:\s*"(TRUE_POSITIVE|FALSE_POSITIVE|UNCERTAIN)"/i);
+        if (!verdictMatch)
+            return null;
+        const verdict = verdictMatch[1].toUpperCase();
+        // Look for confidence pattern
+        const confidenceMatch = jsonStr.match(/"confidence"\s*:\s*(0?\.\d+|1(?:\.0)?|\d+\.\d+)/);
+        const confidence = confidenceMatch ? Math.min(1, Math.max(0, parseFloat(confidenceMatch[1]))) : 0.5;
+        // Look for exploitability pattern
+        const exploitabilityMatch = jsonStr.match(/"exploitability"\s*:\s*"(high|medium|low|none)"/i);
+        const exploitability = exploitabilityMatch ? exploitabilityMatch[1].toLowerCase() : 'none';
+        // Extract partial reasoning (up to truncation)
+        let reasoning = 'Response truncated';
+        const reasoningMatch = jsonStr.match(/"reasoning"\s*:\s*"([^"]*)/);
+        if (reasoningMatch && reasoningMatch[1].length > 10) {
+            reasoning = reasoningMatch[1] + '... [truncated]';
+        }
+        // Try to extract sanitizersFound if present
+        const sanitizersMatch = jsonStr.match(/"sanitizersFound"\s*:\s*\[(.*?)\]/);
+        let sanitizersFound = [];
+        if (sanitizersMatch) {
+            const sanitizerStrings = sanitizersMatch[1].match(/"([^"]+)"/g);
+            if (sanitizerStrings) {
+                sanitizersFound = sanitizerStrings.map(s => s.replace(/"/g, ''));
+            }
+        }
+        // Try to extract attackVector if present
+        const attackVectorMatch = jsonStr.match(/"attackVector"\s*:\s*"([^"]*)/);
+        const attackVector = attackVectorMatch ? attackVectorMatch[1] : '';
+        return {
+            verdict,
+            confidence,
+            reasoning,
+            exploitability,
+            sanitizersFound,
+            attackVector,
+        };
+    }
+    /**
+     * Classify the role of a class
+     */
+    async classifyRole(input) {
+        // Sanitize inputs to prevent prompt injection
+        const safeClassName = sanitizeCodeForPrompt(input.className);
+        const safeMethodNames = sanitizeCodeForPrompt(input.methodNames);
+        const safeAnnotations = sanitizeCodeForPrompt(input.annotations);
+        const safeImports = sanitizeCodeForPrompt(input.imports);
+        // Log potential injection attempts
+        logInjectionAttempt(input.imports, 'classifyRole.imports');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing Java code. Respond only in valid JSON format.', model);
+        const userPrompt = `Classify the role of this Java class:
+Class: ${safeClassName}
+Methods: ${safeMethodNames}
+Annotations: ${safeAnnotations}
+Imports: ${safeImports}
+
+Respond with JSON: {"role": "controller|service|repository|utility|entity|unknown", "confidence": 0.0-1.0, "reasoning": "explanation", "indicators": ["list", "of", "indicators"]}`;
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt);
+        const parseResult = RoleClassificationResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            console.warn('classifyRole validation failed:', parseResult.error.issues);
+            return { role: 'unknown', confidence: 0, reasoning: 'LLM call failed', indicators: [] };
+        }
+        return parseResult.data;
+    }
+    /**
+     * Discover additional taint sources in a method
+     */
+    async discoverSources(input) {
+        // Sanitize and truncate inputs to prevent prompt injection and context overflow
+        const safeMethodCode = truncateCode(sanitizeCodeForPrompt(input.methodCode));
+        const safeMethodName = sanitizeCodeForPrompt(input.methodName);
+        const safeClassRole = sanitizeCodeForPrompt(input.classRole);
+        const safeExistingSources = sanitizeCodeForPrompt(input.existingSources);
+        // Log potential injection attempts
+        logInjectionAttempt(input.methodCode, 'discoverSources.methodCode');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing Java code for taint sources. Respond only in valid JSON format.', model);
+        const userPrompt = `Find additional user-controlled input sources in this method:
+
+Method: ${safeMethodName}
+Class role: ${safeClassRole}
+Already identified sources: ${safeExistingSources}
+
+[CODE START]
+${safeMethodCode}
+[CODE END]
+
+Look for: HTTP parameters, headers, cookies, request body, file input, environment variables.
+Ignore: constants, internal config, hardcoded values.
+
+Respond with JSON: {"additionalSources": [{"line": 10, "variable": "param", "type": "http_param", "confidence": 0.9, "reasoning": "..."}]}`;
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt);
+        const parseResult = SourceDiscoveryResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            console.warn('discoverSources validation failed:', parseResult.error.issues);
+            return [];
+        }
+        return parseResult.data.additionalSources;
+    }
+    /**
+     * Discover additional taint sinks in a method
+     */
+    async discoverSinks(input) {
+        // Sanitize and truncate inputs to prevent prompt injection and context overflow
+        const safeMethodCode = truncateCode(sanitizeCodeForPrompt(input.methodCode));
+        const safeMethodName = sanitizeCodeForPrompt(input.methodName);
+        const safeMethodCalls = sanitizeCodeForPrompt(input.methodCalls);
+        const safeExistingSinks = sanitizeCodeForPrompt(input.existingSinks);
+        // Log potential injection attempts
+        logInjectionAttempt(input.methodCode, 'discoverSinks.methodCode');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing Java code for dangerous sinks. Respond only in valid JSON format.', model);
+        const userPrompt = `Find additional dangerous operations (sinks) in this method:
+
+Method: ${safeMethodName}
+Method calls: ${safeMethodCalls}
+Already identified sinks: ${safeExistingSinks}
+
+[CODE START]
+${safeMethodCode}
+[CODE END]
+
+Look for: SQL queries, command execution, file operations, XSS output, deserialization.
+Ignore: PreparedStatement with ?, logging, safe APIs.
+
+Respond with JSON: {"additionalSinks": [{"line": 15, "method": "executeQuery", "type": "sql_injection", "cwe": "CWE-89", "argPositions": [0], "confidence": 0.9, "reasoning": "..."}]}`;
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt);
+        const parseResult = SinkDiscoveryResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            console.warn('discoverSinks validation failed:', parseResult.error.issues);
+            return [];
+        }
+        return parseResult.data.additionalSinks;
+    }
+    // ==========================================================================
+    // Language-Aware Methods (for multi-language support)
+    // ==========================================================================
+    /**
+     * Classify role using a custom language-specific prompt
+     */
+    async classifyRoleWithPrompt(promptTemplate, input) {
+        // Sanitize inputs to prevent prompt injection
+        const safeClassName = sanitizeCodeForPrompt(input.className);
+        const safeMethodNames = sanitizeCodeForPrompt(input.methodNames);
+        const safeAnnotations = sanitizeCodeForPrompt(input.annotations);
+        const safeImports = sanitizeCodeForPrompt(input.imports);
+        // Log potential injection attempts
+        logInjectionAttempt(input.imports, 'classifyRoleWithPrompt.imports');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing code. Respond only in valid JSON format.', model);
+        const userPrompt = promptTemplate
+            .replace('{className}', safeClassName)
+            .replace('{methodNames}', safeMethodNames)
+            .replace('{annotations}', safeAnnotations)
+            .replace('{imports}', safeImports);
+        const result = await this.chatJSON(systemPrompt, userPrompt);
+        if (!result) {
+            return { role: 'unknown', confidence: 0, reasoning: 'LLM call failed', indicators: [] };
+        }
+        const role = (result.role || 'unknown').toLowerCase();
+        const validRoles = ['controller', 'service', 'repository', 'utility', 'entity', 'unknown'];
+        return {
+            role: validRoles.includes(role) ? role : 'unknown',
+            confidence: typeof result.confidence === 'number' ? result.confidence : 0.5,
+            reasoning: result.reasoning || '',
+            indicators: result.indicators || [],
+        };
+    }
+    /**
+     * Discover sources using a custom language-specific prompt
+     */
+    async discoverSourcesWithPrompt(promptTemplate, input) {
+        // Sanitize and truncate inputs to prevent prompt injection and context overflow
+        const safeMethodCode = truncateCode(sanitizeCodeForPrompt(input.methodCode));
+        const safeMethodName = sanitizeCodeForPrompt(input.methodName);
+        const safeClassRole = sanitizeCodeForPrompt(input.classRole);
+        const safeExistingSources = sanitizeCodeForPrompt(input.existingSources);
+        // Log potential injection attempts
+        logInjectionAttempt(input.methodCode, 'discoverSourcesWithPrompt.methodCode');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing code for taint sources. Respond only in valid JSON format.', model);
+        const userPrompt = promptTemplate
+            .replace('{methodCode}', safeMethodCode)
+            .replace('{methodName}', safeMethodName)
+            .replace('{classRole}', safeClassRole)
+            .replace('{existingSources}', safeExistingSources);
+        const result = await this.chatJSON(systemPrompt, userPrompt);
+        if (!result)
+            return [];
+        return (result.additionalSources || []).map(s => ({
+            line: s.line || 0,
+            variable: s.variable || '',
+            type: s.type || 'unknown',
+            confidence: s.confidence || 0.5,
+            reasoning: s.reasoning || '',
+        }));
+    }
+    /**
+     * Discover sinks using a custom language-specific prompt
+     */
+    async discoverSinksWithPrompt(promptTemplate, input) {
+        // Sanitize and truncate inputs to prevent prompt injection and context overflow
+        const safeMethodCode = truncateCode(sanitizeCodeForPrompt(input.methodCode));
+        const safeMethodName = sanitizeCodeForPrompt(input.methodName);
+        const safeMethodCalls = sanitizeCodeForPrompt(input.methodCalls);
+        const safeExistingSinks = sanitizeCodeForPrompt(input.existingSinks);
+        // Log potential injection attempts
+        logInjectionAttempt(input.methodCode, 'discoverSinksWithPrompt.methodCode');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing code for dangerous sinks. Respond only in valid JSON format.', model);
+        const userPrompt = promptTemplate
+            .replace('{methodCode}', safeMethodCode)
+            .replace('{methodName}', safeMethodName)
+            .replace('{methodCalls}', safeMethodCalls)
+            .replace('{existingSinks}', safeExistingSinks);
+        const result = await this.chatJSON(systemPrompt, userPrompt);
+        if (!result)
+            return [];
+        return (result.additionalSinks || []).map(s => ({
+            line: s.line || 0,
+            method: s.method || '',
+            type: s.type || 'unknown',
+            cwe: s.cwe || 'CWE-unknown',
+            argPositions: s.argPositions || [0],
+            confidence: s.confidence || 0.5,
+            reasoning: s.reasoning || '',
+        }));
+    }
+    /**
+     * Resolve virtual/interface method calls to implementations
+     */
+    async resolveVirtualCall(input) {
+        // Sanitize inputs to prevent prompt injection
+        const safeCallExpression = sanitizeCodeForPrompt(input.callExpression);
+        const safeInterfaceType = sanitizeCodeForPrompt(input.interfaceType);
+        const safeImplementations = sanitizeCodeForPrompt(input.availableImplementations);
+        const safeContext = sanitizeCodeForPrompt(input.context);
+        // Log potential injection attempts
+        logInjectionAttempt(input.context, 'resolveVirtualCall.context');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing Java code. Respond only in valid JSON format.', model);
+        const userPrompt = `Which implementation is most likely being called?
+
+Call: ${safeCallExpression}
+Interface: ${safeInterfaceType}
+Available implementations: ${safeImplementations}
+Context: ${safeContext}
+
+Respond with JSON: {"resolvedImplementation": "ClassName", "confidence": 0.9, "reasoning": "..."}`;
+        const result = await this.chatJSON(systemPrompt, userPrompt);
+        if (!result) {
+            return { resolvedImplementation: '', confidence: 0, reasoning: 'LLM call failed' };
+        }
+        return {
+            resolvedImplementation: result.resolvedImplementation || '',
+            confidence: typeof result.confidence === 'number' ? result.confidence : 0.5,
+            reasoning: result.reasoning || '',
+        };
+    }
+    /**
+     * Verify a batch of discovered patterns
+     */
+    async verifyPatterns(input) {
+        // Sanitize inputs to prevent prompt injection
+        const safePatterns = sanitizeCodeForPrompt(input.patterns);
+        const safeCodeContext = sanitizeCodeForPrompt(input.codeContext);
+        // Log potential injection attempts
+        logInjectionAttempt(input.codeContext, 'verifyPatterns.codeContext');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert verifying potential taint sources and sinks. Respond only in valid JSON format.', model);
+        const userPrompt = `Verify these potential security patterns:
+
+${safePatterns}
+
+${safeCodeContext ? `Code context:\n[CODE START]\n${safeCodeContext}\n[CODE END]` : ''}
+
+For each pattern, determine if it's a valid source/sink. Respond with JSON: {"verifications": [{"method": "...", "class": "...", "isValid": true, "confidence": 0.9, "reasoning": "..."}]}`;
+        const result = await this.chatJSON(systemPrompt, userPrompt);
+        if (!result) {
+            return { verifications: [] };
+        }
+        return {
+            verifications: (result.verifications || []).map(v => ({
+                method: v.method || '',
+                class: v.class || '',
+                isValid: v.isValid === true,
+                confidence: typeof v.confidence === 'number' ? v.confidence : 0.5,
+                reasoning: v.reasoning || 'No reasoning provided',
+                suggestedType: v.suggestedType,
+                suggestedCwe: v.suggestedCwe,
+            })),
+        };
+    }
+    /**
+     * Run enrichment to discover additional sources/sinks
+     */
+    async enrich(input) {
+        // Sanitize inputs to prevent prompt injection
+        const safeCode = sanitizeCodeForPrompt(input.code);
+        const safeClassName = sanitizeCodeForPrompt(input.className);
+        const safeMethodName = sanitizeCodeForPrompt(input.methodName);
+        const safeSources = sanitizeListForPrompt(input.existingSources);
+        const safeSinks = sanitizeListForPrompt(input.existingSinks);
+        // Log potential injection attempts
+        logInjectionAttempt(input.code, 'enrich.code');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a security expert analyzing Java code for taint sources and sinks. Respond only in valid JSON format.', model);
+        const userPrompt = `Analyze this code for additional sources and sinks:
+
+Class: ${safeClassName}
+Method: ${safeMethodName}
+Existing sources: ${safeSources.join(', ') || 'none'}
+Existing sinks: ${safeSinks.join(', ') || 'none'}
+
+[CODE START]
+${safeCode}
+[CODE END]
+
+Respond with JSON: {"additionalSources": [{"line": 10, "type": "http_param", "variable": "input", "confidence": 0.9}], "additionalSinks": [{"line": 20, "type": "sql_injection", "method": "executeQuery", "cwe": "CWE-89", "confidence": 0.9}], "role": "controller", "reasoning": "..."}`;
+        const result = await this.chatJSON(systemPrompt, userPrompt);
+        if (!result) {
+            return { additionalSources: [], additionalSinks: [], role: 'unknown', reasoning: 'LLM call failed' };
+        }
+        return {
+            additionalSources: result.additionalSources || [],
+            additionalSinks: result.additionalSinks || [],
+            role: result.role || 'unknown',
+            reasoning: result.reasoning || '',
+        };
+    }
+    /**
+     * Pre-check for obvious sanitization patterns to improve accuracy.
+     * Returns null if no obvious pattern is detected (proceed with LLM).
+     */
+    preCheckSanitization(methodCode, cwe, sanitizersInPath) {
+        const lowerCode = methodCode.toLowerCase();
+        // Check explicit sanitizers from static analysis
+        if (sanitizersInPath.length > 0) {
+            const knownSanitizers = sanitizersInPath.filter(s => 
+            // SQL/Injection
+            s.includes('prepareStatement') ||
+                s.includes('setString') ||
+                s.includes('setInt') ||
+                // XSS
+                s.includes('escapeHtml') ||
+                s.includes('encodeForHTML') ||
+                s.includes('htmlEscape') ||
+                // Path validation
+                s.includes('PathUtils') ||
+                s.includes('FilenameUtils') ||
+                s.includes('getCanonicalPath') ||
+                // Allowlist
+                s.includes('RedirectUtils') ||
+                s.includes('verify') ||
+                s.includes('validate'));
+            if (knownSanitizers.length > 0) {
+                return { isSafe: true, reason: `Known sanitizer found: ${knownSanitizers[0]}` };
+            }
+        }
+        // CWE-022 (Path Traversal) - Check for path validation patterns
+        if (cwe === 'CWE-022') {
+            // PathUtils validation
+            if ((lowerCode.includes('pathutils.isinvalidpath') ||
+                lowerCode.includes('pathutils.isinvalidencodedpath')) &&
+                lowerCode.includes('throw')) {
+                return { isSafe: true, reason: 'PathUtils validation detected' };
+            }
+            // FilenameUtils
+            if (lowerCode.includes('filenameutils.getname')) {
+                return { isSafe: true, reason: 'FilenameUtils.getName() detected' };
+            }
+            // Canonical path checks (Zip Slip mitigation)
+            if (lowerCode.includes('getcanonicalpath') &&
+                lowerCode.includes('startswith') &&
+                (lowerCode.includes('throw') || lowerCode.includes('return'))) {
+                return { isSafe: true, reason: 'Canonical path check detected (Zip Slip mitigation)' };
+            }
+            // Custom path validation functions
+            if (lowerCode.includes('ensurefilewithinbundledir') ||
+                lowerCode.includes('checkdestinationfilefortraversal')) {
+                return { isSafe: true, reason: 'Custom path validation function detected' };
+            }
+        }
+        // CWE-079 (XSS/Open Redirect) - Check for encoding and validation
+        if (cwe === 'CWE-079') {
+            // HTML encoding
+            if (lowerCode.includes('encodeforhtml') ||
+                lowerCode.includes('escapehtml') ||
+                lowerCode.includes('htmlescape') ||
+                lowerCode.includes('htmlutils.htmlescape') ||
+                lowerCode.includes('esapi.encoder')) {
+                return { isSafe: true, reason: 'HTML encoding function detected' };
+            }
+            // Redirect validation
+            if (lowerCode.includes('redirectutils.verifyredirecturi') ||
+                (lowerCode.includes('verify') && lowerCode.includes('redirect') && lowerCode.includes('uri'))) {
+                return { isSafe: true, reason: 'Redirect URI validation detected' };
+            }
+        }
+        // CWE-089 (SQL Injection) - Check for prepared statements
+        if (cwe === 'CWE-089' || cwe === 'CWE-89') {
+            if (lowerCode.includes('preparestatement') &&
+                (lowerCode.includes('setstring') || lowerCode.includes('setint') || lowerCode.includes('setlong'))) {
+                return { isSafe: true, reason: 'PreparedStatement with parameter binding detected' };
+            }
+        }
+        // CWE-094 (Code Injection) - Check for safe APIs
+        if (cwe === 'CWE-094') {
+            // SafeConstructor for YAML
+            if (lowerCode.includes('safeconstructor')) {
+                return { isSafe: true, reason: 'SafeConstructor detected (safe YAML deserialization)' };
+            }
+            // ProcessBuilder with array arguments
+            if (lowerCode.includes('processbuilder') &&
+                (lowerCode.includes('new string[]') || lowerCode.includes('arrays.aslist'))) {
+                return { isSafe: true, reason: 'ProcessBuilder with array arguments detected' };
+            }
+        }
+        // CWE-078 (Command Injection) - Check for ProcessBuilder
+        if (cwe === 'CWE-078') {
+            if (lowerCode.includes('processbuilder') &&
+                (lowerCode.includes('new string[]') || lowerCode.includes('arrays.aslist'))) {
+                return { isSafe: true, reason: 'ProcessBuilder with array arguments detected' };
+            }
+        }
+        // No obvious pattern detected
+        return null;
+    }
+    /**
+     * Verify if a potential vulnerability is exploitable
+     */
+    async verify(input) {
+        // Pre-check for obvious sanitization patterns
+        const preCheck = this.preCheckSanitization(input.methodCode, input.cwe, input.sanitizersInPath);
+        if (preCheck && preCheck.isSafe) {
+            return {
+                verdict: 'FALSE_POSITIVE',
+                confidence: 0.9,
+                reasoning: `Pre-check detected safe pattern: ${preCheck.reason}`,
+                exploitability: 'none',
+                sanitizersFound: input.sanitizersInPath,
+                attackVector: '',
+            };
+        }
+        // Simple prompt - ask if there's sanitization
+        const systemPrompt = `You verify security findings. Check if data is sanitized between source and sink.
+
+SANITIZER = a function that transforms data to remove/escape dangerous characters:
+- Known: encodeForHTML, escapeHtml, PreparedStatement.setString, clean(), sanitize(), encode()
+- Custom: any function that escapes <>&" or uses parameterized queries
+
+RULES:
+1. Default: TRUE_POSITIVE (vulnerable)
+2. FALSE_POSITIVE only if: sanitizer function is called on tainted data before reaching sink
+3. If unsure: TRUE_POSITIVE
+
+JSON only.`;
+        // Sanitize and truncate inputs to prevent prompt injection and context overflow
+        const safeSourceCode = sanitizeCodeForPrompt(input.sourceCode);
+        const safeSinkCode = sanitizeCodeForPrompt(input.sinkCode);
+        const safeMethodCode = truncateCode(sanitizeCodeForPrompt(input.methodCode));
+        const safeClassName = sanitizeCodeForPrompt(input.className);
+        const safeMethodName = sanitizeCodeForPrompt(input.methodName);
+        const safeSanitizers = sanitizeListForPrompt(input.sanitizersInPath);
+        // Log potential injection attempts
+        logInjectionAttempt(input.methodCode, 'verify.methodCode');
+        const userPrompt = `${input.cwe}: Line ${input.sourceLine} → Line ${input.sinkLine}
+
+\`\`\`java
+${safeMethodCode}
+\`\`\`
+
+Does the tainted data pass through ANY function that escapes/encodes it before reaching the sink?
+
+Respond: {"verdict": "TRUE_POSITIVE|FALSE_POSITIVE", "confidence": 0.9, "reasoning": "why", "exploitability": "high|low|none", "sanitizersFound": ["function_name"], "attackVector": "attack description"}`;
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt, 'verification');
+        const parseResult = VerificationResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            console.warn('verify validation failed:', parseResult.error.issues);
+            return {
+                verdict: 'UNCERTAIN',
+                confidence: 0,
+                reasoning: 'LLM call failed',
+                exploitability: 'none',
+                sanitizersFound: [],
+                attackVector: '',
+            };
+        }
+        const result = parseResult.data;
+        // Post-processing: FALSE_POSITIVE must have evidence
+        // If LLM says FALSE_POSITIVE but can't cite a specific sanitizer, flip to TRUE_POSITIVE
+        let finalVerdict = result.verdict;
+        if (result.verdict === 'FALSE_POSITIVE') {
+            const hasSanitizerEvidence = result.sanitizersFound.length > 0 ||
+                result.reasoning.toLowerCase().includes('preparedstatement') ||
+                result.reasoning.toLowerCase().includes('encodefor') ||
+                result.reasoning.toLowerCase().includes('escapehtml') ||
+                result.reasoning.toLowerCase().includes('htmlescape') ||
+                result.reasoning.toLowerCase().includes('esapi') ||
+                result.reasoning.toLowerCase().includes('parameterized') ||
+                result.reasoning.toLowerCase().includes('constant') ||
+                result.reasoning.toLowerCase().includes('hardcoded') ||
+                result.reasoning.toLowerCase().includes('literal');
+            if (!hasSanitizerEvidence) {
+                // No clear sanitizer evidence - flip to TRUE_POSITIVE
+                finalVerdict = 'TRUE_POSITIVE';
+            }
+        }
+        return {
+            verdict: finalVerdict,
+            confidence: result.confidence,
+            reasoning: result.reasoning,
+            exploitability: result.exploitability,
+            sanitizersFound: result.sanitizersFound,
+            attackVector: result.attackVector,
+        };
+    }
+    /**
+     * Analyze list operations to track taint through index changes
+     */
+    async analyzeListIndices(input) {
+        // Sanitize inputs to prevent prompt injection
+        const safeCode = sanitizeCodeForPrompt(input.code);
+        const safeListVariable = sanitizeCodeForPrompt(input.listVariable);
+        const safeOperations = sanitizeListForPrompt(input.operations);
+        // Log potential injection attempts
+        logInjectionAttempt(input.code, 'analyzeListIndices.code');
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt(`You are a security expert analyzing list/array operations. Track how indices shift when elements are added or removed.
+
+CRITICAL: When list.remove(i) is called, ALL indices > i shift down by 1.
+Example: [a, TAINTED, c] after remove(0) becomes [TAINTED, c] - taint is now at index 0!
+
+Respond only in valid JSON format.`, model);
+        const userPrompt = `Analyze list operations for variable "${safeListVariable}":
+
+Code:
+[CODE START]
+${safeCode}
+[CODE END]
+
+Operations in order: ${safeOperations.join(', ')}
+
+Track each element through all add/remove operations. Determine which indices contain tainted values after ALL operations complete.
+
+Respond with JSON: {"finalIndexMapping": {"0": {"value": "name", "tainted": true}, "1": {"value": "safe", "tainted": false}}, "taintedIndices": [0], "reasoning": "step-by-step trace"}`;
+        const result = await this.chatJSON(systemPrompt, userPrompt);
+        if (!result) {
+            return { finalIndexMapping: {}, taintedIndices: [], reasoning: 'LLM call failed' };
+        }
+        // Convert string keys to numbers
+        const mapping = {};
+        for (const [key, val] of Object.entries(result.finalIndexMapping || {})) {
+            mapping[parseInt(key, 10)] = val;
+        }
+        return {
+            finalIndexMapping: mapping,
+            taintedIndices: result.taintedIndices || [],
+            reasoning: result.reasoning || '',
+        };
+    }
+    /**
+     * Analyze correlated predicates to detect related conditions
+     */
+    async analyzeCorrelatedPredicates(input) {
+        const gen = this.getGenerator('correlatedPredicate', correlatedPredicateSignature, {
+            description: 'Identify predicates that are correlated (use same variables, imply each other)',
+        });
+        // Convert to JSON string for compatibility
+        const result = await gen.forward(this.ai, {
+            code: input.code,
+            predicateLocationsJson: JSON.stringify(input.predicateLocations),
+        });
+        // Parse JSON response
+        let correlatedGroups = [];
+        try {
+            const groupsJson = result.correlatedGroupsJson || '[]';
+            const parsed = JSON.parse(groupsJson.replace(/```json\n?|\n?```/g, '').trim());
+            correlatedGroups = Array.isArray(parsed) ? parsed : [];
+        }
+        catch {
+            correlatedGroups = [];
+        }
+        return {
+            correlatedGroups,
+            reasoning: result.reasoning || '',
+        };
+    }
+    /**
+     * Track taint across file boundaries
+     * Uses direct chat completion for better compatibility with local LLMs
+     */
+    async analyzeCrossFileTaint(input) {
+        // Sanitize inputs to prevent prompt injection
+        const safeSourceFile = sanitizeCodeForPrompt(input.sourceFile);
+        const safeSourceCode = sanitizeCodeForPrompt(input.sourceCode);
+        const safeTargetFile = sanitizeCodeForPrompt(input.targetFile);
+        const safeTargetCode = sanitizeCodeForPrompt(input.targetCode);
+        const safeImportedSymbols = sanitizeListForPrompt(input.importedSymbols);
+        // Log potential injection attempts
+        logInjectionAttempt(input.sourceCode, 'analyzeCrossFileTaint.sourceCode');
+        logInjectionAttempt(input.targetCode, 'analyzeCrossFileTaint.targetCode');
+        // Use direct chat completion for better compatibility
+        const prompt = `Analyze taint flow between these two files:
+
+SOURCE FILE: ${safeSourceFile}
+[CODE START]
+${safeSourceCode}
+[CODE END]
+
+TARGET FILE: ${safeTargetFile}
+[CODE START]
+${safeTargetCode}
+[CODE END]
+
+TAINTED DATA EXPORTED FROM SOURCE:
+${JSON.stringify(input.exportedTaint, null, 2)}
+
+SYMBOLS IMPORTED BY TARGET:
+${safeImportedSymbols.join(', ')}
+
+Does tainted data flow from the source file to the target file? If yes, trace the flow.
+${input.candidateContext ? `\nCANDIDATE TAINT PATHS (verify these):\n${input.candidateContext}\n` : ''}
+Respond in this exact JSON format:
+{
+  "taintFlows": [
+    {
+      "sourceSymbol": "variable/method that exports taint",
+      "targetSymbol": "variable/method that receives taint",
+      "flowType": "direct|transitive|conditional",
+      "confidence": 0.0-1.0
+    }
+  ],
+  "reasoning": "Brief explanation of the taint flow analysis"
+}
+
+If no taint flows exist, return: {"taintFlows": [], "reasoning": "No cross-file taint detected"}`;
+        try {
+            const response = await fetch(`${this.config.baseUrl}/chat/completions`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Authorization': `Bearer ${this.config.apiKey}`,
+                },
+                body: JSON.stringify({
+                    model: this.config.phases.verification.model,
+                    messages: [{ role: 'user', content: prompt }],
+                    max_tokens: 2000,
+                    temperature: 0.1,
+                }),
+            });
+            if (!response.ok) {
+                return { taintFlows: [], reasoning: `LLM request failed: ${response.status}` };
+            }
+            const data = await response.json();
+            const rawContent = data.choices?.[0]?.message?.content;
+            // Handle both string and object content (some providers return structured output directly)
+            let parsed = null;
+            if (typeof rawContent === 'object' && rawContent !== null && !Array.isArray(rawContent)) {
+                // Content is already a structured object
+                parsed = rawContent;
+            }
+            else {
+                // Content is a string - need to parse JSON from it
+                let content;
+                if (typeof rawContent === 'string') {
+                    content = rawContent;
+                }
+                else if (Array.isArray(rawContent)) {
+                    content = rawContent.map((block) => {
+                        if (typeof block === 'string')
+                            return block;
+                        if (typeof block === 'object' && block !== null && 'text' in block) {
+                            return block.text;
+                        }
+                        return JSON.stringify(block);
+                    }).join('');
+                }
+                else {
+                    content = String(rawContent || '');
+                }
+                // Extract JSON from response
+                const jsonMatch = content.match(/\{[\s\S]*\}/);
+                if (jsonMatch) {
+                    try {
+                        parsed = JSON.parse(jsonMatch[0]);
+                    }
+                    catch {
+                        // JSON parse failed
+                    }
+                }
+            }
+            if (!parsed) {
+                return { taintFlows: [], reasoning: 'Could not parse LLM response' };
+            }
+            const taintFlows = Array.isArray(parsed.taintFlows)
+                ? parsed.taintFlows.filter((f) => {
+                    const flow = f;
+                    return typeof flow === 'object' &&
+                        flow !== null &&
+                        typeof flow.sourceSymbol === 'string' &&
+                        typeof flow.targetSymbol === 'string';
+                })
+                : [];
+            return {
+                taintFlows,
+                reasoning: parsed.reasoning || '',
+            };
+        }
+        catch (error) {
+            return { taintFlows: [], reasoning: `Error: ${error instanceof Error ? error.message : String(error)}` };
+        }
+    }
+    /**
+     * Test connection to LLM
+     */
+    async testConnection() {
+        try {
+            // Simple raw API call to test connectivity
+            const response = await fetch(`${this.config.baseUrl}/chat/completions`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Authorization': `Bearer ${this.config.apiKey}`,
+                },
+                body: JSON.stringify({
+                    model: this.config.phases.enrichment.model,
+                    messages: [{ role: 'user', content: 'Say OK' }],
+                    max_tokens: 10,
+                }),
+            });
+            if (!response.ok) {
+                console.error('LLM connection test failed: HTTP', response.status);
+                return false;
+            }
+            const data = await response.json();
+            const content = data.choices?.[0]?.message?.content || '';
+            return content.toLowerCase().includes('ok');
+        }
+        catch (error) {
+            console.error('LLM connection test failed:', error);
+            return false;
+        }
+    }
+    /**
+     * Get current configuration
+     */
+    getConfig() {
+        return this.config;
+    }
+    /**
+     * Get the AI service instance
+     */
+    getAI() {
+        return this.ai;
+    }
+    /**
+     * Get enrichment-specific configuration
+     */
+    getEnrichmentConfig() {
+        return this.config.enrichment;
+    }
+    /**
+     * Get verification-specific configuration
+     */
+    getVerificationConfig() {
+        return this.config.verification;
+    }
+    /**
+     * Get phase-specific configuration
+     */
+    getPhaseConfig(phase) {
+        return this.config.phases[phase];
+    }
+    // ==========================================================================
+    // Language-Aware Methods
+    // ==========================================================================
+    /**
+     * Classify role using language-specific prompt
+     */
+    async classifyRoleForLanguage(language, input) {
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt(getPrompt(language, 'system'), model);
+        const userPrompt = getPrompt(language, 'classifyRole', {
+            moduleName: sanitizeCodeForPrompt(input.moduleName),
+            className: sanitizeCodeForPrompt(input.moduleName), // Java compat
+            functionNames: sanitizeCodeForPrompt(input.functionNames),
+            methodNames: sanitizeCodeForPrompt(input.functionNames), // Java compat
+            attributes: sanitizeCodeForPrompt(input.attributes),
+            annotations: sanitizeCodeForPrompt(input.attributes), // Java compat
+            uses: sanitizeCodeForPrompt(input.uses),
+            imports: sanitizeCodeForPrompt(input.uses), // Java compat
+        });
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt);
+        const parseResult = RoleClassificationResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            return { role: 'unknown', confidence: 0, reasoning: 'LLM call failed', indicators: [] };
+        }
+        return parseResult.data;
+    }
+    /**
+     * Discover sources using language-specific prompt
+     */
+    async discoverSourcesForLanguage(language, input) {
+        const safeCode = truncateCode(sanitizeCodeForPrompt(input.code));
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt(getPrompt(language, 'system'), model);
+        const userPrompt = getPrompt(language, 'discoverSources', {
+            code: safeCode,
+            functionName: sanitizeCodeForPrompt(input.functionName),
+            methodName: sanitizeCodeForPrompt(input.functionName), // Java compat
+            moduleRole: sanitizeCodeForPrompt(input.moduleRole),
+            classRole: sanitizeCodeForPrompt(input.moduleRole), // Java compat
+            existingSources: sanitizeCodeForPrompt(input.existingSources),
+        });
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt);
+        const parseResult = SourceDiscoveryResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            return [];
+        }
+        return parseResult.data.additionalSources;
+    }
+    /**
+     * Discover sinks using language-specific prompt
+     */
+    async discoverSinksForLanguage(language, input) {
+        const safeCode = truncateCode(sanitizeCodeForPrompt(input.code));
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt(getPrompt(language, 'system'), model);
+        const userPrompt = getPrompt(language, 'discoverSinks', {
+            code: safeCode,
+            functionName: sanitizeCodeForPrompt(input.functionName),
+            methodName: sanitizeCodeForPrompt(input.functionName), // Java compat
+            methodCalls: sanitizeCodeForPrompt(input.methodCalls),
+            existingSinks: sanitizeCodeForPrompt(input.existingSinks),
+        });
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt);
+        const parseResult = SinkDiscoveryResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            return [];
+        }
+        return parseResult.data.additionalSinks;
+    }
+    /**
+     * Verify vulnerability using language-specific prompt
+     */
+    async verifyForLanguage(language, input) {
+        const safeFunctionCode = truncateCode(sanitizeCodeForPrompt(input.functionCode));
+        const model = this.config.phases.verification.model;
+        const systemPrompt = formatSystemPrompt(getPrompt(language, 'system'), model);
+        const userPrompt = getPrompt(language, 'verify', {
+            cwe: input.cwe,
+            sourceLine: String(input.sourceLine),
+            sourceCode: sanitizeCodeForPrompt(input.sourceCode),
+            sinkLine: String(input.sinkLine),
+            sinkCode: sanitizeCodeForPrompt(input.sinkCode),
+            functionCode: safeFunctionCode,
+            methodCode: safeFunctionCode, // Java compat
+            functionName: sanitizeCodeForPrompt(input.functionName),
+            methodName: sanitizeCodeForPrompt(input.functionName), // Java compat
+            moduleName: sanitizeCodeForPrompt(input.moduleName),
+            className: sanitizeCodeForPrompt(input.moduleName), // Java compat
+            sanitizers: input.sanitizers.join(', ') || 'none',
+        });
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt);
+        const parseResult = VerificationResponseSchema.safeParse(rawResult);
+        if (!parseResult.success) {
+            return {
+                verdict: 'UNCERTAIN',
+                confidence: 0,
+                reasoning: 'LLM call failed',
+                exploitability: 'none',
+                sanitizersFound: [],
+                attackVector: '',
+            };
+        }
+        return parseResult.data;
+    }
+    /**
+     * Generate Specifica specification from code evidence
+     */
+    async generateSpecification(input) {
+        const model = this.config.phases.enrichment.model;
+        const systemPrompt = formatSystemPrompt('You are a technical specification writer. Analyze code and generate requirements specifications in JSON format.', model);
+        // Build concise description of the code
+        const apiSummary = input.apiEndpoints.length > 0
+            ? `\nAPI Endpoints:\n${input.apiEndpoints.slice(0, 5).map(e => `- ${e.method} ${e.path} (${e.handler})`).join('\n')}`
+            : '';
+        const methodSummary = input.methods.length > 0
+            ? `\nMethods:\n${input.methods.slice(0, 10).map(m => `- ${m.signature}`).join('\n')}`
+            : '';
+        const vulnSummary = input.vulnerabilities.length > 0
+            ? `\nSecurity Issues:\n${input.vulnerabilities.map(v => `- ${v.cwe}: ${v.description}`).join('\n')}`
+            : '';
+        const userPrompt = `Generate a requirements specification for this code:
+
+**File**: ${sanitizeCodeForPrompt(input.filePath)}
+**Language**: ${input.language}
+${input.framework ? `**Framework**: ${input.framework}` : ''}
+**Lines of Code**: ${input.linesOfCode}${apiSummary}${methodSummary}${vulnSummary}
+
+Generate a JSON specification answering: "What does this code do?"
+
+Output this exact JSON structure:
+{
+  "title": "Feature Name",
+  "summary": "One-paragraph description of what this feature does",
+  "requirements": [
+    {
+      "id": "REQ-001",
+      "description": "Testable requirement as a checkbox item",
+      "category": "functional|security|performance|usability",
+      "priority": "must|should|could",
+      "tested": false
+    }
+  ],
+  "edgeCases": [
+    "Edge case 1",
+    "Edge case 2"
+  ],
+  "errorScenarios": [
+    "Error scenario 1",
+    "Error scenario 2"
+  ]
+}
+
+Guidelines:
+1. Requirements must be testable - each should be something you can write a test for
+2. Focus on WHAT, not HOW - describe behavior, not implementation
+3. Extract from code behavior - infer requirements from what the code actually does
+4. Include security requirements based on detected sources/sinks/vulnerabilities
+5. Identify edge cases - unusual inputs, error conditions, boundary cases
+6. Error scenarios - what can go wrong?`;
+        const rawResult = await this.chatJSON(systemPrompt, userPrompt, 'enrichment');
+        if (!rawResult) {
+            return null;
+        }
+        // Validate basic structure
+        if (typeof rawResult !== 'object' || rawResult === null) {
+            console.warn('generateSpecification: Invalid response structure');
+            return null;
+        }
+        const spec = rawResult;
+        if (!spec.title || !spec.summary || !Array.isArray(spec.requirements)) {
+            console.warn('generateSpecification: Missing required fields');
+            return null;
+        }
+        // Ensure requirements have proper structure
+        const requirements = spec.requirements.map((req, index) => ({
+            id: req.id || `REQ-${String(index + 1).padStart(3, '0')}`,
+            description: req.description || 'No description provided',
+            category: ['functional', 'security', 'performance', 'usability'].includes(req.category)
+                ? req.category
+                : 'functional',
+            priority: ['must', 'should', 'could'].includes(req.priority)
+                ? req.priority
+                : 'should',
+            tested: Boolean(req.tested),
+        }));
+        return {
+            title: spec.title,
+            summary: spec.summary,
+            requirements,
+            edgeCases: Array.isArray(spec.edgeCases) ? spec.edgeCases : [],
+            errorScenarios: Array.isArray(spec.errorScenarios) ? spec.errorScenarios : [],
+        };
+    }
+}
+/**
+ * Get a new Ax-LLM client instance
+ * Always creates a fresh instance for per-request isolation
+ */
+export function getAxLLMClient(config) {
+    return new AxLLMClient(config);
+}
+//# sourceMappingURL=ax-client.js.map