circle-ir-ai 1.8.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/CHANGELOG.md +110 -0
  2. package/dist/agents/mastra/agents.d.ts +44 -44
  3. package/dist/agents/mastra/instance.d.ts +45 -45
  4. package/dist/agents/mastra/steps.d.ts +11 -11
  5. package/dist/cache/classification-cache.d.ts +45 -0
  6. package/dist/cache/classification-cache.d.ts.map +1 -0
  7. package/dist/cache/classification-cache.js +154 -0
  8. package/dist/cache/classification-cache.js.map +1 -0
  9. package/dist/cli/commands/trust.d.ts.map +1 -1
  10. package/dist/cli/commands/trust.js +26 -0
  11. package/dist/cli/commands/trust.js.map +1 -1
  12. package/dist/cli/index.js +0 -0
  13. package/dist/index.d.ts +8 -4
  14. package/dist/index.d.ts.map +1 -1
  15. package/dist/index.js +11 -5
  16. package/dist/index.js.map +1 -1
  17. package/dist/llm/batch-classifier.d.ts +67 -0
  18. package/dist/llm/batch-classifier.d.ts.map +1 -0
  19. package/dist/llm/batch-classifier.js +138 -0
  20. package/dist/llm/batch-classifier.js.map +1 -0
  21. package/dist/llm/cgs-serializer.d.ts +30 -0
  22. package/dist/llm/cgs-serializer.d.ts.map +1 -0
  23. package/dist/llm/cgs-serializer.js +192 -0
  24. package/dist/llm/cgs-serializer.js.map +1 -0
  25. package/dist/llm/doc-pattern-passes.d.ts +41 -0
  26. package/dist/llm/doc-pattern-passes.d.ts.map +1 -0
  27. package/dist/llm/doc-pattern-passes.js +418 -0
  28. package/dist/llm/doc-pattern-passes.js.map +1 -0
  29. package/dist/trust/index.d.ts +6 -0
  30. package/dist/trust/index.d.ts.map +1 -1
  31. package/dist/trust/index.js +10 -0
  32. package/dist/trust/index.js.map +1 -1
  33. package/dist/trust/passes/ai-generated-fingerprint.d.ts +34 -0
  34. package/dist/trust/passes/ai-generated-fingerprint.d.ts.map +1 -0
  35. package/dist/trust/passes/ai-generated-fingerprint.js +317 -0
  36. package/dist/trust/passes/ai-generated-fingerprint.js.map +1 -0
  37. package/dist/trust/passes/circlir-findings-adapter.d.ts +30 -0
  38. package/dist/trust/passes/circlir-findings-adapter.d.ts.map +1 -0
  39. package/dist/trust/passes/circlir-findings-adapter.js +79 -0
  40. package/dist/trust/passes/circlir-findings-adapter.js.map +1 -0
  41. package/dist/trust/passes/feature-envy.d.ts +26 -0
  42. package/dist/trust/passes/feature-envy.d.ts.map +1 -0
  43. package/dist/trust/passes/feature-envy.js +169 -0
  44. package/dist/trust/passes/feature-envy.js.map +1 -0
  45. package/dist/trust/passes/missing-guard-dom.d.ts +25 -0
  46. package/dist/trust/passes/missing-guard-dom.d.ts.map +1 -0
  47. package/dist/trust/passes/missing-guard-dom.js +250 -0
  48. package/dist/trust/passes/missing-guard-dom.js.map +1 -0
  49. package/dist/trust/passes/performance-passes.d.ts +20 -0
  50. package/dist/trust/passes/performance-passes.d.ts.map +1 -0
  51. package/dist/trust/passes/performance-passes.js +149 -0
  52. package/dist/trust/passes/performance-passes.js.map +1 -0
  53. package/dist/trust/passes/tool-poisoning.d.ts +28 -0
  54. package/dist/trust/passes/tool-poisoning.d.ts.map +1 -0
  55. package/dist/trust/passes/tool-poisoning.js +287 -0
  56. package/dist/trust/passes/tool-poisoning.js.map +1 -0
  57. package/dist/trust/scoring.d.ts +3 -3
  58. package/dist/trust/scoring.d.ts.map +1 -1
  59. package/dist/trust/scoring.js +39 -2
  60. package/dist/trust/scoring.js.map +1 -1
  61. package/dist/trust/types.d.ts +3 -0
  62. package/dist/trust/types.d.ts.map +1 -1
  63. package/dist/trust/types.js.map +1 -1
  64. package/package.json +9 -10
  65. package/dist/analysis/enriched.d.ts +0 -16
  66. package/dist/analysis/enriched.d.ts.map +0 -1
  67. package/dist/analysis/enriched.js +0 -297
  68. package/dist/analysis/enriched.js.map +0 -1
  69. package/dist/analysis/llm-correlated-predicates.d.ts +0 -80
  70. package/dist/analysis/llm-correlated-predicates.d.ts.map +0 -1
  71. package/dist/analysis/llm-correlated-predicates.js +0 -255
  72. package/dist/analysis/llm-correlated-predicates.js.map +0 -1
  73. package/dist/llm/pattern-verification.d.ts +0 -39
  74. package/dist/llm/pattern-verification.d.ts.map +0 -1
  75. package/dist/llm/pattern-verification.js +0 -127
  76. package/dist/llm/pattern-verification.js.map +0 -1
package/CHANGELOG.md CHANGED
@@ -5,6 +5,116 @@ All notable changes to this project will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [1.13.0] - 2026-03-28
9
+
10
+ ### Changed
11
+
12
+ - **Phase 4 Completion: Dedup Performance Passes + Surface Circle-IR Findings**
13
+ - Replaced P30-P32 (blocking-main-thread, excessive-allocation, missing-stream) with **CircleIR findings adapter** — zero-cost extraction from `ir.findings` instead of redundant re-analysis
14
+ - Added **god-class** and **naming-convention** trust passes via findings adapter (surfacing circle-ir 3.14.0 passes #39, #40)
15
+ - New generic `adaptCircleIRFindings()` function for converting circle-ir `SastFinding[]` → `TrustPassResult`
16
+ - Removed ~300 LOC of redundant P30-P32 analysis logic
17
+ - 10 new tests in `tests/circlir-findings-adapter.test.ts`
18
+
19
+ - Trust score now has 26 passes (24 → 26)
20
+ - PASS_CATEGORY_MAP expanded from 29 to 31 entries
21
+ - PASS_COMPONENT_MAP expanded from 25 to 27 entries
22
+
23
+ ## [1.12.0] - 2026-03-28
24
+
25
+ ### Added
26
+
27
+ - **Phase 3 Completion: LLM-Enhanced Replacement Passes**
28
+ - **missing-guard-dom** (`src/trust/passes/missing-guard-dom.ts`): LLM-enhanced auth guard dominator analysis. Uses `DominatorGraph` from circle-ir to verify sensitive operations are dominated by auth checks. Recognizes annotation-based guards (`@PreAuthorize`, `@Secured`, `@RolesAllowed`, `@login_required`). Optional LLM to detect framework-level guards (Spring Security, middleware). Regex fallback for non-CircleIR mode.
29
+ - **feature-envy** (`src/trust/passes/feature-envy.ts`): LLM-enhanced design intent detection. Same call-count heuristic as circle-ir (external ≥ 4, margin > 2) with static filters for delegation patterns (Controller, Facade, Service, Handler classes; handle*, delegate*, process* methods). Optional LLM to distinguish true envy from legitimate orchestration.
30
+ - 16 new tests across 2 test files
31
+ - Upgraded `circle-ir` from 3.12.0 to 3.14.0 (removed passes now replaced by circle-ir-ai)
32
+
33
+ ### Changed
34
+
35
+ - Trust score now has 24 passes (22 → 24)
36
+ - PASS_CATEGORY_MAP expanded from 27 to 29 entries
37
+ - PASS_COMPONENT_MAP expanded from 23 to 25 entries
38
+
39
+ ## [1.11.0] - 2026-03-28
40
+
41
+ ### Added
42
+
43
+ - **Phase 4: Performance Trust Passes (P30-P33)**
44
+ - **P30 blocking-main-thread** (`src/trust/passes/performance-passes.ts`): Detects sync I/O calls (readFileSync, execSync, etc.) in async contexts. CircleIR-first with regex fallback. Severity: high in async, medium otherwise.
45
+ - **P31 excessive-allocation**: Detects object allocation (`new ...()`) inside hot loops. CircleIR mode uses CFG loop blocks + constructor calls. Nested loops → high severity.
46
+ - **P32 missing-stream**: Detects readFile/readFileSync usage without streaming alternatives (createReadStream/pipeline/pipe). Severity: medium.
47
+ - **P33 cache-invalidation**: Detects cache-like Map/Set variables without delete/clear/TTL patterns. Severity: low.
48
+ - **performance_score** component added to TrustScoreResult (13 total score components)
49
+ - 14 new tests in `tests/performance-passes.test.ts`
50
+
51
+ ### Changed
52
+
53
+ - Trust score now has 22 passes (18 → 22) with 13 score components (12 → 13)
54
+ - PASS_CATEGORY_MAP expanded from 23 to 27 entries
55
+ - PASS_COMPONENT_MAP expanded from 19 to 23 entries
56
+
57
+ ## [1.10.0] - 2026-03-28
58
+
59
+ ### Added
60
+
61
+ - **Phase 3: LLM Infrastructure + Passes**
62
+ - **Classification Cache** (`src/cache/classification-cache.ts`): LLM result caching with composite key (content + classifier), 24h TTL, hit/miss tracking
63
+ - **CGS Serializer** (`src/llm/cgs-serializer.ts`): Compact Graph Summary — serialize CircleIR to compact text for LLM prompts (~85% token reduction), priority-based budget allocation
64
+ - **A2 Tool-Poisoning Pass** (`src/trust/passes/tool-poisoning.ts`): Detect undeclared tool behavior (network, exec, file_write) by comparing tool schemas vs actual code. Static heuristics + optional LLM. Graceful degradation without schemas.
65
+ - **A3 AI-Generated Fingerprint Pass** (`src/trust/passes/ai-generated-fingerprint.ts`): 7-signal heuristic detector for LLM-generated code (over-commenting, generic naming, placeholders, uniform formatting, excessive docstrings, boilerplate, repetitive structure)
66
+ - **Batch Classifier** (`src/llm/batch-classifier.ts`): Orchestrates multiple LLM classification passes with p-queue concurrency, classification cache, CGS integration, Zod validation. Graceful degradation without LLM.
67
+ - **5 Doc/Pattern LLM Passes** (`src/llm/doc-pattern-passes.ts`): doc-param-mismatch, return-type-mismatch, doc-wrong-behavior, inconsistent-error-handling, magic-numbers. All with LLM + static fallback where applicable.
68
+ - **2 new score components**: `poisoning_score` and `provenance_score` added to TrustScoreResult (12 total)
69
+ - **23 new pass registrations**: 7 passes added to PASS_CATEGORY_MAP and PASS_COMPONENT_MAP
70
+ - **Trust CLI updated**: 2 new Sprint 6 passes (tool-poisoning, ai-generated-fingerprint) in trust command output
71
+
72
+ ### Changed
73
+
74
+ - Trust score now has 18 passes (16 → 18) with 12 score components (10 → 12)
75
+ - PASS_CATEGORY_MAP expanded from 16 to 23 entries
76
+ - PASS_COMPONENT_MAP expanded from 12 to 19 entries
77
+
78
+ ## [1.9.0] - 2026-03-28
79
+
80
+ ### Changed
81
+
82
+ - **Major dependency upgrades:**
83
+ - `circle-ir` 3.9.7 → 3.12.0 (36-pass pipeline, TypeHierarchy, DominatorGraph)
84
+ - `@ax-llm/ax` 16.0.13 → 19.0.37
85
+ - `@mastra/core` 1.1.0 → 1.17.0
86
+ - `typescript` 5.9.3 → 6.0.2 (target ES2025, types: ["node"])
87
+ - `vitest` 3.2.4 → 4.1.2
88
+ - `@vitest/coverage-v8` 3.2.4 → 4.1.2
89
+ - `@types/node` 25.1.0 → 25.5.0
90
+ - `tsx` 4.19.0 → 4.21.0
91
+ - `web-tree-sitter` 0.26.6 → 0.26.7
92
+
93
+ ### Fixed
94
+
95
+ - TypeScript 6.0 compatibility: added explicit `types: ["node"]` to tsconfig.json (TS6 defaults types to `[]`)
96
+
97
+ ### Benchmark Improvements
98
+
99
+ - **OWASP Benchmark**: 97.4% → **100.0%** (1415/1415 perfect) — circle-ir 3.12 fixed all 37 command injection false negatives
100
+ - **Rust Benchmark**: expanded from 30 to 50 tests, TPR improved from 77.8% to 86.5%
101
+
102
+ ## [1.8.0] - 2026-03-27
103
+
104
+ ### Added
105
+
106
+ - **Trust Score v2**: Weighted category-based scoring engine (supply_chain, code_security, ai_safety, compliance, artifacts)
107
+ - **EU AI Act Flags pass**: Static analysis for EU AI Act compliance indicators (Art. 9, 10, 12, 13, 14)
108
+ - **Compare CLI command**: Compare trust scores between two codebases with delta analysis
109
+ - **Quality Score engine**: 5-pass quality scoring (code complexity, test coverage, documentation, maintainability, performance)
110
+ - **Trust scoring module** (`src/trust/scoring.ts`): configurable weights, 10 score components, tier derivation
111
+ - **Trust comparison** (`src/trust/compare.ts`): finding diff, trend detection (improved/degraded/stable)
112
+
113
+ ### Changed
114
+
115
+ - Trust score now uses weighted categories instead of simple average across passes
116
+ - `circle-ir` upgraded from 3.9.7 to 3.11.0
117
+
8
118
  ## [1.3.0] - 2026-03-08
9
119
 
10
120
  ### Added
package/dist/agents/mastra/agents.d.ts CHANGED
@@ -30,11 +30,11 @@ export declare const enrichmentAgent: Agent<"enrichment-agent", {
30
30
  methodCode: string;
31
31
  }, {
32
32
  sources: {
33
- line: number;
34
- variable: string;
35
- type: string;
36
33
  confidence: number;
37
34
  reasoning: string;
35
+ type: string;
36
+ line: number;
37
+ variable: string;
38
38
  }[];
39
39
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
40
40
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -44,13 +44,13 @@ export declare const enrichmentAgent: Agent<"enrichment-agent", {
44
44
  methodCode: string;
45
45
  }, {
46
46
  sinks: {
47
+ confidence: number;
48
+ reasoning: string;
49
+ type: string;
47
50
  line: number;
48
51
  method: string;
49
- type: string;
50
52
  cwe: string;
51
53
  argPositions: number[];
52
- confidence: number;
53
- reasoning: string;
54
54
  }[];
55
55
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
56
56
  }, undefined, unknown>;
@@ -74,9 +74,9 @@ export declare const verificationAgent: Agent<"verification-agent", {
74
74
  sinkType: string;
75
75
  sanitizersInPath: string[];
76
76
  }, {
77
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
78
77
  confidence: number;
79
78
  reasoning: string;
79
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
80
80
  exploitability: "high" | "medium" | "low" | "none";
81
81
  sanitizersFound: string[];
82
82
  attackVector: string;
@@ -100,13 +100,13 @@ export declare const crossFileAgent: Agent<"cross-file-agent", {
100
100
  targetCode: string;
101
101
  importedSymbols: string[];
102
102
  }, {
103
- taintFlows: Array<{
103
+ reasoning: string;
104
+ taintFlows: {
105
+ confidence: number;
104
106
  sourceSymbol: string;
105
107
  targetSymbol: string;
106
108
  flowType: "direct" | "transitive" | "conditional";
107
- confidence: number;
108
- }>;
109
- reasoning: string;
109
+ }[];
110
110
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
111
111
  }, undefined, unknown>;
112
112
  /**
@@ -133,11 +133,11 @@ export declare const orchestratorAgent: Agent<"orchestrator-agent", {
133
133
  methodCode: string;
134
134
  }, {
135
135
  sources: {
136
- line: number;
137
- variable: string;
138
- type: string;
139
136
  confidence: number;
140
137
  reasoning: string;
138
+ type: string;
139
+ line: number;
140
+ variable: string;
141
141
  }[];
142
142
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
143
143
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -147,13 +147,13 @@ export declare const orchestratorAgent: Agent<"orchestrator-agent", {
147
147
  methodCode: string;
148
148
  }, {
149
149
  sinks: {
150
+ confidence: number;
151
+ reasoning: string;
152
+ type: string;
150
153
  line: number;
151
154
  method: string;
152
- type: string;
153
155
  cwe: string;
154
156
  argPositions: number[];
155
- confidence: number;
156
- reasoning: string;
157
157
  }[];
158
158
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
159
159
  verifyVulnerability: import("@mastra/core/tools").Tool<{
@@ -169,9 +169,9 @@ export declare const orchestratorAgent: Agent<"orchestrator-agent", {
169
169
  sinkType: string;
170
170
  sanitizersInPath: string[];
171
171
  }, {
172
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
173
172
  confidence: number;
174
173
  reasoning: string;
174
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
175
175
  exploitability: "high" | "medium" | "low" | "none";
176
176
  sanitizersFound: string[];
177
177
  attackVector: string;
@@ -188,13 +188,13 @@ export declare const orchestratorAgent: Agent<"orchestrator-agent", {
188
188
  targetCode: string;
189
189
  importedSymbols: string[];
190
190
  }, {
191
- taintFlows: Array<{
191
+ reasoning: string;
192
+ taintFlows: {
193
+ confidence: number;
192
194
  sourceSymbol: string;
193
195
  targetSymbol: string;
194
196
  flowType: "direct" | "transitive" | "conditional";
195
- confidence: number;
196
- }>;
197
- reasoning: string;
197
+ }[];
198
198
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
199
199
  }, undefined, unknown>;
200
200
  export declare const agents: {
@@ -217,11 +217,11 @@ export declare const agents: {
217
217
  methodCode: string;
218
218
  }, {
219
219
  sources: {
220
- line: number;
221
- variable: string;
222
- type: string;
223
220
  confidence: number;
224
221
  reasoning: string;
222
+ type: string;
223
+ line: number;
224
+ variable: string;
225
225
  }[];
226
226
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
227
227
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -231,13 +231,13 @@ export declare const agents: {
231
231
  methodCode: string;
232
232
  }, {
233
233
  sinks: {
234
+ confidence: number;
235
+ reasoning: string;
236
+ type: string;
234
237
  line: number;
235
238
  method: string;
236
- type: string;
237
239
  cwe: string;
238
240
  argPositions: number[];
239
- confidence: number;
240
- reasoning: string;
241
241
  }[];
242
242
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
243
243
  }, undefined, unknown>;
@@ -255,9 +255,9 @@ export declare const agents: {
255
255
  sinkType: string;
256
256
  sanitizersInPath: string[];
257
257
  }, {
258
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
259
258
  confidence: number;
260
259
  reasoning: string;
260
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
261
261
  exploitability: "high" | "medium" | "low" | "none";
262
262
  sanitizersFound: string[];
263
263
  attackVector: string;
@@ -276,13 +276,13 @@ export declare const agents: {
276
276
  targetCode: string;
277
277
  importedSymbols: string[];
278
278
  }, {
279
- taintFlows: Array<{
279
+ reasoning: string;
280
+ taintFlows: {
281
+ confidence: number;
280
282
  sourceSymbol: string;
281
283
  targetSymbol: string;
282
284
  flowType: "direct" | "transitive" | "conditional";
283
- confidence: number;
284
- }>;
285
- reasoning: string;
285
+ }[];
286
286
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
287
287
  }, undefined, unknown>;
288
288
  orchestrator: Agent<"orchestrator-agent", {
@@ -304,11 +304,11 @@ export declare const agents: {
304
304
  methodCode: string;
305
305
  }, {
306
306
  sources: {
307
- line: number;
308
- variable: string;
309
- type: string;
310
307
  confidence: number;
311
308
  reasoning: string;
309
+ type: string;
310
+ line: number;
311
+ variable: string;
312
312
  }[];
313
313
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
314
314
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -318,13 +318,13 @@ export declare const agents: {
318
318
  methodCode: string;
319
319
  }, {
320
320
  sinks: {
321
+ confidence: number;
322
+ reasoning: string;
323
+ type: string;
321
324
  line: number;
322
325
  method: string;
323
- type: string;
324
326
  cwe: string;
325
327
  argPositions: number[];
326
- confidence: number;
327
- reasoning: string;
328
328
  }[];
329
329
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
330
330
  verifyVulnerability: import("@mastra/core/tools").Tool<{
@@ -340,9 +340,9 @@ export declare const agents: {
340
340
  sinkType: string;
341
341
  sanitizersInPath: string[];
342
342
  }, {
343
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
344
343
  confidence: number;
345
344
  reasoning: string;
345
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
346
346
  exploitability: "high" | "medium" | "low" | "none";
347
347
  sanitizersFound: string[];
348
348
  attackVector: string;
@@ -359,13 +359,13 @@ export declare const agents: {
359
359
  targetCode: string;
360
360
  importedSymbols: string[];
361
361
  }, {
362
- taintFlows: Array<{
362
+ reasoning: string;
363
+ taintFlows: {
364
+ confidence: number;
363
365
  sourceSymbol: string;
364
366
  targetSymbol: string;
365
367
  flowType: "direct" | "transitive" | "conditional";
366
- confidence: number;
367
- }>;
368
- reasoning: string;
368
+ }[];
369
369
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
370
370
  }, undefined, unknown>;
371
371
  };
package/dist/agents/mastra/instance.d.ts CHANGED
@@ -39,11 +39,11 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
39
39
  methodCode: string;
40
40
  }, {
41
41
  sources: {
42
- line: number;
43
- variable: string;
44
- type: string;
45
42
  confidence: number;
46
43
  reasoning: string;
44
+ type: string;
45
+ line: number;
46
+ variable: string;
47
47
  }[];
48
48
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
49
49
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -53,13 +53,13 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
53
53
  methodCode: string;
54
54
  }, {
55
55
  sinks: {
56
+ confidence: number;
57
+ reasoning: string;
58
+ type: string;
56
59
  line: number;
57
60
  method: string;
58
- type: string;
59
61
  cwe: string;
60
62
  argPositions: number[];
61
- confidence: number;
62
- reasoning: string;
63
63
  }[];
64
64
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
65
65
  }, undefined, unknown>;
@@ -77,9 +77,9 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
77
77
  sinkType: string;
78
78
  sanitizersInPath: string[];
79
79
  }, {
80
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
81
80
  confidence: number;
82
81
  reasoning: string;
82
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
83
83
  exploitability: "high" | "medium" | "low" | "none";
84
84
  sanitizersFound: string[];
85
85
  attackVector: string;
@@ -98,13 +98,13 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
98
98
  targetCode: string;
99
99
  importedSymbols: string[];
100
100
  }, {
101
- taintFlows: Array<{
101
+ reasoning: string;
102
+ taintFlows: {
103
+ confidence: number;
102
104
  sourceSymbol: string;
103
105
  targetSymbol: string;
104
106
  flowType: "direct" | "transitive" | "conditional";
105
- confidence: number;
106
- }>;
107
- reasoning: string;
107
+ }[];
108
108
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
109
109
  }, undefined, unknown>;
110
110
  orchestrator: import("@mastra/core/agent").Agent<"orchestrator-agent", {
@@ -126,11 +126,11 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
126
126
  methodCode: string;
127
127
  }, {
128
128
  sources: {
129
- line: number;
130
- variable: string;
131
- type: string;
132
129
  confidence: number;
133
130
  reasoning: string;
131
+ type: string;
132
+ line: number;
133
+ variable: string;
134
134
  }[];
135
135
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
136
136
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -140,13 +140,13 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
140
140
  methodCode: string;
141
141
  }, {
142
142
  sinks: {
143
+ confidence: number;
144
+ reasoning: string;
145
+ type: string;
143
146
  line: number;
144
147
  method: string;
145
- type: string;
146
148
  cwe: string;
147
149
  argPositions: number[];
148
- confidence: number;
149
- reasoning: string;
150
150
  }[];
151
151
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
152
152
  verifyVulnerability: import("@mastra/core/tools").Tool<{
@@ -162,9 +162,9 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
162
162
  sinkType: string;
163
163
  sanitizersInPath: string[];
164
164
  }, {
165
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
166
165
  confidence: number;
167
166
  reasoning: string;
167
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
168
168
  exploitability: "high" | "medium" | "low" | "none";
169
169
  sanitizersFound: string[];
170
170
  attackVector: string;
@@ -181,16 +181,16 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
181
181
  targetCode: string;
182
182
  importedSymbols: string[];
183
183
  }, {
184
- taintFlows: Array<{
184
+ reasoning: string;
185
+ taintFlows: {
186
+ confidence: number;
185
187
  sourceSymbol: string;
186
188
  targetSymbol: string;
187
189
  flowType: "direct" | "transitive" | "conditional";
188
- confidence: number;
189
- }>;
190
- reasoning: string;
190
+ }[];
191
191
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
192
192
  }, undefined, unknown>;
193
- }, Record<string, import("@mastra/core/workflows").Workflow<any, any, any, any, any, any, any, unknown>>, Record<string, import("@mastra/core/vector").MastraVector<any>>, Record<string, import("@mastra/core/tts").MastraTTS>, import("@mastra/core/logger").IMastraLogger, Record<string, import("@mastra/core/mcp").MCPServerBase<any>>, Record<string, import("@mastra/core/evals").MastraScorer<any, any, any, any>>, Record<string, import("@mastra/core/tools").ToolAction<any, any, any, any, any, any, unknown>>, Record<string, import("@mastra/core/processors").Processor<any, unknown>>, Record<string, import("@mastra/core/memory").MastraMemory>>;
193
+ }, Record<string, import("@mastra/core/workflows").AnyWorkflow>, Record<string, import("@mastra/core/vector").MastraVector<any>>, Record<string, import("@mastra/core/tts").MastraTTS>, import("@mastra/core/logger").IMastraLogger, Record<string, import("@mastra/core/mcp").MCPServerBase<any>>, Record<string, import("@mastra/core/evals").MastraScorer<any, any, any, any>>, Record<string, import("@mastra/core/tools").ToolAction<any, any, any, any, any, any, unknown>>, Record<string, import("@mastra/core/processors").Processor<any, unknown>>, Record<string, import("@mastra/core/memory").MastraMemory>>;
194
194
  agents: {
195
195
  enrichment: import("@mastra/core/agent").Agent<"enrichment-agent", {
196
196
  classifyRole: import("@mastra/core/tools").Tool<{
@@ -211,11 +211,11 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
211
211
  methodCode: string;
212
212
  }, {
213
213
  sources: {
214
- line: number;
215
- variable: string;
216
- type: string;
217
214
  confidence: number;
218
215
  reasoning: string;
216
+ type: string;
217
+ line: number;
218
+ variable: string;
219
219
  }[];
220
220
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
221
221
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -225,13 +225,13 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
225
225
  methodCode: string;
226
226
  }, {
227
227
  sinks: {
228
+ confidence: number;
229
+ reasoning: string;
230
+ type: string;
228
231
  line: number;
229
232
  method: string;
230
- type: string;
231
233
  cwe: string;
232
234
  argPositions: number[];
233
- confidence: number;
234
- reasoning: string;
235
235
  }[];
236
236
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
237
237
  }, undefined, unknown>;
@@ -249,9 +249,9 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
249
249
  sinkType: string;
250
250
  sanitizersInPath: string[];
251
251
  }, {
252
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
253
252
  confidence: number;
254
253
  reasoning: string;
254
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
255
255
  exploitability: "high" | "medium" | "low" | "none";
256
256
  sanitizersFound: string[];
257
257
  attackVector: string;
@@ -270,13 +270,13 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
270
270
  targetCode: string;
271
271
  importedSymbols: string[];
272
272
  }, {
273
- taintFlows: Array<{
273
+ reasoning: string;
274
+ taintFlows: {
275
+ confidence: number;
274
276
  sourceSymbol: string;
275
277
  targetSymbol: string;
276
278
  flowType: "direct" | "transitive" | "conditional";
277
- confidence: number;
278
- }>;
279
- reasoning: string;
279
+ }[];
280
280
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
281
281
  }, undefined, unknown>;
282
282
  orchestrator: import("@mastra/core/agent").Agent<"orchestrator-agent", {
@@ -298,11 +298,11 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
298
298
  methodCode: string;
299
299
  }, {
300
300
  sources: {
301
- line: number;
302
- variable: string;
303
- type: string;
304
301
  confidence: number;
305
302
  reasoning: string;
303
+ type: string;
304
+ line: number;
305
+ variable: string;
306
306
  }[];
307
307
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sources", unknown>;
308
308
  discoverSinks: import("@mastra/core/tools").Tool<{
@@ -312,13 +312,13 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
312
312
  methodCode: string;
313
313
  }, {
314
314
  sinks: {
315
+ confidence: number;
316
+ reasoning: string;
317
+ type: string;
315
318
  line: number;
316
319
  method: string;
317
- type: string;
318
320
  cwe: string;
319
321
  argPositions: number[];
320
- confidence: number;
321
- reasoning: string;
322
322
  }[];
323
323
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "discover-sinks", unknown>;
324
324
  verifyVulnerability: import("@mastra/core/tools").Tool<{
@@ -334,9 +334,9 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
334
334
  sinkType: string;
335
335
  sanitizersInPath: string[];
336
336
  }, {
337
- verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
338
337
  confidence: number;
339
338
  reasoning: string;
339
+ verdict: "TRUE_POSITIVE" | "FALSE_POSITIVE" | "UNCERTAIN";
340
340
  exploitability: "high" | "medium" | "low" | "none";
341
341
  sanitizersFound: string[];
342
342
  attackVector: string;
@@ -353,13 +353,13 @@ export declare function createMastraInstance(options?: MastraInstanceOptions): {
353
353
  targetCode: string;
354
354
  importedSymbols: string[];
355
355
  }, {
356
- taintFlows: Array<{
356
+ reasoning: string;
357
+ taintFlows: {
358
+ confidence: number;
357
359
  sourceSymbol: string;
358
360
  targetSymbol: string;
359
361
  flowType: "direct" | "transitive" | "conditional";
360
- confidence: number;
361
- }>;
362
- reasoning: string;
362
+ }[];
363
363
  }, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown, unknown>, "cross-file-taint", unknown>;
364
364
  }, undefined, unknown>;
365
365
  };