npm - circle-ir-ai - Versions diffs - 1.1.0 - Mend

circle-ir-ai 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (420) hide show

package/CHANGELOG.md +105 -0
package/LICENSE +15 -0
package/README.md +336 -0
package/dist/action-queue/aggregator.d.ts +40 -0
package/dist/action-queue/aggregator.d.ts.map +1 -0
package/dist/action-queue/aggregator.js +375 -0
package/dist/action-queue/aggregator.js.map +1 -0
package/dist/action-queue/index.d.ts +14 -0
package/dist/action-queue/index.d.ts.map +1 -0
package/dist/action-queue/index.js +17 -0
package/dist/action-queue/index.js.map +1 -0
package/dist/action-queue/queue.d.ts +74 -0
package/dist/action-queue/queue.d.ts.map +1 -0
package/dist/action-queue/queue.js +433 -0
package/dist/action-queue/queue.js.map +1 -0
package/dist/action-queue/types.d.ts +162 -0
package/dist/action-queue/types.d.ts.map +1 -0
package/dist/action-queue/types.js +44 -0
package/dist/action-queue/types.js.map +1 -0
package/dist/agents/enrichment-agent.d.ts +16 -0
package/dist/agents/enrichment-agent.d.ts.map +1 -0
package/dist/agents/enrichment-agent.js +102 -0
package/dist/agents/enrichment-agent.js.map +1 -0
package/dist/agents/index.d.ts +12 -0
package/dist/agents/index.d.ts.map +1 -0
package/dist/agents/index.js +15 -0
package/dist/agents/index.js.map +1 -0
package/dist/agents/mastra/agents.d.ts +373 -0
package/dist/agents/mastra/agents.d.ts.map +1 -0
package/dist/agents/mastra/agents.js +347 -0
package/dist/agents/mastra/agents.js.map +1 -0
package/dist/agents/mastra/index.d.ts +12 -0
package/dist/agents/mastra/index.d.ts.map +1 -0
package/dist/agents/mastra/index.js +17 -0
package/dist/agents/mastra/index.js.map +1 -0
package/dist/agents/mastra/instance.d.ts +383 -0
package/dist/agents/mastra/instance.d.ts.map +1 -0
package/dist/agents/mastra/instance.js +37 -0
package/dist/agents/mastra/instance.js.map +1 -0
package/dist/agents/mastra/steps.d.ts +300 -0
package/dist/agents/mastra/steps.d.ts.map +1 -0
package/dist/agents/mastra/steps.js +468 -0
package/dist/agents/mastra/steps.js.map +1 -0
package/dist/agents/mastra/swarm.d.ts +106 -0
package/dist/agents/mastra/swarm.d.ts.map +1 -0
package/dist/agents/mastra/swarm.js +501 -0
package/dist/agents/mastra/swarm.js.map +1 -0
package/dist/agents/mastra/workflow.d.ts +81 -0
package/dist/agents/mastra/workflow.d.ts.map +1 -0
package/dist/agents/mastra/workflow.js +460 -0
package/dist/agents/mastra/workflow.js.map +1 -0
package/dist/agents/multi/agents/security.d.ts +29 -0
package/dist/agents/multi/agents/security.d.ts.map +1 -0
package/dist/agents/multi/agents/security.js +830 -0
package/dist/agents/multi/agents/security.js.map +1 -0
package/dist/agents/multi/extractor.d.ts +21 -0
package/dist/agents/multi/extractor.d.ts.map +1 -0
package/dist/agents/multi/extractor.js +483 -0
package/dist/agents/multi/extractor.js.map +1 -0
package/dist/agents/multi/index.d.ts +32 -0
package/dist/agents/multi/index.d.ts.map +1 -0
package/dist/agents/multi/index.js +34 -0
package/dist/agents/multi/index.js.map +1 -0
package/dist/agents/multi/runner.d.ts +79 -0
package/dist/agents/multi/runner.d.ts.map +1 -0
package/dist/agents/multi/runner.js +323 -0
package/dist/agents/multi/runner.js.map +1 -0
package/dist/agents/security-agent.d.ts +16 -0
package/dist/agents/security-agent.d.ts.map +1 -0
package/dist/agents/security-agent.js +299 -0
package/dist/agents/security-agent.js.map +1 -0
package/dist/agents/types.d.ts +373 -0
package/dist/agents/types.d.ts.map +1 -0
package/dist/agents/types.js +14 -0
package/dist/agents/types.js.map +1 -0
package/dist/agents/verification-agent.d.ts +23 -0
package/dist/agents/verification-agent.d.ts.map +1 -0
package/dist/agents/verification-agent.js +217 -0
package/dist/agents/verification-agent.js.map +1 -0
package/dist/agents/workflow.d.ts +30 -0
package/dist/agents/workflow.d.ts.map +1 -0
package/dist/agents/workflow.js +79 -0
package/dist/agents/workflow.js.map +1 -0
package/dist/analysis/enriched.d.ts +16 -0
package/dist/analysis/enriched.d.ts.map +1 -0
package/dist/analysis/enriched.js +297 -0
package/dist/analysis/enriched.js.map +1 -0
package/dist/analysis/llm-correlated-predicates.d.ts +80 -0
package/dist/analysis/llm-correlated-predicates.d.ts.map +1 -0
package/dist/analysis/llm-correlated-predicates.js +255 -0
package/dist/analysis/llm-correlated-predicates.js.map +1 -0
package/dist/analysis/llm-cross-file-taint.d.ts +86 -0
package/dist/analysis/llm-cross-file-taint.d.ts.map +1 -0
package/dist/analysis/llm-cross-file-taint.js +264 -0
package/dist/analysis/llm-cross-file-taint.js.map +1 -0
package/dist/analysis/pattern-discovery.d.ts +79 -0
package/dist/analysis/pattern-discovery.d.ts.map +1 -0
package/dist/analysis/pattern-discovery.js +447 -0
package/dist/analysis/pattern-discovery.js.map +1 -0
package/dist/cache/file-cache.d.ts +89 -0
package/dist/cache/file-cache.d.ts.map +1 -0
package/dist/cache/file-cache.js +208 -0
package/dist/cache/file-cache.js.map +1 -0
package/dist/cache/index.d.ts +6 -0
package/dist/cache/index.d.ts.map +1 -0
package/dist/cache/index.js +5 -0
package/dist/cache/index.js.map +1 -0
package/dist/cli/args.d.ts +52 -0
package/dist/cli/args.d.ts.map +1 -0
package/dist/cli/args.js +422 -0
package/dist/cli/args.js.map +1 -0
package/dist/cli/colors.d.ts +31 -0
package/dist/cli/colors.d.ts.map +1 -0
package/dist/cli/colors.js +80 -0
package/dist/cli/colors.js.map +1 -0
package/dist/cli/commands/analyze-skill.d.ts +33 -0
package/dist/cli/commands/analyze-skill.d.ts.map +1 -0
package/dist/cli/commands/analyze-skill.js +217 -0
package/dist/cli/commands/analyze-skill.js.map +1 -0
package/dist/cli/commands/analyze.d.ts +18 -0
package/dist/cli/commands/analyze.d.ts.map +1 -0
package/dist/cli/commands/analyze.js +30 -0
package/dist/cli/commands/analyze.js.map +1 -0
package/dist/cli/commands/benchmark-runner.d.ts +42 -0
package/dist/cli/commands/benchmark-runner.d.ts.map +1 -0
package/dist/cli/commands/benchmark-runner.js +18 -0
package/dist/cli/commands/benchmark-runner.js.map +1 -0
package/dist/cli/commands/benchmark.d.ts +11 -0
package/dist/cli/commands/benchmark.d.ts.map +1 -0
package/dist/cli/commands/benchmark.js +90 -0
package/dist/cli/commands/benchmark.js.map +1 -0
package/dist/cli/commands/dead-code.d.ts +11 -0
package/dist/cli/commands/dead-code.d.ts.map +1 -0
package/dist/cli/commands/dead-code.js +65 -0
package/dist/cli/commands/dead-code.js.map +1 -0
package/dist/cli/commands/generate-spec.d.ts +11 -0
package/dist/cli/commands/generate-spec.d.ts.map +1 -0
package/dist/cli/commands/generate-spec.js +67 -0
package/dist/cli/commands/generate-spec.js.map +1 -0
package/dist/cli/commands/health.d.ts +11 -0
package/dist/cli/commands/health.d.ts.map +1 -0
package/dist/cli/commands/health.js +67 -0
package/dist/cli/commands/health.js.map +1 -0
package/dist/cli/commands/project.d.ts +21 -0
package/dist/cli/commands/project.d.ts.map +1 -0
package/dist/cli/commands/project.js +92 -0
package/dist/cli/commands/project.js.map +1 -0
package/dist/cli/commands/scan.d.ts +11 -0
package/dist/cli/commands/scan.d.ts.map +1 -0
package/dist/cli/commands/scan.js +68 -0
package/dist/cli/commands/scan.js.map +1 -0
package/dist/cli/commands/secrets.d.ts +11 -0
package/dist/cli/commands/secrets.d.ts.map +1 -0
package/dist/cli/commands/secrets.js +71 -0
package/dist/cli/commands/secrets.js.map +1 -0
package/dist/cli/commands/swarm.d.ts +20 -0
package/dist/cli/commands/swarm.d.ts.map +1 -0
package/dist/cli/commands/swarm.js +174 -0
package/dist/cli/commands/swarm.js.map +1 -0
package/dist/cli/config.d.ts +103 -0
package/dist/cli/config.d.ts.map +1 -0
package/dist/cli/config.js +307 -0
package/dist/cli/config.js.map +1 -0
package/dist/cli/discovery.d.ts +31 -0
package/dist/cli/discovery.d.ts.map +1 -0
package/dist/cli/discovery.js +212 -0
package/dist/cli/discovery.js.map +1 -0
package/dist/cli/formatters/index.d.ts +15 -0
package/dist/cli/formatters/index.d.ts.map +1 -0
package/dist/cli/formatters/index.js +51 -0
package/dist/cli/formatters/index.js.map +1 -0
package/dist/cli/formatters/json.d.ts +11 -0
package/dist/cli/formatters/json.d.ts.map +1 -0
package/dist/cli/formatters/json.js +12 -0
package/dist/cli/formatters/json.js.map +1 -0
package/dist/cli/formatters/project-json.d.ts +11 -0
package/dist/cli/formatters/project-json.d.ts.map +1 -0
package/dist/cli/formatters/project-json.js +12 -0
package/dist/cli/formatters/project-json.js.map +1 -0
package/dist/cli/formatters/project-sarif.d.ts +11 -0
package/dist/cli/formatters/project-sarif.d.ts.map +1 -0
package/dist/cli/formatters/project-sarif.js +127 -0
package/dist/cli/formatters/project-sarif.js.map +1 -0
package/dist/cli/formatters/project-summary.d.ts +11 -0
package/dist/cli/formatters/project-summary.d.ts.map +1 -0
package/dist/cli/formatters/project-summary.js +202 -0
package/dist/cli/formatters/project-summary.js.map +1 -0
package/dist/cli/formatters/sarif-shared.d.ts +101 -0
package/dist/cli/formatters/sarif-shared.d.ts.map +1 -0
package/dist/cli/formatters/sarif-shared.js +57 -0
package/dist/cli/formatters/sarif-shared.js.map +1 -0
package/dist/cli/formatters/sarif.d.ts +12 -0
package/dist/cli/formatters/sarif.d.ts.map +1 -0
package/dist/cli/formatters/sarif.js +92 -0
package/dist/cli/formatters/sarif.js.map +1 -0
package/dist/cli/formatters/summary.d.ts +11 -0
package/dist/cli/formatters/summary.d.ts.map +1 -0
package/dist/cli/formatters/summary.js +240 -0
package/dist/cli/formatters/summary.js.map +1 -0
package/dist/cli/formatters/two-phase-summary.d.ts +11 -0
package/dist/cli/formatters/two-phase-summary.d.ts.map +1 -0
package/dist/cli/formatters/two-phase-summary.js +188 -0
package/dist/cli/formatters/two-phase-summary.js.map +1 -0
package/dist/cli/index.d.ts +15 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +555 -0
package/dist/cli/index.js.map +1 -0
package/dist/components/clustering.d.ts +60 -0
package/dist/components/clustering.d.ts.map +1 -0
package/dist/components/clustering.js +129 -0
package/dist/components/clustering.js.map +1 -0
package/dist/components/enrichment.d.ts +45 -0
package/dist/components/enrichment.d.ts.map +1 -0
package/dist/components/enrichment.js +193 -0
package/dist/components/enrichment.js.map +1 -0
package/dist/components/index.d.ts +29 -0
package/dist/components/index.d.ts.map +1 -0
package/dist/components/index.js +56 -0
package/dist/components/index.js.map +1 -0
package/dist/dead-code/detector.d.ts +200 -0
package/dist/dead-code/detector.d.ts.map +1 -0
package/dist/dead-code/detector.js +1003 -0
package/dist/dead-code/detector.js.map +1 -0
package/dist/dead-code/index.d.ts +7 -0
package/dist/dead-code/index.d.ts.map +1 -0
package/dist/dead-code/index.js +7 -0
package/dist/dead-code/index.js.map +1 -0
package/dist/extractors/index.d.ts +15 -0
package/dist/extractors/index.d.ts.map +1 -0
package/dist/extractors/index.js +14 -0
package/dist/extractors/index.js.map +1 -0
package/dist/extractors/natural-language.d.ts +46 -0
package/dist/extractors/natural-language.d.ts.map +1 -0
package/dist/extractors/natural-language.js +228 -0
package/dist/extractors/natural-language.js.map +1 -0
package/dist/extractors/tree-sitter.d.ts +33 -0
package/dist/extractors/tree-sitter.d.ts.map +1 -0
package/dist/extractors/tree-sitter.js +69 -0
package/dist/extractors/tree-sitter.js.map +1 -0
package/dist/extractors/types.d.ts +62 -0
package/dist/extractors/types.d.ts.map +1 -0
package/dist/extractors/types.js +54 -0
package/dist/extractors/types.js.map +1 -0
package/dist/health-score/calculator.d.ts +123 -0
package/dist/health-score/calculator.d.ts.map +1 -0
package/dist/health-score/calculator.js +444 -0
package/dist/health-score/calculator.js.map +1 -0
package/dist/health-score/index.d.ts +12 -0
package/dist/health-score/index.d.ts.map +1 -0
package/dist/health-score/index.js +14 -0
package/dist/health-score/index.js.map +1 -0
package/dist/health-score/metrics.d.ts +142 -0
package/dist/health-score/metrics.d.ts.map +1 -0
package/dist/health-score/metrics.js +332 -0
package/dist/health-score/metrics.js.map +1 -0
package/dist/index.d.ts +26 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +43 -0
package/dist/index.js.map +1 -0
package/dist/llm/ax-client.d.ts +477 -0
package/dist/llm/ax-client.d.ts.map +1 -0
package/dist/llm/ax-client.js +1641 -0
package/dist/llm/ax-client.js.map +1 -0
package/dist/llm/config.d.ts +58 -0
package/dist/llm/config.d.ts.map +1 -0
package/dist/llm/config.js +97 -0
package/dist/llm/config.js.map +1 -0
package/dist/llm/discovery.d.ts +123 -0
package/dist/llm/discovery.d.ts.map +1 -0
package/dist/llm/discovery.js +505 -0
package/dist/llm/discovery.js.map +1 -0
package/dist/llm/enrichment.d.ts +108 -0
package/dist/llm/enrichment.d.ts.map +1 -0
package/dist/llm/enrichment.js +312 -0
package/dist/llm/enrichment.js.map +1 -0
package/dist/llm/index.d.ts +13 -0
package/dist/llm/index.d.ts.map +1 -0
package/dist/llm/index.js +22 -0
package/dist/llm/index.js.map +1 -0
package/dist/llm/language-context.d.ts +64 -0
package/dist/llm/language-context.d.ts.map +1 -0
package/dist/llm/language-context.js +492 -0
package/dist/llm/language-context.js.map +1 -0
package/dist/llm/pattern-verification.d.ts +39 -0
package/dist/llm/pattern-verification.d.ts.map +1 -0
package/dist/llm/pattern-verification.js +127 -0
package/dist/llm/pattern-verification.js.map +1 -0
package/dist/llm/prompt-security.d.ts +120 -0
package/dist/llm/prompt-security.d.ts.map +1 -0
package/dist/llm/prompt-security.js +301 -0
package/dist/llm/prompt-security.js.map +1 -0
package/dist/llm/prompts/index.d.ts +31 -0
package/dist/llm/prompts/index.d.ts.map +1 -0
package/dist/llm/prompts/index.js +92 -0
package/dist/llm/prompts/index.js.map +1 -0
package/dist/llm/prompts/rust.d.ts +30 -0
package/dist/llm/prompts/rust.d.ts.map +1 -0
package/dist/llm/prompts/rust.js +121 -0
package/dist/llm/prompts/rust.js.map +1 -0
package/dist/llm/schemas.d.ts +892 -0
package/dist/llm/schemas.d.ts.map +1 -0
package/dist/llm/schemas.js +258 -0
package/dist/llm/schemas.js.map +1 -0
package/dist/llm/verification.d.ts +127 -0
package/dist/llm/verification.d.ts.map +1 -0
package/dist/llm/verification.js +394 -0
package/dist/llm/verification.js.map +1 -0
package/dist/project/analyzer.d.ts +30 -0
package/dist/project/analyzer.d.ts.map +1 -0
package/dist/project/analyzer.js +358 -0
package/dist/project/analyzer.js.map +1 -0
package/dist/project/call-graph.d.ts +22 -0
package/dist/project/call-graph.d.ts.map +1 -0
package/dist/project/call-graph.js +246 -0
package/dist/project/call-graph.js.map +1 -0
package/dist/project/index.d.ts +18 -0
package/dist/project/index.d.ts.map +1 -0
package/dist/project/index.js +20 -0
package/dist/project/index.js.map +1 -0
package/dist/project/taint-paths.d.ts +22 -0
package/dist/project/taint-paths.d.ts.map +1 -0
package/dist/project/taint-paths.js +265 -0
package/dist/project/taint-paths.js.map +1 -0
package/dist/project/two-phase-analyzer.d.ts +143 -0
package/dist/project/two-phase-analyzer.d.ts.map +1 -0
package/dist/project/two-phase-analyzer.js +646 -0
package/dist/project/two-phase-analyzer.js.map +1 -0
package/dist/project/type-hierarchy.d.ts +28 -0
package/dist/project/type-hierarchy.d.ts.map +1 -0
package/dist/project/type-hierarchy.js +218 -0
package/dist/project/type-hierarchy.js.map +1 -0
package/dist/secret-scan/index.d.ts +12 -0
package/dist/secret-scan/index.d.ts.map +1 -0
package/dist/secret-scan/index.js +14 -0
package/dist/secret-scan/index.js.map +1 -0
package/dist/secret-scan/patterns.d.ts +38 -0
package/dist/secret-scan/patterns.d.ts.map +1 -0
package/dist/secret-scan/patterns.js +473 -0
package/dist/secret-scan/patterns.js.map +1 -0
package/dist/secret-scan/scanner.d.ts +162 -0
package/dist/secret-scan/scanner.d.ts.map +1 -0
package/dist/secret-scan/scanner.js +511 -0
package/dist/secret-scan/scanner.js.map +1 -0
package/dist/security-scan/index.d.ts +12 -0
package/dist/security-scan/index.d.ts.map +1 -0
package/dist/security-scan/index.js +15 -0
package/dist/security-scan/index.js.map +1 -0
package/dist/security-scan/owasp-mapping.d.ts +29 -0
package/dist/security-scan/owasp-mapping.d.ts.map +1 -0
package/dist/security-scan/owasp-mapping.js +246 -0
package/dist/security-scan/owasp-mapping.js.map +1 -0
package/dist/security-scan/scanner.d.ts +204 -0
package/dist/security-scan/scanner.d.ts.map +1 -0
package/dist/security-scan/scanner.js +693 -0
package/dist/security-scan/scanner.js.map +1 -0
package/dist/security-scan/trend-tracker.d.ts +150 -0
package/dist/security-scan/trend-tracker.d.ts.map +1 -0
package/dist/security-scan/trend-tracker.js +299 -0
package/dist/security-scan/trend-tracker.js.map +1 -0
package/dist/skills/bundle-loader.d.ts +26 -0
package/dist/skills/bundle-loader.d.ts.map +1 -0
package/dist/skills/bundle-loader.js +284 -0
package/dist/skills/bundle-loader.js.map +1 -0
package/dist/skills/capability-mismatch.d.ts +21 -0
package/dist/skills/capability-mismatch.d.ts.map +1 -0
package/dist/skills/capability-mismatch.js +188 -0
package/dist/skills/capability-mismatch.js.map +1 -0
package/dist/skills/index.d.ts +10 -0
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/index.js +9 -0
package/dist/skills/index.js.map +1 -0
package/dist/skills/skill-analyzer.d.ts +16 -0
package/dist/skills/skill-analyzer.d.ts.map +1 -0
package/dist/skills/skill-analyzer.js +361 -0
package/dist/skills/skill-analyzer.js.map +1 -0
package/dist/skills/types.d.ts +195 -0
package/dist/skills/types.d.ts.map +1 -0
package/dist/skills/types.js +7 -0
package/dist/skills/types.js.map +1 -0
package/dist/specifica/conflict-resolver.d.ts +23 -0
package/dist/specifica/conflict-resolver.d.ts.map +1 -0
package/dist/specifica/conflict-resolver.js +129 -0
package/dist/specifica/conflict-resolver.js.map +1 -0
package/dist/specifica/evidence-aggregator.d.ts +33 -0
package/dist/specifica/evidence-aggregator.d.ts.map +1 -0
package/dist/specifica/evidence-aggregator.js +236 -0
package/dist/specifica/evidence-aggregator.js.map +1 -0
package/dist/specifica/evidence-extractor.d.ts +13 -0
package/dist/specifica/evidence-extractor.d.ts.map +1 -0
package/dist/specifica/evidence-extractor.js +431 -0
package/dist/specifica/evidence-extractor.js.map +1 -0
package/dist/specifica/feature-clustering.d.ts +19 -0
package/dist/specifica/feature-clustering.d.ts.map +1 -0
package/dist/specifica/feature-clustering.js +231 -0
package/dist/specifica/feature-clustering.js.map +1 -0
package/dist/specifica/generator.d.ts +16 -0
package/dist/specifica/generator.d.ts.map +1 -0
package/dist/specifica/generator.js +277 -0
package/dist/specifica/generator.js.map +1 -0
package/dist/specifica/index.d.ts +15 -0
package/dist/specifica/index.d.ts.map +1 -0
package/dist/specifica/index.js +18 -0
package/dist/specifica/index.js.map +1 -0
package/dist/specifica/prompts.d.ts +21 -0
package/dist/specifica/prompts.d.ts.map +1 -0
package/dist/specifica/prompts.js +196 -0
package/dist/specifica/prompts.js.map +1 -0
package/dist/specifica/spec-generator.d.ts +22 -0
package/dist/specifica/spec-generator.d.ts.map +1 -0
package/dist/specifica/spec-generator.js +229 -0
package/dist/specifica/spec-generator.js.map +1 -0
package/dist/specifica/types.d.ts +213 -0
package/dist/specifica/types.d.ts.map +1 -0
package/dist/specifica/types.js +7 -0
package/dist/specifica/types.js.map +1 -0
package/dist/utils/logger.d.ts +17 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +51 -0
package/dist/utils/logger.js.map +1 -0
package/package.json +99 -0

package/dist/llm/verification.js ADDED Viewed

@@ -0,0 +1,394 @@
+/**
+ * LLM Verification Engine (Phase 2)
+ *
+ * Uses a powerful LLM to verify vulnerability exploitability.
+ * Analyzes real source code to determine TRUE_POSITIVE, FALSE_POSITIVE, or UNCERTAIN.
+ */
+import { getAxLLMClient } from './ax-client.js';
+// ============================================================================
+// Verification Prompt Template
+// ============================================================================
+const VERIFICATION_PROMPT = `You are a security expert analyzing code for vulnerabilities.
+Your task is to determine if a data flow from SOURCE to SINK represents a real vulnerability.
+## SOURCE (line {sourceLine}):
+\`\`\`java
+{sourceCode}
+\`\`\`
+Source type: {sourceType}
+{sourceVariable}
+## SINK (line {sinkLine}):
+\`\`\`java
+{sinkCode}
+\`\`\`
+Sink type: {sinkType}
+## FULL METHOD:
+Class: {className}, Method: {methodName}
+Annotations: {annotations}
+\`\`\`java
+{methodCode}
+\`\`\`
+## STATIC ANALYSIS RESULT:
+- Data flow path exists: {pathExists}
+- Known sanitizers in path: {sanitizers}
+## DECISION CRITERIA:
+### TRUE_POSITIVE - The default when source reaches sink:
+A vulnerability EXISTS if user-controlled data flows to a dangerous operation.
+Report TRUE_POSITIVE unless you find CLEAR EVIDENCE of sanitization.
+Key question: Can an attacker control the data that reaches the sink?
+- If YES and no sanitization → TRUE_POSITIVE
+- If source is from HTTP request/user input → likely TRUE_POSITIVE
+### FALSE_POSITIVE - Only with CLEAR EVIDENCE:
+Report FALSE_POSITIVE only if you can identify ONE of these:
+1. **Parameterized query**: SQL uses PreparedStatement with ? (NOT string concat)
+2. **Encoding applied**: Output is HTML-encoded before rendering
+3. **Constant source**: The "source" is actually a hardcoded string
+4. **Safe API**: Using a documented safe API (e.g., ProcessBuilder.command(array))
+Do NOT mark as FALSE_POSITIVE just because:
+- You don't see the full attack vector
+- The code is complex
+- You're unsure about a method's behavior
+### UNCERTAIN - Use sparingly:
+Only when you genuinely cannot trace the data flow.
+## IMPORTANT:
+- Static analysis already confirmed a data flow path exists
+- Your job is to verify IF sanitization breaks the flow
+- When in doubt, trust the static analysis → TRUE_POSITIVE
+- Be specific about what sanitizer you found if marking FALSE_POSITIVE
+## OUTPUT (JSON):
+{
+  "verdict": "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN",
+  "confidence": 0.0-1.0,
+  "reasoning": "explain the data flow and any sanitization found",
+  "exploitability": "high" | "medium" | "low" | "none",
+  "sanitizersFound": ["specific sanitizers found, or empty"],
+  "attackVector": "example attack if TRUE_POSITIVE"
+}`;
+// ============================================================================
+// Batch Verification Prompt (optimized for multiple pairs in one call)
+// ============================================================================
+const BATCH_VERIFICATION_PROMPT = `You are a security expert analyzing Java code for vulnerabilities.
+## CODE:
+\`\`\`java
+{code}
+\`\`\`
+## SOURCES (user-controlled inputs):
+{sources}
+## SINKS (dangerous operations):
+{sinks}
+## TASK:
+Analyze ALL possible source-to-sink combinations and determine which are exploitable vulnerabilities.
+## DECISION CRITERIA:
+- **TRUE_POSITIVE**: User input flows to sink without proper sanitization, exploitable
+- **FALSE_POSITIVE**: Data is sanitized, constant, or cannot reach sink
+- **UNCERTAIN**: Cannot determine with confidence
+## COMMON SANITIZERS:
+- SQL: PreparedStatement with ?, NamedParameterJdbcTemplate
+- XSS: ESAPI encoding, HtmlUtils.htmlEscape(), Jsoup.clean()
+- Command: ProcessBuilder with array args, input validation
+- Path: FilenameUtils.getName(), canonical path checks
+## OUTPUT FORMAT:
+Return a JSON object with a "pairs" array. Each pair has source_line, sink_line, verdict, confidence, and reasoning.
+Only include pairs where data CAN flow from source to sink.
+{
+  "pairs": [
+    {
+      "source_line": 42,
+      "sink_line": 55,
+      "verdict": "TRUE_POSITIVE",
+      "confidence": 0.95,
+      "reasoning": "Request parameter flows directly to SQL query without PreparedStatement",
+      "exploitability": "high"
+    }
+  ],
+  "summary": {
+    "total_analyzed": 12,
+    "true_positives": 3,
+    "false_positives": 8,
+    "uncertain": 1
+  }
+}`;
+// ============================================================================
+// Verification Engine
+// ============================================================================
+export class VerificationEngine {
+    client;
+    config;
+    constructor(client) {
+        this.client = client || getAxLLMClient();
+        this.config = this.client.getVerificationConfig();
+    }
+    /**
+     * Verify a single taint path
+     */
+    async verify(input) {
+        const modelUsed = this.client.getPhaseConfig('verification').model;
+        try {
+            const result = await this.client.verify({
+                sourceCode: input.source.code,
+                sourceLine: input.source.line,
+                sourceType: input.source.type,
+                sinkCode: input.sink.code,
+                sinkLine: input.sink.line,
+                sinkType: input.sink.type,
+                cwe: input.sink.cwe,
+                methodCode: input.methodCode,
+                methodName: input.methodName,
+                className: input.className,
+                sanitizersInPath: input.sanitizersInPath,
+            });
+            if (result) {
+                return {
+                    verdict: result.verdict,
+                    confidence: Math.min(1, Math.max(0, result.confidence || 0.5)),
+                    reasoning: result.reasoning || 'No reasoning provided',
+                    exploitability: result.exploitability,
+                    sanitizersFound: result.sanitizersFound,
+                    attackVector: result.attackVector,
+                    verifiedAt: new Date().toISOString(),
+                    modelUsed,
+                };
+            }
+            // Fallback if result is empty
+            return this.createUncertainResult(modelUsed, 'Failed to parse response');
+        }
+        catch (error) {
+            console.error('Verification failed:', error);
+            return this.createUncertainResult(modelUsed, `Verification failed: ${error}`);
+        }
+    }
+    /**
+     * Batch verify all source-sink pairs, with automatic chunking for large sets
+     * Splits into smaller batches if sources × sinks exceeds threshold
+     */
+    async verifyBatch(input) {
+        const startTime = Date.now();
+        const modelUsed = this.client.getPhaseConfig('verification').model;
+        // Chunking threshold: max pairs per LLM call
+        const MAX_PAIRS_PER_CHUNK = 20;
+        const totalPairs = input.sources.length * input.sinks.length;
+        // If small enough, process in one call
+        if (totalPairs <= MAX_PAIRS_PER_CHUNK) {
+            return this.verifyBatchChunk(input, startTime, modelUsed);
+        }
+        // Otherwise, chunk the sources and process in parallel
+        const chunkSize = Math.max(1, Math.floor(MAX_PAIRS_PER_CHUNK / Math.max(1, input.sinks.length)));
+        const sourceChunks = [];
+        for (let i = 0; i < input.sources.length; i += chunkSize) {
+            sourceChunks.push(input.sources.slice(i, i + chunkSize));
+        }
+        console.log(`Chunking batch verification: ${input.sources.length} sources × ${input.sinks.length} sinks = ${totalPairs} pairs → ${sourceChunks.length} chunks`);
+        // Process chunks in parallel (limited concurrency)
+        const MAX_CONCURRENT_CHUNKS = 3;
+        const allPairs = [];
+        let totalAnalyzed = 0;
+        let truePositives = 0;
+        let falsePositives = 0;
+        let uncertain = 0;
+        for (let i = 0; i < sourceChunks.length; i += MAX_CONCURRENT_CHUNKS) {
+            const chunkBatch = sourceChunks.slice(i, i + MAX_CONCURRENT_CHUNKS);
+            const results = await Promise.all(chunkBatch.map(chunk => this.verifyBatchChunk({ ...input, sources: chunk }, Date.now(), modelUsed)));
+            for (const result of results) {
+                allPairs.push(...result.pairs);
+                totalAnalyzed += result.summary.total_analyzed;
+                truePositives += result.summary.true_positives;
+                falsePositives += result.summary.false_positives;
+                uncertain += result.summary.uncertain;
+            }
+        }
+        return {
+            pairs: allPairs,
+            summary: {
+                total_analyzed: totalAnalyzed,
+                true_positives: truePositives,
+                false_positives: falsePositives,
+                uncertain: uncertain,
+            },
+            processingTimeMs: Date.now() - startTime,
+            modelUsed,
+        };
+    }
+    /**
+     * Process a single chunk of source-sink pairs
+     */
+    async verifyBatchChunk(input, startTime, modelUsed) {
+        // Build sources list
+        const sourcesText = input.sources
+            .map((s, i) => `  ${i + 1}. Line ${s.line}: ${s.type}${s.variable ? ` (${s.variable})` : ''}`)
+            .join('\n');
+        // Build sinks list
+        const sinksText = input.sinks
+            .map((s, i) => `  ${i + 1}. Line ${s.line}: ${s.type} [${s.cwe}]${s.method ? ` - ${s.method}()` : ''}`)
+            .join('\n');
+        // Build the batch prompt
+        const prompt = BATCH_VERIFICATION_PROMPT
+            .replace('{code}', input.code)
+            .replace('{sources}', sourcesText)
+            .replace('{sinks}', sinksText);
+        try {
+            const response = await this.client.chatJSON('You are a security expert. Analyze all source-sink pairs and return JSON.', prompt, 'verification');
+            const processingTimeMs = Date.now() - startTime;
+            if (response && response.pairs && Array.isArray(response.pairs)) {
+                return {
+                    pairs: response.pairs.map((p) => ({
+                        source_line: p.source_line,
+                        sink_line: p.sink_line,
+                        verdict: this.normalizeVerdict(p.verdict),
+                        confidence: Math.min(1, Math.max(0, p.confidence || 0.5)),
+                        reasoning: p.reasoning || 'No reasoning provided',
+                        exploitability: this.normalizeExploitability(p.exploitability),
+                    })),
+                    summary: response.summary || {
+                        total_analyzed: response.pairs.length,
+                        true_positives: response.pairs.filter((p) => p.verdict === 'TRUE_POSITIVE').length,
+                        false_positives: response.pairs.filter((p) => p.verdict === 'FALSE_POSITIVE').length,
+                        uncertain: response.pairs.filter((p) => p.verdict === 'UNCERTAIN').length,
+                    },
+                    processingTimeMs,
+                    modelUsed,
+                };
+            }
+            // Empty response - return no pairs
+            return {
+                pairs: [],
+                summary: { total_analyzed: 0, true_positives: 0, false_positives: 0, uncertain: 0 },
+                processingTimeMs,
+                modelUsed,
+            };
+        }
+        catch (error) {
+            console.error('Batch verification chunk failed:', error);
+            return {
+                pairs: [],
+                summary: { total_analyzed: 0, true_positives: 0, false_positives: 0, uncertain: 0 },
+                processingTimeMs: Date.now() - startTime,
+                modelUsed,
+            };
+        }
+    }
+    /**
+     * Build verification prompt
+     */
+    buildPrompt(input) {
+        return VERIFICATION_PROMPT
+            .replace('{cwe}', input.sink.cwe)
+            .replace('{sourceLine}', String(input.source.line))
+            .replace('{sourceCode}', input.source.code)
+            .replace('{sourceType}', input.source.type)
+            .replace('{sourceVariable}', input.source.variable ? `Variable: ${input.source.variable}` : '')
+            .replace('{sinkLine}', String(input.sink.line))
+            .replace('{sinkCode}', input.sink.code)
+            .replace('{sinkType}', input.sink.type)
+            .replace('{className}', input.className)
+            .replace('{methodName}', input.methodName)
+            .replace('{annotations}', input.annotations.join(', ') || 'none')
+            .replace('{methodCode}', input.methodCode)
+            .replace('{pathExists}', String(input.pathExists))
+            .replace('{sanitizers}', input.sanitizersInPath.join(', ') || 'none');
+    }
+    /**
+     * Create uncertain result for error cases
+     */
+    createUncertainResult(modelUsed, reason) {
+        return {
+            verdict: 'UNCERTAIN',
+            confidence: 0,
+            reasoning: reason,
+            exploitability: 'none',
+            verifiedAt: new Date().toISOString(),
+            modelUsed,
+        };
+    }
+    /**
+     * Normalize verdict string
+     */
+    normalizeVerdict(verdict) {
+        const upper = String(verdict).toUpperCase().replace(/[\s-]/g, '_');
+        if (upper === 'TRUE_POSITIVE' || upper === 'TP')
+            return 'TRUE_POSITIVE';
+        if (upper === 'FALSE_POSITIVE' || upper === 'FP')
+            return 'FALSE_POSITIVE';
+        return 'UNCERTAIN';
+    }
+    /**
+     * Normalize exploitability string
+     */
+    normalizeExploitability(exp) {
+        const lower = String(exp || '').toLowerCase();
+        if (lower === 'high' || lower === 'critical')
+            return 'high';
+        if (lower === 'medium' || lower === 'moderate')
+            return 'medium';
+        if (lower === 'low')
+            return 'low';
+        return 'none';
+    }
+}
+// ============================================================================
+// Convenience Functions
+// ============================================================================
+/**
+ * Get a new verification engine instance
+ * Always creates a fresh instance for per-request isolation
+ */
+export function getVerificationEngine(client) {
+    return new VerificationEngine(client);
+}
+/**
+ * Verify a taint path
+ */
+export async function verifyTaintPath(input) {
+    return getVerificationEngine().verify(input);
+}
+/**
+ * Batch verify all source-sink pairs in ONE LLM call
+ * Much more efficient than N×M individual calls
+ */
+export async function verifyTaintPathsBatch(input) {
+    return getVerificationEngine().verifyBatch(input);
+}
+/**
+ * Quick verification helper
+ */
+export async function verifyVulnerability(sourceCode, sourceLine, sourceType, sinkCode, sinkLine, sinkType, cwe, methodCode, methodName, className) {
+    return verifyTaintPath({
+        source: {
+            line: sourceLine,
+            code: sourceCode,
+            type: sourceType,
+        },
+        sink: {
+            line: sinkLine,
+            code: sinkCode,
+            type: sinkType,
+            cwe,
+        },
+        methodCode,
+        methodName,
+        className,
+        annotations: [],
+        pathExists: true,
+        sanitizersInPath: [],
+    });
+}
+//# sourceMappingURL=verification.js.map

package/dist/llm/verification.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verification.js","sourceRoot":"","sources":["../../src/llm/verification.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,cAAc,EAAoB,MAAM,gBAAgB,CAAC;AAsDlE,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmE1B,CAAC;AAEH,+EAA+E;AAC/E,uEAAuE;AACvE,+EAA+E;AAE/E,MAAM,yBAAyB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgDhC,CAAC;AAyCH,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAAc;IACpB,MAAM,CAGZ;IAEF,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,cAAc,EAAE,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,qBAAqB,EAAE,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,KAAwB;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC;QAEnE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;gBACtC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI;gBAC7B,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI;gBAC7B,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI;gBAC7B,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI;gBACzB,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI;gBACzB,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI;gBACzB,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG;gBACnB,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,UAAU,EAAE,KAAK,CAAC,UAAU;gBAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;aACzC,CAAC,CAAC;YAEH,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;oBAC9D,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,uBAAuB;oBACtD,cAAc,EAAE,MAAM,CAAC,cAAc;oBACrC,eAAe,EAAE,MAAM,CAAC,eAAe;oBACvC,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACpC,SAAS;iBACV,CAAC;YACJ,CAAC;YAED,8BAA8B;YAC9B,OAAO,IAAI,CAAC,qBAAqB,CAAC,SAAS,EAAE,0BAA0B,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC,qBAAqB,CAAC,SAAS,EAAE,wBAAwB,KAAK,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,KAA6B;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC;QAEnE,6CAA6C;QAC7C,MAAM,mBAAmB,GAAG,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;QAE7D,uCAAuC;QACvC,IAAI,UAAU,IAAI,mBAAmB,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QAC5D,CAAC;QAED,uDAAuD;QACvD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,mBAAmB,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACjG,MAAM,YAAY,GAA2B,EAAE,CAAC;QAEhD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC;YACzD,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,gCAAgC,KAAK,CAAC,OAAO,CAAC,MAAM,cAAc,KAAK,CAAC,KAAK,CAAC,MAAM,YAAY,UAAU,YAAY,YAAY,CAAC,MAAM,SAAS,CAAC,CAAC;QAEhK,mDAAmD;QACnD,MAAM,qBAAqB,GAAG,CAAC,CAAC;QAChC,MAAM,QAAQ,GAAqC,EAAE,CAAC;QACtD,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,cAAc,GAAG,CAAC,CAAC;QACvB,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,qBAAqB,EAAE,CAAC;YACpE,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,qBAAqB,CAAC,CAAC;YACpE,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CACrB,IAAI,CAAC,gBAAgB,CACnB,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAC5B,IAAI,CAAC,GAAG,EAAE,EACV,SAAS,CACV,CACF,CACF,CAAC;YAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,QAAQ,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC/B,aAAa,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;gBAC/C,aAAa,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;gBAC/C,cAAc,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC;gBACjD,SAAS,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;YACxC,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE;gBACP,cAAc,EAAE,aAAa;gBAC7B,cAAc,EAAE,aAAa;gBAC7B,eAAe,EAAE,cAAc;gBAC/B,SAAS,EAAE,SAAS;aACrB;YACD,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YACxC,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,KAA6B,EAC7B,SAAiB,EACjB,SAAiB;QAEjB,qBAAqB;QACrB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO;aAC9B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;aAC7F,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,mBAAmB;QACnB,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;aACtG,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,yBAAyB;QACzB,MAAM,MAAM,GAAG,yBAAyB;aACrC,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC;aAC7B,OAAO,CAAC,WAAW,EAAE,WAAW,CAAC;aACjC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CACzC,2EAA2E,EAC3E,MAAM,EACN,cAAc,CACf,CAAC;YAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAEhD,IAAI,QAAQ,IAAI,QAAQ,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChE,OAAO;oBACL,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;wBACrC,WAAW,EAAE,CAAC,CAAC,WAAW;wBAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;wBACtB,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC;wBACzC,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;wBACzD,SAAS,EAAE,CAAC,CAAC,SAAS,IAAI,uBAAuB;wBACjD,cAAc,EAAE,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,cAAc,CAAC;qBAC/D,CAAC,CAAC;oBACH,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI;wBAC3B,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM;wBACrC,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,eAAe,CAAC,CAAC,MAAM;wBACvF,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,gBAAgB,CAAC,CAAC,MAAM;wBACzF,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC,MAAM;qBAC/E;oBACD,gBAAgB;oBAChB,SAAS;iBACV,CAAC;YACJ,CAAC;YAED,mCAAmC;YACnC,OAAO;gBACL,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;gBACnF,gBAAgB;gBAChB,SAAS;aACV,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;YACzD,OAAO;gBACL,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE;gBACnF,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBACxC,SAAS;aACV,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW,CAAC,KAAwB;QAC1C,OAAO,mBAAmB;aACvB,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;aAChC,OAAO,CAAC,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAClD,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;aAC1C,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;aAC1C,OAAO,CAAC,kBAAkB,EAAE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC9F,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;aAC9C,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;aACtC,OAAO,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;aACtC,OAAO,CAAC,aAAa,EAAE,KAAK,CAAC,SAAS,CAAC;aACvC,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC,UAAU,CAAC;aACzC,OAAO,CAAC,eAAe,EAAE,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC;aAChE,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC,UAAU,CAAC;aACzC,OAAO,CAAC,cAAc,EAAE,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;aACjD,OAAO,CAAC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,CAAC;IAC1E,CAAC;IAED;;OAEG;IACK,qBAAqB,CAAC,SAAiB,EAAE,MAAc;QAC7D,OAAO;YACL,OAAO,EAAE,WAAW;YACpB,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,MAAM;YACjB,cAAc,EAAE,MAAM;YACtB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,OAAe;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACnE,IAAI,KAAK,KAAK,eAAe,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,eAAe,CAAC;QACxE,IAAI,KAAK,KAAK,gBAAgB,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,gBAAgB,CAAC;QAC1E,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,GAAW;QACzC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9C,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,MAAM,CAAC;QAC5D,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,QAAQ,CAAC;QAChE,IAAI,KAAK,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAoB;IACxD,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAwB;IAC5D,OAAO,qBAAqB,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,KAA6B;IACvE,OAAO,qBAAqB,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,UAAkB,EAClB,UAAkB,EAClB,UAAkB,EAClB,QAAgB,EAChB,QAAgB,EAChB,QAAgB,EAChB,GAAW,EACX,UAAkB,EAClB,UAAkB,EAClB,SAAiB;IAEjB,OAAO,eAAe,CAAC;QACrB,MAAM,EAAE;YACN,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,UAAU;YAChB,IAAI,EAAE,UAAU;SACjB;QACD,IAAI,EAAE;YACJ,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,QAAQ;YACd,GAAG;SACJ;QACD,UAAU;QACV,UAAU;QACV,SAAS;QACT,WAAW,EAAE,EAAE;QACf,UAAU,EAAE,IAAI;QAChB,gBAAgB,EAAE,EAAE;KACrB,CAAC,CAAC;AACL,CAAC"}

package/dist/project/analyzer.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Project-Level Analyzer
+ *
+ * Analyzes multiple files as a project, building:
+ * - Type hierarchy (class inheritance, interface implementations)
+ * - Cross-file call graph
+ * - Multi-file taint paths
+ */
+import { type ProjectAnalysis, type SupportedLanguage } from 'circle-ir';
+export interface ProjectOptions {
+    name?: string;
+    root?: string;
+    language?: SupportedLanguage;
+    framework?: string;
+    frameworkVersion?: string;
+    buildTool?: "maven" | "gradle" | "ant" | "unknown";
+    enablePatternDiscovery?: boolean;
+    patternConfidenceThreshold?: number;
+    /** Enable LLM-based cross-file taint analysis */
+    enableLLMCrossFileTaint?: boolean;
+}
+export interface FileInput {
+    path: string;
+    content: string;
+}
+/**
+ * Analyze a project consisting of multiple files.
+ */
+export declare function analyzeProject(files: FileInput[], options?: ProjectOptions): Promise<ProjectAnalysis>;
+//# sourceMappingURL=analyzer.d.ts.map

package/dist/project/analyzer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../../src/project/analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAOL,KAAK,eAAe,EAKpB,KAAK,iBAAiB,EAEvB,MAAM,WAAW,CAAC;AA2DnB,MAAM,WAAW,cAAc;IAC7B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,KAAK,GAAG,SAAS,CAAC;IACnD,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,iDAAiD;IACjD,uBAAuB,CAAC,EAAE,OAAO,CAAC;CACnC;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,SAAS,EAAE,EAClB,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,eAAe,CAAC,CAuJ1B"}