guardlink 1.1.0 → 1.3.0

package/dist/agents/prompts.js

@@ -2,6 +2,15 @@
  * GuardLink Agents — Prompt builders for annotation and analysis.
  *
  * Extracted from tui/commands.ts for shared use across CLI, TUI, MCP.
+ *
+ * @exposes #agent-launcher to #prompt-injection [high] cwe:CWE-77 -- "User prompt concatenated into agent instruction text"
+ * @audit #agent-launcher -- "Prompt injection mitigated by agent's own safety measures; GuardLink prompt is read-only context"
+ * @exposes #agent-launcher to #path-traversal [medium] cwe:CWE-22 -- "Reads reference docs from root-relative paths"
+ * @mitigates #agent-launcher against #path-traversal using #path-validation -- "resolve() with root constrains file access"
+ * @flows UserPrompt -> #agent-launcher via buildAnnotatePrompt -- "User instruction input"
+ * @flows ThreatModel -> #agent-launcher via model -- "Model context injection"
+ * @flows #agent-launcher -> AgentPrompt via return -- "Assembled prompt output"
+ * @handles internal on #agent-launcher -- "Serializes threat model IDs and flows into prompt"
  */
 import { existsSync, readFileSync } from 'node:fs';
 import { resolve } from 'node:path';
@@ -63,13 +72,13 @@ export function buildAnnotatePrompt(userPrompt, root, model) {
                 existingFlows += `\n  ... and ${model.flows.length - 30} more`;
         }
         // Include unmitigated exposures so agent knows what still needs attention
+        // NOTE: Do NOT filter out @accepts — agents should see ALL exposures without real mitigations
         const unmitigatedExposures = model.exposures.filter(e => {
-            return !model.mitigations.some(m => m.asset === e.asset && m.threat === e.threat)
-                && !model.acceptances.some(a => a.asset === e.asset && a.threat === e.threat);
+            return !model.mitigations.some(m => m.asset === e.asset && m.threat === e.threat);
         });
         if (unmitigatedExposures.length > 0) {
             const expLines = unmitigatedExposures.slice(0, 20).map(e => `  ${e.asset} exposed to ${e.threat} [${e.severity || 'unrated'}] (${e.location.file}:${e.location.line})`);
-            existingExposures = `\n\nOpen exposures (unmitigated — add @mitigates or @accepts for these):\n${expLines.join('\n')}`;
+            existingExposures = `\n\nOpen exposures (no mitigation in code — add @mitigates if a control exists, or @audit to flag for human review):\n${expLines.join('\n')}`;
             if (unmitigatedExposures.length > 20)
                 existingExposures += `\n  ... and ${unmitigatedExposures.length - 20} more`;
         }
@@ -113,7 +122,7 @@ At each boundary crossing and data transformation, ask:
 - What validation/sanitization exists? (@mitigates)
 - What sensitive data passes through here? (@handles)
 - Is there an assumption that could be violated? (@assumes)
-- Has the team accepted this risk intentionally? (@accepts)
+- Does this need human security review? (@audit)
 - Is this risk handled by someone else? (@transfers)
 
 ### Step 4: Write Coupled Annotation Blocks
@@ -215,6 +224,33 @@ Don't rate everything P0. A SQL injection in an admin-only internal tool is diff
 ### @comment — Always Add Context
 Every annotation block should include at least one @comment explaining non-obvious security decisions, assumptions, or context that helps future developers (and AI tools) understand the "why".
 
+### @accepts — NEVER USE (Human-Only Decision)
+@accepts marks a risk as intentionally unmitigated. This is a **human-only governance decision** — it requires conscious risk ownership by a person or team.
+As an AI agent, you MUST NEVER write @accepts annotations. You cannot accept risk on behalf of humans.
+
+Instead, when you find an exposure with no mitigation in the code:
+1. Write the @exposes annotation to document the risk
+2. Add @audit to flag it for human security review
+3. Add @comment explaining what controls COULD be added
+4. Optionally add @assumes to document any assumptions the code makes
+
+Example — what to do when no mitigation exists:
+\`\`\`
+// @shield:begin -- "@accepts alternative examples, excluded from parsing"
+//
+// WRONG (AI rubber-stamping risk):
+// @accepts #prompt-injection on #ai-endpoint -- "Relying on model safety filters"
+//
+// RIGHT (flag for human review):
+// @exposes #ai-endpoint to #prompt-injection [P1] cwe:CWE-77 -- "User prompt passed directly to LLM API without sanitization"
+// @audit #ai-endpoint -- "No prompt sanitization — needs human review to decide: add input filter or accept risk"
+// @comment -- "Potential controls: #prompt-filter (input sanitization), #output-validator (response filtering)"
+//
+// @shield:end
+\`\`\`
+
+Leaving exposures unmitigated is HONEST. The dashboard and reports will surface them as open risks for humans to triage.
+
 ### @shield — DO NOT USE Unless Explicitly Asked
 @shield and @shield:begin/@shield:end block AI coding assistants from reading the annotated code.
 This means any shielded code becomes invisible to AI tools — they cannot analyze, refactor, or annotate it.
@@ -239,7 +275,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
 // @shield:begin -- "Relationship syntax examples, excluded from parsing"
 // @exposes #auth to #sqli [P0] cwe:CWE-89 owasp:A03:2021 -- "User input concatenated into query"
 // @mitigates #auth against #sqli using #prepared-stmts -- "Uses parameterized queries via sqlx"
-// @accepts #timing-attack on #auth -- "Acceptable given bcrypt constant-time comparison"
+// @audit #auth -- "Timing attack risk — needs human review to decide if bcrypt constant-time comparison is sufficient"
 // @transfers #ddos from #api to #cdn -- "Cloudflare handles L7 DDoS mitigation"
 // @flows req.body.username -> db.query via string-concat -- "User input flows to SQL"
 // @boundary between #frontend and #api (#web-boundary) -- "TLS-terminated public/private boundary"
@@ -299,8 +335,9 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
    Group related definitions together with section comments.
 
 4. **Annotate in coupled blocks.** For each security-relevant location, write the complete story:
-   @exposes + @mitigates (or @accepts) + @flows + @comment at minimum.
+   @exposes + @mitigates (or @audit if no mitigation exists) + @flows + @comment at minimum.
    Think: "what's the risk, what's the defense, how does data flow here, and what should the next developer know?"
+   NEVER write @accepts — that is a human-only governance decision. Use @audit to flag unmitigated risks for review.
 
 5. **Use the project's comment style** (// for JS/TS/Go/Rust, # for Python/Ruby/Shell, etc.)
 

package/dist/agents/prompts.js.map

@@ -1 +1 @@
-{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAkB,EAClB,IAAY,EACZ,KAAyB;IAEzB,sCAAsC;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,wBAAwB,CAAC,CAAC;IACtE,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;QACpE,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,YAAY,GAAG,uGAAuG,CAAC;IAC3H,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,iBAAiB,GAAG,EAAE,CAAC;IAC3B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,KAAK,GAAG;YACZ,GAAG,KAAK,CAAC,kBAAkB,cAAc;YACzC,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,YAAY;YACrC,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,SAAS;YAC/B,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,UAAU;YACjC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,WAAW;YACnC,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,cAAc;YACzC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,QAAQ;YAC7B,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,aAAa;SACxC,CAAC;QACF,YAAY,GAAG,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAErD,+EAA+E;QAC/E,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,SAAS,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,IAAI,QAAQ,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,SAAS,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxE,IAAI,UAAU,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3E,WAAW,GAAG,8DAA8D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpG,CAAC;QAED,qEAAqE;QACrE,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACjD,KAAK,CAAC,CAAC,MAAM,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAClH,CAAC;YACF,aAAa,GAAG,6DAA6D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpG,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,aAAa,IAAI,eAAe,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QAC9F,CAAC;QAED,0EAA0E;QAC1E,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACtD,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC;mBAC5E,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QACH,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACzD,KAAK,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,IAAI,SAAS,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAC3G,CAAC;YACF,iBAAiB,GAAG,6EAA6E,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvH,IAAI,oBAAoB,CAAC,MAAM,GAAG,EAAE;gBAAE,iBAAiB,IAAI,eAAe,oBAAoB,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QACpH,CAAC;IACH,CAAC;IAED,OAAO;;;;;;EAMP,MAAM,CAAC,CAAC,CAAC,gDAAgD,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE;EAC/F,YAAY,GAAG,WAAW,GAAG,aAAa,GAAG,iBAAiB;;;EAG9D,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+NX,CAAC;AACF,CAAC"}
+{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAkB,EAClB,IAAY,EACZ,KAAyB;IAEzB,sCAAsC;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,wBAAwB,CAAC,CAAC;IACtE,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;QACpE,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,YAAY,GAAG,uGAAuG,CAAC;IAC3H,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,iBAAiB,GAAG,EAAE,CAAC;IAC3B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,KAAK,GAAG;YACZ,GAAG,KAAK,CAAC,kBAAkB,cAAc;YACzC,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,YAAY;YACrC,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,SAAS;YAC/B,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,UAAU;YACjC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,WAAW;YACnC,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,cAAc;YACzC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,QAAQ;YAC7B,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,aAAa;SACxC,CAAC;QACF,YAAY,GAAG,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAErD,+EAA+E;QAC/E,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,SAAS,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,IAAI,QAAQ,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,SAAS,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxE,IAAI,UAAU,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3E,WAAW,GAAG,8DAA8D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpG,CAAC;QAED,qEAAqE;QACrE,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACjD,KAAK,CAAC,CAAC,MAAM,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAClH,CAAC;YACF,aAAa,GAAG,6DAA6D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpG,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,aAAa,IAAI,eAAe,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QAC9F,CAAC;QAED,0EAA0E;QAC1E,8FAA8F;QAC9F,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACtD,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QACpF,CAAC,CAAC,CAAC;QACH,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACzD,KAAK,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,IAAI,SAAS,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAC3G,CAAC;YACF,iBAAiB,GAAG,yHAAyH,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnK,IAAI,oBAAoB,CAAC,MAAM,GAAG,EAAE;gBAAE,iBAAiB,IAAI,eAAe,oBAAoB,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QACpH,CAAC;IACH,CAAC;IAED,OAAO;;;;;;EAMP,MAAM,CAAC,CAAC,CAAC,gDAAgD,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE;EAC/F,YAAY,GAAG,WAAW,GAAG,aAAa,GAAG,iBAAiB;;;EAG9D,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2PX,CAAC;AACF,CAAC"}

package/dist/analyze/index.d.ts

@@ -5,19 +5,24 @@
  * specific prompt, streams the response, and saves timestamped results
  * to .guardlink/threat-reports/.
  *
- * @exposes #llm-client to #arbitrary-write [high] cwe:CWE-73 -- "Writes threat reports to .guardlink/threat-reports/"
- * @exposes #llm-client to #prompt-injection [medium] cwe:CWE-77 -- "Serialized threat model embedded in LLM prompt"
- * @accepts #prompt-injection on #llm-client -- "Core feature: threat model serialized as LLM prompt for analysis"
- * @mitigates #llm-client against #arbitrary-write using #path-validation -- "Reports written to fixed .guardlink/threat-reports/ subdirectory"
- * @flows #parser -> #llm-client via ThreatModel -- "Parsed model data serialized for LLM analysis"
- * @flows #llm-client -> Filesystem via writeFileSync -- "Analysis results saved as markdown files"
- * @handles internal on #llm-client -- "Processes security-sensitive threat model for AI analysis"
+ * @exposes #llm-client to #path-traversal [medium] cwe:CWE-22 -- "buildProjectContext reads files from root-relative paths"
+ * @mitigates #llm-client against #path-traversal using #path-validation -- "join() with root constrains file access"
+ * @exposes #llm-client to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync saves threat reports to .guardlink/"
+ * @mitigates #llm-client against #arbitrary-write using #path-validation -- "Output path is fixed to .guardlink/threat-reports/"
+ * @exposes #llm-client to #data-exposure [low] cwe:CWE-200 -- "Serializes full threat model and code snippets for LLM"
+ * @audit #llm-client -- "Threat model data intentionally sent to LLM for analysis"
+ * @flows ThreatModel -> #llm-client via serializeModel -- "Model serialization input"
+ * @flows ProjectFiles -> #llm-client via readFileSync -- "Project context read"
+ * @flows #llm-client -> ReportFile via writeFileSync -- "Report output"
+ * @handles internal on #llm-client -- "Processes project dependencies, env examples, code snippets"
  */
 import type { ThreatModel } from '../types/index.js';
 import { type AnalysisFramework } from './prompts.js';
 import { type LLMConfig } from './llm.js';
 export { type AnalysisFramework, FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage } from './prompts.js';
 export { type LLMConfig, type LLMProvider, buildConfig, autoDetectConfig } from './llm.js';
+export { GUARDLINK_TOOLS, createToolExecutor } from './tools.js';
+export type { ToolDefinition, ToolCall, ToolResult, ToolExecutor } from './llm.js';
 export interface ThreatReportOptions {
     root: string;
     model: ThreatModel;
@@ -26,6 +31,18 @@ export interface ThreatReportOptions {
     customPrompt?: string;
     stream?: boolean;
     onChunk?: (text: string) => void;
+    /** Max lines of context to include around each annotated line (default: 8) */
+    snippetContext?: number;
+    /** Max total characters for all code snippets combined (default: 40000) */
+    snippetBudget?: number;
+    /** Enable web search grounding (OpenAI Responses API) */
+    webSearch?: boolean;
+    /** Enable extended thinking (Anthropic) / reasoning (DeepSeek) */
+    extendedThinking?: boolean;
+    /** Token budget for thinking (default: 10000) */
+    thinkingBudget?: number;
+    /** Enable agentic tool use (CVE lookup, model validation, codebase search) */
+    enableTools?: boolean;
 }
 export interface ThreatReportResult {
     framework: AnalysisFramework;
@@ -36,10 +53,29 @@ export interface ThreatReportResult {
     savedTo?: string;
     inputTokens?: number;
     outputTokens?: number;
+    /** Thinking/reasoning content (if extended thinking was enabled) */
+    thinking?: string;
+    thinkingTokens?: number;
 }
+/**
+ * Collect project-level context for the LLM: language/framework, key
+ * dependencies, and deployment signals (Dockerfile, CI, etc.).
+ * Keeps output compact — targets ~2-4 KB.
+ */
+export declare function buildProjectContext(root: string): string;
+/**
+ * Extract source code snippets around annotated lines.
+ *
+ * For each annotation that has a file + line location, reads the
+ * surrounding `contextLines` lines from disk and returns a formatted
+ * block. Deduplicates overlapping ranges within the same file.
+ * Respects a total character budget to keep token usage bounded.
+ */
+export declare function extractCodeSnippets(root: string, model: ThreatModel, contextLines?: number, budgetChars?: number): string;
 /**
  * Serialize the threat model to a compact representation for LLM context.
- * Strips empty arrays and location details to save tokens.
+ * Includes file:line locations for all security-relevant annotations so
+ * the LLM can cross-reference with code snippets.
  */
 export declare function serializeModel(model: ThreatModel): string;
 /**

package/dist/analyze/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analyze/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,KAAK,iBAAiB,EAAyD,MAAM,cAAc,CAAC;AAC7G,OAAO,EAAE,KAAK,SAAS,EAA+B,MAAM,UAAU,CAAC;AAEvE,OAAO,EAAE,KAAK,iBAAiB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAC7G,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,WAAW,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAI3F,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,WAAW,CAAC;IACnB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,iBAAiB,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAID;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAwEzD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAwEhE;AASD,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAwDjG;AAID,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AA8BD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAenE;AAID,MAAM,WAAW,uBAAwB,SAAQ,iBAAiB;IAChE,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,MAAM,GAAG,uBAAuB,EAAE,CAcrF"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/analyze/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,KAAK,iBAAiB,EAAyD,MAAM,cAAc,CAAC;AAC7G,OAAO,EAAE,KAAK,SAAS,EAA+B,MAAM,UAAU,CAAC;AAGvE,OAAO,EAAE,KAAK,iBAAiB,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAC7G,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,WAAW,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC3F,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AACjE,YAAY,EAAE,cAAc,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAInF,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,WAAW,CAAC;IACnB,SAAS,EAAE,iBAAiB,CAAC;IAC7B,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACjC,8EAA8E;IAC9E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,2EAA2E;IAC3E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yDAAyD;IACzD,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,iBAAiB,CAAC;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oEAAoE;IACpE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAID;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAoIxD;AAID;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,WAAW,EAClB,YAAY,SAAI,EAChB,WAAW,SAAS,GACnB,MAAM,CA+FR;AAID;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAsFzD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAwEhE;AASD,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,mBAAmB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA0EjG;AAID,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AA8BD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAenE;AAID,MAAM,WAAW,uBAAwB,SAAQ,iBAAiB;IAChE,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,MAAM,GAAG,uBAAuB,EAAE,CAcrF"}

package/dist/analyze/index.js

@@ -5,24 +5,267 @@
  * specific prompt, streams the response, and saves timestamped results
  * to .guardlink/threat-reports/.
  *
- * @exposes #llm-client to #arbitrary-write [high] cwe:CWE-73 -- "Writes threat reports to .guardlink/threat-reports/"
- * @exposes #llm-client to #prompt-injection [medium] cwe:CWE-77 -- "Serialized threat model embedded in LLM prompt"
- * @accepts #prompt-injection on #llm-client -- "Core feature: threat model serialized as LLM prompt for analysis"
- * @mitigates #llm-client against #arbitrary-write using #path-validation -- "Reports written to fixed .guardlink/threat-reports/ subdirectory"
- * @flows #parser -> #llm-client via ThreatModel -- "Parsed model data serialized for LLM analysis"
- * @flows #llm-client -> Filesystem via writeFileSync -- "Analysis results saved as markdown files"
- * @handles internal on #llm-client -- "Processes security-sensitive threat model for AI analysis"
+ * @exposes #llm-client to #path-traversal [medium] cwe:CWE-22 -- "buildProjectContext reads files from root-relative paths"
+ * @mitigates #llm-client against #path-traversal using #path-validation -- "join() with root constrains file access"
+ * @exposes #llm-client to #arbitrary-write [medium] cwe:CWE-73 -- "writeFileSync saves threat reports to .guardlink/"
+ * @mitigates #llm-client against #arbitrary-write using #path-validation -- "Output path is fixed to .guardlink/threat-reports/"
+ * @exposes #llm-client to #data-exposure [low] cwe:CWE-200 -- "Serializes full threat model and code snippets for LLM"
+ * @audit #llm-client -- "Threat model data intentionally sent to LLM for analysis"
+ * @flows ThreatModel -> #llm-client via serializeModel -- "Model serialization input"
+ * @flows ProjectFiles -> #llm-client via readFileSync -- "Project context read"
+ * @flows #llm-client -> ReportFile via writeFileSync -- "Report output"
+ * @handles internal on #llm-client -- "Processes project dependencies, env examples, code snippets"
  */
 import { existsSync, mkdirSync, writeFileSync, readdirSync, readFileSync } from 'node:fs';
-import { join } from 'node:path';
+import { join, relative } from 'node:path';
 import { FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage } from './prompts.js';
 import { chatCompletion } from './llm.js';
+import { GUARDLINK_TOOLS, createToolExecutor } from './tools.js';
 export { FRAMEWORK_LABELS, FRAMEWORK_PROMPTS, buildUserMessage } from './prompts.js';
 export { buildConfig, autoDetectConfig } from './llm.js';
+export { GUARDLINK_TOOLS, createToolExecutor } from './tools.js';
+// ─── Project context builder ─────────────────────────────────────────
+/**
+ * Collect project-level context for the LLM: language/framework, key
+ * dependencies, and deployment signals (Dockerfile, CI, etc.).
+ * Keeps output compact — targets ~2-4 KB.
+ */
+export function buildProjectContext(root) {
+    const lines = [];
+    // package.json — language, framework, key deps
+    const pkgPath = join(root, 'package.json');
+    if (existsSync(pkgPath)) {
+        try {
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+            lines.push(`## package.json`);
+            if (pkg.name)
+                lines.push(`name: ${pkg.name}`);
+            if (pkg.version)
+                lines.push(`version: ${pkg.version}`);
+            if (pkg.description)
+                lines.push(`description: ${pkg.description}`);
+            const allDeps = {
+                ...pkg.dependencies,
+                ...pkg.devDependencies,
+            };
+            if (Object.keys(allDeps).length) {
+                lines.push(`dependencies (${Object.keys(allDeps).length} total):`);
+                // Include all deps — LLM needs them to reason about known-vulnerable packages
+                for (const [name, ver] of Object.entries(allDeps)) {
+                    lines.push(`  ${name}: ${ver}`);
+                }
+            }
+            if (pkg.scripts && Object.keys(pkg.scripts).length) {
+                lines.push(`scripts: ${Object.keys(pkg.scripts).join(', ')}`);
+            }
+            if (pkg.engines)
+                lines.push(`engines: ${JSON.stringify(pkg.engines)}`);
+            lines.push('');
+        }
+        catch { /* skip malformed */ }
+    }
+    // requirements.txt — Python projects
+    const reqPath = join(root, 'requirements.txt');
+    if (existsSync(reqPath)) {
+        try {
+            const reqs = readFileSync(reqPath, 'utf-8').trim();
+            lines.push('## requirements.txt');
+            lines.push(reqs);
+            lines.push('');
+        }
+        catch { /* skip */ }
+    }
+    // pyproject.toml — Python projects
+    const pyprojectPath = join(root, 'pyproject.toml');
+    if (existsSync(pyprojectPath)) {
+        try {
+            const content = readFileSync(pyprojectPath, 'utf-8');
+            // Extract just the [tool.poetry.dependencies] or [project] section
+            const depsMatch = content.match(/\[(?:tool\.poetry\.)?dependencies\][\s\S]*?(?=\[|$)/m);
+            if (depsMatch) {
+                lines.push('## pyproject.toml (dependencies)');
+                lines.push(depsMatch[0].trim());
+                lines.push('');
+            }
+        }
+        catch { /* skip */ }
+    }
+    // go.mod — Go projects
+    const gomodPath = join(root, 'go.mod');
+    if (existsSync(gomodPath)) {
+        try {
+            const content = readFileSync(gomodPath, 'utf-8');
+            lines.push('## go.mod');
+            lines.push(content.trim());
+            lines.push('');
+        }
+        catch { /* skip */ }
+    }
+    // Dockerfile — deployment model
+    for (const name of ['Dockerfile', 'Dockerfile.prod', 'Dockerfile.production']) {
+        const dfPath = join(root, name);
+        if (existsSync(dfPath)) {
+            try {
+                const content = readFileSync(dfPath, 'utf-8').trim();
+                lines.push(`## ${name}`);
+                lines.push(content);
+                lines.push('');
+                break;
+            }
+            catch { /* skip */ }
+        }
+    }
+    // docker-compose.yml — service topology
+    for (const name of ['docker-compose.yml', 'docker-compose.yaml', 'compose.yml', 'compose.yaml']) {
+        const dcPath = join(root, name);
+        if (existsSync(dcPath)) {
+            try {
+                const content = readFileSync(dcPath, 'utf-8').trim();
+                lines.push(`## ${name}`);
+                // Cap at 100 lines to avoid blowing token budget
+                const dcLines = content.split('\n');
+                lines.push(dcLines.slice(0, 100).join('\n'));
+                if (dcLines.length > 100)
+                    lines.push(`... (${dcLines.length - 100} more lines)`);
+                lines.push('');
+                break;
+            }
+            catch { /* skip */ }
+        }
+    }
+    // CI config — deployment signals
+    const ciFiles = [
+        '.github/workflows',
+        '.gitlab-ci.yml',
+        '.circleci/config.yml',
+        'Jenkinsfile',
+        '.travis.yml',
+    ];
+    for (const ci of ciFiles) {
+        const ciPath = join(root, ci);
+        if (existsSync(ciPath)) {
+            lines.push(`## CI/CD: ${ci} (detected)`);
+            // Don't include full CI content — just note its presence
+        }
+    }
+    // .env.example — environment variable signals
+    for (const name of ['.env.example', '.env.sample', '.env.template']) {
+        const envPath = join(root, name);
+        if (existsSync(envPath)) {
+            try {
+                const content = readFileSync(envPath, 'utf-8').trim();
+                lines.push(`## ${name} (environment variables)`);
+                lines.push(content);
+                lines.push('');
+                break;
+            }
+            catch { /* skip */ }
+        }
+    }
+    return lines.join('\n').trim();
+}
+// ─── Code snippet extractor ──────────────────────────────────────────
+/**
+ * Extract source code snippets around annotated lines.
+ *
+ * For each annotation that has a file + line location, reads the
+ * surrounding `contextLines` lines from disk and returns a formatted
+ * block. Deduplicates overlapping ranges within the same file.
+ * Respects a total character budget to keep token usage bounded.
+ */
+export function extractCodeSnippets(root, model, contextLines = 8, budgetChars = 40_000) {
+    const refs = [];
+    for (const e of model.exposures) {
+        refs.push({ file: e.location.file, line: e.location.line, label: `@exposes ${e.asset} to ${e.threat} [${e.severity ?? 'unset'}]` });
+    }
+    for (const m of model.mitigations) {
+        refs.push({ file: m.location.file, line: m.location.line, label: `@mitigates ${m.asset} against ${m.threat}` });
+    }
+    for (const a of model.acceptances) {
+        refs.push({ file: a.location.file, line: a.location.line, label: `@accepts ${a.threat} on ${a.asset}` });
+    }
+    for (const a of model.assumptions) {
+        refs.push({ file: a.location.file, line: a.location.line, label: `@assumes on ${a.asset}` });
+    }
+    for (const b of model.boundaries) {
+        refs.push({ file: b.location.file, line: b.location.line, label: `@boundary ${b.asset_a} | ${b.asset_b}` });
+    }
+    for (const f of model.flows) {
+        refs.push({ file: f.location.file, line: f.location.line, label: `@flows ${f.source} -> ${f.target}` });
+    }
+    // Group by file, merge overlapping line ranges
+    const byFile = new Map();
+    for (const ref of refs) {
+        if (!ref.file || !ref.line)
+            continue;
+        const absFile = ref.file.startsWith('/') ? ref.file : join(root, ref.file);
+        const start = Math.max(1, ref.line - contextLines);
+        const end = ref.line + contextLines;
+        if (!byFile.has(absFile))
+            byFile.set(absFile, []);
+        const ranges = byFile.get(absFile);
+        // Merge with existing range if overlapping
+        let merged = false;
+        for (const r of ranges) {
+            if (start <= r.end + 1 && end >= r.start - 1) {
+                r.start = Math.min(r.start, start);
+                r.end = Math.max(r.end, end);
+                r.labels.push(ref.label);
+                merged = true;
+                break;
+            }
+        }
+        if (!merged)
+            ranges.push({ start, end, labels: [ref.label] });
+    }
+    const blocks = [];
+    let totalChars = 0;
+    for (const [absFile, ranges] of byFile) {
+        if (totalChars >= budgetChars)
+            break;
+        if (!existsSync(absFile))
+            continue;
+        let fileLines;
+        try {
+            fileLines = readFileSync(absFile, 'utf-8').split('\n');
+        }
+        catch {
+            continue;
+        }
+        const relPath = relative(root, absFile);
+        ranges.sort((a, b) => a.start - b.start);
+        for (const range of ranges) {
+            if (totalChars >= budgetChars)
+                break;
+            const from = Math.max(0, range.start - 1);
+            const to = Math.min(fileLines.length, range.end);
+            const snippet = fileLines.slice(from, to)
+                .map((l, i) => `${String(from + i + 1).padStart(4)} | ${l}`)
+                .join('\n');
+            const uniqueLabels = [...new Set(range.labels)];
+            const block = `### ${relPath}:${range.start}-${range.end}
+// Annotations: ${uniqueLabels.join('; ')}
+\`\`\`
+${snippet}
+\`\`\``;
+            if (totalChars + block.length > budgetChars) {
+                // Include a truncated note and stop
+                blocks.push(`### ${relPath}:${range.start}-${range.end}
+// [snippet omitted — budget exhausted]`);
+                totalChars = budgetChars;
+                break;
+            }
+            blocks.push(block);
+            totalChars += block.length;
+        }
+    }
+    return blocks.join('\n\n');
+}
 // ─── Serialization ───────────────────────────────────────────────────
 /**
  * Serialize the threat model to a compact representation for LLM context.
- * Strips empty arrays and location details to save tokens.
+ * Includes file:line locations for all security-relevant annotations so
+ * the LLM can cross-reference with code snippets.
  */
 export function serializeModel(model) {
     const compact = {
@@ -34,65 +277,78 @@ export function serializeModel(model) {
     if (model.assets.length)
         compact.assets = model.assets.map(a => ({
             path: a.path.join('.'), id: a.id, description: a.description,
+            file: a.location.file, line: a.location.line,
         }));
     if (model.threats.length)
         compact.threats = model.threats.map(t => ({
             name: t.name, id: t.id, severity: t.severity,
             refs: t.external_refs.length ? t.external_refs : undefined,
             description: t.description,
+            file: t.location.file, line: t.location.line,
         }));
     if (model.controls.length)
         compact.controls = model.controls.map(c => ({
             name: c.name, id: c.id, description: c.description,
+            file: c.location.file, line: c.location.line,
         }));
     if (model.mitigations.length)
         compact.mitigations = model.mitigations.map(m => ({
             asset: m.asset, threat: m.threat, control: m.control,
-            description: m.description, file: m.location.file,
+            description: m.description,
+            file: m.location.file, line: m.location.line,
         }));
     if (model.exposures.length)
         compact.exposures = model.exposures.map(e => ({
             asset: e.asset, threat: e.threat, severity: e.severity,
             refs: e.external_refs.length ? e.external_refs : undefined,
-            description: e.description, file: e.location.file,
+            description: e.description,
+            file: e.location.file, line: e.location.line,
         }));
     if (model.acceptances.length)
         compact.acceptances = model.acceptances.map(a => ({
             asset: a.asset, threat: a.threat, description: a.description,
+            file: a.location.file, line: a.location.line,
         }));
     if (model.transfers.length)
         compact.transfers = model.transfers.map(t => ({
             threat: t.threat, source: t.source, target: t.target,
+            file: t.location.file, line: t.location.line,
         }));
     if (model.flows.length)
         compact.flows = model.flows.map(f => ({
             source: f.source, target: f.target, mechanism: f.mechanism,
+            file: f.location.file, line: f.location.line,
         }));
     if (model.boundaries.length)
         compact.boundaries = model.boundaries.map(b => ({
             a: b.asset_a, b: b.asset_b, id: b.id, description: b.description,
+            file: b.location.file, line: b.location.line,
         }));
     if (model.data_handling.length)
         compact.data_handling = model.data_handling.map(h => ({
             classification: h.classification, asset: h.asset,
+            file: h.location.file, line: h.location.line,
         }));
     if (model.assumptions.length)
         compact.assumptions = model.assumptions.map(a => ({
             asset: a.asset, description: a.description,
+            file: a.location.file, line: a.location.line,
         }));
     if (model.comments.length)
         compact.comments = model.comments.map(c => ({
-            description: c.description, file: c.location.file,
+            description: c.description, file: c.location.file, line: c.location.line,
         }));
     if (model.validations.length)
         compact.validations = model.validations.map(v => ({
             control: v.control, asset: v.asset,
+            file: v.location.file, line: v.location.line,
         }));
-    // Coverage summary
+    // Coverage summary — include unannotated critical symbols so LLM sees gaps
     compact.coverage = {
         total_symbols: model.coverage.total_symbols,
         annotated: model.coverage.annotated_symbols,
         percent: model.coverage.coverage_percent,
+        unannotated_critical: model.coverage.unannotated_critical,
     };
     // Unmitigated exposures summary
     const mitigatedSet = new Set();
@@ -104,6 +360,7 @@ export function serializeModel(model) {
     if (unmitigated.length) {
         compact.unmitigated_exposures = unmitigated.map(e => ({
             asset: e.asset, threat: e.threat, severity: e.severity,
+            file: e.location.file, line: e.location.line,
         }));
     }
     return JSON.stringify(compact, null, 2);
@@ -203,12 +460,29 @@ const THREAT_REPORTS_DIR = 'threat-reports';
 const LEGACY_ANALYSES_DIR = 'analyses';
 export async function generateThreatReport(opts) {
     const { root, model, framework, llmConfig, customPrompt } = opts;
+    const snippetContext = opts.snippetContext ?? 8;
+    const snippetBudget = opts.snippetBudget ?? 40_000;
     const modelJson = serializeModel(model);
+    const projectContext = buildProjectContext(root);
+    const codeSnippets = extractCodeSnippets(root, model, snippetContext, snippetBudget);
     const systemPrompt = FRAMEWORK_PROMPTS[framework];
-    const userMessage = buildUserMessage(modelJson, framework, customPrompt);
+    const userMessage = buildUserMessage(modelJson, framework, customPrompt, projectContext || undefined, codeSnippets || undefined);
     const timestamp = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    // Build enhanced config with optional upgrades
+    const enhancedConfig = { ...llmConfig };
+    if (opts.webSearch)
+        enhancedConfig.webSearch = true;
+    if (opts.extendedThinking) {
+        enhancedConfig.extendedThinking = true;
+        if (opts.thinkingBudget)
+            enhancedConfig.thinkingBudget = opts.thinkingBudget;
+    }
+    if (opts.enableTools !== false) {
+        enhancedConfig.tools = GUARDLINK_TOOLS;
+        enhancedConfig.toolExecutor = createToolExecutor(root, model);
+    }
     // Call LLM
-    const response = await chatCompletion(llmConfig, systemPrompt, userMessage, opts.stream ? opts.onChunk : undefined);
+    const response = await chatCompletion(enhancedConfig, systemPrompt, userMessage, opts.stream ? opts.onChunk : undefined);
     // Save to .guardlink/threat-reports/
     const reportsDir = join(root, '.guardlink', THREAT_REPORTS_DIR);
     if (!existsSync(reportsDir)) {
@@ -243,6 +517,8 @@ annotations: ${model.annotations_parsed}
         savedTo: `.guardlink/${THREAT_REPORTS_DIR}/${filename}`,
         inputTokens: response.inputTokens,
         outputTokens: response.outputTokens,
+        thinking: response.thinking,
+        thinkingTokens: response.thinkingTokens,
     };
 }
 /** Read .md files from a .guardlink subdirectory */