feat: add LLM Runtime Integration modifier (Phase 1+2)

raifdmueller · claude · raifdmueller · commit e33ab30b831b · 2026-04-15T13:54:06.000+02:00
Introduces a cross-cutting modifier (L0-L4) that describes how heavily the software integrates LLMs at runtime, separate from the 5 code dimensions. L3+ pushes the effective tier floor: - L3 (Tool Use) → min Tier 3 - L4 (Agentic) → min Tier 4 At L3+, a callout points to specialized frameworks (OWASP LLM Top 10, Palo Alto SHIELD, Aikido VCAL, Google SAIF) since the built-in mitigation catalog covers build-time risks only. Phase 1 (data model + tier logic): - getTierIndex(values, llmRuntimeLevel) with hard floor multiplier - llmRuntimeLevel state in RiskRadar, passed to RadarChart - RadarChart's rAF updater reads level via ref (closure-safe) Phase 2 (minimal UI): - Pill-button row between chart and tier badge - Callout box at L3+ with framework links - DE/EN i18n for labels, level descriptions, callout text Phases 3-5 (presets, extended docs, skills integration) follow. Refs #20 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/src/components/RadarChart.jsx b/src/components/RadarChart.jsx
@@ -118,6 +118,7 @@ export default function RadarChart({
   size = 460,
   determiningKey = null,
   registerUpdater = null,
+  llmRuntimeLevel = 0,
 }) {
   // Safe fallbacks to prevent math from crashing if data is missing
   const safeDims = dimensions || [];
@@ -130,7 +131,12 @@ export default function RadarChart({
   const n = safeDims.length || 1; // prevents division by zero
   const angStep = 360 / n;
 
-  const ti = getTierIndex(safeVals);
+  // Ref mirrors the prop so the rAF-driven registerUpdater closure
+  // can read the current level without re-binding the callback.
+  const llmRuntimeLevelRef = useRef(llmRuntimeLevel);
+  llmRuntimeLevelRef.current = llmRuntimeLevel;
+
+  const ti = getTierIndex(safeVals, llmRuntimeLevel);
   const tc = TIER_BG[ti] || "#6b7280";
 
   const [tooltip, setTooltip] = useState(null);
@@ -150,7 +156,7 @@ export default function RadarChart({
     registerUpdater((newValues) => {
       if (!mountedRef.current) return;
       const dims = dimensionsRef.current;
-      const newTi = getTierIndex(newValues);
+      const newTi = getTierIndex(newValues, llmRuntimeLevelRef.current);
       const newTc = TIER_BG[newTi] || "#6b7280";
       const newRiskPts = dims.map((d, i) =>
         polarToCartesian(cx, cy, (maxR / levels) * (newValues[d.key] + 1), i * angStep),
diff --git a/src/components/RiskRadar.jsx b/src/components/RiskRadar.jsx
@@ -20,6 +20,15 @@ export default function RiskRadar() {
   // React state holds only the final integer values (for tier badge, level labels etc.)
   const [values, setValues] = useState({ codeType: 0, language: 1, deployment: 0, data: 0, blastRadius: 0 });
 
+  // LLM Runtime Integration Level (0=none, 1=classify, 2=generate, 3=tools, 4=agentic)
+  // Cross-cutting modifier — at L3+ it pushes the effective tier floor up.
+  const [llmRuntimeLevel, setLlmRuntimeLevelState] = useState(0);
+  const llmRuntimeLevelRef = useRef(0);
+  const setLlmRuntimeLevel = useCallback((level) => {
+    llmRuntimeLevelRef.current = level;
+    setLlmRuntimeLevelState(level);
+  }, []);
+
   // Animated float values live in a ref — updated every rAF frame
   // Both sliders and RadarChart read from this ref via their own refs
   const floatValuesRef = useRef({ ...values });
@@ -88,7 +97,7 @@ export default function RiskRadar() {
     roundedValues[k] = Math.round(values[k]);
   });
 
-  const ti = getTierIndex(roundedValues);
+  const ti = getTierIndex(roundedValues, llmRuntimeLevel);
   const tier = t.tiers[ti];
   const tc = TIER_BG[ti];
 
@@ -162,12 +171,53 @@ export default function RiskRadar() {
           <RadarChart
             values={values}
             dimensions={t.dimensions}
+            llmRuntimeLevel={llmRuntimeLevel}
             registerUpdater={(fn) => {
               chartValuesRef.current = fn;
             }}
           />
         </div>
 
+        {/* LLM Runtime Integration Modifier */}
+        <div className={styles.llmRuntime}>
+          <div className={styles.llmRuntimeLabel}>{t.llmRuntime.label}</div>
+          <div className={styles.llmRuntimeLevels}>
+            {[0, 1, 2, 3, 4].map((lvl) => {
+              const isActive = llmRuntimeLevel === lvl;
+              const levelInfo = t.llmRuntime.levels[lvl];
+              return (
+                <button
+                  key={lvl}
+                  onClick={() => setLlmRuntimeLevel(lvl)}
+                  className={styles.llmRuntimeBtn}
+                  title={levelInfo.desc}
+                  style={{
+                    border: isActive ? `2px solid ${tc}` : "1px solid var(--border)",
+                    background: isActive ? `${tc}22` : "var(--bg-card)",
+                    color: isActive ? "var(--text-heading)" : "var(--text-muted)",
+                    fontWeight: isActive ? 700 : 500,
+                  }}
+                >
+                  L{lvl}
+                  <span className={styles.llmRuntimeBtnLabel}>{levelInfo.short}</span>
+                </button>
+              );
+            })}
+          </div>
+          {llmRuntimeLevel >= 3 && (
+            <div className={styles.llmRuntimeCallout} style={{ borderLeft: `3px solid ${tc}` }}>
+              <strong>{t.llmRuntime.calloutTitle}</strong> {t.llmRuntime.calloutBody}
+              <div className={styles.llmRuntimeLinks}>
+                {t.llmRuntime.frameworks.map((fw) => (
+                  <a key={fw.name} href={fw.url} target="_blank" rel="noopener">
+                    {fw.name}
+                  </a>
+                ))}
+              </div>
+            </div>
+          )}
+        </div>
+
         {/* Tier badge */}
         <div
           className={styles.tierBadge}
diff --git a/src/components/RiskRadar.module.css b/src/components/RiskRadar.module.css
@@ -83,6 +83,94 @@
   max-width: 500px; /* ← change only this to resize the chart */
 }
 
+/* ── LLM Runtime Integration Modifier ───────────────────────────────────── */
+
+.llmRuntime {
+  width: 100%;
+  max-width: 500px;
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+}
+
+.llmRuntimeLabel {
+  font-size: 13px;
+  font-weight: 600;
+  color: var(--text-secondary);
+  text-align: center;
+  text-transform: uppercase;
+  letter-spacing: 0.05em;
+}
+
+.llmRuntimeLevels {
+  display: flex;
+  gap: 6px;
+  justify-content: center;
+  flex-wrap: wrap;
+}
+
+.llmRuntimeBtn {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  gap: 2px;
+  padding: 6px 10px;
+  min-width: 74px;
+  border-radius: 8px;
+  cursor: pointer;
+  font-size: 13px;
+  transition: all 0.2s ease;
+}
+
+.llmRuntimeBtn:hover {
+  transform: translateY(-1px);
+  box-shadow: 0 3px 10px rgba(0, 0, 0, 0.15);
+}
+
+.llmRuntimeBtnLabel {
+  font-size: 10px;
+  font-weight: 500;
+  text-transform: uppercase;
+  letter-spacing: 0.03em;
+  opacity: 0.85;
+}
+
+.llmRuntimeCallout {
+  background: var(--bg-card);
+  border-radius: 8px;
+  padding: 10px 14px;
+  font-size: 13px;
+  color: var(--text-secondary);
+  line-height: 1.5;
+  margin-top: 4px;
+}
+
+.llmRuntimeCallout strong {
+  color: var(--text-primary);
+  display: block;
+  margin-bottom: 4px;
+}
+
+.llmRuntimeLinks {
+  display: flex;
+  gap: 12px;
+  flex-wrap: wrap;
+  margin-top: 8px;
+}
+
+.llmRuntimeLinks a {
+  color: var(--link);
+  text-decoration: none;
+  border-bottom: 1px solid var(--link-underline);
+  font-weight: 600;
+  font-size: 12px;
+  transition: border-color 0.2s ease;
+}
+
+.llmRuntimeLinks a:hover {
+  border-bottom-color: var(--link);
+}
+
 .tierBadge {
   display: inline-flex;
   align-items: center;
diff --git a/src/i18n.js b/src/i18n.js
@@ -19,6 +19,28 @@ const T = {
     docsButton: "Dokumentation",
     closeButton: "Schließen",
     langSwitch: "EN",
+    llmRuntime: {
+      label: "LLM Runtime Integration",
+      levels: [
+        { short: "Kein LLM", desc: "Klassische Software ohne LLM zur Laufzeit" },
+        { short: "Klassifikation", desc: "Passive Nutzung: Sentiment, Intent, Embeddings" },
+        { short: "Generativ", desc: "Generative Ausgabe: Chat, Zusammenfassungen" },
+        { short: "Tool Use", desc: "Function Calling: LLM triggert Aktionen" },
+        { short: "Agentic", desc: "Autonome Loops, Code-Execution, Selbstmodifikation" },
+      ],
+      calloutTitle: "Runtime-Risiken außerhalb unseres Katalogs.",
+      calloutBody:
+        "Die Mitigationen hier decken Build-Time-Risiken ab. Für Prompt Injection, Tool Sandboxing und Agentic Guardrails siehe spezialisierte Frameworks:",
+      frameworks: [
+        {
+          name: "OWASP LLM Top 10",
+          url: "https://owasp.org/www-project-top-10-for-large-language-model-applications/",
+        },
+        { name: "Palo Alto SHIELD", url: "https://unit42.paloaltonetworks.com/securing-vibe-coding-tools/" },
+        { name: "Aikido VCAL", url: "https://www.aikido.dev/blog/vibe-coding-security" },
+        { name: "Google SAIF", url: "https://saif.google/secure-ai-framework" },
+      ],
+    },
     typeBadges: {
       deterministic: "Deterministisch",
       probabilistic: "Probabilistisch",
@@ -383,6 +405,28 @@ Quellcode der Skills: https://github.com/LLM-Coding/vibe-coding-risk-radar/tree/
     docsButton: "Documentation",
     closeButton: "Close",
     langSwitch: "DE",
+    llmRuntime: {
+      label: "LLM Runtime Integration",
+      levels: [
+        { short: "No LLM", desc: "Classical software, no LLM at runtime" },
+        { short: "Classify", desc: "Passive use: sentiment, intent, embeddings" },
+        { short: "Generate", desc: "Generative output: chat, summaries" },
+        { short: "Tool Use", desc: "Function calling: LLM triggers actions" },
+        { short: "Agentic", desc: "Autonomous loops, code execution, self-modification" },
+      ],
+      calloutTitle: "Runtime risks are outside our catalog.",
+      calloutBody:
+        "The mitigations here cover build-time risks. For prompt injection, tool sandboxing, and agentic guardrails, see specialized frameworks:",
+      frameworks: [
+        {
+          name: "OWASP LLM Top 10",
+          url: "https://owasp.org/www-project-top-10-for-large-language-model-applications/",
+        },
+        { name: "Palo Alto SHIELD", url: "https://unit42.paloaltonetworks.com/securing-vibe-coding-tools/" },
+        { name: "Aikido VCAL", url: "https://www.aikido.dev/blog/vibe-coding-security" },
+        { name: "Google SAIF", url: "https://saif.google/secure-ai-framework" },
+      ],
+    },
     typeBadges: {
       deterministic: "Deterministic",
       probabilistic: "Probabilistic",
diff --git a/src/utils.js b/src/utils.js
@@ -1,6 +1,9 @@
-export function getTierIndex(values) {
+export function getTierIndex(values, llmRuntimeLevel = 0) {
   const mx = Math.max(...Object.values(values));
-  return mx <= 1 ? 0 : mx <= 2 ? 1 : mx <= 3 ? 2 : 3;
+  const base = mx <= 1 ? 0 : mx <= 2 ? 1 : mx <= 3 ? 2 : 3;
+  // LLM Runtime Modifier: L3 → min Tier 3 (index 2), L4 → min Tier 4 (index 3)
+  const floor = llmRuntimeLevel >= 4 ? 3 : llmRuntimeLevel >= 3 ? 2 : 0;
+  return Math.max(base, floor);
 }
 
 export function polarToCartesian(cx, cy, r, angleDeg) {
