AI Context
Noir can attach a structured AI review context to each endpoint. It groups static signals that LLM-based SAST tools, code reviewers, and security agents commonly need to triage a route — without forcing them to walk the repository themselves.
Use --ai-context to enable it:
noir -b . --ai-context
In plain output, every endpoint with non-empty context grows an ai_context: block. Model-based formats expose the same structure under standard locations:
| Format | Where AI context appears |
|---|---|
| JSON / JSONL / YAML / TOML | endpoints[].ai_context |
| OpenAPI 2.0 / 3.0 | Operation-level x-noir-ai-context extension |
| SARIF | result.properties.noir.ai_context |
| Postman | Appended to the item description |
| cURL / HTTPie / only-url / only-param | Omitted on purpose (primary output stays stable) |
What goes inside
Every context bucket is a list of entries with kind, name, optional source, description, path, line, confidence, and snippet. The buckets are:
| Bucket | Meaning |
|---|---|
guards |
Authentication / authorization gates detected on the route (middleware, decorators, requires_auth, role checks, etc.) |
callees |
The 1-hop handler callees Noir already collects with --include-callee, re-emitted under the AI context structure for one-stop consumption |
sinks |
Likely dangerous operations inferred from the handler body or callee names — SQL, command execution, deserialization, template rendering, file I/O, redirects, etc. |
validators |
Input-validation and sanitization signals (schema validators, parameter coercion, allow-listing patterns) that mitigate sink risk |
signals |
Other route-shape hints worth surfacing — state-changing methods without a detected guard, path-id usage suggesting object-level authorization concerns, file-upload behavior, etc. |
The list is best-effort. Heuristic confidence is exposed on each entry so consumers can filter by threshold. Up to 16 entries per bucket are kept to keep output compact.
Typical use cases
- AI SAST: hand the endpoint inventory plus its AI context to an LLM so it can decide where vulnerabilities are reachable from the attack surface without re-discovering the route structure.
- Manual triage: a reviewer skimming a large JSON or SARIF report can sort or filter by sink kind or by
signalslikestate_changing_without_guard. - CI gating: surface
sinksminusvalidatorsto flag risky endpoints in pull requests.
Combine with other flags
# Plain output with both 1-hop callees and the full AI context block
noir -b . --include-callee --ai-context
# JSON output suitable for LLM-driven SAST pipelines
noir -b . --ai-context -f json -o noir-context.json
# OpenAPI export with `x-noir-ai-context` on every operation
noir -b . --ai-context -f oas3 -o spec.json
Completeness notes
- AI context is additive — endpoints unaffected by any heuristic come out exactly as they would without the flag (no
ai_contextkey in serialized models). - Heuristics are tuned conservatively. Both false positives and false negatives exist; treat entries as priors, not findings.
- Guard / sink / validator patterns improve over time. The set is intentionally cross-language so a single context schema works across the framework matrix Noir already covers.
- Callee coverage drives much of the AI context. See Callee Coverage for which frameworks expose handler callees today.