"What is the secure code review stack, and what is its core architecture?"	The layered AppSec pipeline: AST (structural) → Semgrep (pattern) → CodeQL (data-flow) → LLM triage (semantic) → autofix-with-approval (remediation). Each layer catches a different class of finding at a different cost. The composition is the product — no single tool is sufficient.	course2a::sdd07::recall
"Semgrep vs CodeQL: what does each catch, and what are their failure modes?"	Semgrep = pattern matching over AST, fast (seconds), pre-commit friendly, but SHALLOW (misses deep taint flows). CodeQL = compiles to QL DB, queries taint flows, DEEP (cross-file/cross-function) but slow (minutes, build-bound) and NOISY (70-90% false positives).	course2a::sdd07::analysis
"What is a taint flow, and which layer finds it?"	A user-controlled value traversing code to reach a dangerous sink (e.g., HTTP request → SQL query). CodeQL finds these by compiling to a QL database and querying data-flow paths across files and functions. Semgrep cannot — it matches patterns, not flows.	course2a::sdd07::analysis
"Why is LLM triage the highest-leverage addition to the stack?"	CodeQL's 70-90% false-positive rate makes it unusable — reviewers tune queries aggressively (real bugs pass) or abandon the tool. LLM triage suppresses the obvious FPs at cents per finding, leaving the human with the 10-30% that matter. This is the economic case for the LLM in the stack.	course2a::sdd07::analysis
"What is the hallucination-mitigation constraint on LLM triage?"	SUPPRESS-WITH-REASON, NEVER CONFIRM. The LLM can only reduce the queue (suppress false positives with an explanation) — it cannot confirm or act. Every suppression is logged and a sample (5%) is human-audited. This bounds the blast radius: the LLM cannot inject action, only filter.	course2a::sdd07::analysis
"Explain autofix-with-approval. Where does the human go?"	LLM generates a patch for a confirmed TP, opens it as a PR on an isolated branch, human reviews and merges. The human is the gate. This closes the loop — findings become PRs become merges, instead of tickets that rot. The review gate is non-optional (backstops LLM error and prompt injection).	course2a::sdd07::analysis
"What is the LLM triage attack surface, and how is it bounded?"	The LLM receives code content in its prompt — malicious code (e.g., a comment with injected instructions) is an indirect prompt-injection vector (SDD-12). Bounded by: code treated as untrusted data not instructions, LLM only suppresses (never executes), suppressions logged and auditable. Blast radius is filter-only.	course2a::sdd07::analysis
"State the stack's score on the 12-module rubric and the lowest modules."	45/60. Lowest: Memory (2 — no native cross-run learning) and Permission (3 — PR-write token is a necessary lateral surface). Highest: Tool Design (5 — layering is textbook) and Verification (5 — double human gate). Build-on: incremental scanning, semantic memory, hallucination audit.	course2a::sdd07::analysis
"Name the stack's three main risk surfaces (the security finding)."	(1) PR-write token (lateral movement if compromised — govern with scoped per-repo tokens + dedicated service account + required review). (2) LLM triage (prompt injection via code content — bounded by suppress-only authority). (3) Autofix review gate (nominal if reviewers rubber-stamp — keep patches small and visually distinguished).	course2a::sdd07::analysis
"Why layer by depth/cost? Where does each layer run?"	AST + Semgrep = fast (pre-commit, creation-time guardrails). CodeQL = slow (nightly CI, build-bound). LLM triage = on the findings batch (cents per finding). Autofix = human-bound (PR review). Each layer runs where its cost is justified — AppSec's version of 'put the cheap check first.'	course2a::sdd07::analysis
"Name 3 things the stack does better than any single tool."	(1) Depth at every layer via composition (patterns + flows + semantics). (2) LLM triage makes the deep tools usable by suppressing noise. (3) Autofix closes the loop — findings become PRs become merges, not tickets that rot.	course2a::sdd07::recall
"Name 3 things you would add to the stack."	(1) Incremental/diff-based scanning as default (scan changed code with whole-codebase taint context — runs in pre-merge CI). (2) Cross-run semantic memory (vector DB of historical findings/resolutions — triage learns 'this pattern was FP because X'). (3) Hallucination audit on suppressions (sample 5% for human review).	course2a::sdd07::application
"What is the AST layer's role, and what tool underpins it?"	AST (Abstract Syntax Tree) parsing is the structural substrate — the cheapest layer. tree-sitter (MIT) or the language's native AST. It underpins Semgrep (which matches patterns over the AST) and enables custom structural checks no rule library covers. Foundation the other layers build on.	course2a::sdd07::recall
"State the stack's Architect's Verdict in one line."	Reference AppSec harness (AST → Semgrep → CodeQL → LLM triage → autofix-with-approval); each layer compensates for the failure mode of the one before it; LLM triage is the highest-leverage addition (makes deep tools usable); build as a staged pipeline, govern the PR-write token and review gate, add incremental scanning and semantic memory.	course2a::sdd07::recall
