Skip to main content

Overview

The LLMAnalyzer class uses AI/LLM to perform contextual analysis of code for privacy issues that go beyond simple pattern matching.

Constructor

new LLMAnalyzer()
Example: 
const LLMAnalyzer = require('kafkacode/dist/LLMAnalyzer');

const analyzer = new LLMAnalyzer();

Properties

verbose

analyzer.verbose
Controls verbose logging output. Type: boolean

Methods

analyzeFile(filePath, content, patternFindings)

Performs AI-powered analysis on file content. 
async analyzeFile(
  filePath: string,
  content: string,
  patternFindings: Finding[]
): Promise<Finding[]>
Parameters:
  • filePath (string): Path to the file
  • content (string): File content
  • patternFindings (Finding[]): Findings from pattern scanner (context)
Returns: Promise resolving to array of findings Example: 
const LLMAnalyzer = require('kafkacode/dist/LLMAnalyzer');
const PatternScanner = require('kafkacode/dist/PatternScanner');

const patternScanner = new PatternScanner();
const llmAnalyzer = new LLMAnalyzer();

const content = fs.readFileSync('./src/config.js', 'utf-8');

// First, pattern scan
const patternFindings = patternScanner.scanContent('./src/config.js', content);

// Then, LLM analysis
const llmFindings = await llmAnalyzer.analyzeFile(
  './src/config.js',
  content,
  patternFindings
);

console.log(`LLM found ${llmFindings.length} additional issues`);

How It Works

The LLM Analyzer:
  1. Takes context from pattern findings - Uses initial pattern matches to focus analysis
  2. Analyzes code semantically - Understands code context and intent
  3. Identifies subtle issues - Finds privacy concerns that patterns miss
  4. Reduces false positives - Filters out non-issues based on context
  5. Provides specific recommendations - Gives actionable advice

Usage Examples

Basic LLM Analysis

const analyzer = new LLMAnalyzer();

const code = `
  const config = {
    apiKey: process.env.API_KEY,  // Good
    password: "hardcoded123"      // Bad
  };
`;

const findings = await analyzer.analyzeFile('config.js', code, []);

findings.forEach(f => {
  console.log(`${f.severity}: ${f.description}`);
  console.log(`Recommendation: ${f.recommendation}`);
});

Combined Analysis

const patternScanner = new PatternScanner();
const llmAnalyzer = new LLMAnalyzer();

async function fullAnalysis(filePath) {
  const content = fs.readFileSync(filePath, 'utf-8');

  // Pattern-based detection
  const patternFindings = patternScanner.scanContent(filePath, content);

  // AI-powered analysis
  const llmFindings = await llmAnalyzer.analyzeFile(
    filePath,
    content,
    patternFindings
  );

  return [...patternFindings, ...llmFindings];
}
The LLM Analyzer helps reduce false positives by understanding code context, such as distinguishing between test data and real credentials.

Next Steps

PatternScanner

Pattern-based detection

How It Works

Understand the dual-layer approach