getdoorman 1.0.0

package/src/rules/security/ai-api.js

@@ -0,0 +1,1177 @@
+/**
+ * AI API Security Rules (SEC-AI-001 through SEC-AI-050)
+ *
+ * Detects security issues in AI API usage (OpenAI, Anthropic, Google AI,
+ * Cohere, Mistral, etc.): leaked keys, prompt injection, PII exposure,
+ * missing cost limits, and more.
+ */
+
+const JS_EXT = ['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs'];
+const PY_EXT = ['.py'];
+const isJS = (f) => JS_EXT.some(ext => f.endsWith(ext));
+const isPy = (f) => PY_EXT.some(ext => f.endsWith(ext));
+
+const SKIP_PATH = /[/\\](test|tests|__tests__|__mocks__|mocks|fixtures|__fixtures__|spec|__snapshots__|node_modules|vendor|dist|build)[/\\]/i;
+const COMMENT_LINE = /^\s*(\/\/|#|\/\*|\*)/;
+
+function scanLines(content, regex, file, rule) {
+  const findings = [];
+  const lines = content.split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    if (COMMENT_LINE.test(line)) continue;
+    if (regex.test(line)) {
+      findings.push({
+        ruleId: rule.id,
+        category: rule.category,
+        severity: rule.severity,
+        title: rule.title,
+        description: rule.description,
+        confidence: rule.confidence,
+        file,
+        line: i + 1,
+        fix: rule.fix || null,
+      });
+    }
+  }
+  return findings;
+}
+
+/** Check if file content uses AI APIs */
+function isAiApiFile(content) {
+  return /(?:openai|anthropic|@google-ai|@google\/generative|cohere|mistral|replicate|huggingface|together|groq|perplexity|ai\.google|palm|gemini|claude|gpt|chat\.completions|messages\.create)/i.test(content);
+}
+
+/** Check if file is likely client/frontend code */
+function isClientCode(filePath) {
+  return /(?:client|frontend|public|static|pages|components|src\/app|src\/views|browser|www)[/\\]/i.test(filePath) ||
+    /\.(?:jsx|tsx|vue|svelte)$/.test(filePath);
+}
+
+const rules = [
+  // SEC-AI-001: Hardcoded OpenAI API key
+  {
+    id: 'SEC-AI-001',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'definite',
+    title: 'Hardcoded OpenAI API key',
+    description: 'OpenAI API key is hardcoded in source code. This will be exposed in version control and builds.',
+    fix: { suggestion: 'Use environment variables (process.env.OPENAI_API_KEY) or a secrets manager instead of hardcoding API keys.' },
+    check({ files }) {
+      const findings = [];
+      const pattern = /(?:OPENAI_API_KEY|openai[._]?api[._]?key|apiKey)\s*[:=]\s*['"]sk-[A-Za-z0-9]{20,}['"]/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, pattern, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-002: Hardcoded Anthropic API key
+  {
+    id: 'SEC-AI-002',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'definite',
+    title: 'Hardcoded Anthropic API key',
+    description: 'Anthropic API key is hardcoded in source code.',
+    fix: { suggestion: 'Use environment variables (process.env.ANTHROPIC_API_KEY) or a secrets manager.' },
+    check({ files }) {
+      const findings = [];
+      const pattern = /(?:ANTHROPIC_API_KEY|anthropic[._]?api[._]?key|apiKey)\s*[:=]\s*['"]sk-ant-[A-Za-z0-9]{20,}['"]/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, pattern, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-003: Hardcoded Google AI API key
+  {
+    id: 'SEC-AI-003',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'definite',
+    title: 'Hardcoded Google AI API key',
+    description: 'Google AI (Gemini/PaLM) API key is hardcoded in source code.',
+    fix: { suggestion: 'Use environment variables or a secrets manager for Google AI API keys.' },
+    check({ files }) {
+      const findings = [];
+      const pattern = /(?:GOOGLE_AI_KEY|GOOGLE_API_KEY|GEMINI_API_KEY|google[._]?api[._]?key)\s*[:=]\s*['"]AIza[A-Za-z0-9_-]{30,}['"]/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, pattern, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-004: Hardcoded Cohere/Mistral/other AI API key
+  {
+    id: 'SEC-AI-004',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'Hardcoded AI provider API key',
+    description: 'AI provider API key (Cohere, Mistral, Replicate, HuggingFace, etc.) is hardcoded in source code.',
+    fix: { suggestion: 'Use environment variables or a secrets manager for all AI provider API keys.' },
+    check({ files }) {
+      const findings = [];
+      const pattern = /(?:COHERE_API_KEY|MISTRAL_API_KEY|REPLICATE_API_TOKEN|HF_TOKEN|HUGGINGFACE|TOGETHER_API_KEY|GROQ_API_KEY|PERPLEXITY_API_KEY)\s*[:=]\s*['"][A-Za-z0-9_-]{10,}['"]/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, pattern, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-005: API key in frontend/client code
+  {
+    id: 'SEC-AI-005',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'AI API key exposed in client-side code',
+    description: 'AI API key is used in frontend/client code, exposing it to end users via browser DevTools or source maps.',
+    fix: { suggestion: 'Move AI API calls to a backend/server-side proxy. Never expose AI API keys in client-side bundles.' },
+    check({ files }) {
+      const findings = [];
+      const apiKeyUsage = /(?:openai|anthropic|google.*generative|cohere|mistral).*(?:apiKey|api_key)\s*[:=]/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path)) continue;
+        if (!isClientCode(path)) continue;
+        findings.push(...scanLines(content, apiKeyUsage, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-006: Missing cost limits/budgets
+  {
+    id: 'SEC-AI-006',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'AI API usage without cost limits',
+    description: 'AI API calls are made without cost tracking or spending limits, risking unexpected charges.',
+    fix: { suggestion: 'Implement cost tracking, set max_tokens limits, and use API provider spending caps.' },
+    check({ files }) {
+      const findings = [];
+      const aiCall = /(?:chat\.completions\.create|messages\.create|generate_content|completions\.create|\.generate\()/i;
+      const hasCostLimit = /(?:max_tokens|maxTokens|budget|cost|spending|limit|usage\.total_tokens|token_count|price)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (COMMENT_LINE.test(lines[i])) continue;
+          if (aiCall.test(lines[i])) {
+            const block = lines.slice(Math.max(0, i - 5), Math.min(i + 10, lines.length)).join('\n');
+            if (!hasCostLimit.test(block)) {
+              findings.push({ ruleId: this.id, category: this.category, severity: this.severity, title: this.title, description: this.description, confidence: this.confidence, file: path, line: i + 1, fix: this.fix });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-007: Prompt injection vulnerability
+  {
+    id: 'SEC-AI-007',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'Prompt injection vulnerability',
+    description: 'User input is directly concatenated or interpolated into AI prompts without sanitization, enabling prompt injection.',
+    fix: { suggestion: 'Separate system prompts from user input. Use structured message arrays with distinct roles. Sanitize user input.' },
+    check({ files }) {
+      const findings = [];
+      const promptInjection = /(?:prompt|message|content)\s*[:=]\s*(?:`[^`]*\$\{.*(?:req\.|user|input|query|body|params)|['"][^'"]*['"]\s*\+\s*(?:req\.|user|input|query|body|params))/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, promptInjection, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-008: User input in system prompt
+  {
+    id: 'SEC-AI-008',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'User input injected into system prompt',
+    description: 'User-controlled data is included in the system prompt, allowing privilege escalation via prompt injection.',
+    fix: { suggestion: 'Keep system prompts static. Pass user data only in user messages, never in system messages.' },
+    check({ files }) {
+      const findings = [];
+      const systemPromptInjection = /role\s*:\s*['"]system['"].*(?:content\s*:\s*(?:`[^`]*\$\{|.*\+\s*(?:req|user|input|query|body|params)))/i;
+      const systemFstring = /role\s*[:=]\s*['"]system['"].*content\s*[:=]\s*f['"]/;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, systemPromptInjection, path, this));
+        if (isPy(path)) {
+          findings.push(...scanLines(content, systemFstring, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-009: PII sent to AI API without redaction
+  {
+    id: 'SEC-AI-009',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'PII potentially sent to AI API without redaction',
+    description: 'User personal data (email, phone, SSN, name) is passed to AI API calls without PII redaction.',
+    fix: { suggestion: 'Implement PII detection and redaction before sending data to AI APIs. Use libraries like presidio or scrubadub.' },
+    check({ files }) {
+      const findings = [];
+      const piiInPrompt = /(?:content|prompt|message|text)\s*[:=].*(?:\.email|\.phone|\.ssn|\.address|\.name|\.dob|\.dateOfBirth|socialSecurity|creditCard)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, piiInPrompt, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-010: Missing rate limiting on AI API calls
+  {
+    id: 'SEC-AI-010',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Missing rate limiting on AI API calls',
+    description: 'AI API calls are not rate-limited, enabling abuse that could exhaust API quotas and budgets.',
+    fix: { suggestion: 'Add rate limiting per user/session for AI API endpoints. Use token bucket or sliding window algorithms.' },
+    check({ files }) {
+      const findings = [];
+      const aiEndpoint = /(?:app\.|router\.|express)(?:\.post|\.get|\.all)\s*\(.*(?:ai|chat|completion|generate|prompt)/i;
+      const hasRateLimit = /(?:rateLimit|rate_limit|throttle|limiter|rateLimiter|bottleneck)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (aiEndpoint.test(content) && !hasRateLimit.test(content)) {
+          findings.push(...scanLines(content, aiEndpoint, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-011: Missing error handling for AI API failures
+  {
+    id: 'SEC-AI-011',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Missing error handling for AI API calls',
+    description: 'AI API call lacks try-catch or error handling, which may expose API errors or crash the application.',
+    fix: { suggestion: 'Wrap AI API calls in try-catch. Handle rate limit errors (429), auth errors (401), and server errors (500) gracefully.' },
+    check({ files }) {
+      const findings = [];
+      const aiCall = /(?:chat\.completions\.create|messages\.create|generate_content|completions\.create)/;
+      const hasErrorHandling = /(?:try\s*\{|\.catch\s*\(|catch\s*\(|except\s|on_error|onerror)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (COMMENT_LINE.test(lines[i])) continue;
+          if (aiCall.test(lines[i])) {
+            const block = lines.slice(Math.max(0, i - 10), Math.min(i + 10, lines.length)).join('\n');
+            if (!hasErrorHandling.test(block)) {
+              findings.push({ ruleId: this.id, category: this.category, severity: this.severity, title: this.title, description: this.description, confidence: this.confidence, file: path, line: i + 1, fix: this.fix });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-012: Insecure API key storage in .env committed to git
+  {
+    id: 'SEC-AI-012',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'definite',
+    title: 'AI API key in committed .env file',
+    description: 'AI API key found in a .env file that appears to be committed to version control.',
+    fix: { suggestion: 'Add .env to .gitignore. Rotate any exposed API keys immediately. Use .env.example with placeholder values.' },
+    check({ files }) {
+      const findings = [];
+      const envKeyPattern = /(?:OPENAI_API_KEY|ANTHROPIC_API_KEY|GOOGLE_AI_KEY|GEMINI_API_KEY|COHERE_API_KEY|MISTRAL_API_KEY|REPLICATE_API_TOKEN|HF_TOKEN|TOGETHER_API_KEY|GROQ_API_KEY)\s*=\s*\S{10,}/;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!path.endsWith('.env') && !path.match(/\.env\.\w+$/)) continue;
+        findings.push(...scanLines(content, envKeyPattern, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-013: Missing content filtering on AI responses
+  {
+    id: 'SEC-AI-013',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI response used without content filtering',
+    description: 'AI API response is used directly without content safety filtering, potentially passing harmful content to users.',
+    fix: { suggestion: 'Add content safety checks on AI responses before displaying to users. Use moderation APIs or content filters.' },
+    check({ files }) {
+      const findings = [];
+      const directResponse = /(?:response|completion|result)\.(?:choices|content|text|message|data)\s*[\[.]/;
+      const hasFilter = /(?:moderat|filter|safe|content.*check|toxic|harmful|block|censor|sanitize)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (directResponse.test(content) && !hasFilter.test(content)) {
+          findings.push(...scanLines(content, directResponse, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-014: Streaming responses without validation
+  {
+    id: 'SEC-AI-014',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI streaming response without validation',
+    description: 'AI API streaming response chunks are forwarded to users without validation or content checking.',
+    fix: { suggestion: 'Validate each streaming chunk before forwarding. Buffer and check content safety periodically.' },
+    check({ files }) {
+      const findings = [];
+      const streamUsage = /(?:stream\s*:\s*true|\.stream\(|for\s+await.*(?:chunk|delta|event)|onmessage|on\s*\(\s*['"]data)/i;
+      const hasStreamValidation = /(?:validate|filter|check|sanitize|moderat).*(?:chunk|delta|stream)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (streamUsage.test(content) && !hasStreamValidation.test(content)) {
+          findings.push(...scanLines(content, streamUsage, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-015: Missing model version pinning
+  {
+    id: 'SEC-AI-015',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI model not version-pinned',
+    description: 'AI API call uses a non-versioned model name (e.g., "gpt-4" instead of "gpt-4-0613"), risking unexpected behavior changes.',
+    fix: { suggestion: 'Pin AI model versions explicitly (e.g., "gpt-4-0613", "claude-3-opus-20240229") for reproducible behavior.' },
+    check({ files }) {
+      const findings = [];
+      const unpinnedModel = /model\s*[:=]\s*['"](?:gpt-4|gpt-3\.5-turbo|claude-3-opus|claude-3-sonnet|claude-3-haiku|gemini-pro|gemini-ultra)['"](?!\s*[-_]?\d)/;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, unpinnedModel, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-016: Token limit misconfiguration
+  {
+    id: 'SEC-AI-016',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI API token limit misconfiguration',
+    description: 'AI API call sets excessively high max_tokens without apparent need, increasing cost and latency.',
+    fix: { suggestion: 'Set max_tokens to the minimum needed for your use case. Monitor token usage patterns.' },
+    check({ files }) {
+      const findings = [];
+      const highTokens = /max_tokens\s*[:=]\s*(?:100000|128000|200000|1000000|\d{6,})/;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, highTokens, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-017: Missing response validation
+  {
+    id: 'SEC-AI-017',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI API response used without validation',
+    description: 'AI API response is used in application logic without validating its structure or content.',
+    fix: { suggestion: 'Validate AI response structure and content before using it. Check for expected fields and types.' },
+    check({ files }) {
+      const findings = [];
+      const responseAccess = /(?:response|completion|result)\s*\.(?:choices\[0\]|content\[0\]|text|data)(?!\s*[?])/;
+      const hasValidation = /(?:if\s*\(.*response|validate|check|assert|schema|typeof.*response|response\s*\?\.|optional.*chain)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (COMMENT_LINE.test(lines[i])) continue;
+          if (responseAccess.test(lines[i])) {
+            const block = lines.slice(Math.max(0, i - 5), Math.min(i + 5, lines.length)).join('\n');
+            if (!hasValidation.test(block)) {
+              findings.push({ ruleId: this.id, category: this.category, severity: this.severity, title: this.title, description: this.description, confidence: this.confidence, file: path, line: i + 1, fix: this.fix });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-018: Unsafe function/tool calling
+  {
+    id: 'SEC-AI-018',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'Unsafe AI function/tool calling execution',
+    description: 'AI function call results are executed without validation, allowing the AI to trigger arbitrary functions.',
+    fix: { suggestion: 'Validate function names against an allowlist before execution. Validate all arguments with schemas.' },
+    check({ files }) {
+      const findings = [];
+      const unsafeFnCall = /(?:eval\s*\(.*function_call|eval\s*\(.*tool_call|\[.*function_call.*name\]|functions\[.*name\])/i;
+      const dynamicExec = /(?:function_call|tool_calls?).*(?:eval|exec|Function\(|require\(|import\()/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, unsafeFnCall, path, this));
+        findings.push(...scanLines(content, dynamicExec, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-019: Missing user consent for AI processing
+  {
+    id: 'SEC-AI-019',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'suggestion',
+    title: 'AI processing without user consent verification',
+    description: 'User data is sent to AI APIs without checking consent flags, potentially violating privacy regulations.',
+    fix: { suggestion: 'Check user consent preferences before sending their data to AI providers. Support opt-out mechanisms.' },
+    check({ files }) {
+      const findings = [];
+      const aiCallWithUserData = /(?:chat\.completions\.create|messages\.create|generate_content).*(?:user|userData|userMessage|userInput)/i;
+      const hasConsent = /(?:consent|gdpr|privacy|opt.?in|opt.?out|permission|agreement|tos|terms)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (aiCallWithUserData.test(content) && !hasConsent.test(content)) {
+          findings.push(...scanLines(content, aiCallWithUserData, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-020: Debug/verbose mode in production
+  {
+    id: 'SEC-AI-020',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI API client in debug/verbose mode',
+    description: 'AI API client has debug or verbose logging enabled, potentially logging prompts, responses, and API keys.',
+    fix: { suggestion: 'Disable debug/verbose mode in production. Use environment-based configuration for logging levels.' },
+    check({ files }) {
+      const findings = [];
+      const debugMode = /(?:debug\s*[:=]\s*true|verbose\s*[:=]\s*true|logLevel\s*[:=]\s*['"]debug|OPENAI_LOG\s*=\s*['"]debug)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, debugMode, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-021: Missing retry logic with backoff
+  {
+    id: 'SEC-AI-021',
+    category: 'security',
+    severity: 'low',
+    confidence: 'likely',
+    title: 'AI API calls without retry logic',
+    description: 'AI API calls lack retry logic with exponential backoff, causing failures on transient errors.',
+    fix: { suggestion: 'Implement retry with exponential backoff for AI API calls. Handle 429 (rate limit) and 5xx errors with retries.' },
+    check({ files }) {
+      const findings = [];
+      const aiCall = /(?:chat\.completions\.create|messages\.create|generate_content|completions\.create)/;
+      const hasRetry = /(?:retry|retries|backoff|exponential|maxRetries|max_retries|attempt|p-retry|axios-retry)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (aiCall.test(content) && !hasRetry.test(content)) {
+          findings.push(...scanLines(content, aiCall, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-022: Missing audit logging of AI interactions
+  {
+    id: 'SEC-AI-022',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI API interactions not audit-logged',
+    description: 'AI API calls are not logged for audit purposes, making it impossible to review AI usage or investigate incidents.',
+    fix: { suggestion: 'Log AI API calls with timestamps, user IDs, model used, token counts, and response metadata (not full prompts with PII).' },
+    check({ files }) {
+      const findings = [];
+      const aiCall = /(?:chat\.completions\.create|messages\.create|generate_content|completions\.create)/;
+      const hasAudit = /(?:audit|log.*ai|log.*completion|log.*prompt|track.*usage|analytics|telemetry)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (aiCall.test(content) && !hasAudit.test(content)) {
+          findings.push(...scanLines(content, aiCall, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-023: Sensitive data in system prompts
+  {
+    id: 'SEC-AI-023',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Sensitive data in AI system prompt',
+    description: 'System prompt contains sensitive information (credentials, internal URLs, database names) that could be extracted via prompt injection.',
+    fix: { suggestion: 'Remove sensitive data from system prompts. Use server-side lookups instead of embedding secrets in prompts.' },
+    check({ files }) {
+      const findings = [];
+      const sensitiveInPrompt = /(?:system|role.*system).*(?:password|secret|api[_-]?key|database.*url|mongodb|postgres|mysql|internal\.\w+\.com|10\.\d+\.\d+|192\.168\.|172\.(?:1[6-9]|2\d|3[01]))/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, sensitiveInPrompt, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-024: Missing input sanitization before AI calls
+  {
+    id: 'SEC-AI-024',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'User input sent to AI API without sanitization',
+    description: 'User input is passed directly to AI API calls without sanitization or length limits.',
+    fix: { suggestion: 'Sanitize and truncate user input before including in AI API calls. Remove control characters and limit length.' },
+    check({ files }) {
+      const findings = [];
+      const directUserInput = /(?:content|prompt|message)\s*[:=]\s*(?:req\.body|req\.query|request\.body|request\.json|params\[|args\[)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, directUserInput, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-025: AI response rendered as HTML without escaping
+  {
+    id: 'SEC-AI-025',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'AI response rendered as HTML without escaping',
+    description: 'AI API response is rendered as HTML (innerHTML, dangerouslySetInnerHTML) without escaping, enabling XSS.',
+    fix: { suggestion: 'Escape AI responses before rendering as HTML, or use textContent instead of innerHTML.' },
+    check({ files }) {
+      const findings = [];
+      const unsafeRender = /(?:innerHTML|dangerouslySetInnerHTML|v-html)\s*=\s*.*(?:response|completion|result|aiOutput|generated)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path)) continue;
+        findings.push(...scanLines(content, unsafeRender, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-026: API key in URL query parameter
+  {
+    id: 'SEC-AI-026',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'definite',
+    title: 'AI API key passed in URL query parameter',
+    description: 'AI API key is passed as a URL query parameter, which gets logged in server logs, browser history, and proxies.',
+    fix: { suggestion: 'Pass API keys in the Authorization header, not as URL parameters.' },
+    check({ files }) {
+      const findings = [];
+      const keyInUrl = /(?:api_key|apiKey|key)=(?:sk-|sk-ant-|AIza|hf_)\w+/;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, keyInUrl, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-027: Logging full prompts with user data
+  {
+    id: 'SEC-AI-027',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'AI prompts with user data logged to console/file',
+    description: 'Full AI prompts containing user data are logged, potentially exposing PII in log storage.',
+    fix: { suggestion: 'Log metadata (model, tokens, latency) not full prompts. If logging prompts for debugging, redact PII first.' },
+    check({ files }) {
+      const findings = [];
+      const logPrompt = /(?:console\.log|logger\.\w+|log\.(?:info|debug))\s*\(.*(?:prompt|messages|system.*content|user.*content)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, logPrompt, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-028: Storing AI responses with user data permanently
+  {
+    id: 'SEC-AI-028',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'suggestion',
+    title: 'AI conversations stored without retention policy',
+    description: 'AI chat/completion history is stored indefinitely without a data retention or deletion policy.',
+    fix: { suggestion: 'Implement data retention policies for stored AI conversations. Add TTL/expiration and user deletion capabilities.' },
+    check({ files }) {
+      const findings = [];
+      const storeConversation = /(?:save|store|insert|create|write).*(?:conversation|chat.*history|messages|completion.*log)/i;
+      const hasRetention = /(?:ttl|expir|retention|delete.*after|cleanup|purge|rotate)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (storeConversation.test(content) && !hasRetention.test(content)) {
+          findings.push(...scanLines(content, storeConversation, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-029: Temperature set to maximum
+  {
+    id: 'SEC-AI-029',
+    category: 'security',
+    severity: 'low',
+    confidence: 'likely',
+    title: 'AI temperature set to maximum',
+    description: 'AI API temperature set to 2.0 (maximum), producing highly random outputs that may be unreliable or unsafe.',
+    fix: { suggestion: 'Use lower temperature values (0.0-1.0) for most use cases. Reserve high temperatures for creative tasks only.' },
+    check({ files }) {
+      const findings = [];
+      const maxTemp = /temperature\s*[:=]\s*2(?:\.0)?(?:\s*[,}\n])/;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, maxTemp, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-030: Using deprecated AI models
+  {
+    id: 'SEC-AI-030',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'definite',
+    title: 'Using deprecated AI model',
+    description: 'Code references deprecated AI models that may be removed or lack security updates.',
+    fix: { suggestion: 'Upgrade to the latest supported model versions. Check provider documentation for deprecation schedules.' },
+    check({ files }) {
+      const findings = [];
+      const deprecatedModels = /model\s*[:=]\s*['"](?:text-davinci-003|text-davinci-002|code-davinci-002|code-cushman-001|text-ada-001|text-babbage-001|text-curie-001|davinci|curie|babbage|ada|gpt-3\.5-turbo-0301|gpt-4-0314)['"]/;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, deprecatedModels, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-031: AI output used in code execution
+  {
+    id: 'SEC-AI-031',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'AI output used in code execution',
+    description: 'AI API response is passed to eval(), exec(), or code execution functions, enabling arbitrary code execution.',
+    fix: { suggestion: 'Never execute AI-generated code directly. Use sandboxed environments (VM2, Docker) if code execution is needed.' },
+    check({ files }) {
+      const findings = [];
+      const aiToExec = /(?:eval|exec|execSync|Function|vm\.run)\s*\(.*(?:response|completion|result|generated|aiOutput|output)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, aiToExec, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-032: AI output used in SQL queries
+  {
+    id: 'SEC-AI-032',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'AI output used in SQL query construction',
+    description: 'AI API response is interpolated into SQL queries, enabling SQL injection via AI-generated content.',
+    fix: { suggestion: 'Never interpolate AI output into SQL. Use parameterized queries even for AI-generated query parts.' },
+    check({ files }) {
+      const findings = [];
+      const aiToSql = /(?:query|execute|sql)\s*\(.*(?:response|completion|result|generated|aiOutput)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, aiToSql, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-033: Embedding API key in mobile app
+  {
+    id: 'SEC-AI-033',
+    category: 'security',
+    severity: 'critical',
+    confidence: 'likely',
+    title: 'AI API key embedded in mobile application',
+    description: 'AI API key found in mobile app code (React Native, Flutter, Swift, Kotlin) where it can be extracted.',
+    fix: { suggestion: 'Route all AI API calls through your backend server. Never embed API keys in mobile apps.' },
+    check({ files }) {
+      const findings = [];
+      const mobileApiKey = /(?:apiKey|api_key|OPENAI_API_KEY|ANTHROPIC_API_KEY)\s*[:=]\s*['"][A-Za-z0-9_-]{20,}['"]/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!/(?:\.dart|\.swift|\.kt|\.java)$/.test(path) && !/(?:react-native|expo|capacitor|ionic)/i.test(content)) continue;
+        findings.push(...scanLines(content, mobileApiKey, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-034: Missing input length limits for AI prompts
+  {
+    id: 'SEC-AI-034',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'No input length limit for AI API prompts',
+    description: 'User input sent to AI API is not length-limited, enabling cost attacks via extremely long prompts.',
+    fix: { suggestion: 'Truncate or reject user input exceeding a reasonable length before sending to AI APIs.' },
+    check({ files }) {
+      const findings = [];
+      const userToAI = /(?:content|prompt|message)\s*[:=]\s*(?:req\.body|userInput|input|query|message)/i;
+      const hasLengthCheck = /(?:\.length|\.trim\(\)|maxLength|max_length|truncat|slice\(|substring\(|limit)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          if (COMMENT_LINE.test(lines[i])) continue;
+          if (userToAI.test(lines[i])) {
+            const block = lines.slice(Math.max(0, i - 10), Math.min(i + 5, lines.length)).join('\n');
+            if (!hasLengthCheck.test(block)) {
+              findings.push({ ruleId: this.id, category: this.category, severity: this.severity, title: this.title, description: this.description, confidence: this.confidence, file: path, line: i + 1, fix: this.fix });
+            }
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-035: Caching AI responses with sensitive data
+  {
+    id: 'SEC-AI-035',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'AI responses cached without considering sensitivity',
+    description: 'AI API responses are cached without checking if they contain sensitive or user-specific data.',
+    fix: { suggestion: 'Do not cache AI responses that contain user-specific or sensitive data. Use cache keys that include user context.' },
+    check({ files }) {
+      const findings = [];
+      const cacheAI = /(?:cache|redis|memcache|localStorage|sessionStorage).*(?:set|put|store|save)\s*\(.*(?:response|completion|result|aiOutput)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, cacheAI, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-036: Multiple AI providers without consistent security
+  {
+    id: 'SEC-AI-036',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'suggestion',
+    title: 'Multiple AI providers without unified security controls',
+    description: 'Code uses multiple AI providers without a unified abstraction layer for consistent security controls.',
+    fix: { suggestion: 'Create a unified AI client wrapper that enforces consistent security controls (auth, logging, validation) across all providers.' },
+    check({ files }) {
+      const findings = [];
+      const providers = new Set();
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (/(?:openai|OpenAI)\s*\(/.test(content)) providers.add('openai');
+        if (/(?:anthropic|Anthropic)\s*\(/.test(content)) providers.add('anthropic');
+        if (/(?:GoogleGenerativeAI|google.*generative)\s*\(/.test(content)) providers.add('google');
+        if (/(?:cohere|Cohere)\s*\(/.test(content)) providers.add('cohere');
+        if (/(?:mistral|Mistral)\s*\(/.test(content)) providers.add('mistral');
+      }
+      if (providers.size >= 2) {
+        for (const [path, content] of files) {
+          if (SKIP_PATH.test(path)) continue;
+          if (!isJS(path) && !isPy(path)) continue;
+          const initPattern = /(?:new\s+(?:OpenAI|Anthropic|GoogleGenerativeAI|Cohere|Mistral))\s*\(/;
+          if (initPattern.test(content)) {
+            findings.push(...scanLines(content, initPattern, path, this));
+          }
+        }
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-037: Embedding model output in templates without escaping
+  {
+    id: 'SEC-AI-037',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'AI output embedded in template without escaping',
+    description: 'AI-generated content is injected into templates (EJS, Handlebars, Jinja) without escaping, enabling XSS or injection.',
+    fix: { suggestion: 'Always escape AI output when embedding in templates. Use auto-escaping template engines.' },
+    check({ files }) {
+      const findings = [];
+      const unescapedTemplate = /(?:<%[-=]\s*|{{{|<%!\s*|{%\s*raw).*(?:response|completion|aiOutput|generated)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        findings.push(...scanLines(content, unescapedTemplate, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-038: AI API called in a loop without limits
+  {
+    id: 'SEC-AI-038',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'AI API called in unbounded loop',
+    description: 'AI API is called inside a loop or recursive function without iteration limits, risking runaway costs.',
+    fix: { suggestion: 'Add maximum iteration limits when calling AI APIs in loops. Implement circuit breakers for repeated calls.' },
+    check({ files }) {
+      const findings = [];
+      const aiInLoop = /(?:while\s*\(true|for\s*\(;\s*;|while\s*\(1\)|\.forEach|\.map)\s*(?:\{|=>).*(?:chat\.completions|messages\.create|generate_content)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, aiInLoop, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-039: Hardcoded AI API base URL
+  {
+    id: 'SEC-AI-039',
+    category: 'security',
+    severity: 'medium',
+    confidence: 'likely',
+    title: 'Hardcoded AI API base URL',
+    description: 'AI API base URL is hardcoded, preventing easy rotation if the endpoint is compromised or needs to change.',
+    fix: { suggestion: 'Use environment variables for AI API base URLs to enable easy rotation and proxy configuration.' },
+    check({ files }) {
+      const findings = [];
+      const hardcodedUrl = /(?:baseURL|base_url|apiBase|api_base)\s*[:=]\s*['"]https?:\/\/api\.(?:openai|anthropic|cohere|mistral)\.com/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, hardcodedUrl, path, this));
+      }
+      return findings;
+    },
+  },
+
+  // SEC-AI-040: AI API key shared across environments
+  {
+    id: 'SEC-AI-040',
+    category: 'security',
+    severity: 'high',
+    confidence: 'likely',
+    title: 'Same AI API key used across environments',
+    description: 'Same API key is used in development, staging, and production environments, increasing blast radius if compromised.',
+    fix: { suggestion: 'Use separate API keys per environment. Implement key rotation policies.' },
+    check({ files }) {
+      const findings = [];
+      const sameKeyAcrossEnv = /(?:OPENAI_API_KEY|ANTHROPIC_API_KEY)\s*[:=]\s*(?:process\.env\.(?!NODE_ENV)\w+\s*\|\|\s*['"](?:sk-|sk-ant-))/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, sameKeyAcrossEnv, path, this));
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-041: AI response used in eval
+  {
+    id: 'SEC-AI-041', category: 'security', severity: 'high', confidence: 'likely',
+    title: 'AI response used in eval',
+    description: 'AI model response is passed to eval(), allowing arbitrary code execution from AI output.',
+    fix: { suggestion: 'Never eval() AI responses. Parse structured output with JSON.parse() and validate.' },
+    check({ files }) {
+      const findings = [];
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, /eval\(\s*(?:response|completion|result)\./, path, this));
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-042: AI response in innerHTML
+  {
+    id: 'SEC-AI-042', category: 'security', severity: 'high', confidence: 'likely',
+    title: 'AI response inserted into DOM unsanitized',
+    description: 'AI model output is assigned to innerHTML without sanitization, enabling XSS.',
+    fix: { suggestion: 'Sanitize AI output with DOMPurify before inserting into DOM. Use textContent for plain text.' },
+    check({ files }) {
+      const findings = [];
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path)) continue;
+        findings.push(...scanLines(content, /innerHTML\s*=\s*(?:response|completion|result)\./, path, this));
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-043: AI response in SQL
+  {
+    id: 'SEC-AI-043', category: 'security', severity: 'medium', confidence: 'suggestion',
+    title: 'AI response used in SQL query',
+    description: 'AI model output is interpolated into SQL queries, risking SQL injection from AI hallucinations.',
+    fix: { suggestion: 'Use parameterized queries. Never interpolate AI output directly into SQL strings.' },
+    check({ files }) {
+      const findings = [];
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, /(?:query|execute)\(\s*`[^`]*\$\{(?:response|completion|result)\./, path, this));
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-044: Missing content filter
+  {
+    id: 'SEC-AI-044', category: 'security', severity: 'medium', confidence: 'suggestion',
+    title: 'Missing AI output content filter',
+    description: 'AI response content accessed directly without filtering for harmful or inappropriate content.',
+    fix: { suggestion: 'Add content filtering/moderation before displaying AI output to users.' },
+    check({ files }) {
+      const findings = [];
+      const pattern = /(?:choices|completions)\[0\]\.(?:message|text)/;
+      const hasFilter = /(?:moderate|filter|safety|content_filter|moderation)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (pattern.test(content) && !hasFilter.test(content)) {
+          findings.push(...scanLines(content, pattern, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-045: Streaming without timeout
+  {
+    id: 'SEC-AI-045', category: 'security', severity: 'medium', confidence: 'likely',
+    title: 'AI streaming response without timeout',
+    description: 'AI streaming enabled without timeout, risking resource exhaustion from long-running streams.',
+    fix: { suggestion: 'Set a timeout for streaming AI responses. Use AbortController or socket timeout.' },
+    check({ files }) {
+      const findings = [];
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, /stream:\s*true/, path, this));
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-046: Hardcoded endpoint
+  {
+    id: 'SEC-AI-046', category: 'security', severity: 'high', confidence: 'likely',
+    title: 'Hardcoded AI model endpoint',
+    description: 'AI API base URL is hardcoded instead of using environment variables.',
+    fix: { suggestion: 'Use process.env for API endpoints. Hardcoded URLs leak infrastructure details.' },
+    check({ files }) {
+      const findings = [];
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, /(?:baseURL|endpoint|api_base)\s*[:=]\s*['"]https?:\/\//, path, this));
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-047: Function calling without validation
+  {
+    id: 'SEC-AI-047', category: 'security', severity: 'medium', confidence: 'suggestion',
+    title: 'AI function calling without argument validation',
+    description: 'AI function call arguments are used without validation before execution.',
+    fix: { suggestion: 'Validate AI function call arguments against a schema before executing functions.' },
+    check({ files }) {
+      const findings = [];
+      const fnCallPattern = /function_call.*(?:name|arguments)/;
+      const hasValidation = /(?:validate|schema|zod|joi|yup|ajv)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (fnCallPattern.test(content) && !hasValidation.test(content)) {
+          findings.push(...scanLines(content, fnCallPattern, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-048: Tool use without permission
+  {
+    id: 'SEC-AI-048', category: 'security', severity: 'low', confidence: 'suggestion',
+    title: 'AI tool use without permission check',
+    description: 'AI tools are configured without verifying user permissions for each tool.',
+    fix: { suggestion: 'Check user permissions before allowing AI tool execution. Use allowlists per user role.' },
+    check({ files }) {
+      const findings = [];
+      const toolPattern = /tools?\s*:\s*\[/;
+      const hasPermCheck = /(?:permission|authorize|allowed|canUse|checkAccess)/i;
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        if (toolPattern.test(content) && !hasPermCheck.test(content)) {
+          findings.push(...scanLines(content, toolPattern, path, this));
+        }
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-049: Embedding without encryption
+  {
+    id: 'SEC-AI-049', category: 'security', severity: 'medium', confidence: 'likely',
+    title: 'AI embedding stored without encryption',
+    description: 'Vector embeddings are stored without encryption, potentially leaking semantic content.',
+    fix: { suggestion: 'Encrypt embeddings at rest. Embeddings can be reversed to approximate original content.' },
+    check({ files }) {
+      const findings = [];
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        if (!isAiApiFile(content)) continue;
+        findings.push(...scanLines(content, /embedding.*(?:insert|save|store|push)/, path, this));
+      }
+      return findings;
+    },
+  },
+  // SEC-AI-050: Vendor lock-in
+  {
+    id: 'SEC-AI-050', category: 'security', severity: 'low', confidence: 'suggestion',
+    title: 'AI vendor lock-in without abstraction layer',
+    description: 'Direct AI vendor SDK calls without abstraction make it hard to switch providers or add fallbacks.',
+    fix: { suggestion: 'Create an abstraction layer for AI calls. This enables provider switching, fallbacks, and centralized security controls.' },
+    check({ files }) {
+      const findings = [];
+      for (const [path, content] of files) {
+        if (SKIP_PATH.test(path)) continue;
+        if (!isJS(path) && !isPy(path)) continue;
+        findings.push(...scanLines(content, /(?:openai|anthropic|cohere)\.(?:chat|complete|generate)/, path, this));
+      }
+      return findings;
+    },
+  },
+];
+export default rules;