Framework and Language Coverage
Framework and Language Coverage
Section titled “Framework and Language Coverage”llm_integration is a static-analysis metric with multi-language support for common LLM integrations.
Language Coverage
Section titled “Language Coverage”| Language | Coverage Model |
|---|---|
| Python | AST-first + fallback patterns |
| TypeScript/JavaScript | AST-first + import-aware checks + fallback patterns |
| Java | AST-first + fallback patterns |
| Rust | Pattern-based |
| Kotlin | Pattern-based |
Common Provider and Framework Anchors
Section titled “Common Provider and Framework Anchors”Coverage includes commonly used APIs and wrappers such as:
- OpenAI SDK patterns
- Anthropic SDK patterns
- LangChain-style chat and invoke flows
- Vercel AI SDK (
generateText,streamText) - Cloud provider integrations (for example Azure OpenAI, Bedrock, Vertex/Gemini)
- Common embedding/vector-store usage anchors
Fallback Behavior and Fidelity Signals
Section titled “Fallback Behavior and Fidelity Signals”When AST or graph context is missing, fallback heuristics can still produce coverage but confidence may be lower.
Use these keys to understand fidelity before acting on strict gates:
llm.blast_radius_availablellm.pii_taint_usedllm.pii_fallback_reasonllm.call_sites_totalllm.call_sites_discovered_countllm.call_sites_enriched_countllm.call_sites_unresolved_count
Language Filter Mapping
Section titled “Language Filter Mapping”config.languages filters files by extension:
config.languages value | Extensions |
|---|---|
python | .py, .pyi |
typescript, ts, javascript, js | .ts, .tsx, .js, .jsx, .mjs, .cjs |
rust | .rs |
java, kotlin | .java, .kt |
cpp, c++ | .cpp, .cc, .cxx, .hpp, .hxx |
Known Limitations
Section titled “Known Limitations”- Wrapper-heavy code can hide concrete call sites and reduce recall.
- Pattern fallback can raise false positives in helper utilities with similar syntax.
- Extension-based filtering can miss files with non-standard extensions.
- Missing call graph reduces fidelity for blast-radius and taint-backed diagnostics.
Recommended Operating Mode
Section titled “Recommended Operating Mode”For production enforcement:
- Keep diagnostics visible in CI artifacts.
- Use balanced thresholds when fidelity signals are degraded.
- Tighten to strict thresholds only after stable parser/call-graph coverage.
Version note: this page is aligned with metric version 1.2.0.