npm - circle-ir-ai - Versions diffs - 1.1.0 - Mend

circle-ir-ai 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (420) hide show

package/CHANGELOG.md +105 -0
package/LICENSE +15 -0
package/README.md +336 -0
package/dist/action-queue/aggregator.d.ts +40 -0
package/dist/action-queue/aggregator.d.ts.map +1 -0
package/dist/action-queue/aggregator.js +375 -0
package/dist/action-queue/aggregator.js.map +1 -0
package/dist/action-queue/index.d.ts +14 -0
package/dist/action-queue/index.d.ts.map +1 -0
package/dist/action-queue/index.js +17 -0
package/dist/action-queue/index.js.map +1 -0
package/dist/action-queue/queue.d.ts +74 -0
package/dist/action-queue/queue.d.ts.map +1 -0
package/dist/action-queue/queue.js +433 -0
package/dist/action-queue/queue.js.map +1 -0
package/dist/action-queue/types.d.ts +162 -0
package/dist/action-queue/types.d.ts.map +1 -0
package/dist/action-queue/types.js +44 -0
package/dist/action-queue/types.js.map +1 -0
package/dist/agents/enrichment-agent.d.ts +16 -0
package/dist/agents/enrichment-agent.d.ts.map +1 -0
package/dist/agents/enrichment-agent.js +102 -0
package/dist/agents/enrichment-agent.js.map +1 -0
package/dist/agents/index.d.ts +12 -0
package/dist/agents/index.d.ts.map +1 -0
package/dist/agents/index.js +15 -0
package/dist/agents/index.js.map +1 -0
package/dist/agents/mastra/agents.d.ts +373 -0
package/dist/agents/mastra/agents.d.ts.map +1 -0
package/dist/agents/mastra/agents.js +347 -0
package/dist/agents/mastra/agents.js.map +1 -0
package/dist/agents/mastra/index.d.ts +12 -0
package/dist/agents/mastra/index.d.ts.map +1 -0
package/dist/agents/mastra/index.js +17 -0
package/dist/agents/mastra/index.js.map +1 -0
package/dist/agents/mastra/instance.d.ts +383 -0
package/dist/agents/mastra/instance.d.ts.map +1 -0
package/dist/agents/mastra/instance.js +37 -0
package/dist/agents/mastra/instance.js.map +1 -0
package/dist/agents/mastra/steps.d.ts +300 -0
package/dist/agents/mastra/steps.d.ts.map +1 -0
package/dist/agents/mastra/steps.js +468 -0
package/dist/agents/mastra/steps.js.map +1 -0
package/dist/agents/mastra/swarm.d.ts +106 -0
package/dist/agents/mastra/swarm.d.ts.map +1 -0
package/dist/agents/mastra/swarm.js +501 -0
package/dist/agents/mastra/swarm.js.map +1 -0
package/dist/agents/mastra/workflow.d.ts +81 -0
package/dist/agents/mastra/workflow.d.ts.map +1 -0
package/dist/agents/mastra/workflow.js +460 -0
package/dist/agents/mastra/workflow.js.map +1 -0
package/dist/agents/multi/agents/security.d.ts +29 -0
package/dist/agents/multi/agents/security.d.ts.map +1 -0
package/dist/agents/multi/agents/security.js +830 -0
package/dist/agents/multi/agents/security.js.map +1 -0
package/dist/agents/multi/extractor.d.ts +21 -0
package/dist/agents/multi/extractor.d.ts.map +1 -0
package/dist/agents/multi/extractor.js +483 -0
package/dist/agents/multi/extractor.js.map +1 -0
package/dist/agents/multi/index.d.ts +32 -0
package/dist/agents/multi/index.d.ts.map +1 -0
package/dist/agents/multi/index.js +34 -0
package/dist/agents/multi/index.js.map +1 -0
package/dist/agents/multi/runner.d.ts +79 -0
package/dist/agents/multi/runner.d.ts.map +1 -0
package/dist/agents/multi/runner.js +323 -0
package/dist/agents/multi/runner.js.map +1 -0
package/dist/agents/security-agent.d.ts +16 -0
package/dist/agents/security-agent.d.ts.map +1 -0
package/dist/agents/security-agent.js +299 -0
package/dist/agents/security-agent.js.map +1 -0
package/dist/agents/types.d.ts +373 -0
package/dist/agents/types.d.ts.map +1 -0
package/dist/agents/types.js +14 -0
package/dist/agents/types.js.map +1 -0
package/dist/agents/verification-agent.d.ts +23 -0
package/dist/agents/verification-agent.d.ts.map +1 -0
package/dist/agents/verification-agent.js +217 -0
package/dist/agents/verification-agent.js.map +1 -0
package/dist/agents/workflow.d.ts +30 -0
package/dist/agents/workflow.d.ts.map +1 -0
package/dist/agents/workflow.js +79 -0
package/dist/agents/workflow.js.map +1 -0
package/dist/analysis/enriched.d.ts +16 -0
package/dist/analysis/enriched.d.ts.map +1 -0
package/dist/analysis/enriched.js +297 -0
package/dist/analysis/enriched.js.map +1 -0
package/dist/analysis/llm-correlated-predicates.d.ts +80 -0
package/dist/analysis/llm-correlated-predicates.d.ts.map +1 -0
package/dist/analysis/llm-correlated-predicates.js +255 -0
package/dist/analysis/llm-correlated-predicates.js.map +1 -0
package/dist/analysis/llm-cross-file-taint.d.ts +86 -0
package/dist/analysis/llm-cross-file-taint.d.ts.map +1 -0
package/dist/analysis/llm-cross-file-taint.js +264 -0
package/dist/analysis/llm-cross-file-taint.js.map +1 -0
package/dist/analysis/pattern-discovery.d.ts +79 -0
package/dist/analysis/pattern-discovery.d.ts.map +1 -0
package/dist/analysis/pattern-discovery.js +447 -0
package/dist/analysis/pattern-discovery.js.map +1 -0
package/dist/cache/file-cache.d.ts +89 -0
package/dist/cache/file-cache.d.ts.map +1 -0
package/dist/cache/file-cache.js +208 -0
package/dist/cache/file-cache.js.map +1 -0
package/dist/cache/index.d.ts +6 -0
package/dist/cache/index.d.ts.map +1 -0
package/dist/cache/index.js +5 -0
package/dist/cache/index.js.map +1 -0
package/dist/cli/args.d.ts +52 -0
package/dist/cli/args.d.ts.map +1 -0
package/dist/cli/args.js +422 -0
package/dist/cli/args.js.map +1 -0
package/dist/cli/colors.d.ts +31 -0
package/dist/cli/colors.d.ts.map +1 -0
package/dist/cli/colors.js +80 -0
package/dist/cli/colors.js.map +1 -0
package/dist/cli/commands/analyze-skill.d.ts +33 -0
package/dist/cli/commands/analyze-skill.d.ts.map +1 -0
package/dist/cli/commands/analyze-skill.js +217 -0
package/dist/cli/commands/analyze-skill.js.map +1 -0
package/dist/cli/commands/analyze.d.ts +18 -0
package/dist/cli/commands/analyze.d.ts.map +1 -0
package/dist/cli/commands/analyze.js +30 -0
package/dist/cli/commands/analyze.js.map +1 -0
package/dist/cli/commands/benchmark-runner.d.ts +42 -0
package/dist/cli/commands/benchmark-runner.d.ts.map +1 -0
package/dist/cli/commands/benchmark-runner.js +18 -0
package/dist/cli/commands/benchmark-runner.js.map +1 -0
package/dist/cli/commands/benchmark.d.ts +11 -0
package/dist/cli/commands/benchmark.d.ts.map +1 -0
package/dist/cli/commands/benchmark.js +90 -0
package/dist/cli/commands/benchmark.js.map +1 -0
package/dist/cli/commands/dead-code.d.ts +11 -0
package/dist/cli/commands/dead-code.d.ts.map +1 -0
package/dist/cli/commands/dead-code.js +65 -0
package/dist/cli/commands/dead-code.js.map +1 -0
package/dist/cli/commands/generate-spec.d.ts +11 -0
package/dist/cli/commands/generate-spec.d.ts.map +1 -0
package/dist/cli/commands/generate-spec.js +67 -0
package/dist/cli/commands/generate-spec.js.map +1 -0
package/dist/cli/commands/health.d.ts +11 -0
package/dist/cli/commands/health.d.ts.map +1 -0
package/dist/cli/commands/health.js +67 -0
package/dist/cli/commands/health.js.map +1 -0
package/dist/cli/commands/project.d.ts +21 -0
package/dist/cli/commands/project.d.ts.map +1 -0
package/dist/cli/commands/project.js +92 -0
package/dist/cli/commands/project.js.map +1 -0
package/dist/cli/commands/scan.d.ts +11 -0
package/dist/cli/commands/scan.d.ts.map +1 -0
package/dist/cli/commands/scan.js +68 -0
package/dist/cli/commands/scan.js.map +1 -0
package/dist/cli/commands/secrets.d.ts +11 -0
package/dist/cli/commands/secrets.d.ts.map +1 -0
package/dist/cli/commands/secrets.js +71 -0
package/dist/cli/commands/secrets.js.map +1 -0
package/dist/cli/commands/swarm.d.ts +20 -0
package/dist/cli/commands/swarm.d.ts.map +1 -0
package/dist/cli/commands/swarm.js +174 -0
package/dist/cli/commands/swarm.js.map +1 -0
package/dist/cli/config.d.ts +103 -0
package/dist/cli/config.d.ts.map +1 -0
package/dist/cli/config.js +307 -0
package/dist/cli/config.js.map +1 -0
package/dist/cli/discovery.d.ts +31 -0
package/dist/cli/discovery.d.ts.map +1 -0
package/dist/cli/discovery.js +212 -0
package/dist/cli/discovery.js.map +1 -0
package/dist/cli/formatters/index.d.ts +15 -0
package/dist/cli/formatters/index.d.ts.map +1 -0
package/dist/cli/formatters/index.js +51 -0
package/dist/cli/formatters/index.js.map +1 -0
package/dist/cli/formatters/json.d.ts +11 -0
package/dist/cli/formatters/json.d.ts.map +1 -0
package/dist/cli/formatters/json.js +12 -0
package/dist/cli/formatters/json.js.map +1 -0
package/dist/cli/formatters/project-json.d.ts +11 -0
package/dist/cli/formatters/project-json.d.ts.map +1 -0
package/dist/cli/formatters/project-json.js +12 -0
package/dist/cli/formatters/project-json.js.map +1 -0
package/dist/cli/formatters/project-sarif.d.ts +11 -0
package/dist/cli/formatters/project-sarif.d.ts.map +1 -0
package/dist/cli/formatters/project-sarif.js +127 -0
package/dist/cli/formatters/project-sarif.js.map +1 -0
package/dist/cli/formatters/project-summary.d.ts +11 -0
package/dist/cli/formatters/project-summary.d.ts.map +1 -0
package/dist/cli/formatters/project-summary.js +202 -0
package/dist/cli/formatters/project-summary.js.map +1 -0
package/dist/cli/formatters/sarif-shared.d.ts +101 -0
package/dist/cli/formatters/sarif-shared.d.ts.map +1 -0
package/dist/cli/formatters/sarif-shared.js +57 -0
package/dist/cli/formatters/sarif-shared.js.map +1 -0
package/dist/cli/formatters/sarif.d.ts +12 -0
package/dist/cli/formatters/sarif.d.ts.map +1 -0
package/dist/cli/formatters/sarif.js +92 -0
package/dist/cli/formatters/sarif.js.map +1 -0
package/dist/cli/formatters/summary.d.ts +11 -0
package/dist/cli/formatters/summary.d.ts.map +1 -0
package/dist/cli/formatters/summary.js +240 -0
package/dist/cli/formatters/summary.js.map +1 -0
package/dist/cli/formatters/two-phase-summary.d.ts +11 -0
package/dist/cli/formatters/two-phase-summary.d.ts.map +1 -0
package/dist/cli/formatters/two-phase-summary.js +188 -0
package/dist/cli/formatters/two-phase-summary.js.map +1 -0
package/dist/cli/index.d.ts +15 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +555 -0
package/dist/cli/index.js.map +1 -0
package/dist/components/clustering.d.ts +60 -0
package/dist/components/clustering.d.ts.map +1 -0
package/dist/components/clustering.js +129 -0
package/dist/components/clustering.js.map +1 -0
package/dist/components/enrichment.d.ts +45 -0
package/dist/components/enrichment.d.ts.map +1 -0
package/dist/components/enrichment.js +193 -0
package/dist/components/enrichment.js.map +1 -0
package/dist/components/index.d.ts +29 -0
package/dist/components/index.d.ts.map +1 -0
package/dist/components/index.js +56 -0
package/dist/components/index.js.map +1 -0
package/dist/dead-code/detector.d.ts +200 -0
package/dist/dead-code/detector.d.ts.map +1 -0
package/dist/dead-code/detector.js +1003 -0
package/dist/dead-code/detector.js.map +1 -0
package/dist/dead-code/index.d.ts +7 -0
package/dist/dead-code/index.d.ts.map +1 -0
package/dist/dead-code/index.js +7 -0
package/dist/dead-code/index.js.map +1 -0
package/dist/extractors/index.d.ts +15 -0
package/dist/extractors/index.d.ts.map +1 -0
package/dist/extractors/index.js +14 -0
package/dist/extractors/index.js.map +1 -0
package/dist/extractors/natural-language.d.ts +46 -0
package/dist/extractors/natural-language.d.ts.map +1 -0
package/dist/extractors/natural-language.js +228 -0
package/dist/extractors/natural-language.js.map +1 -0
package/dist/extractors/tree-sitter.d.ts +33 -0
package/dist/extractors/tree-sitter.d.ts.map +1 -0
package/dist/extractors/tree-sitter.js +69 -0
package/dist/extractors/tree-sitter.js.map +1 -0
package/dist/extractors/types.d.ts +62 -0
package/dist/extractors/types.d.ts.map +1 -0
package/dist/extractors/types.js +54 -0
package/dist/extractors/types.js.map +1 -0
package/dist/health-score/calculator.d.ts +123 -0
package/dist/health-score/calculator.d.ts.map +1 -0
package/dist/health-score/calculator.js +444 -0
package/dist/health-score/calculator.js.map +1 -0
package/dist/health-score/index.d.ts +12 -0
package/dist/health-score/index.d.ts.map +1 -0
package/dist/health-score/index.js +14 -0
package/dist/health-score/index.js.map +1 -0
package/dist/health-score/metrics.d.ts +142 -0
package/dist/health-score/metrics.d.ts.map +1 -0
package/dist/health-score/metrics.js +332 -0
package/dist/health-score/metrics.js.map +1 -0
package/dist/index.d.ts +26 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +43 -0
package/dist/index.js.map +1 -0
package/dist/llm/ax-client.d.ts +477 -0
package/dist/llm/ax-client.d.ts.map +1 -0
package/dist/llm/ax-client.js +1641 -0
package/dist/llm/ax-client.js.map +1 -0
package/dist/llm/config.d.ts +58 -0
package/dist/llm/config.d.ts.map +1 -0
package/dist/llm/config.js +97 -0
package/dist/llm/config.js.map +1 -0
package/dist/llm/discovery.d.ts +123 -0
package/dist/llm/discovery.d.ts.map +1 -0
package/dist/llm/discovery.js +505 -0
package/dist/llm/discovery.js.map +1 -0
package/dist/llm/enrichment.d.ts +108 -0
package/dist/llm/enrichment.d.ts.map +1 -0
package/dist/llm/enrichment.js +312 -0
package/dist/llm/enrichment.js.map +1 -0
package/dist/llm/index.d.ts +13 -0
package/dist/llm/index.d.ts.map +1 -0
package/dist/llm/index.js +22 -0
package/dist/llm/index.js.map +1 -0
package/dist/llm/language-context.d.ts +64 -0
package/dist/llm/language-context.d.ts.map +1 -0
package/dist/llm/language-context.js +492 -0
package/dist/llm/language-context.js.map +1 -0
package/dist/llm/pattern-verification.d.ts +39 -0
package/dist/llm/pattern-verification.d.ts.map +1 -0
package/dist/llm/pattern-verification.js +127 -0
package/dist/llm/pattern-verification.js.map +1 -0
package/dist/llm/prompt-security.d.ts +120 -0
package/dist/llm/prompt-security.d.ts.map +1 -0
package/dist/llm/prompt-security.js +301 -0
package/dist/llm/prompt-security.js.map +1 -0
package/dist/llm/prompts/index.d.ts +31 -0
package/dist/llm/prompts/index.d.ts.map +1 -0
package/dist/llm/prompts/index.js +92 -0
package/dist/llm/prompts/index.js.map +1 -0
package/dist/llm/prompts/rust.d.ts +30 -0
package/dist/llm/prompts/rust.d.ts.map +1 -0
package/dist/llm/prompts/rust.js +121 -0
package/dist/llm/prompts/rust.js.map +1 -0
package/dist/llm/schemas.d.ts +892 -0
package/dist/llm/schemas.d.ts.map +1 -0
package/dist/llm/schemas.js +258 -0
package/dist/llm/schemas.js.map +1 -0
package/dist/llm/verification.d.ts +127 -0
package/dist/llm/verification.d.ts.map +1 -0
package/dist/llm/verification.js +394 -0
package/dist/llm/verification.js.map +1 -0
package/dist/project/analyzer.d.ts +30 -0
package/dist/project/analyzer.d.ts.map +1 -0
package/dist/project/analyzer.js +358 -0
package/dist/project/analyzer.js.map +1 -0
package/dist/project/call-graph.d.ts +22 -0
package/dist/project/call-graph.d.ts.map +1 -0
package/dist/project/call-graph.js +246 -0
package/dist/project/call-graph.js.map +1 -0
package/dist/project/index.d.ts +18 -0
package/dist/project/index.d.ts.map +1 -0
package/dist/project/index.js +20 -0
package/dist/project/index.js.map +1 -0
package/dist/project/taint-paths.d.ts +22 -0
package/dist/project/taint-paths.d.ts.map +1 -0
package/dist/project/taint-paths.js +265 -0
package/dist/project/taint-paths.js.map +1 -0
package/dist/project/two-phase-analyzer.d.ts +143 -0
package/dist/project/two-phase-analyzer.d.ts.map +1 -0
package/dist/project/two-phase-analyzer.js +646 -0
package/dist/project/two-phase-analyzer.js.map +1 -0
package/dist/project/type-hierarchy.d.ts +28 -0
package/dist/project/type-hierarchy.d.ts.map +1 -0
package/dist/project/type-hierarchy.js +218 -0
package/dist/project/type-hierarchy.js.map +1 -0
package/dist/secret-scan/index.d.ts +12 -0
package/dist/secret-scan/index.d.ts.map +1 -0
package/dist/secret-scan/index.js +14 -0
package/dist/secret-scan/index.js.map +1 -0
package/dist/secret-scan/patterns.d.ts +38 -0
package/dist/secret-scan/patterns.d.ts.map +1 -0
package/dist/secret-scan/patterns.js +473 -0
package/dist/secret-scan/patterns.js.map +1 -0
package/dist/secret-scan/scanner.d.ts +162 -0
package/dist/secret-scan/scanner.d.ts.map +1 -0
package/dist/secret-scan/scanner.js +511 -0
package/dist/secret-scan/scanner.js.map +1 -0
package/dist/security-scan/index.d.ts +12 -0
package/dist/security-scan/index.d.ts.map +1 -0
package/dist/security-scan/index.js +15 -0
package/dist/security-scan/index.js.map +1 -0
package/dist/security-scan/owasp-mapping.d.ts +29 -0
package/dist/security-scan/owasp-mapping.d.ts.map +1 -0
package/dist/security-scan/owasp-mapping.js +246 -0
package/dist/security-scan/owasp-mapping.js.map +1 -0
package/dist/security-scan/scanner.d.ts +204 -0
package/dist/security-scan/scanner.d.ts.map +1 -0
package/dist/security-scan/scanner.js +693 -0
package/dist/security-scan/scanner.js.map +1 -0
package/dist/security-scan/trend-tracker.d.ts +150 -0
package/dist/security-scan/trend-tracker.d.ts.map +1 -0
package/dist/security-scan/trend-tracker.js +299 -0
package/dist/security-scan/trend-tracker.js.map +1 -0
package/dist/skills/bundle-loader.d.ts +26 -0
package/dist/skills/bundle-loader.d.ts.map +1 -0
package/dist/skills/bundle-loader.js +284 -0
package/dist/skills/bundle-loader.js.map +1 -0
package/dist/skills/capability-mismatch.d.ts +21 -0
package/dist/skills/capability-mismatch.d.ts.map +1 -0
package/dist/skills/capability-mismatch.js +188 -0
package/dist/skills/capability-mismatch.js.map +1 -0
package/dist/skills/index.d.ts +10 -0
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/index.js +9 -0
package/dist/skills/index.js.map +1 -0
package/dist/skills/skill-analyzer.d.ts +16 -0
package/dist/skills/skill-analyzer.d.ts.map +1 -0
package/dist/skills/skill-analyzer.js +361 -0
package/dist/skills/skill-analyzer.js.map +1 -0
package/dist/skills/types.d.ts +195 -0
package/dist/skills/types.d.ts.map +1 -0
package/dist/skills/types.js +7 -0
package/dist/skills/types.js.map +1 -0
package/dist/specifica/conflict-resolver.d.ts +23 -0
package/dist/specifica/conflict-resolver.d.ts.map +1 -0
package/dist/specifica/conflict-resolver.js +129 -0
package/dist/specifica/conflict-resolver.js.map +1 -0
package/dist/specifica/evidence-aggregator.d.ts +33 -0
package/dist/specifica/evidence-aggregator.d.ts.map +1 -0
package/dist/specifica/evidence-aggregator.js +236 -0
package/dist/specifica/evidence-aggregator.js.map +1 -0
package/dist/specifica/evidence-extractor.d.ts +13 -0
package/dist/specifica/evidence-extractor.d.ts.map +1 -0
package/dist/specifica/evidence-extractor.js +431 -0
package/dist/specifica/evidence-extractor.js.map +1 -0
package/dist/specifica/feature-clustering.d.ts +19 -0
package/dist/specifica/feature-clustering.d.ts.map +1 -0
package/dist/specifica/feature-clustering.js +231 -0
package/dist/specifica/feature-clustering.js.map +1 -0
package/dist/specifica/generator.d.ts +16 -0
package/dist/specifica/generator.d.ts.map +1 -0
package/dist/specifica/generator.js +277 -0
package/dist/specifica/generator.js.map +1 -0
package/dist/specifica/index.d.ts +15 -0
package/dist/specifica/index.d.ts.map +1 -0
package/dist/specifica/index.js +18 -0
package/dist/specifica/index.js.map +1 -0
package/dist/specifica/prompts.d.ts +21 -0
package/dist/specifica/prompts.d.ts.map +1 -0
package/dist/specifica/prompts.js +196 -0
package/dist/specifica/prompts.js.map +1 -0
package/dist/specifica/spec-generator.d.ts +22 -0
package/dist/specifica/spec-generator.d.ts.map +1 -0
package/dist/specifica/spec-generator.js +229 -0
package/dist/specifica/spec-generator.js.map +1 -0
package/dist/specifica/types.d.ts +213 -0
package/dist/specifica/types.d.ts.map +1 -0
package/dist/specifica/types.js +7 -0
package/dist/specifica/types.js.map +1 -0
package/dist/utils/logger.d.ts +17 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +51 -0
package/dist/utils/logger.js.map +1 -0
package/package.json +99 -0

package/dist/llm/prompts/index.js ADDED Viewed

@@ -0,0 +1,92 @@
+/**
+ * Language-specific LLM prompts for security analysis
+ */
+import { rustPrompts, getRustPrompt } from './rust.js';
+/**
+ * Java prompts (default/existing behavior)
+ */
+export const javaPrompts = {
+    system: 'You are a security expert analyzing Java code. Respond only in valid JSON format.',
+    classifyRole: `Classify the role of this Java class:
+Class: {className}
+Methods: {methodNames}
+Annotations: {annotations}
+Imports: {imports}
+Respond with JSON: {{"role": "controller|service|repository|utility|entity|unknown", "confidence": 0.0-1.0, "reasoning": "explanation", "indicators": ["list", "of", "indicators"]}}`,
+    discoverSources: `Find additional user-controlled input sources in this method:
+Method: {methodName}
+Class role: {classRole}
+Already identified sources: {existingSources}
+[CODE START]
+{code}
+[CODE END]
+Look for: HTTP parameters, headers, cookies, request body, file input, environment variables.
+Ignore: constants, internal config, hardcoded values.
+Respond with JSON: {{"additionalSources": [{{"line": 10, "variable": "param", "type": "http_param", "confidence": 0.9, "reasoning": "..."}}]}}`,
+    discoverSinks: `Find additional dangerous operations (sinks) in this method:
+Method: {methodName}
+Method calls: {methodCalls}
+Already identified sinks: {existingSinks}
+[CODE START]
+{code}
+[CODE END]
+Look for: SQL queries, command execution, file operations, XSS output, deserialization.
+Ignore: PreparedStatement with ?, logging, safe APIs.
+Respond with JSON: {{"additionalSinks": [{{"line": 15, "method": "executeQuery", "type": "sql_injection", "cwe": "CWE-89", "argPositions": [0], "confidence": 0.9, "reasoning": "..."}}]}}`,
+    verify: `Analyze this potential {cwe} vulnerability:
+SOURCE (line {sourceLine}): {sourceCode}
+SINK (line {sinkLine}): {sinkCode}
+FULL METHOD ({className}.{methodName}):
+[CODE START]
+{methodCode}
+[CODE END]
+Known sanitizers in path: {sanitizers}
+REQUIRED ANALYSIS STEPS:
+1. Identify the source of user-controlled data
+2. Trace the data flow to the sink
+3. Check for any sanitization, validation, or transformation
+4. Consider the vulnerability pattern for {cwe}
+5. Make a verdict with confidence level
+Respond with JSON: {{"verdict": "TRUE_POSITIVE|FALSE_POSITIVE|UNCERTAIN", "confidence": 0.0-1.0, "reasoning": "step-by-step analysis showing data flow and sanitization check", "exploitability": "high|medium|low|none", "sanitizersFound": [], "attackVector": "description if exploitable"}}`,
+};
+/**
+ * Get prompts for a specific language
+ */
+export function getLanguagePrompts(language) {
+    switch (language) {
+        case 'rust':
+            return rustPrompts;
+        case 'java':
+        default:
+            return javaPrompts;
+    }
+}
+/**
+ * Get a specific prompt for a language with variable substitution
+ */
+export function getPrompt(language, promptName, variables) {
+    const prompts = getLanguagePrompts(language);
+    let prompt = prompts[promptName];
+    if (variables) {
+        for (const [key, value] of Object.entries(variables)) {
+            prompt = prompt.replace(new RegExp(`\\{${key}\\}`, 'g'), value);
+        }
+    }
+    return prompt;
+}
+export { rustPrompts, getRustPrompt };
+//# sourceMappingURL=index.js.map

package/dist/llm/prompts/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/llm/prompts/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAIvD;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,MAAM,EAAE,mFAAmF;IAE3F,YAAY,EAAE;;;;;;qLAMqK;IAEnL,eAAe,EAAE;;;;;;;;;;;;;+IAa4H;IAE7I,aAAa,EAAE;;;;;;;;;;;;;2LAa0K;IAEzL,MAAM,EAAE;;;;;;;;;;;;;;;;;;;gSAmBsR;CAC/R,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAA8B;IAC/D,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM;YACT,OAAO,WAAW,CAAC;QACrB,KAAK,MAAM,CAAC;QACZ;YACE,OAAO,WAAW,CAAC;IACvB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CACvB,QAA8B,EAC9B,UAAsF,EACtF,SAAkC;IAElC,MAAM,OAAO,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC7C,IAAI,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAEjC,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/dist/llm/prompts/rust.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Rust-specific LLM prompts for security analysis
+ */
+export declare const rustPrompts: {
+    /**
+     * System prompt for Rust security analysis
+     */
+    system: string;
+    /**
+     * Role classification prompt for Rust modules
+     */
+    classifyRole: string;
+    /**
+     * Source discovery prompt for Rust
+     */
+    discoverSources: string;
+    /**
+     * Sink discovery prompt for Rust
+     */
+    discoverSinks: string;
+    /**
+     * Verification prompt for Rust vulnerabilities
+     */
+    verify: string;
+};
+/**
+ * Get Rust-specific prompt by name with variable substitution
+ */
+export declare function getRustPrompt(name: keyof typeof rustPrompts, variables?: Record<string, string>): string;
+//# sourceMappingURL=rust.d.ts.map

package/dist/llm/prompts/rust.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"rust.d.ts","sourceRoot":"","sources":["../../../src/llm/prompts/rust.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,eAAO,MAAM,WAAW;IACtB;;OAEG;;IAGH;;OAEG;;IAkBH;;OAEG;;IAyBH;;OAEG;;IAyBH;;OAEG;;CA0BJ,CAAC;AAEF;;GAEG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,OAAO,WAAW,EAC9B,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACjC,MAAM,CAQR"}

package/dist/llm/prompts/rust.js ADDED Viewed

@@ -0,0 +1,121 @@
+/**
+ * Rust-specific LLM prompts for security analysis
+ */
+export const rustPrompts = {
+    /**
+     * System prompt for Rust security analysis
+     */
+    system: 'You are a security expert analyzing Rust code. Respond only in valid JSON format.',
+    /**
+     * Role classification prompt for Rust modules
+     */
+    classifyRole: `Classify the role of this Rust module/struct:
+Module: {moduleName}
+Functions: {functionNames}
+Derives/Attributes: {attributes}
+Uses: {uses}
+Roles for Rust:
+- handler: HTTP/API request handlers (actix-web, axum, rocket handlers)
+- service: Business logic, data processing
+- repository: Database access (diesel, sqlx, rusqlite)
+- utility: Helper functions, conversions
+- cli: Command-line interface handling
+- unknown: Cannot determine
+Respond with JSON: {{"role": "handler|service|repository|utility|cli|unknown", "confidence": 0.0-1.0, "reasoning": "explanation", "indicators": ["list", "of", "indicators"]}}`,
+    /**
+     * Source discovery prompt for Rust
+     */
+    discoverSources: `Find user-controlled input sources in this Rust code:
+Function: {functionName}
+Module role: {moduleRole}
+Already identified sources: {existingSources}
+[CODE START]
+{code}
+[CODE END]
+Look for Rust-specific sources:
+- std::env::args(), std::env::var() - CLI arguments, environment
+- std::io::stdin() - Standard input
+- actix_web::web::Path, Query, Json, Form - HTTP parameters
+- axum::extract::* - Axum extractors
+- rocket macros params - Rocket parameters
+- std::fs::read_to_string(), File::open() - File input
+- reqwest/hyper response bodies - External API responses
+- serde deserialization from untrusted input
+Ignore: constants, compile-time values, trusted internal data.
+Respond with JSON: {{"additionalSources": [{{"line": 10, "variable": "param", "type": "cli_arg|env_var|http_param|file_input|stdin", "confidence": 0.9, "reasoning": "..."}}]}}`,
+    /**
+     * Sink discovery prompt for Rust
+     */
+    discoverSinks: `Find dangerous operations (sinks) in this Rust code:
+Function: {functionName}
+Method calls: {methodCalls}
+Already identified sinks: {existingSinks}
+[CODE START]
+{code}
+[CODE END]
+Look for Rust-specific sinks:
+- std::process::Command - Command injection (CWE-78)
+- std::fs::* (read, write, remove, create_dir) - Path traversal (CWE-22)
+- SQL queries via diesel, sqlx, rusqlite - SQL injection (CWE-89)
+- format!() in HTML output - XSS (CWE-79)
+- serde_json/bincode deserialization - Deserialization (CWE-502)
+- reqwest/hyper with user URLs - SSRF (CWE-918)
+- unsafe blocks with user data - Memory safety issues
+- eval-like macros with user input - Code injection (CWE-94)
+Ignore: prepared statements with placeholders, sanitized inputs, safe APIs.
+Respond with JSON: {{"additionalSinks": [{{"line": 15, "method": "execute", "type": "sql_injection|command_injection|path_traversal|xss|ssrf", "cwe": "CWE-89", "argPositions": [0], "confidence": 0.9, "reasoning": "..."}}]}}`,
+    /**
+     * Verification prompt for Rust vulnerabilities
+     */
+    verify: `Analyze this potential {cwe} vulnerability in Rust code:
+SOURCE (line {sourceLine}): {sourceCode}
+SINK (line {sinkLine}): {sinkCode}
+FULL FUNCTION:
+[CODE START]
+{functionCode}
+[CODE END]
+Known sanitizers in path: {sanitizers}
+RUST-SPECIFIC CONSIDERATIONS:
+- Rust's ownership system may prevent some exploits
+- Check if data passes through sanitization functions
+- Consider if the code uses safe APIs (e.g., prepared statements)
+- Look for explicit validation or type conversion
+REQUIRED ANALYSIS:
+1. Trace the data flow from source to sink
+2. Check for any sanitization, validation, or type conversion
+3. Consider Rust's safety guarantees
+4. Make a verdict with confidence level
+Respond with JSON: {{"verdict": "TRUE_POSITIVE|FALSE_POSITIVE|UNCERTAIN", "confidence": 0.0-1.0, "reasoning": "step-by-step analysis", "exploitability": "high|medium|low|none", "sanitizersFound": [], "attackVector": "description if exploitable"}}`,
+};
+/**
+ * Get Rust-specific prompt by name with variable substitution
+ */
+export function getRustPrompt(name, variables) {
+    let prompt = rustPrompts[name];
+    if (variables) {
+        for (const [key, value] of Object.entries(variables)) {
+            prompt = prompt.replace(new RegExp(`\\{${key}\\}`, 'g'), value);
+        }
+    }
+    return prompt;
+}
+//# sourceMappingURL=rust.js.map

package/dist/llm/prompts/rust.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rust.js","sourceRoot":"","sources":["../../../src/llm/prompts/rust.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB;;OAEG;IACH,MAAM,EAAE,mFAAmF;IAE3F;;OAEG;IACH,YAAY,EAAE;;;;;;;;;;;;;;;+KAe+J;IAE7K;;OAEG;IACH,eAAe,EAAE;;;;;;;;;;;;;;;;;;;;;;gLAsB6J;IAE9K;;OAEG;IACH,aAAa,EAAE;;;;;;;;;;;;;;;;;;;;;;gOAsB+M;IAE9N;;OAEG;IACH,MAAM,EAAE;;;;;;;;;;;;;;;;;;;;;;;;uPAwB6O;CACtP,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,IAA8B,EAC9B,SAAkC;IAElC,IAAI,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}