github
diff --git a/‎javascript/ql/lib/ext/google-genai.model.yml‎
Lines changed: 0 additions & 1 deletion b/‎javascript/ql/lib/ext/google-genai.model.yml‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎javascript/ql/src/experimental/semmle/javascript/frameworks/Anthropic.qll‎
Lines changed: 2 additions & 2 deletions b/‎javascript/ql/src/experimental/semmle/javascript/frameworks/Anthropic.qll‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎javascript/ql/src/experimental/semmle/javascript/frameworks/GoogleGenAI.qll‎
Lines changed: 2 additions & 2 deletions b/‎javascript/ql/src/experimental/semmle/javascript/frameworks/GoogleGenAI.qll‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎javascript/ql/src/experimental/semmle/javascript/frameworks/OpenAI.qll‎
Lines changed: 0 additions & 8 deletions b/‎javascript/ql/src/experimental/semmle/javascript/frameworks/OpenAI.qll‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/SystemPromptInjectionCustomizations.qll‎
Lines changed: 18 additions & 0 deletions b/‎javascript/ql/src/experimental/semmle/javascript/security/PromptInjection/SystemPromptInjectionCustomizations.qll‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected‎
Lines changed: 46 additions & 25 deletions b/‎javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/SystemPromptInjection.expected‎
Lines changed: 46 additions & 25 deletions
diff --git a/‎javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/anthropic_test.js‎
Lines changed: 32 additions & 0 deletions b/‎javascript/ql/test/experimental/Security/CWE-1427/SystemPromptInjection/anthropic_test.js‎
Lines changed: 32 additions & 0 deletions
@@ -19,5 +19,4 @@ extensions:
       - ["google-genai.Client", "Member[models].Member[generateVideos].Argument[0].Member[prompt]", "user-prompt-injection"]
       - ["google-genai.Client", "Member[chats].Member[create].ReturnValue.Member[sendMessage,sendMessageStream].Argument[0].Member[message]", "user-prompt-injection"]
       - ["google-genai.Client", "Member[chats].Member[create].ReturnValue.Member[sendMessage,sendMessageStream].Argument[0].Member[content]", "user-prompt-injection"]
-      - ["google-genai.Client", "Member[models].Member[embedContent].Argument[0].Member[content]", "user-prompt-injection"]
       - ["google-genai.Client", "Member[interactions].Member[create].Argument[0].Member[input]", "user-prompt-injection"]
@@ -33,7 +33,7 @@ module Anthropic {
     // messages: [{ role: "assistant", content: "..." }]
     exists(API::Node msg |
       msg = messagesCreateParams().getMember("messages").getArrayElement() and
-      msg.getMember("role").asSink().mayHaveStringValue("assistant")
+      msg.getMember("role").asSink().mayHaveStringValue(["system", "assistant"])
     |
       result = msg.getMember("content")
     )
@@ -47,7 +47,7 @@ module Anthropic {
     // messages: [{ role: "user", content: "..." }]
     exists(API::Node msg |
       msg = messagesCreateParams().getMember("messages").getArrayElement() and
-      not msg.getMember("role").asSink().mayHaveStringValue("assistant")
+      not msg.getMember("role").asSink().mayHaveStringValue(["system", "assistant"])
     |
       result = msg.getMember("content")
     )
 
@@ -33,7 +33,7 @@ module GoogleGenAI {
             .getParameter(0)
             .getMember("contents")
             .getArrayElement() and
-      msg.getMember("role").asSink().mayHaveStringValue("model")
+      msg.getMember("role").asSink().mayHaveStringValue(["system", "model"])
     |
       result = msg.getMember("parts").getArrayElement().getMember("text")
     )
@@ -53,7 +53,7 @@ module GoogleGenAI {
             .getParameter(0)
             .getMember("contents")
             .getArrayElement() and
-      not msg.getMember("role").asSink().mayHaveStringValue("model")
+      not msg.getMember("role").asSink().mayHaveStringValue(["system", "model"])
     |
       result = msg.getMember("parts").getArrayElement().getMember("text")
     )
 
@@ -171,14 +171,6 @@ module OpenAI {
           .getParameter(0)
           .getMember("prompt")
     or
-    // embeddings.create({ input: ... })
-    result =
-      clientsNoGuardrails()
-          .getMember("embeddings")
-          .getMember("create")
-          .getParameter(0)
-          .getMember("input")
-    or
     // beta.threads.messages.create(threadId, { role: "user", content: ... })
     exists(API::Node msg |
       msg =
 
@@ -74,6 +74,24 @@ module SystemPromptInjection {
     }
   }
 
+  /**
+   * Content placed in a message with `role: "user"` is not a system prompt
+   * injection vector; it is intended user-role content.
+   *
+   * This prevents false positives when user input and system prompts are
+   * combined in the same message array (e.g. `[{role:"system", content: ...},
+   * {role:"user", content: tainted}]`) and taint would otherwise propagate
+   * through array operations to the system message.
+   */
+  private class UserRoleMessageContentBarrier extends Sanitizer {
+    UserRoleMessageContentBarrier() {
+      exists(DataFlow::SourceNode obj |
+        obj.getAPropertySource("role").mayHaveStringValue("user") and
+        this = obj.getAPropertyWrite("content").getRhs()
+      )
+    }
+  }
+
   /**
    * A comparison with a constant, considered as a sanitizer-guard.
    */
 
@@ -33,6 +33,7 @@ edges
 | anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:99:35:99:41 | persona | provenance |  |
 | anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:110:30:110:36 | persona | provenance |  |
 | anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:117:30:117:36 | persona | provenance |  |
+| anthropic_test.js:8:9:8:15 | persona | anthropic_test.js:141:49:141:55 | persona | provenance |  |
 | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:8:9:8:15 | persona | provenance |  |
 | anthropic_test.js:17:30:17:36 | persona | anthropic_test.js:17:13:17:36 | "Talk l ... persona | provenance |  |
 | anthropic_test.js:30:32:30:38 | persona | anthropic_test.js:30:15:30:38 | "Talk l ... persona | provenance |  |
@@ -42,6 +43,15 @@ edges
 | anthropic_test.js:99:35:99:41 | persona | anthropic_test.js:99:18:99:41 | "Talk l ... persona | provenance |  |
 | anthropic_test.js:110:30:110:36 | persona | anthropic_test.js:110:13:110:36 | "Talk l ... persona | provenance |  |
 | anthropic_test.js:117:30:117:36 | persona | anthropic_test.js:117:13:117:36 | "Talk l ... persona | provenance |  |
+| anthropic_test.js:140:9:140:17 | messages2 [0, content] | anthropic_test.js:144:22:144:30 | messages2 [0, content] | provenance |  |
+| anthropic_test.js:140:21:143:3 | [\\n    { ...  },\\n  ] [0, content] | anthropic_test.js:140:9:140:17 | messages2 [0, content] | provenance |  |
+| anthropic_test.js:141:5:141:57 | { role: ... rsona } [content] | anthropic_test.js:140:21:143:3 | [\\n    { ...  },\\n  ] [0, content] | provenance |  |
+| anthropic_test.js:141:32:141:55 | "Talk l ... persona | anthropic_test.js:141:5:141:57 | { role: ... rsona } [content] | provenance |  |
+| anthropic_test.js:141:49:141:55 | persona | anthropic_test.js:141:32:141:55 | "Talk l ... persona | provenance |  |
+| anthropic_test.js:144:9:144:18 | systemMsg2 [content] | anthropic_test.js:148:13:148:22 | systemMsg2 [content] | provenance |  |
+| anthropic_test.js:144:22:144:30 | messages2 [0, content] | anthropic_test.js:144:22:144:63 | message ... ystem") [content] | provenance |  |
+| anthropic_test.js:144:22:144:63 | message ... ystem") [content] | anthropic_test.js:144:9:144:18 | systemMsg2 [content] | provenance |  |
+| anthropic_test.js:148:13:148:22 | systemMsg2 [content] | anthropic_test.js:148:13:148:30 | systemMsg2.content | provenance |  |
 | gemini_test.js:8:9:8:15 | persona | gemini_test.js:18:43:18:49 | persona | provenance |  |
 | gemini_test.js:8:9:8:15 | persona | gemini_test.js:30:42:30:48 | persona | provenance |  |
 | gemini_test.js:8:9:8:15 | persona | gemini_test.js:59:43:59:49 | persona | provenance |  |
@@ -62,11 +72,11 @@ edges
 | openai_test.js:11:9:11:15 | persona | openai_test.js:83:35:83:41 | persona | provenance |  |
 | openai_test.js:11:9:11:15 | persona | openai_test.js:97:36:97:42 | persona | provenance |  |
 | openai_test.js:11:9:11:15 | persona | openai_test.js:110:35:110:41 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:149:36:149:42 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:160:36:160:42 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:166:52:166:58 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:172:31:172:37 | persona | provenance |  |
-| openai_test.js:11:9:11:15 | persona | openai_test.js:200:49:200:55 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:141:36:141:42 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:152:36:152:42 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:158:52:158:58 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:164:31:164:37 | persona | provenance |  |
+| openai_test.js:11:9:11:15 | persona | openai_test.js:192:49:192:55 | persona | provenance |  |
 | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:11:9:11:15 | persona | provenance |  |
 | openai_test.js:19:36:19:42 | persona | openai_test.js:19:19:19:42 | "Talk l ... persona | provenance |  |
 | openai_test.js:29:35:29:41 | persona | openai_test.js:29:18:29:41 | "Talk l ... persona | provenance |  |
@@ -75,11 +85,11 @@ edges
 | openai_test.js:83:35:83:41 | persona | openai_test.js:83:18:83:41 | "Talk l ... persona | provenance |  |
 | openai_test.js:97:36:97:42 | persona | openai_test.js:97:19:97:42 | "Talk l ... persona | provenance |  |
 | openai_test.js:110:35:110:41 | persona | openai_test.js:110:18:110:41 | "Talk l ... persona | provenance |  |
-| openai_test.js:149:36:149:42 | persona | openai_test.js:149:19:149:42 | "Talk l ... persona | provenance |  |
-| openai_test.js:160:36:160:42 | persona | openai_test.js:160:19:160:42 | "Talk l ... persona | provenance |  |
-| openai_test.js:166:52:166:58 | persona | openai_test.js:166:30:166:58 | "Also t ... persona | provenance |  |
-| openai_test.js:172:31:172:37 | persona | openai_test.js:172:14:172:37 | "Talk l ... persona | provenance |  |
-| openai_test.js:200:49:200:55 | persona | openai_test.js:200:32:200:55 | "Talk l ... persona | provenance |  |
+| openai_test.js:141:36:141:42 | persona | openai_test.js:141:19:141:42 | "Talk l ... persona | provenance |  |
+| openai_test.js:152:36:152:42 | persona | openai_test.js:152:19:152:42 | "Talk l ... persona | provenance |  |
+| openai_test.js:158:52:158:58 | persona | openai_test.js:158:30:158:58 | "Also t ... persona | provenance |  |
+| openai_test.js:164:31:164:37 | persona | openai_test.js:164:14:164:37 | "Talk l ... persona | provenance |  |
+| openai_test.js:192:49:192:55 | persona | openai_test.js:192:32:192:55 | "Talk l ... persona | provenance |  |
 nodes
 | agents_test.js:8:9:8:15 | persona | semmle.label | persona |
 | agents_test.js:8:19:8:35 | req.query.persona | semmle.label | req.query.persona |
@@ -120,6 +130,16 @@ nodes
 | anthropic_test.js:110:30:110:36 | persona | semmle.label | persona |
 | anthropic_test.js:117:13:117:36 | "Talk l ... persona | semmle.label | "Talk l ... persona |
 | anthropic_test.js:117:30:117:36 | persona | semmle.label | persona |
+| anthropic_test.js:140:9:140:17 | messages2 [0, content] | semmle.label | messages2 [0, content] |
+| anthropic_test.js:140:21:143:3 | [\\n    { ...  },\\n  ] [0, content] | semmle.label | [\\n    { ...  },\\n  ] [0, content] |
+| anthropic_test.js:141:5:141:57 | { role: ... rsona } [content] | semmle.label | { role: ... rsona } [content] |
+| anthropic_test.js:141:32:141:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| anthropic_test.js:141:49:141:55 | persona | semmle.label | persona |
+| anthropic_test.js:144:9:144:18 | systemMsg2 [content] | semmle.label | systemMsg2 [content] |
+| anthropic_test.js:144:22:144:30 | messages2 [0, content] | semmle.label | messages2 [0, content] |
+| anthropic_test.js:144:22:144:63 | message ... ystem") [content] | semmle.label | message ... ystem") [content] |
+| anthropic_test.js:148:13:148:22 | systemMsg2 [content] | semmle.label | systemMsg2 [content] |
+| anthropic_test.js:148:13:148:30 | systemMsg2.content | semmle.label | systemMsg2.content |
 | gemini_test.js:8:9:8:15 | persona | semmle.label | persona |
 | gemini_test.js:8:19:8:35 | req.query.persona | semmle.label | req.query.persona |
 | gemini_test.js:18:26:18:49 | "Talk l ... persona | semmle.label | "Talk l ... persona |
@@ -150,16 +170,16 @@ nodes
 | openai_test.js:97:36:97:42 | persona | semmle.label | persona |
 | openai_test.js:110:18:110:41 | "Talk l ... persona | semmle.label | "Talk l ... persona |
 | openai_test.js:110:35:110:41 | persona | semmle.label | persona |
-| openai_test.js:149:19:149:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:149:36:149:42 | persona | semmle.label | persona |
-| openai_test.js:160:19:160:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:160:36:160:42 | persona | semmle.label | persona |
-| openai_test.js:166:30:166:58 | "Also t ... persona | semmle.label | "Also t ... persona |
-| openai_test.js:166:52:166:58 | persona | semmle.label | persona |
-| openai_test.js:172:14:172:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:172:31:172:37 | persona | semmle.label | persona |
-| openai_test.js:200:32:200:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
-| openai_test.js:200:49:200:55 | persona | semmle.label | persona |
+| openai_test.js:141:19:141:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:141:36:141:42 | persona | semmle.label | persona |
+| openai_test.js:152:19:152:42 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:152:36:152:42 | persona | semmle.label | persona |
+| openai_test.js:158:30:158:58 | "Also t ... persona | semmle.label | "Also t ... persona |
+| openai_test.js:158:52:158:58 | persona | semmle.label | persona |
+| openai_test.js:164:14:164:37 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:164:31:164:37 | persona | semmle.label | persona |
+| openai_test.js:192:32:192:55 | "Talk l ... persona | semmle.label | "Talk l ... persona |
+| openai_test.js:192:49:192:55 | persona | semmle.label | persona |
 subpaths
 #select
 | agents_test.js:16:19:16:42 | "Talk l ... persona | agents_test.js:8:19:8:35 | req.query.persona | agents_test.js:16:19:16:42 | "Talk l ... persona | This prompt construction depends on a $@. | agents_test.js:8:19:8:35 | req.query.persona | user-provided value |
@@ -179,6 +199,7 @@ subpaths
 | anthropic_test.js:99:18:99:41 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:99:18:99:41 | "Talk l ... persona | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
 | anthropic_test.js:110:13:110:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:110:13:110:36 | "Talk l ... persona | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
 | anthropic_test.js:117:13:117:36 | "Talk l ... persona | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:117:13:117:36 | "Talk l ... persona | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
+| anthropic_test.js:148:13:148:30 | systemMsg2.content | anthropic_test.js:8:19:8:35 | req.query.persona | anthropic_test.js:148:13:148:30 | systemMsg2.content | This prompt construction depends on a $@. | anthropic_test.js:8:19:8:35 | req.query.persona | user-provided value |
 | gemini_test.js:18:26:18:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:18:26:18:49 | "Talk l ... persona | This prompt construction depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
 | gemini_test.js:30:25:30:48 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:30:25:30:48 | "Talk l ... persona | This prompt construction depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
 | gemini_test.js:59:26:59:49 | "Talk l ... persona | gemini_test.js:8:19:8:35 | req.query.persona | gemini_test.js:59:26:59:49 | "Talk l ... persona | This prompt construction depends on a $@. | gemini_test.js:8:19:8:35 | req.query.persona | user-provided value |
@@ -192,8 +213,8 @@ subpaths
 | openai_test.js:83:18:83:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:83:18:83:41 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
 | openai_test.js:97:19:97:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:97:19:97:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
 | openai_test.js:110:18:110:41 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:110:18:110:41 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:149:19:149:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:149:19:149:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:160:19:160:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:160:19:160:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:166:30:166:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:166:30:166:58 | "Also t ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:172:14:172:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:172:14:172:37 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
-| openai_test.js:200:32:200:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:200:32:200:55 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:141:19:141:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:141:19:141:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:152:19:152:42 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:152:19:152:42 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:158:30:158:58 | "Also t ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:158:30:158:58 | "Also t ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:164:14:164:37 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:164:14:164:37 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
+| openai_test.js:192:32:192:55 | "Talk l ... persona | openai_test.js:11:19:11:35 | req.query.persona | openai_test.js:192:32:192:55 | "Talk l ... persona | This prompt construction depends on a $@. | openai_test.js:11:19:11:35 | req.query.persona | user-provided value |
@@ -117,6 +117,38 @@ app.get("/test", async (req, res) => {
     system: "Talk like a " + persona, // $ Alert[js/prompt-injection]
   });
 
+  // === Barrier: user-role content in shared message array ===
+
+  // SHOULD NOT ALERT — user input placed in { role: "user" } should not
+  // taint system messages extracted from the same array.
+  const messages = [
+    { role: "system", content: "You are a helpful assistant" },
+    { role: "user", content: query }, // OK - user role barrier
+  ];
+  const systemMsg = messages.find((m) => m.role === "system");
+  const m6 = await client.messages.create({
+    model: "claude-sonnet-4-20250514",
+    max_tokens: 1024,
+    system: systemMsg.content,
+    messages: [{ role: "user", content: query }],
+  });
+
+  // === Barrier does NOT suppress: tainted value in system role ===
+
+  // SHOULD ALERT — tainted data goes into system role; barrier on user role
+  // must not suppress the system-role taint path.
+  const messages2 = [
+    { role: "system", content: "Talk like a " + persona }, // $ Alert[js/prompt-injection]
+    { role: "user", content: query },
+  ];
+  const systemMsg2 = messages2.find((m) => m.role === "system");
+  const m7 = await client.messages.create({
+    model: "claude-sonnet-4-20250514",
+    max_tokens: 1024,
+    system: systemMsg2.content,
+    messages: [{ role: "user", content: query }],
+  });
+
   // === Sanitizer: constant comparison ===
 
   // SHOULD NOT ALERT
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ module Anthropic {`
`33`	`33`	`// messages: [{ role: "assistant", content: "..." }]`
`34`	`34`	`exists(API::Node msg \|`
`35`	`35`	`msg = messagesCreateParams().getMember("messages").getArrayElement() and`
`36`		`- msg.getMember("role").asSink().mayHaveStringValue("assistant")`
	`36`	`+ msg.getMember("role").asSink().mayHaveStringValue(["system", "assistant"])`
`37`	`37`	`\|`
`38`	`38`	`result = msg.getMember("content")`
`39`	`39`	`)`
`@@ -47,7 +47,7 @@ module Anthropic {`
`47`	`47`	`// messages: [{ role: "user", content: "..." }]`
`48`	`48`	`exists(API::Node msg \|`
`49`	`49`	`msg = messagesCreateParams().getMember("messages").getArrayElement() and`
`50`		`- not msg.getMember("role").asSink().mayHaveStringValue("assistant")`
	`50`	`+ not msg.getMember("role").asSink().mayHaveStringValue(["system", "assistant"])`
`51`	`51`	`\|`
`52`	`52`	`result = msg.getMember("content")`
`53`	`53`	`)`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ module GoogleGenAI {`
`33`	`33`	`.getParameter(0)`
`34`	`34`	`.getMember("contents")`
`35`	`35`	`.getArrayElement() and`
`36`		`- msg.getMember("role").asSink().mayHaveStringValue("model")`
	`36`	`+ msg.getMember("role").asSink().mayHaveStringValue(["system", "model"])`
`37`	`37`	`\|`
`38`	`38`	`result = msg.getMember("parts").getArrayElement().getMember("text")`
`39`	`39`	`)`
`@@ -53,7 +53,7 @@ module GoogleGenAI {`
`53`	`53`	`.getParameter(0)`
`54`	`54`	`.getMember("contents")`
`55`	`55`	`.getArrayElement() and`
`56`		`- not msg.getMember("role").asSink().mayHaveStringValue("model")`
	`56`	`+ not msg.getMember("role").asSink().mayHaveStringValue(["system", "model"])`
`57`	`57`	`\|`
`58`	`58`	`result = msg.getMember("parts").getArrayElement().getMember("text")`
`59`	`59`	`)`