"Why is the code review harness a layered pipeline, not a single scanner?"	"No single layer is trusted alone. AST → Semgrep → CodeQL give recall (fast, deterministic, no hallucination). LLM gives precision (judges exploitability in context). Synthesis dedups and routes. Each layer has a job; the order is load-bearing."	c2a::s06::analysis
"Name the 5 stages of the layered pipeline and their order."	"(1) AST parsing — syntax tree, symbol resolution. (2) Semgrep — fast pattern rules. (3) CodeQL — deep data-flow, taint. (4) LLM semantic — FP triage, judgement. (5) Synthesis — dedup, normalize, score, route."	c2a::s06::recall
"Why do deterministic scanners run BEFORE the LLM (not after)?"	"Deterministic first: fast, deterministic, no hallucination, high recall. LLM last: strength is judgement on a SMALL bounded set, not brute-force scanning. By the time the LLM sees a finding, the scanner already established the pattern matches. LLM answers 'exploitable HERE?'"	c2a::s06::analysis
"What are the fields of the normalized Finding output schema?"	"file, start_line/end_line, cwe (+cwe_name), severity (critical/high/med/low), confidence (high/med/low — LLM-assigned post-triage), description, remediation, source (which layer), pr_comment, dedup_key."	c2a::s06::recall
"When do you block vs queue vs auto-comment vs file-silently?"	"Block: critical/high + high confidence (status check fails). Queue: critical/high + medium confidence (human review, inline comment). Auto-comment: medium/low + high confidence. File silently: any + low confidence (no PR noise)."	c2a::s06::application
"Why is over-blocking PRs dangerous?"	"Over-blocking trains developers to click 'override' without reading. The goal is to gate findings you are CONFIDENT are real and serious, not gate every PR. Blocking requires both high severity AND high post-triage confidence."	c2a::s06::analysis
"What is the false positive problem, and why does it matter?"	"Semgrep/CodeQL are recall machines: ~95% recall, ~40% precision at scale. Hundreds of findings, majority FPs (framework sanitizes, test-only, unreachable sink). Surface raw output → developer mutes the bot within a week."	c2a::s06::analysis
"What questions does the LLM triage prompt ask for each finding?"	"(1) Is tainted input reachable from untrusted data in THIS code path? (2) Is there a sanitizer/validator between source and sink? (3) TP or FP? (4) Confidence (high/med/low)? Each answered WITH EVIDENCE. Model does not FIND — it JUDGES."	c2a::s06::recall
"Why does the model that judges a finding differ from the scanner that found it?"	"Reader/actor separation (S01.3, S02.4). The system that finds a finding should not score it — confirmation bias. The scanner found the pattern; a separate LLM judges exploitability in context. Prevents the finder's enthusiasm from biasing severity."	c2a::s06::analysis
"How does the feedback loop improve triage over time?"	"Human verdicts (FP/TP) stored in a vector index (feedback store). Next triage: similar findings retrieved as FEW-SHOT EXAMPLES in the prompt. Over weeks, precision on each finding class improves. Turns a static ruleset into a LEARNING HARNESS."	c2a::s06::application
"What precision/recall does raw Semgrep give, and what after LLM triage?"	"Raw: ~95% recall, ~40% precision (recall machine, low precision at scale). After LLM triage at high-confidence threshold: ~85% recall, ~92% precision. The trade (small recall loss, large precision gain) is almost always worth it."	c2a::s06::recall
"What datasets do you measure harness precision/recall against?"	"OWASP Benchmark (Java web), Juliet (NIST, C/C++/Java), DVWA (PHP), or your own historically-labeled findings. Measure on EVERY harness change — a new rule or prompt tweak can shift the curve. Production recall is unknowable; the dataset is the proxy."	c2a::s06::recall
"What cross-file problem does semantic codebase memory solve?"	"Single-file analysis misses cross-file vulns: taint enters in handler.py, sink executes in repository.py. No single-file scan sees the flow. Need function-level indexing + call-graph traversal to retrieve source→sanitizer→sink across file boundaries."	c2a::s06::analysis
"What metadata does a CodeUnit store in the semantic index?"	"id (stable: file+symbol+signature hash), file, symbol, signature, source (function body), callers (ids), callees (ids), embedding (vector). Rebuilt INCREMENTALLY per PR — only changed fns + their callers/callees re-embedded."	c2a::s06::recall
"What does the retrieval query pull for a finding at X:Y?"	"(1) Enclosing function (always). (2) All CALLERS (where data comes from — source). (3) All CALLEES (where data goes — sink). (4) Sanitizer-like functions (resolve FP/TP). Mix of graph traversal (call graph) + semantic search (vector similarity)."	c2a::s06::application
"What is the context budget, and how do you prioritize within it?"	"Token limit (4k–8k) on retrieved cross-file context. Prioritize: direct callers/callees (define taint path) > sanitizer-like functions (resolve FP/TP) > transitive callers (background). Too small: miss sanitizer 2 frames up. Too large: expensive, attention dilutes."	c2a::s06::analysis
"Name the 5 gates of the autofix loop, in order."	"(1) LLM generates minimal targeted patch. (2) Linter clean. (3) Semgrep re-scan: finding resolved, NO new findings. (4) Test suite passes, coverage preserved. (5) Human approval (DRAFT PR). Then merge."	c2a::s06::recall
"Why is human approval of patches non-negotiable?"	"LLM patches can introduce NEW vulns while fixing the reported one (close injection, miss a 2nd; add authz check after sensitive op). Deterministic gates catch some, not all. Auto-merging is an anti-pattern — 1 regression/CVE outweighs thousands of saved clicks."	c2a::s06::analysis
"Why does the patch prompt constrain to a minimal, targeted diff?"	"Model is NOT asked to refactor, rename, or reformat — only resolve the specific weakness. Minimal diff = smaller surface for regressions, easier human review, lower chance of introducing new findings. Preserve all behavior and coverage."	c2a::s06::application
"What happens to a patch that passes all gates but scores below the quality threshold?"	"Held back. Harness opens PR only for patches ABOVE the quality threshold. Low-scoring patches filed as 'fix suggested, needs human authorship.' Does not waste developer time with low-quality auto-generated patches that erode trust."	c2a::s06::analysis
