circle-ir-ai 2.12.5 → 2.13.2

package/dist/security-scan/source-classifier.js

@@ -0,0 +1,328 @@
+/**
+ * Source classification gate (cognium-ai#110).
+ *
+ * Deterministic, AST-based pre-classification of a taint source into a
+ * trust-boundary category. Drives the severity gate in
+ * `runReport` — replaces the "any LLM-verified pair becomes critical"
+ * default with a context-aware promotion.
+ *
+ * # Why
+ *
+ * Top-20 Java OSS harness on circle-ir-ai 2.12.4 surfaced 18 critical
+ * findings — 14 had the same calibration smell: the LLM verifier
+ * returned `llm_verified: true, llm_confidence: 0.8` on a sink
+ * reachable only from a framework-internal source (Object `target`
+ * plugin arg, MyBatis SPI lifecycle param, etc.). Pattern-based
+ * suppression (#109 / 2.12.6 / #111) is reactive. This module is the
+ * root-cause fix: classify the source first; only TRUST_BOUNDARY
+ * sources can drive a critical finding.
+ *
+ * # Classification
+ *
+ * - **TRUST_BOUNDARY** — HTTP request param/body/header/path,
+ *   `HttpServletRequest`, JAX-RS / Spring controller annotated params,
+ *   Servlet `Filter.doFilter` request arg.
+ * - **CONFIG** — values from `application.properties` / `.yml`,
+ *   env vars, system properties, config-file readers. Tainted in
+ *   theory but operator-controlled; cap at medium.
+ * - **FRAMEWORK_INTERNAL** — method parameter inside a class
+ *   implementing a framework SPI (MyBatis `Interceptor` /
+ *   `InnerInterceptor` / `Executor`, AOP, plugin lifecycle). No
+ *   trust boundary crossed; drop.
+ * - **LIBRARY_API** — public-API method parameter on a library
+ *   utility class with no controller annotations. Caller validates;
+ *   cap at medium.
+ * - **UNKNOWN** — fallback when nothing matches. Preserves existing
+ *   severity behavior (more conservative than the issue spec, which
+ *   says drop — but the harness evidence is dominated by the four
+ *   classified buckets and dropping UNKNOWN risks recall loss on
+ *   cases the classifier hasn't been trained on yet).
+ *
+ * # Reference
+ *
+ * - cognium-ai#110 (this issue) — root cause / source-classification gate.
+ * - cognium-ai#109 — assertion utility pattern suppression (shipped 2.12.5).
+ * - circle-ir-ai 2.12.6 — MyBatis SPI pattern suppression.
+ * - circle-ir-ai 2.12.7 / #111 — class-aware MyBatis Interceptor suppression.
+ */
+// ---------------------------------------------------------------------------
+// Pattern tables
+// ---------------------------------------------------------------------------
+/**
+ * Source `type` field semantic categories that map directly to a trust
+ * boundary regardless of surrounding AST context. circle-ir's taint
+ * sources are pre-categorized by the engine; when the type is already
+ * one of these, classification is unambiguous.
+ */
+const TRUST_BOUNDARY_SOURCE_TYPES = new Set([
+    'http_param',
+    'http_body',
+    'http_header',
+    'http_cookie',
+    'http_path',
+    'user_input',
+    'external_input',
+    'http_request',
+    'request_param',
+    'request_body',
+]);
+/**
+ * Annotations on the enclosing method's parameters that mark a
+ * trust-boundary source — even when the source-line code itself
+ * doesn't include the annotation (e.g. the source is a usage of the
+ * parameter several lines after the method declaration).
+ */
+const TRUST_BOUNDARY_ANNOTATIONS = [
+    // Spring MVC / WebFlux
+    'RequestParam',
+    'RequestBody',
+    'RequestHeader',
+    'PathVariable',
+    'RequestPart',
+    'CookieValue',
+    'ModelAttribute',
+    'MatrixVariable',
+    // JAX-RS
+    'QueryParam',
+    'FormParam',
+    'HeaderParam',
+    'PathParam',
+    'CookieParam',
+    'MatrixParam',
+    'BeanParam',
+];
+/**
+ * Annotations on the enclosing class that mark it as an HTTP entry
+ * point. When the class is a controller, any parameter on its
+ * handler methods is a trust-boundary candidate even if the
+ * parameter itself isn't annotated (some frameworks bind by name).
+ */
+const CONTROLLER_CLASS_ANNOTATIONS = new Set([
+    'Controller',
+    'RestController',
+    'Path', // JAX-RS
+    'WebServlet',
+]);
+/**
+ * Framework SPI interfaces — when the enclosing class implements one
+ * of these, every method parameter is framework-internal plumbing,
+ * not a trust-boundary crossing.
+ */
+const FRAMEWORK_SPI_INTERFACES = new Set([
+    // MyBatis core
+    'Interceptor',
+    'Executor',
+    'StatementHandler',
+    'ParameterHandler',
+    'ResultSetHandler',
+    // MyBatis Plus
+    'InnerInterceptor',
+    // Spring AOP / lifecycle
+    'BeanFactoryAware',
+    'ApplicationContextAware',
+    'InitializingBean',
+    'DisposableBean',
+    'MethodInterceptor', // AOP Alliance
+    // Servlet filter chain
+    'Filter',
+    'FilterChain',
+    // Spring HandlerInterceptor
+    'HandlerInterceptor',
+    'AsyncHandlerInterceptor',
+]);
+/**
+ * Variable names that signal a framework-internal plugin / SPI source.
+ * Plugin patterns canonically use `target` / `invocation` / `chain` /
+ * `joinPoint` — when the source variable is one of these, the source
+ * is almost certainly framework plumbing.
+ */
+const FRAMEWORK_INTERNAL_VAR_NAMES = new Set([
+    'target',
+    'invocation',
+    'joinPoint',
+    'pjp',
+    'chain',
+    'filterChain',
+    'methodInvocation',
+]);
+/**
+ * Code patterns that signal a CONFIG source — values read from
+ * configuration / properties / environment / system properties.
+ */
+const CONFIG_PATTERNS = [
+    /\bSystem\s*\.\s*getProperty\s*\(/,
+    /\bSystem\s*\.\s*getenv\s*\(/,
+    /\bgetEnvironment\s*\(\s*\)\s*\.\s*getProperty/,
+    /@Value\s*\(/,
+    /\bConfigurationProperties\b/,
+    /\bgetConfiguration\s*\(/,
+    // Spring Environment / PropertyResolver
+    /\benvironment\s*\.\s*get(Property|RequiredProperty)\s*\(/,
+    // Apache Commons Configuration
+    /\bgetConfig\s*\(\s*\)\s*\.\s*get(String|Int|Long|Boolean)\s*\(/,
+];
+/**
+ * Find the innermost class (and method, if any) containing the given line.
+ * Returns `{type, method}` — either field may be undefined when the line
+ * isn't inside any tracked scope (top-level statements, missing TypeInfo).
+ */
+export function findEnclosingScope(types, line) {
+    if (!types || !line || !Number.isFinite(line))
+        return {};
+    let bestType;
+    let bestMethod;
+    for (const t of types) {
+        if (line < t.start_line || line > t.end_line)
+            continue;
+        // Narrowest enclosing wins (nested classes).
+        if (!bestType ||
+            (t.end_line - t.start_line) < (bestType.end_line - bestType.start_line)) {
+            bestType = t;
+        }
+    }
+    if (bestType?.methods) {
+        for (const m of bestType.methods) {
+            if (line < m.start_line || line > m.end_line)
+                continue;
+            if (!bestMethod ||
+                (m.end_line - m.start_line) < (bestMethod.end_line - bestMethod.start_line)) {
+                bestMethod = m;
+            }
+        }
+    }
+    return { type: bestType, method: bestMethod };
+}
+/**
+ * Returns true if any annotation in `annotations` matches one of the
+ * `targets` (simple name, case-sensitive). Tolerates the
+ * `@Annotation(...)` and `Annotation` forms and ignores generic
+ * parameters.
+ */
+function annotationsInclude(annotations, targets) {
+    if (!annotations || annotations.length === 0)
+        return false;
+    const set = targets instanceof Set ? targets : new Set(targets);
+    for (const raw of annotations) {
+        // Strip leading `@` and any `(args)` / `<generics>` suffix.
+        const simple = raw
+            .replace(/^@/, '')
+            .replace(/[<(].*$/, '')
+            .trim();
+        if (set.has(simple))
+            return true;
+    }
+    return false;
+}
+// ---------------------------------------------------------------------------
+// Classifier
+// ---------------------------------------------------------------------------
+/**
+ * Classify a taint source against the trust-boundary taxonomy.
+ *
+ * Cheap, deterministic. Order matters: trust-boundary signal beats
+ * framework-internal signal (an annotated `@RequestParam` inside a
+ * controller class is a real HTTP source even if the controller itself
+ * registers as an interceptor somewhere).
+ */
+export function classifySource(source, types) {
+    if (!source)
+        return 'UNKNOWN';
+    // ---- Signal 1: source type tag (cheapest, most specific) ------------
+    const sourceType = (source.type ?? '').toString();
+    if (TRUST_BOUNDARY_SOURCE_TYPES.has(sourceType))
+        return 'TRUST_BOUNDARY';
+    // ---- Signal 2: AST context — enclosing class + method ---------------
+    const scope = findEnclosingScope(types, source.line);
+    const enclosingType = scope.type;
+    const enclosingMethod = scope.method;
+    // 2a. Controller class — handler params are trust-boundary even when
+    //     not individually annotated.
+    if (enclosingType &&
+        annotationsInclude(enclosingType.annotations, CONTROLLER_CLASS_ANNOTATIONS)) {
+        // If the source variable matches a method parameter, it's the
+        // HTTP-bound param. (We don't require annotation match because some
+        // frameworks bind by name on Controller-annotated classes.)
+        if (enclosingMethod && source.variable) {
+            const param = enclosingMethod.parameters?.find((p) => p.name === source.variable);
+            if (param)
+                return 'TRUST_BOUNDARY';
+        }
+    }
+    // 2b. Method parameter annotation — direct match.
+    if (enclosingMethod && source.variable) {
+        const param = enclosingMethod.parameters?.find((p) => p.name === source.variable);
+        if (param && annotationsInclude(param.annotations, TRUST_BOUNDARY_ANNOTATIONS)) {
+            return 'TRUST_BOUNDARY';
+        }
+    }
+    // ---- Signal 3: framework SPI class --------------------------------
+    // Once we've ruled out a trust-boundary above, an SPI class means
+    // every internal source is plumbing, not user input.
+    if (enclosingType) {
+        const implementsList = enclosingType.implements ?? [];
+        for (const impl of implementsList) {
+            const simple = impl.replace(/<.*$/, '').trim();
+            if (FRAMEWORK_SPI_INTERFACES.has(simple))
+                return 'FRAMEWORK_INTERNAL';
+        }
+    }
+    // ---- Signal 4: variable-name plugin convention ---------------------
+    if (source.variable && FRAMEWORK_INTERNAL_VAR_NAMES.has(source.variable)) {
+        return 'FRAMEWORK_INTERNAL';
+    }
+    // ---- Signal 5: code-pattern CONFIG --------------------------------
+    const code = (source.code ?? '').toString();
+    if (code) {
+        for (const re of CONFIG_PATTERNS) {
+            if (re.test(code))
+                return 'CONFIG';
+        }
+    }
+    // ---- Signal 6: LIBRARY_API fallback for plain method params -------
+    // If we found an enclosing method + matching parameter but the param
+    // has no annotation and the class isn't a controller / SPI, treat
+    // the source as a library-API surface.
+    if (enclosingMethod && source.variable) {
+        const param = enclosingMethod.parameters?.find((p) => p.name === source.variable);
+        if (param)
+            return 'LIBRARY_API';
+    }
+    return 'UNKNOWN';
+}
+// ---------------------------------------------------------------------------
+// Severity gate
+// ---------------------------------------------------------------------------
+/**
+ * Apply the classification gate to a proposed severity. Returns either
+ * the (possibly-capped) severity or `null` to indicate the finding
+ * should be dropped entirely.
+ *
+ * Rules:
+ * - `TRUST_BOUNDARY` — pass through (allow critical).
+ * - `CONFIG`, `LIBRARY_API` — cap at `medium` (operator/library-author
+ *   owned, not directly exploitable from an outside attacker).
+ * - `FRAMEWORK_INTERNAL` — drop (no trust boundary crossed).
+ * - `UNKNOWN` — pass through (preserve recall; the issue spec would
+ *   drop here, but harness evidence is dominated by the four
+ *   classified buckets; UNKNOWN as a drop risks regressions on
+ *   pattern-only static sources without AST context).
+ */
+export function applyClassificationGate(classification, proposedSeverity) {
+    switch (classification) {
+        case 'FRAMEWORK_INTERNAL':
+            return null;
+        case 'CONFIG':
+        case 'LIBRARY_API':
+            return capAtMedium(proposedSeverity);
+        case 'TRUST_BOUNDARY':
+        case 'UNKNOWN':
+        default:
+            return proposedSeverity;
+    }
+}
+function capAtMedium(severity) {
+    if (severity === 'critical' || severity === 'high')
+        return 'medium';
+    return severity;
+}
+//# sourceMappingURL=source-classifier.js.map

package/dist/security-scan/source-classifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"source-classifier.js","sourceRoot":"","sources":["../../src/security-scan/source-classifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8CG;AA6CH,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,2BAA2B,GAAG,IAAI,GAAG,CAAC;IAC1C,YAAY;IACZ,WAAW;IACX,aAAa;IACb,aAAa;IACb,WAAW;IACX,YAAY;IACZ,gBAAgB;IAChB,cAAc;IACd,eAAe;IACf,cAAc;CACf,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,0BAA0B,GAAG;IACjC,uBAAuB;IACvB,cAAc;IACd,aAAa;IACb,eAAe;IACf,cAAc;IACd,aAAa;IACb,aAAa;IACb,gBAAgB;IAChB,gBAAgB;IAChB,SAAS;IACT,YAAY;IACZ,WAAW;IACX,aAAa;IACb,WAAW;IACX,aAAa;IACb,aAAa;IACb,WAAW;CACZ,CAAC;AAEF;;;;;GAKG;AACH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,YAAY;IACZ,gBAAgB;IAChB,MAAM,EAAE,SAAS;IACjB,YAAY;CACb,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,eAAe;IACf,aAAa;IACb,UAAU;IACV,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;IAClB,eAAe;IACf,kBAAkB;IAClB,yBAAyB;IACzB,kBAAkB;IAClB,yBAAyB;IACzB,kBAAkB;IAClB,gBAAgB;IAChB,mBAAmB,EAAE,eAAe;IACpC,uBAAuB;IACvB,QAAQ;IACR,aAAa;IACb,4BAA4B;IAC5B,oBAAoB;IACpB,yBAAyB;CAC1B,CAAC,CAAC;AAEH;;;;;GAKG;AACH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,QAAQ;IACR,YAAY;IACZ,WAAW;IACX,KAAK;IACL,OAAO;IACP,aAAa;IACb,kBAAkB;CACnB,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,eAAe,GAAa;IAChC,kCAAkC;IAClC,6BAA6B;IAC7B,+CAA+C;IAC/C,aAAa;IACb,6BAA6B;IAC7B,yBAAyB;IACzB,wCAAwC;IACxC,0DAA0D;IAC1D,+BAA+B;IAC/B,gEAAgE;CACjE,CAAC;AAWF;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAkD,EAClD,IAA+B;IAE/B,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACzD,IAAI,QAA+B,CAAC;IACpC,IAAI,UAAmC,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,IAAI,GAAG,CAAC,CAAC,UAAU,IAAI,IAAI,GAAG,CAAC,CAAC,QAAQ;YAAE,SAAS;QACvD,6CAA6C;QAC7C,IACE,CAAC,QAAQ;YACT,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC,UAAU,CAAC,EACvE,CAAC;YACD,QAAQ,GAAG,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IACD,IAAI,QAAQ,EAAE,OAAO,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,IAAI,GAAG,CAAC,CAAC,UAAU,IAAI,IAAI,GAAG,CAAC,CAAC,QAAQ;gBAAE,SAAS;YACvD,IACE,CAAC,UAAU;gBACX,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,EAC3E,CAAC;gBACD,UAAU,GAAG,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AAChD,CAAC;AAED;;;;;GAKG;AACH,SAAS,kBAAkB,CACzB,WAA8C,EAC9C,OAAyB;IAEzB,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3D,MAAM,GAAG,GAAG,OAAO,YAAY,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAChE,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,4DAA4D;QAC5D,MAAM,MAAM,GAAG,GAAG;aACf,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;aACjB,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;aACtB,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC;YAAE,OAAO,IAAI,CAAC;IACnC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAsC,EACtC,KAAuC;IAEvC,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAE9B,wEAAwE;IACxE,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;IAClD,IAAI,2BAA2B,CAAC,GAAG,CAAC,UAAU,CAAC;QAAE,OAAO,gBAAgB,CAAC;IAEzE,wEAAwE;IACxE,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC;IACjC,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,CAAC;IAErC,qEAAqE;IACrE,kCAAkC;IAClC,IACE,aAAa;QACb,kBAAkB,CAAC,aAAa,CAAC,WAAW,EAAE,4BAA4B,CAAC,EAC3E,CAAC;QACD,8DAA8D;QAC9D,oEAAoE;QACpE,4DAA4D;QAC5D,IAAI,eAAe,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,KAAK,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClF,IAAI,KAAK;gBAAE,OAAO,gBAAgB,CAAC;QACrC,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,IAAI,eAAe,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClF,IAAI,KAAK,IAAI,kBAAkB,CAAC,KAAK,CAAC,WAAW,EAAE,0BAA0B,CAAC,EAAE,CAAC;YAC/E,OAAO,gBAAgB,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,kEAAkE;IAClE,qDAAqD;IACrD,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,cAAc,GAAG,aAAa,CAAC,UAAU,IAAI,EAAE,CAAC;QACtD,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC/C,IAAI,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO,oBAAoB,CAAC;QACxE,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,IAAI,MAAM,CAAC,QAAQ,IAAI,4BAA4B,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzE,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,sEAAsE;IACtE,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5C,IAAI,IAAI,EAAE,CAAC;QACT,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;YACjC,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,QAAQ,CAAC;QACrC,CAAC;IACH,CAAC;IAED,sEAAsE;IACtE,qEAAqE;IACrE,kEAAkE;IAClE,uCAAuC;IACvC,IAAI,eAAe,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,eAAe,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClF,IAAI,KAAK;YAAE,OAAO,aAAa,CAAC;IAClC,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,uBAAuB,CACrC,cAAoC,EACpC,gBAAwB;IAExB,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,oBAAoB;YACvB,OAAO,IAAI,CAAC;QACd,KAAK,QAAQ,CAAC;QACd,KAAK,aAAa;YAChB,OAAO,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACvC,KAAK,gBAAgB,CAAC;QACtB,KAAK,SAAS,CAAC;QACf;YACE,OAAO,gBAAgB,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,IAAI,QAAQ,KAAK,UAAU,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,QAAQ,CAAC;IACpE,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "circle-ir-ai",
-  "version": "2.12.5",
+  "version": "2.13.2",
   "description": "LLM-enhanced SAST analysis built on circle-ir",
   "main": "dist/index.js",
   "module": "dist/index.js",
@@ -95,7 +95,7 @@
   "dependencies": {
     "@ax-llm/ax": "^20.0.0",
     "@mastra/core": "^1.18.0",
-    "circle-ir": "3.82.0",
+    "circle-ir": "3.85.0",
     "minimatch": "^10.2.5",
     "p-queue": "^9.1.0"
   },