npm - circle-ir-ai - Versions diffs - 2.5.5 → 2.5.6 - Mend

circle-ir-ai 2.5.5 → 2.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,39 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.5.6] - 2026-05-02
+### Fixed
+- **#27: `cluster` Phase 2 returned HTTP 404 on Ollama / OpenAI /
+  GitHub Models because `LLM_COMPONENT_MODEL` defaulted to a
+  cognium-proxy-only model.** Users setting only the canonical
+  `LLM_ENRICHMENT_MODEL` env var (e.g. `LLM_ENRICHMENT_MODEL=
+  llama3.2:3b`) found that the verification + componentEnrichment
+  phases ignored it and fell through to `cognium/gpt-oss-120b`,
+  which Ollama / OpenAI / GitHub Models all return 404 on. Phase 1
+  failed silently per-component (caught + static fallback). Phase 2
+  failed loudly with `LLM call failed: HTTP 404` and
+  `Component clustering failed: Empty response from LLM`, leaving
+  every component named `<module>` with `utility` role.
+  Fix: `getDefaultLLMConfig()` now treats `LLM_ENRICHMENT_MODEL` as
+  the universal default. `LLM_COMPONENT_MODEL` and
+  `LLM_VERIFICATION_MODEL` still override it when set, but fall
+  back to `LLM_ENRICHMENT_MODEL` (then to the cognium-proxy
+  default) when not.
+  ```bash
+  # Before: only LLM_ENRICHMENT_MODEL was honored by phase 1
+  # After:  same env var honored across all 3 LLM phases
+  export LLM_ENRICHMENT_MODEL=llama3.2:3b
+  cognium-ai cluster .   # phase 2 now reaches Ollama too
+  ```
+  Same root cause as #21 (which fixed cognium-ai's `generate-spec`
+  CLI to fall back through `--llm-model` → `LLM_ENRICHMENT_MODEL`).
+  This fix completes the engine-side companion.
 ## [2.5.5] - 2026-05-02
 ### Fixed

package/dist/llm/config.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/llm/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IAEf,MAAM,EAAE;QACN,UAAU,EAAE,WAAW,CAAC;QACxB,YAAY,EAAE,WAAW,CAAC;QAC1B,mBAAmB,EAAE,WAAW,CAAC;KAClC,CAAC;IAGF,UAAU,EAAE;QACV,wBAAwB,EAAE,OAAO,CAAC;QAClC,qBAAqB,EAAE,OAAO,CAAC;QAC/B,wBAAwB,EAAE,OAAO,CAAC;QAClC,oBAAoB,EAAE,MAAM,CAAC;QAC7B,mBAAmB,EAAE,MAAM,CAAC;KAC7B,CAAC;IAGF,YAAY,EAAE;QACZ,mBAAmB,EAAE,OAAO,CAAC;QAC7B,qBAAqB,EAAE,OAAO,CAAC;KAChC,CAAC;CACH;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,SAAS,~~CA8D~~/C;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAiC,CAAC;AAEjE;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAazD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CA0BzE"}
1	+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/llm/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IAEf,MAAM,EAAE;QACN,UAAU,EAAE,WAAW,CAAC;QACxB,YAAY,EAAE,WAAW,CAAC;QAC1B,mBAAmB,EAAE,WAAW,CAAC;KAClC,CAAC;IAGF,UAAU,EAAE;QACV,wBAAwB,EAAE,OAAO,CAAC;QAClC,qBAAqB,EAAE,OAAO,CAAC;QAC/B,wBAAwB,EAAE,OAAO,CAAC;QAClC,oBAAoB,EAAE,MAAM,CAAC;QAC7B,mBAAmB,EAAE,MAAM,CAAC;KAC7B,CAAC;IAGF,YAAY,EAAE;QACZ,mBAAmB,EAAE,OAAO,CAAC;QAC7B,qBAAqB,EAAE,OAAO,CAAC;KAChC,CAAC;CACH;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,SAAS,CAqE/C;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAiC,CAAC;AAEjE;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAazD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CA0BzE"}

package/dist/llm/config.js CHANGED Viewed

@@ -21,13 +21,19 @@ export function getDefaultLLMConfig() {
     const timeoutMs = Number.isFinite(envTimeoutMs) && envTimeoutMs > 0
         ? envTimeoutMs
         : 60000;
+    // #27: when only LLM_ENRICHMENT_MODEL is set (the canonical universal
+    // model env var), the verification + componentEnrichment phases used
+    // to fall through to `cognium/gpt-oss-120b` — a cognium-proxy-only
+    // model that returns 404 on Ollama / OpenAI / GitHub Models. Treat
+    // LLM_ENRICHMENT_MODEL as the universal default for all phases.
+    const enrichmentModel = process.env.LLM_ENRICHMENT_MODEL || 'cognium/gpt-oss-120b';
     return {
         baseUrl,
         apiKey: process.env.LLM_API_KEY || defaultApiKey,
         phases: {
             // Phase 1: Enrichment - Fast/cheap model for source/sink discovery
             enrichment: {
-                model: process.env.LLM_ENRICHMENT_MODEL || 'cognium/gpt-oss-120b',
+                model: enrichmentModel,
                 temperature: 0.1,
                 maxTokens: 8000,
                 timeout: timeoutMs,
@@ -35,7 +41,7 @@ export function getDefaultLLMConfig() {
             },
             // Phase 2: Discovery - Free model for vulnerability discovery (verification mode removed)
             verification: {
-                model: process.env.LLM_VERIFICATION_MODEL || 'cognium/gpt-oss-120b',
+                model: process.env.LLM_VERIFICATION_MODEL || enrichmentModel,
                 temperature: 0.0,
                 maxTokens: 8000,
                 timeout: timeoutMs,
@@ -43,7 +49,7 @@ export function getDefaultLLMConfig() {
             },
             // Component Enrichment - Original model with improved timeout
             componentEnrichment: {
-                model: process.env.LLM_COMPONENT_MODEL || 'cognium/gpt-oss-120b',
+                model: process.env.LLM_COMPONENT_MODEL || enrichmentModel,
                 temperature: 0.1,
                 maxTokens: 8000, // Restored to match enrichment phase
                 timeout: timeoutMs,

package/dist/llm/config.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/llm/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0CH;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,0BAA0B,CAAC;IACvE,sEAAsE;IACtE,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAClC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAClC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC;IAE5D,sEAAsE;IACtE,qEAAqE;IACrE,oDAAoD;IACpD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACpE,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,CAAC;QACjE,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,KAAK,CAAC;IAEV,OAAO;QACL,OAAO;QACP,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,aAAa;QAEhD,MAAM,EAAE;YACN,mEAAmE;YACnE,UAAU,EAAE;gBACV,KAAK,EAAE,~~OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,sBAAsB~~;~~gBACjE~~,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,SAAS;gBAClB,OAAO,EAAE,CAAC,EAAO,kDAAkD;aACpE;YAED,0FAA0F;YAC1F,YAAY,EAAE;gBACZ,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,~~sBAAsB~~;~~gBACnE~~,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,SAAS;gBAClB,OAAO,EAAE,CAAC;aACX;YAED,8DAA8D;YAC9D,mBAAmB,EAAE;gBACnB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,~~sBAAsB~~;~~gBAChE~~,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,IAAI,EAAG,qCAAqC;gBACvD,OAAO,EAAE,SAAS;gBAClB,OAAO,EAAE,CAAC,EAAQ,8DAA8D;aACjF;SACF;QAED,UAAU,EAAE;YACV,wBAAwB,EAAE,IAAI;YAC9B,qBAAqB,EAAE,IAAI;YAC3B,wBAAwB,EAAE,IAAI;YAC9B,oBAAoB,EAAE,CAAC;YACvB,mBAAmB,EAAE,GAAG;SACzB;QAED,YAAY,EAAE;YACZ,mBAAmB,EAAE,IAAI;YACzB,qBAAqB,EAAE,IAAI;SAC5B;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAc,mBAAmB,EAAE,CAAC;AAEjE;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAiB;IACjD,sEAAsE;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAEnE,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,kEAAkE;YAClE,qDAAqD;YACrD,2CAA2C,CAC5C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,SAA8B;IAC5D,MAAM,MAAM,GAAG,EAAE,GAAG,gBAAgB,EAAE,CAAC;IAEvC,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,SAAS,CAAC,OAAO;YAAE,MAAM,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QAC1D,IAAI,SAAS,CAAC,MAAM;YAAE,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QAEvD,IAAI,SAAS,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;YACjC,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7F,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,EAAE,YAAY,EAAE,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,YAAY,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACnG,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,EAAE,mBAAmB,EAAE,CAAC;YAC1C,MAAM,CAAC,MAAM,CAAC,mBAAmB,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACxH,CAAC;QAED,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACzB,MAAM,CAAC,UAAU,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;QACxE,CAAC;QACD,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;YAC3B,MAAM,CAAC,YAAY,GAAG,EAAE,GAAG,MAAM,CAAC,YAAY,EAAE,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
1	+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/llm/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AA0CH;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,0BAA0B,CAAC;IACvE,sEAAsE;IACtE,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAClC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QAClC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAC5D,MAAM,aAAa,GAAG,cAAc,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC;IAE5D,sEAAsE;IACtE,qEAAqE;IACrE,oDAAoD;IACpD,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IACpE,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,CAAC;QACjE,CAAC,CAAC,YAAY;QACd,CAAC,CAAC,KAAK,CAAC;IAEV,sEAAsE;IACtE,qEAAqE;IACrE,mEAAmE;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,sBAAsB,CAAC;IAEnF,OAAO;QACL,OAAO;QACP,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,aAAa;QAEhD,MAAM,EAAE;YACN,mEAAmE;YACnE,UAAU,EAAE;gBACV,KAAK,EAAE,eAAe;gBACtB,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,SAAS;gBAClB,OAAO,EAAE,CAAC,EAAO,kDAAkD;aACpE;YAED,0FAA0F;YAC1F,YAAY,EAAE;gBACZ,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,eAAe;gBAC5D,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,SAAS;gBAClB,OAAO,EAAE,CAAC;aACX;YAED,8DAA8D;YAC9D,mBAAmB,EAAE;gBACnB,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,eAAe;gBACzD,WAAW,EAAE,GAAG;gBAChB,SAAS,EAAE,IAAI,EAAG,qCAAqC;gBACvD,OAAO,EAAE,SAAS;gBAClB,OAAO,EAAE,CAAC,EAAQ,8DAA8D;aACjF;SACF;QAED,UAAU,EAAE;YACV,wBAAwB,EAAE,IAAI;YAC9B,qBAAqB,EAAE,IAAI;YAC3B,wBAAwB,EAAE,IAAI;YAC9B,oBAAoB,EAAE,CAAC;YACvB,mBAAmB,EAAE,GAAG;SACzB;QAED,YAAY,EAAE;YACZ,mBAAmB,EAAE,IAAI;YACzB,qBAAqB,EAAE,IAAI;SAC5B;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAc,mBAAmB,EAAE,CAAC;AAEjE;;;GAGG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAiB;IACjD,sEAAsE;IACtE,MAAM,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IAEnE,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,kEAAkE;YAClE,qDAAqD;YACrD,2CAA2C,CAC5C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,SAA8B;IAC5D,MAAM,MAAM,GAAG,EAAE,GAAG,gBAAgB,EAAE,CAAC;IAEvC,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,SAAS,CAAC,OAAO;YAAE,MAAM,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QAC1D,IAAI,SAAS,CAAC,MAAM;YAAE,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QAEvD,IAAI,SAAS,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC;YACjC,MAAM,CAAC,MAAM,CAAC,UAAU,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC7F,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,EAAE,YAAY,EAAE,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,YAAY,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QACnG,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,EAAE,mBAAmB,EAAE,CAAC;YAC1C,MAAM,CAAC,MAAM,CAAC,mBAAmB,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,mBAAmB,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;QACxH,CAAC;QAED,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACzB,MAAM,CAAC,UAAU,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;QACxE,CAAC;QACD,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;YAC3B,MAAM,CAAC,YAAY,GAAG,EAAE,GAAG,MAAM,CAAC,YAAY,EAAE,GAAG,SAAS,CAAC,YAAY,EAAE,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "circle-ir-ai",
-  "version": "2.5.5",
+  "version": "2.5.6",
   "description": "LLM-enhanced SAST analysis built on circle-ir",
   "main": "dist/index.js",
   "module": "dist/index.js",