@avi770/testteam 3.0.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1201) hide show
  1. package/CHANGELOG.md +166 -5
  2. package/README.md +92 -19
  3. package/bin/testteam.js +32 -4
  4. package/dist/agents/01-analyst.d.ts +2 -2
  5. package/dist/agents/01-analyst.js +1 -1
  6. package/dist/agents/02-seed-architect.d.ts +2 -2
  7. package/dist/agents/02-seed-architect.js +2 -2
  8. package/dist/agents/03-test-generator.d.ts +2 -2
  9. package/dist/agents/03-test-generator.js +2 -2
  10. package/dist/agents/04-unit-runner.d.ts +2 -2
  11. package/dist/agents/04-unit-runner.d.ts.map +1 -1
  12. package/dist/agents/04-unit-runner.js +12 -3
  13. package/dist/agents/04-unit-runner.js.map +1 -1
  14. package/dist/agents/05-browser-crawler.d.ts +2 -2
  15. package/dist/agents/05-browser-crawler.d.ts.map +1 -1
  16. package/dist/agents/05-browser-crawler.js +24 -12
  17. package/dist/agents/05-browser-crawler.js.map +1 -1
  18. package/dist/agents/06-api-exerciser.d.ts +2 -2
  19. package/dist/agents/06-api-exerciser.js +2 -2
  20. package/dist/agents/07-security-scout.d.ts +2 -2
  21. package/dist/agents/07-security-scout.js +2 -2
  22. package/dist/agents/08-a11y-guardian.d.ts +2 -2
  23. package/dist/agents/08-a11y-guardian.d.ts.map +1 -1
  24. package/dist/agents/08-a11y-guardian.js +9 -5
  25. package/dist/agents/08-a11y-guardian.js.map +1 -1
  26. package/dist/agents/09-healer.d.ts +2 -2
  27. package/dist/agents/09-healer.js +2 -2
  28. package/dist/agents/10-reporter.d.ts +2 -2
  29. package/dist/agents/10-reporter.d.ts.map +1 -1
  30. package/dist/agents/10-reporter.js +55 -27
  31. package/dist/agents/10-reporter.js.map +1 -1
  32. package/dist/agents/100-error-handling-auditor.d.ts +63 -0
  33. package/dist/agents/100-error-handling-auditor.d.ts.map +1 -0
  34. package/dist/agents/100-error-handling-auditor.js +334 -0
  35. package/dist/agents/100-error-handling-auditor.js.map +1 -0
  36. package/dist/agents/101-rate-limit-auditor.d.ts +72 -0
  37. package/dist/agents/101-rate-limit-auditor.d.ts.map +1 -0
  38. package/dist/agents/101-rate-limit-auditor.js +295 -0
  39. package/dist/agents/101-rate-limit-auditor.js.map +1 -0
  40. package/dist/agents/102-dockerfile-auditor.d.ts +62 -0
  41. package/dist/agents/102-dockerfile-auditor.d.ts.map +1 -0
  42. package/dist/agents/102-dockerfile-auditor.js +337 -0
  43. package/dist/agents/102-dockerfile-auditor.js.map +1 -0
  44. package/dist/agents/103-ci-workflow-auditor.d.ts +57 -0
  45. package/dist/agents/103-ci-workflow-auditor.d.ts.map +1 -0
  46. package/dist/agents/103-ci-workflow-auditor.js +247 -0
  47. package/dist/agents/103-ci-workflow-auditor.js.map +1 -0
  48. package/dist/agents/104-n-plus-one-detector.d.ts +57 -0
  49. package/dist/agents/104-n-plus-one-detector.d.ts.map +1 -0
  50. package/dist/agents/104-n-plus-one-detector.js +329 -0
  51. package/dist/agents/104-n-plus-one-detector.js.map +1 -0
  52. package/dist/agents/105-unbounded-query-auditor.d.ts +50 -0
  53. package/dist/agents/105-unbounded-query-auditor.d.ts.map +1 -0
  54. package/dist/agents/105-unbounded-query-auditor.js +284 -0
  55. package/dist/agents/105-unbounded-query-auditor.js.map +1 -0
  56. package/dist/agents/106-hardcoded-config-auditor.d.ts +54 -0
  57. package/dist/agents/106-hardcoded-config-auditor.d.ts.map +1 -0
  58. package/dist/agents/106-hardcoded-config-auditor.js +251 -0
  59. package/dist/agents/106-hardcoded-config-auditor.js.map +1 -0
  60. package/dist/agents/107-open-redirect-detector.d.ts +52 -0
  61. package/dist/agents/107-open-redirect-detector.d.ts.map +1 -0
  62. package/dist/agents/107-open-redirect-detector.js +263 -0
  63. package/dist/agents/107-open-redirect-detector.js.map +1 -0
  64. package/dist/agents/108-sql-injection-detector.d.ts +51 -0
  65. package/dist/agents/108-sql-injection-detector.d.ts.map +1 -0
  66. package/dist/agents/108-sql-injection-detector.js +323 -0
  67. package/dist/agents/108-sql-injection-detector.js.map +1 -0
  68. package/dist/agents/109-path-traversal-detector.d.ts +51 -0
  69. package/dist/agents/109-path-traversal-detector.d.ts.map +1 -0
  70. package/dist/agents/109-path-traversal-detector.js +244 -0
  71. package/dist/agents/109-path-traversal-detector.js.map +1 -0
  72. package/dist/agents/11-fixer.d.ts +4 -2
  73. package/dist/agents/11-fixer.d.ts.map +1 -1
  74. package/dist/agents/11-fixer.js +52 -11
  75. package/dist/agents/11-fixer.js.map +1 -1
  76. package/dist/agents/110-mass-assignment-detector.d.ts +52 -0
  77. package/dist/agents/110-mass-assignment-detector.d.ts.map +1 -0
  78. package/dist/agents/110-mass-assignment-detector.js +199 -0
  79. package/dist/agents/110-mass-assignment-detector.js.map +1 -0
  80. package/dist/agents/111-dynamic-eval-detector.d.ts +46 -0
  81. package/dist/agents/111-dynamic-eval-detector.d.ts.map +1 -0
  82. package/dist/agents/111-dynamic-eval-detector.js +233 -0
  83. package/dist/agents/111-dynamic-eval-detector.js.map +1 -0
  84. package/dist/agents/112-taint-tracker.d.ts +226 -0
  85. package/dist/agents/112-taint-tracker.d.ts.map +1 -0
  86. package/dist/agents/112-taint-tracker.js +1273 -0
  87. package/dist/agents/112-taint-tracker.js.map +1 -0
  88. package/dist/agents/113-response-contract-auditor.d.ts +92 -0
  89. package/dist/agents/113-response-contract-auditor.d.ts.map +1 -0
  90. package/dist/agents/113-response-contract-auditor.js +694 -0
  91. package/dist/agents/113-response-contract-auditor.js.map +1 -0
  92. package/dist/agents/114-static-a11y-auditor.d.ts +66 -0
  93. package/dist/agents/114-static-a11y-auditor.d.ts.map +1 -0
  94. package/dist/agents/114-static-a11y-auditor.js +377 -0
  95. package/dist/agents/114-static-a11y-auditor.js.map +1 -0
  96. package/dist/agents/115-multihop-taint-tracker.d.ts +84 -0
  97. package/dist/agents/115-multihop-taint-tracker.d.ts.map +1 -0
  98. package/dist/agents/115-multihop-taint-tracker.js +340 -0
  99. package/dist/agents/115-multihop-taint-tracker.js.map +1 -0
  100. package/dist/agents/116-runtime-contract-capture.d.ts +79 -0
  101. package/dist/agents/116-runtime-contract-capture.d.ts.map +1 -0
  102. package/dist/agents/116-runtime-contract-capture.js +274 -0
  103. package/dist/agents/116-runtime-contract-capture.js.map +1 -0
  104. package/dist/agents/117-aria-rule-engine.d.ts +52 -0
  105. package/dist/agents/117-aria-rule-engine.d.ts.map +1 -0
  106. package/dist/agents/117-aria-rule-engine.js +415 -0
  107. package/dist/agents/117-aria-rule-engine.js.map +1 -0
  108. package/dist/agents/118-insecure-crypto-auditor.d.ts +48 -0
  109. package/dist/agents/118-insecure-crypto-auditor.d.ts.map +1 -0
  110. package/dist/agents/118-insecure-crypto-auditor.js +232 -0
  111. package/dist/agents/118-insecure-crypto-auditor.js.map +1 -0
  112. package/dist/agents/119-secrets-scanner.d.ts +44 -0
  113. package/dist/agents/119-secrets-scanner.d.ts.map +1 -0
  114. package/dist/agents/119-secrets-scanner.js +242 -0
  115. package/dist/agents/119-secrets-scanner.js.map +1 -0
  116. package/dist/agents/12-ux-inspector.d.ts +2 -2
  117. package/dist/agents/12-ux-inspector.d.ts.map +1 -1
  118. package/dist/agents/12-ux-inspector.js +8 -4
  119. package/dist/agents/12-ux-inspector.js.map +1 -1
  120. package/dist/agents/120-async-safety-auditor.d.ts +48 -0
  121. package/dist/agents/120-async-safety-auditor.d.ts.map +1 -0
  122. package/dist/agents/120-async-safety-auditor.js +250 -0
  123. package/dist/agents/120-async-safety-auditor.js.map +1 -0
  124. package/dist/agents/13-performance-profiler.d.ts +2 -2
  125. package/dist/agents/13-performance-profiler.d.ts.map +1 -1
  126. package/dist/agents/13-performance-profiler.js +5 -4
  127. package/dist/agents/13-performance-profiler.js.map +1 -1
  128. package/dist/agents/14-data-integrity-auditor.d.ts +2 -2
  129. package/dist/agents/14-data-integrity-auditor.js +4 -4
  130. package/dist/agents/14-data-integrity-auditor.js.map +1 -1
  131. package/dist/agents/15-regression-sentinel.d.ts +6 -5
  132. package/dist/agents/15-regression-sentinel.d.ts.map +1 -1
  133. package/dist/agents/15-regression-sentinel.js +5 -4
  134. package/dist/agents/15-regression-sentinel.js.map +1 -1
  135. package/dist/agents/16-chaos-agent.d.ts +2 -2
  136. package/dist/agents/16-chaos-agent.d.ts.map +1 -1
  137. package/dist/agents/16-chaos-agent.js +11 -4
  138. package/dist/agents/16-chaos-agent.js.map +1 -1
  139. package/dist/agents/17-documentation-validator.d.ts +2 -2
  140. package/dist/agents/17-documentation-validator.d.ts.map +1 -1
  141. package/dist/agents/17-documentation-validator.js +5 -2
  142. package/dist/agents/17-documentation-validator.js.map +1 -1
  143. package/dist/agents/18-integration-watchdog.d.ts +2 -2
  144. package/dist/agents/18-integration-watchdog.d.ts.map +1 -1
  145. package/dist/agents/18-integration-watchdog.js +5 -2
  146. package/dist/agents/18-integration-watchdog.js.map +1 -1
  147. package/dist/agents/19-tenant-isolation-auditor.d.ts +2 -2
  148. package/dist/agents/19-tenant-isolation-auditor.js +4 -4
  149. package/dist/agents/19-tenant-isolation-auditor.js.map +1 -1
  150. package/dist/agents/20-workflow-completion-tester.d.ts +2 -2
  151. package/dist/agents/20-workflow-completion-tester.d.ts.map +1 -1
  152. package/dist/agents/20-workflow-completion-tester.js +10 -6
  153. package/dist/agents/20-workflow-completion-tester.js.map +1 -1
  154. package/dist/agents/21-state-session-tester.d.ts +2 -2
  155. package/dist/agents/21-state-session-tester.d.ts.map +1 -1
  156. package/dist/agents/21-state-session-tester.js +15 -5
  157. package/dist/agents/21-state-session-tester.js.map +1 -1
  158. package/dist/agents/22-email-notification-verifier.d.ts +2 -2
  159. package/dist/agents/22-email-notification-verifier.js +2 -2
  160. package/dist/agents/23-migration-tester.d.ts +2 -2
  161. package/dist/agents/23-migration-tester.js +1 -1
  162. package/dist/agents/24-signup-onboarding-tester.d.ts +2 -2
  163. package/dist/agents/24-signup-onboarding-tester.d.ts.map +1 -1
  164. package/dist/agents/24-signup-onboarding-tester.js +13 -10
  165. package/dist/agents/24-signup-onboarding-tester.js.map +1 -1
  166. package/dist/agents/25-crud-flow-tester.d.ts +2 -2
  167. package/dist/agents/25-crud-flow-tester.d.ts.map +1 -1
  168. package/dist/agents/25-crud-flow-tester.js +12 -6
  169. package/dist/agents/25-crud-flow-tester.js.map +1 -1
  170. package/dist/agents/26-form-validator.d.ts +2 -2
  171. package/dist/agents/26-form-validator.d.ts.map +1 -1
  172. package/dist/agents/26-form-validator.js +12 -6
  173. package/dist/agents/26-form-validator.js.map +1 -1
  174. package/dist/agents/27-search-filter-tester.d.ts +2 -2
  175. package/dist/agents/27-search-filter-tester.d.ts.map +1 -1
  176. package/dist/agents/27-search-filter-tester.js +12 -6
  177. package/dist/agents/27-search-filter-tester.js.map +1 -1
  178. package/dist/agents/28-navigation-routing-tester.d.ts +2 -2
  179. package/dist/agents/28-navigation-routing-tester.d.ts.map +1 -1
  180. package/dist/agents/28-navigation-routing-tester.js +12 -6
  181. package/dist/agents/28-navigation-routing-tester.js.map +1 -1
  182. package/dist/agents/29-responsive-interaction-tester.d.ts +2 -2
  183. package/dist/agents/29-responsive-interaction-tester.d.ts.map +1 -1
  184. package/dist/agents/29-responsive-interaction-tester.js +12 -6
  185. package/dist/agents/29-responsive-interaction-tester.js.map +1 -1
  186. package/dist/agents/30-multi-user-scenario-tester.d.ts +2 -2
  187. package/dist/agents/30-multi-user-scenario-tester.d.ts.map +1 -1
  188. package/dist/agents/30-multi-user-scenario-tester.js +20 -13
  189. package/dist/agents/30-multi-user-scenario-tester.js.map +1 -1
  190. package/dist/agents/31-load-tester.d.ts +2 -2
  191. package/dist/agents/31-load-tester.js +2 -2
  192. package/dist/agents/32-memory-leak-detector.d.ts +2 -2
  193. package/dist/agents/32-memory-leak-detector.d.ts.map +1 -1
  194. package/dist/agents/32-memory-leak-detector.js +5 -4
  195. package/dist/agents/32-memory-leak-detector.js.map +1 -1
  196. package/dist/agents/33-bundle-analyzer.d.ts +2 -2
  197. package/dist/agents/33-bundle-analyzer.js +1 -1
  198. package/dist/agents/34-xss-scanner.d.ts +2 -2
  199. package/dist/agents/34-xss-scanner.d.ts.map +1 -1
  200. package/dist/agents/34-xss-scanner.js +12 -6
  201. package/dist/agents/34-xss-scanner.js.map +1 -1
  202. package/dist/agents/35-csrf-tester.d.ts +2 -2
  203. package/dist/agents/35-csrf-tester.js +2 -2
  204. package/dist/agents/36-auth-fuzzer.d.ts +2 -2
  205. package/dist/agents/36-auth-fuzzer.js +2 -2
  206. package/dist/agents/37-dependency-scanner.d.ts +2 -2
  207. package/dist/agents/37-dependency-scanner.js +1 -1
  208. package/dist/agents/38-secrets-scanner.d.ts +2 -2
  209. package/dist/agents/38-secrets-scanner.d.ts.map +1 -1
  210. package/dist/agents/38-secrets-scanner.js +39 -4
  211. package/dist/agents/38-secrets-scanner.js.map +1 -1
  212. package/dist/agents/39-api-contract-tester.d.ts +2 -2
  213. package/dist/agents/39-api-contract-tester.js +2 -2
  214. package/dist/agents/40-rate-limit-tester.d.ts +2 -2
  215. package/dist/agents/40-rate-limit-tester.js +2 -2
  216. package/dist/agents/41-api-pagination-tester.d.ts +2 -2
  217. package/dist/agents/41-api-pagination-tester.js +2 -2
  218. package/dist/agents/42-graphql-tester.d.ts +2 -2
  219. package/dist/agents/42-graphql-tester.js +2 -2
  220. package/dist/agents/43-data-consistency-checker.d.ts +2 -2
  221. package/dist/agents/43-data-consistency-checker.js +3 -3
  222. package/dist/agents/44-backup-recovery-tester.d.ts +2 -2
  223. package/dist/agents/44-backup-recovery-tester.js +1 -1
  224. package/dist/agents/45-data-privacy-scanner.d.ts +2 -2
  225. package/dist/agents/45-data-privacy-scanner.js +3 -3
  226. package/dist/agents/46-seo-auditor.d.ts +2 -2
  227. package/dist/agents/46-seo-auditor.d.ts.map +1 -1
  228. package/dist/agents/46-seo-auditor.js +12 -6
  229. package/dist/agents/46-seo-auditor.js.map +1 -1
  230. package/dist/agents/47-social-preview-tester.d.ts +2 -2
  231. package/dist/agents/47-social-preview-tester.d.ts.map +1 -1
  232. package/dist/agents/47-social-preview-tester.js +12 -6
  233. package/dist/agents/47-social-preview-tester.js.map +1 -1
  234. package/dist/agents/48-lighthouse-auditor.d.ts +2 -2
  235. package/dist/agents/48-lighthouse-auditor.d.ts.map +1 -1
  236. package/dist/agents/48-lighthouse-auditor.js +5 -4
  237. package/dist/agents/48-lighthouse-auditor.js.map +1 -1
  238. package/dist/agents/49-i18n-tester.d.ts +2 -2
  239. package/dist/agents/49-i18n-tester.d.ts.map +1 -1
  240. package/dist/agents/49-i18n-tester.js +12 -6
  241. package/dist/agents/49-i18n-tester.js.map +1 -1
  242. package/dist/agents/50-timezone-tester.d.ts +2 -2
  243. package/dist/agents/50-timezone-tester.d.ts.map +1 -1
  244. package/dist/agents/50-timezone-tester.js +40 -33
  245. package/dist/agents/50-timezone-tester.js.map +1 -1
  246. package/dist/agents/51-error-recovery-tester.d.ts +2 -2
  247. package/dist/agents/51-error-recovery-tester.d.ts.map +1 -1
  248. package/dist/agents/51-error-recovery-tester.js +12 -7
  249. package/dist/agents/51-error-recovery-tester.js.map +1 -1
  250. package/dist/agents/52-offline-mode-tester.d.ts +2 -2
  251. package/dist/agents/52-offline-mode-tester.d.ts.map +1 -1
  252. package/dist/agents/52-offline-mode-tester.js +12 -7
  253. package/dist/agents/52-offline-mode-tester.js.map +1 -1
  254. package/dist/agents/53-graceful-degradation-tester.d.ts +2 -2
  255. package/dist/agents/53-graceful-degradation-tester.d.ts.map +1 -1
  256. package/dist/agents/53-graceful-degradation-tester.js +10 -3
  257. package/dist/agents/53-graceful-degradation-tester.js.map +1 -1
  258. package/dist/agents/54-websocket-tester.d.ts +2 -2
  259. package/dist/agents/54-websocket-tester.d.ts.map +1 -1
  260. package/dist/agents/54-websocket-tester.js +12 -6
  261. package/dist/agents/54-websocket-tester.js.map +1 -1
  262. package/dist/agents/55-realtime-sync-tester.d.ts +2 -2
  263. package/dist/agents/55-realtime-sync-tester.d.ts.map +1 -1
  264. package/dist/agents/55-realtime-sync-tester.js +101 -96
  265. package/dist/agents/55-realtime-sync-tester.js.map +1 -1
  266. package/dist/agents/56-file-upload-tester.d.ts +2 -2
  267. package/dist/agents/56-file-upload-tester.d.ts.map +1 -1
  268. package/dist/agents/56-file-upload-tester.js +17 -13
  269. package/dist/agents/56-file-upload-tester.js.map +1 -1
  270. package/dist/agents/57-export-tester.d.ts +2 -2
  271. package/dist/agents/57-export-tester.d.ts.map +1 -1
  272. package/dist/agents/57-export-tester.js +8 -4
  273. package/dist/agents/57-export-tester.js.map +1 -1
  274. package/dist/agents/58-payment-flow-tester.d.ts +2 -2
  275. package/dist/agents/58-payment-flow-tester.d.ts.map +1 -1
  276. package/dist/agents/58-payment-flow-tester.js +8 -4
  277. package/dist/agents/58-payment-flow-tester.js.map +1 -1
  278. package/dist/agents/59-ssl-tls-auditor.d.ts +2 -2
  279. package/dist/agents/59-ssl-tls-auditor.js +2 -2
  280. package/dist/agents/60-dns-cdn-tester.d.ts +2 -2
  281. package/dist/agents/60-dns-cdn-tester.js +2 -2
  282. package/dist/agents/61-docker-health-checker.d.ts +2 -2
  283. package/dist/agents/61-docker-health-checker.js +1 -1
  284. package/dist/agents/62-env-config-validator.d.ts +2 -2
  285. package/dist/agents/62-env-config-validator.js +1 -1
  286. package/dist/agents/63-log-quality-auditor.d.ts +2 -2
  287. package/dist/agents/63-log-quality-auditor.js +1 -1
  288. package/dist/agents/64-analytics-tracker-tester.d.ts +2 -2
  289. package/dist/agents/64-analytics-tracker-tester.d.ts.map +1 -1
  290. package/dist/agents/64-analytics-tracker-tester.js +8 -4
  291. package/dist/agents/64-analytics-tracker-tester.js.map +1 -1
  292. package/dist/agents/65-gdpr-compliance-tester.d.ts +2 -2
  293. package/dist/agents/65-gdpr-compliance-tester.d.ts.map +1 -1
  294. package/dist/agents/65-gdpr-compliance-tester.js +55 -40
  295. package/dist/agents/65-gdpr-compliance-tester.js.map +1 -1
  296. package/dist/agents/66-soc2-control-validator.d.ts +2 -2
  297. package/dist/agents/66-soc2-control-validator.d.ts.map +1 -1
  298. package/dist/agents/66-soc2-control-validator.js +29 -21
  299. package/dist/agents/66-soc2-control-validator.js.map +1 -1
  300. package/dist/agents/67-wcag-aaa-tester.d.ts +2 -2
  301. package/dist/agents/67-wcag-aaa-tester.d.ts.map +1 -1
  302. package/dist/agents/67-wcag-aaa-tester.js +12 -6
  303. package/dist/agents/67-wcag-aaa-tester.js.map +1 -1
  304. package/dist/agents/68-dead-code-detector.d.ts +2 -2
  305. package/dist/agents/68-dead-code-detector.d.ts.map +1 -1
  306. package/dist/agents/68-dead-code-detector.js +6 -3
  307. package/dist/agents/68-dead-code-detector.js.map +1 -1
  308. package/dist/agents/69-type-safety-auditor.d.ts +2 -2
  309. package/dist/agents/69-type-safety-auditor.js +1 -1
  310. package/dist/agents/70-complexity-analyzer.d.ts +2 -2
  311. package/dist/agents/70-complexity-analyzer.js +1 -1
  312. package/dist/agents/71-unit-testing-agent.d.ts +15 -0
  313. package/dist/agents/71-unit-testing-agent.d.ts.map +1 -0
  314. package/dist/agents/71-unit-testing-agent.js +220 -0
  315. package/dist/agents/71-unit-testing-agent.js.map +1 -0
  316. package/dist/agents/72-integration-testing-agent.d.ts +13 -0
  317. package/dist/agents/72-integration-testing-agent.d.ts.map +1 -0
  318. package/dist/agents/72-integration-testing-agent.js +243 -0
  319. package/dist/agents/72-integration-testing-agent.js.map +1 -0
  320. package/dist/agents/73-system-testing-agent.d.ts +11 -0
  321. package/dist/agents/73-system-testing-agent.d.ts.map +1 -0
  322. package/dist/agents/73-system-testing-agent.js +175 -0
  323. package/dist/agents/73-system-testing-agent.js.map +1 -0
  324. package/dist/agents/74-acceptance-testing-agent.d.ts +13 -0
  325. package/dist/agents/74-acceptance-testing-agent.d.ts.map +1 -0
  326. package/dist/agents/74-acceptance-testing-agent.js +254 -0
  327. package/dist/agents/74-acceptance-testing-agent.js.map +1 -0
  328. package/dist/agents/75-sanity-testing-agent.d.ts +15 -0
  329. package/dist/agents/75-sanity-testing-agent.d.ts.map +1 -0
  330. package/dist/agents/75-sanity-testing-agent.js +240 -0
  331. package/dist/agents/75-sanity-testing-agent.js.map +1 -0
  332. package/dist/agents/76-regression-testing-agent.d.ts +14 -0
  333. package/dist/agents/76-regression-testing-agent.d.ts.map +1 -0
  334. package/dist/agents/76-regression-testing-agent.js +230 -0
  335. package/dist/agents/76-regression-testing-agent.js.map +1 -0
  336. package/dist/agents/77-browser-load-testing-agent.d.ts +11 -0
  337. package/dist/agents/77-browser-load-testing-agent.d.ts.map +1 -0
  338. package/dist/agents/77-browser-load-testing-agent.js +128 -0
  339. package/dist/agents/77-browser-load-testing-agent.js.map +1 -0
  340. package/dist/agents/78-stress-testing-agent.d.ts +11 -0
  341. package/dist/agents/78-stress-testing-agent.d.ts.map +1 -0
  342. package/dist/agents/78-stress-testing-agent.js +146 -0
  343. package/dist/agents/78-stress-testing-agent.js.map +1 -0
  344. package/dist/agents/79-endurance-testing-agent.d.ts +12 -0
  345. package/dist/agents/79-endurance-testing-agent.d.ts.map +1 -0
  346. package/dist/agents/79-endurance-testing-agent.js +165 -0
  347. package/dist/agents/79-endurance-testing-agent.js.map +1 -0
  348. package/dist/agents/80-usability-testing-agent.d.ts +11 -0
  349. package/dist/agents/80-usability-testing-agent.d.ts.map +1 -0
  350. package/dist/agents/80-usability-testing-agent.js +196 -0
  351. package/dist/agents/80-usability-testing-agent.js.map +1 -0
  352. package/dist/agents/81-compatibility-testing-agent.d.ts +11 -0
  353. package/dist/agents/81-compatibility-testing-agent.d.ts.map +1 -0
  354. package/dist/agents/81-compatibility-testing-agent.js +224 -0
  355. package/dist/agents/81-compatibility-testing-agent.js.map +1 -0
  356. package/dist/agents/82-exploratory-testing-agent.d.ts +14 -0
  357. package/dist/agents/82-exploratory-testing-agent.d.ts.map +1 -0
  358. package/dist/agents/82-exploratory-testing-agent.js +345 -0
  359. package/dist/agents/82-exploratory-testing-agent.js.map +1 -0
  360. package/dist/agents/83-static-analysis-agent.d.ts +14 -0
  361. package/dist/agents/83-static-analysis-agent.d.ts.map +1 -0
  362. package/dist/agents/83-static-analysis-agent.js +261 -0
  363. package/dist/agents/83-static-analysis-agent.js.map +1 -0
  364. package/dist/agents/84-governance-testing-agent.d.ts +28 -0
  365. package/dist/agents/84-governance-testing-agent.d.ts.map +1 -0
  366. package/dist/agents/84-governance-testing-agent.js +591 -0
  367. package/dist/agents/84-governance-testing-agent.js.map +1 -0
  368. package/dist/agents/85-stagehand-agent.d.ts +22 -0
  369. package/dist/agents/85-stagehand-agent.d.ts.map +1 -0
  370. package/dist/agents/85-stagehand-agent.js +81 -0
  371. package/dist/agents/85-stagehand-agent.js.map +1 -0
  372. package/dist/agents/86-browser-use-agent.d.ts +31 -0
  373. package/dist/agents/86-browser-use-agent.d.ts.map +1 -0
  374. package/dist/agents/86-browser-use-agent.js +121 -0
  375. package/dist/agents/86-browser-use-agent.js.map +1 -0
  376. package/dist/agents/87-connection-mapper.d.ts +93 -0
  377. package/dist/agents/87-connection-mapper.d.ts.map +1 -0
  378. package/dist/agents/87-connection-mapper.js +658 -0
  379. package/dist/agents/87-connection-mapper.js.map +1 -0
  380. package/dist/agents/88-localhost-walkthrough.d.ts +272 -0
  381. package/dist/agents/88-localhost-walkthrough.d.ts.map +1 -0
  382. package/dist/agents/88-localhost-walkthrough.js +1203 -0
  383. package/dist/agents/88-localhost-walkthrough.js.map +1 -0
  384. package/dist/agents/89-repair-retest.d.ts +63 -0
  385. package/dist/agents/89-repair-retest.d.ts.map +1 -0
  386. package/dist/agents/89-repair-retest.js +227 -0
  387. package/dist/agents/89-repair-retest.js.map +1 -0
  388. package/dist/agents/90-response-shape-validator.d.ts +35 -0
  389. package/dist/agents/90-response-shape-validator.d.ts.map +1 -0
  390. package/dist/agents/90-response-shape-validator.js +156 -0
  391. package/dist/agents/90-response-shape-validator.js.map +1 -0
  392. package/dist/agents/91-boundary-fuzzer.d.ts +99 -0
  393. package/dist/agents/91-boundary-fuzzer.d.ts.map +1 -0
  394. package/dist/agents/91-boundary-fuzzer.js +0 -0
  395. package/dist/agents/91-boundary-fuzzer.js.map +1 -0
  396. package/dist/agents/92-repair-simulator.d.ts +89 -0
  397. package/dist/agents/92-repair-simulator.d.ts.map +1 -0
  398. package/dist/agents/92-repair-simulator.js +401 -0
  399. package/dist/agents/92-repair-simulator.js.map +1 -0
  400. package/dist/agents/93-env-var-auditor.d.ts +64 -0
  401. package/dist/agents/93-env-var-auditor.d.ts.map +1 -0
  402. package/dist/agents/93-env-var-auditor.js +435 -0
  403. package/dist/agents/93-env-var-auditor.js.map +1 -0
  404. package/dist/agents/94-schema-validator.d.ts +148 -0
  405. package/dist/agents/94-schema-validator.d.ts.map +1 -0
  406. package/dist/agents/94-schema-validator.js +567 -0
  407. package/dist/agents/94-schema-validator.js.map +1 -0
  408. package/dist/agents/95-contract-drift.d.ts +87 -0
  409. package/dist/agents/95-contract-drift.d.ts.map +1 -0
  410. package/dist/agents/95-contract-drift.js +335 -0
  411. package/dist/agents/95-contract-drift.js.map +1 -0
  412. package/dist/agents/96-cookie-security-auditor.d.ts +86 -0
  413. package/dist/agents/96-cookie-security-auditor.d.ts.map +1 -0
  414. package/dist/agents/96-cookie-security-auditor.js +339 -0
  415. package/dist/agents/96-cookie-security-auditor.js.map +1 -0
  416. package/dist/agents/97-healthcheck-validator.d.ts +62 -0
  417. package/dist/agents/97-healthcheck-validator.d.ts.map +1 -0
  418. package/dist/agents/97-healthcheck-validator.js +204 -0
  419. package/dist/agents/97-healthcheck-validator.js.map +1 -0
  420. package/dist/agents/98-cors-csp-auditor.d.ts +70 -0
  421. package/dist/agents/98-cors-csp-auditor.d.ts.map +1 -0
  422. package/dist/agents/98-cors-csp-auditor.js +308 -0
  423. package/dist/agents/98-cors-csp-auditor.js.map +1 -0
  424. package/dist/agents/99-logging-hygiene-auditor.d.ts +67 -0
  425. package/dist/agents/99-logging-hygiene-auditor.d.ts.map +1 -0
  426. package/dist/agents/99-logging-hygiene-auditor.js +325 -0
  427. package/dist/agents/99-logging-hygiene-auditor.js.map +1 -0
  428. package/dist/agents/base-agent.d.ts +74 -4
  429. package/dist/agents/base-agent.d.ts.map +1 -1
  430. package/dist/agents/base-agent.js +106 -1
  431. package/dist/agents/base-agent.js.map +1 -1
  432. package/dist/agents/browser-use-client.d.ts +68 -0
  433. package/dist/agents/browser-use-client.d.ts.map +1 -0
  434. package/dist/agents/browser-use-client.js +92 -0
  435. package/dist/agents/browser-use-client.js.map +1 -0
  436. package/dist/agents/lib/source-scan.d.ts +53 -0
  437. package/dist/agents/lib/source-scan.d.ts.map +1 -0
  438. package/dist/agents/lib/source-scan.js +279 -0
  439. package/dist/agents/lib/source-scan.js.map +1 -0
  440. package/dist/agents/registry.d.ts +27 -9
  441. package/dist/agents/registry.d.ts.map +1 -1
  442. package/dist/agents/registry.js +365 -151
  443. package/dist/agents/registry.js.map +1 -1
  444. package/dist/agents/stagehand-runner.d.ts +104 -0
  445. package/dist/agents/stagehand-runner.d.ts.map +1 -0
  446. package/dist/agents/stagehand-runner.js +153 -0
  447. package/dist/agents/stagehand-runner.js.map +1 -0
  448. package/dist/bridge/agent-registry.d.ts +21 -0
  449. package/dist/bridge/agent-registry.d.ts.map +1 -0
  450. package/dist/bridge/agent-registry.js +224 -0
  451. package/dist/bridge/agent-registry.js.map +1 -0
  452. package/dist/bridge/api-contract-reader.d.ts +55 -0
  453. package/dist/bridge/api-contract-reader.d.ts.map +1 -0
  454. package/dist/bridge/api-contract-reader.js +103 -0
  455. package/dist/bridge/api-contract-reader.js.map +1 -0
  456. package/dist/bridge/compliance-reader.d.ts +47 -0
  457. package/dist/bridge/compliance-reader.d.ts.map +1 -0
  458. package/dist/bridge/compliance-reader.js +91 -0
  459. package/dist/bridge/compliance-reader.js.map +1 -0
  460. package/dist/bridge/data-integrity-reader.d.ts +77 -0
  461. package/dist/bridge/data-integrity-reader.d.ts.map +1 -0
  462. package/dist/bridge/data-integrity-reader.js +110 -0
  463. package/dist/bridge/data-integrity-reader.js.map +1 -0
  464. package/dist/bridge/design-reader.d.ts +51 -0
  465. package/dist/bridge/design-reader.d.ts.map +1 -0
  466. package/dist/bridge/design-reader.js +105 -0
  467. package/dist/bridge/design-reader.js.map +1 -0
  468. package/dist/bridge/file-scanner.d.ts +21 -0
  469. package/dist/bridge/file-scanner.d.ts.map +1 -0
  470. package/dist/bridge/file-scanner.js +117 -0
  471. package/dist/bridge/file-scanner.js.map +1 -0
  472. package/dist/bridge/finding-normalize.d.ts +24 -0
  473. package/dist/bridge/finding-normalize.d.ts.map +1 -0
  474. package/dist/bridge/finding-normalize.js +46 -0
  475. package/dist/bridge/finding-normalize.js.map +1 -0
  476. package/dist/bridge/http-client.d.ts +44 -0
  477. package/dist/bridge/http-client.d.ts.map +1 -0
  478. package/dist/bridge/http-client.js +130 -0
  479. package/dist/bridge/http-client.js.map +1 -0
  480. package/dist/bridge/knowledge-reader.d.ts +10 -0
  481. package/dist/bridge/knowledge-reader.d.ts.map +1 -0
  482. package/dist/bridge/knowledge-reader.js +46 -0
  483. package/dist/bridge/knowledge-reader.js.map +1 -0
  484. package/dist/bridge/loop-engine-reader.d.ts +77 -0
  485. package/dist/bridge/loop-engine-reader.d.ts.map +1 -0
  486. package/dist/bridge/loop-engine-reader.js +73 -0
  487. package/dist/bridge/loop-engine-reader.js.map +1 -0
  488. package/dist/bridge/playwright-pool.d.ts +33 -0
  489. package/dist/bridge/playwright-pool.d.ts.map +1 -0
  490. package/dist/bridge/playwright-pool.js +89 -0
  491. package/dist/bridge/playwright-pool.js.map +1 -0
  492. package/dist/bridge/rate-limiter.d.ts +40 -0
  493. package/dist/bridge/rate-limiter.d.ts.map +1 -0
  494. package/dist/bridge/rate-limiter.js +33 -0
  495. package/dist/bridge/rate-limiter.js.map +1 -0
  496. package/dist/bridge/reliability-reader.d.ts +67 -0
  497. package/dist/bridge/reliability-reader.d.ts.map +1 -0
  498. package/dist/bridge/reliability-reader.js +146 -0
  499. package/dist/bridge/reliability-reader.js.map +1 -0
  500. package/dist/bridge/router.d.ts +26 -0
  501. package/dist/bridge/router.d.ts.map +1 -0
  502. package/dist/bridge/router.js +137 -0
  503. package/dist/bridge/router.js.map +1 -0
  504. package/dist/bridge/run-stream.d.ts +47 -0
  505. package/dist/bridge/run-stream.d.ts.map +1 -0
  506. package/dist/bridge/run-stream.js +67 -0
  507. package/dist/bridge/run-stream.js.map +1 -0
  508. package/dist/bridge/runs-reader.d.ts +41 -0
  509. package/dist/bridge/runs-reader.d.ts.map +1 -0
  510. package/dist/bridge/runs-reader.js +185 -0
  511. package/dist/bridge/runs-reader.js.map +1 -0
  512. package/dist/bridge/sentinel-reader.d.ts +55 -0
  513. package/dist/bridge/sentinel-reader.d.ts.map +1 -0
  514. package/dist/bridge/sentinel-reader.js +88 -0
  515. package/dist/bridge/sentinel-reader.js.map +1 -0
  516. package/dist/bridge/server.d.ts +83 -0
  517. package/dist/bridge/server.d.ts.map +1 -0
  518. package/dist/bridge/server.js +1103 -0
  519. package/dist/bridge/server.js.map +1 -0
  520. package/dist/bridge/shell-executor.d.ts +49 -0
  521. package/dist/bridge/shell-executor.d.ts.map +1 -0
  522. package/dist/bridge/shell-executor.js +181 -0
  523. package/dist/bridge/shell-executor.js.map +1 -0
  524. package/dist/bridge/tech-debt-reader.d.ts +57 -0
  525. package/dist/bridge/tech-debt-reader.d.ts.map +1 -0
  526. package/dist/bridge/tech-debt-reader.js +119 -0
  527. package/dist/bridge/tech-debt-reader.js.map +1 -0
  528. package/dist/bridge/types.d.ts +63 -0
  529. package/dist/bridge/types.d.ts.map +1 -0
  530. package/dist/bridge/types.js +7 -0
  531. package/dist/bridge/types.js.map +1 -0
  532. package/dist/clients/agent-mvp.d.ts +3 -1
  533. package/dist/clients/agent-mvp.d.ts.map +1 -1
  534. package/dist/clients/agent-mvp.js +16 -5
  535. package/dist/clients/agent-mvp.js.map +1 -1
  536. package/dist/clients/llm-council.d.ts +47 -0
  537. package/dist/clients/llm-council.d.ts.map +1 -0
  538. package/dist/clients/llm-council.js +52 -0
  539. package/dist/clients/llm-council.js.map +1 -0
  540. package/dist/clients/total-recall.d.ts +2 -2
  541. package/dist/clients/total-recall.d.ts.map +1 -1
  542. package/dist/clients/total-recall.js +18 -3
  543. package/dist/clients/total-recall.js.map +1 -1
  544. package/dist/core/agent-contract.d.ts +21 -0
  545. package/dist/core/agent-contract.d.ts.map +1 -0
  546. package/dist/core/agent-contract.js +18 -0
  547. package/dist/core/agent-contract.js.map +1 -0
  548. package/dist/core/api-contract/api-contract-validator.d.ts +178 -0
  549. package/dist/core/api-contract/api-contract-validator.d.ts.map +1 -0
  550. package/dist/core/api-contract/api-contract-validator.js +796 -0
  551. package/dist/core/api-contract/api-contract-validator.js.map +1 -0
  552. package/dist/core/api-contract/index.d.ts +16 -0
  553. package/dist/core/api-contract/index.d.ts.map +1 -0
  554. package/dist/core/api-contract/index.js +24 -0
  555. package/dist/core/api-contract/index.js.map +1 -0
  556. package/dist/core/api-contract/types.d.ts +235 -0
  557. package/dist/core/api-contract/types.d.ts.map +1 -0
  558. package/dist/core/api-contract/types.js +27 -0
  559. package/dist/core/api-contract/types.js.map +1 -0
  560. package/dist/core/blackboard/blackboard.d.ts +34 -0
  561. package/dist/core/blackboard/blackboard.d.ts.map +1 -0
  562. package/dist/core/blackboard/blackboard.js +133 -0
  563. package/dist/core/blackboard/blackboard.js.map +1 -0
  564. package/dist/core/blackboard/coordination.d.ts +27 -0
  565. package/dist/core/blackboard/coordination.d.ts.map +1 -0
  566. package/dist/core/blackboard/coordination.js +31 -0
  567. package/dist/core/blackboard/coordination.js.map +1 -0
  568. package/dist/core/blackboard/direct-channel.d.ts +26 -0
  569. package/dist/core/blackboard/direct-channel.d.ts.map +1 -0
  570. package/dist/core/blackboard/direct-channel.js +26 -0
  571. package/dist/core/blackboard/direct-channel.js.map +1 -0
  572. package/dist/core/blackboard/index.d.ts +10 -0
  573. package/dist/core/blackboard/index.d.ts.map +1 -0
  574. package/dist/core/blackboard/index.js +4 -0
  575. package/dist/core/blackboard/index.js.map +1 -0
  576. package/dist/core/blackboard/types.d.ts +36 -0
  577. package/dist/core/blackboard/types.d.ts.map +1 -0
  578. package/dist/core/blackboard/types.js +2 -0
  579. package/dist/core/blackboard/types.js.map +1 -0
  580. package/dist/core/canvas/schema.d.ts +81 -0
  581. package/dist/core/canvas/schema.d.ts.map +1 -0
  582. package/dist/core/canvas/schema.js +144 -0
  583. package/dist/core/canvas/schema.js.map +1 -0
  584. package/dist/core/canvas/store.d.ts +41 -0
  585. package/dist/core/canvas/store.d.ts.map +1 -0
  586. package/dist/core/canvas/store.js +121 -0
  587. package/dist/core/canvas/store.js.map +1 -0
  588. package/dist/core/ci-output.d.ts +1 -1
  589. package/dist/core/ci-output.d.ts.map +1 -1
  590. package/dist/core/ci-output.js +2 -0
  591. package/dist/core/ci-output.js.map +1 -1
  592. package/dist/core/cli.d.ts +12 -1
  593. package/dist/core/cli.d.ts.map +1 -1
  594. package/dist/core/cli.js +308 -43
  595. package/dist/core/cli.js.map +1 -1
  596. package/dist/core/compliance/auditor.d.ts +119 -0
  597. package/dist/core/compliance/auditor.d.ts.map +1 -0
  598. package/dist/core/compliance/auditor.js +577 -0
  599. package/dist/core/compliance/auditor.js.map +1 -0
  600. package/dist/core/compliance/index.d.ts +11 -0
  601. package/dist/core/compliance/index.d.ts.map +1 -0
  602. package/dist/core/compliance/index.js +10 -0
  603. package/dist/core/compliance/index.js.map +1 -0
  604. package/dist/core/compliance/types.d.ts +174 -0
  605. package/dist/core/compliance/types.d.ts.map +1 -0
  606. package/dist/core/compliance/types.js +12 -0
  607. package/dist/core/compliance/types.js.map +1 -0
  608. package/dist/core/conductor/conductor.d.ts +37 -0
  609. package/dist/core/conductor/conductor.d.ts.map +1 -0
  610. package/dist/core/conductor/conductor.js +96 -0
  611. package/dist/core/conductor/conductor.js.map +1 -0
  612. package/dist/core/conductor/index.d.ts +9 -0
  613. package/dist/core/conductor/index.d.ts.map +1 -0
  614. package/dist/core/conductor/index.js +3 -0
  615. package/dist/core/conductor/index.js.map +1 -0
  616. package/dist/core/conductor/model-router.d.ts +17 -0
  617. package/dist/core/conductor/model-router.d.ts.map +1 -0
  618. package/dist/core/conductor/model-router.js +29 -0
  619. package/dist/core/conductor/model-router.js.map +1 -0
  620. package/dist/core/conductor/types.d.ts +33 -0
  621. package/dist/core/conductor/types.d.ts.map +1 -0
  622. package/dist/core/conductor/types.js +2 -0
  623. package/dist/core/conductor/types.js.map +1 -0
  624. package/dist/core/config.d.ts +148 -1
  625. package/dist/core/config.d.ts.map +1 -1
  626. package/dist/core/config.js +53 -4
  627. package/dist/core/config.js.map +1 -1
  628. package/dist/core/data-integrity/data-integrity.d.ts +291 -0
  629. package/dist/core/data-integrity/data-integrity.d.ts.map +1 -0
  630. package/dist/core/data-integrity/data-integrity.js +892 -0
  631. package/dist/core/data-integrity/data-integrity.js.map +1 -0
  632. package/dist/core/data-integrity/index.d.ts +16 -0
  633. package/dist/core/data-integrity/index.d.ts.map +1 -0
  634. package/dist/core/data-integrity/index.js +17 -0
  635. package/dist/core/data-integrity/index.js.map +1 -0
  636. package/dist/core/data-integrity/types.d.ts +236 -0
  637. package/dist/core/data-integrity/types.d.ts.map +1 -0
  638. package/dist/core/data-integrity/types.js +14 -0
  639. package/dist/core/data-integrity/types.js.map +1 -0
  640. package/dist/core/disaster-recovery/index.d.ts +13 -0
  641. package/dist/core/disaster-recovery/index.d.ts.map +1 -0
  642. package/dist/core/disaster-recovery/index.js +3 -0
  643. package/dist/core/disaster-recovery/index.js.map +1 -0
  644. package/dist/core/disaster-recovery/simulator.d.ts +158 -0
  645. package/dist/core/disaster-recovery/simulator.d.ts.map +1 -0
  646. package/dist/core/disaster-recovery/simulator.js +553 -0
  647. package/dist/core/disaster-recovery/simulator.js.map +1 -0
  648. package/dist/core/disaster-recovery/types.d.ts +299 -0
  649. package/dist/core/disaster-recovery/types.d.ts.map +1 -0
  650. package/dist/core/disaster-recovery/types.js +33 -0
  651. package/dist/core/disaster-recovery/types.js.map +1 -0
  652. package/dist/core/escalation/heal-or-ask.d.ts +20 -0
  653. package/dist/core/escalation/heal-or-ask.d.ts.map +1 -0
  654. package/dist/core/escalation/heal-or-ask.js +19 -0
  655. package/dist/core/escalation/heal-or-ask.js.map +1 -0
  656. package/dist/core/escalation/index.d.ts +9 -0
  657. package/dist/core/escalation/index.d.ts.map +1 -0
  658. package/dist/core/escalation/index.js +3 -0
  659. package/dist/core/escalation/index.js.map +1 -0
  660. package/dist/core/escalation/pause-gate.d.ts +48 -0
  661. package/dist/core/escalation/pause-gate.d.ts.map +1 -0
  662. package/dist/core/escalation/pause-gate.js +96 -0
  663. package/dist/core/escalation/pause-gate.js.map +1 -0
  664. package/dist/core/escalation/types.d.ts +33 -0
  665. package/dist/core/escalation/types.d.ts.map +1 -0
  666. package/dist/core/escalation/types.js +9 -0
  667. package/dist/core/escalation/types.js.map +1 -0
  668. package/dist/core/evidence.d.ts +32 -1
  669. package/dist/core/evidence.d.ts.map +1 -1
  670. package/dist/core/evidence.js +99 -1
  671. package/dist/core/evidence.js.map +1 -1
  672. package/dist/core/feature-bdd/fix.d.ts +84 -0
  673. package/dist/core/feature-bdd/fix.d.ts.map +1 -0
  674. package/dist/core/feature-bdd/fix.js +121 -0
  675. package/dist/core/feature-bdd/fix.js.map +1 -0
  676. package/dist/core/feature-bdd/generate.d.ts +96 -0
  677. package/dist/core/feature-bdd/generate.d.ts.map +1 -0
  678. package/dist/core/feature-bdd/generate.js +228 -0
  679. package/dist/core/feature-bdd/generate.js.map +1 -0
  680. package/dist/core/feature-bdd/llm-provider.d.ts +92 -0
  681. package/dist/core/feature-bdd/llm-provider.d.ts.map +1 -0
  682. package/dist/core/feature-bdd/llm-provider.js +187 -0
  683. package/dist/core/feature-bdd/llm-provider.js.map +1 -0
  684. package/dist/core/feature-bdd/run.d.ts +56 -0
  685. package/dist/core/feature-bdd/run.d.ts.map +1 -0
  686. package/dist/core/feature-bdd/run.js +175 -0
  687. package/dist/core/feature-bdd/run.js.map +1 -0
  688. package/dist/core/feature-bdd/schema.d.ts +111 -0
  689. package/dist/core/feature-bdd/schema.d.ts.map +1 -0
  690. package/dist/core/feature-bdd/schema.js +272 -0
  691. package/dist/core/feature-bdd/schema.js.map +1 -0
  692. package/dist/core/feature-bdd/store.d.ts +145 -0
  693. package/dist/core/feature-bdd/store.d.ts.map +1 -0
  694. package/dist/core/feature-bdd/store.js +470 -0
  695. package/dist/core/feature-bdd/store.js.map +1 -0
  696. package/dist/core/finding-correlation.d.ts +55 -0
  697. package/dist/core/finding-correlation.d.ts.map +1 -0
  698. package/dist/core/finding-correlation.js +96 -0
  699. package/dist/core/finding-correlation.js.map +1 -0
  700. package/dist/core/fix-loop.d.ts +20 -1
  701. package/dist/core/fix-loop.d.ts.map +1 -1
  702. package/dist/core/fix-loop.js +34 -0
  703. package/dist/core/fix-loop.js.map +1 -1
  704. package/dist/core/governance/calibration.d.ts +31 -0
  705. package/dist/core/governance/calibration.d.ts.map +1 -0
  706. package/dist/core/governance/calibration.js +78 -0
  707. package/dist/core/governance/calibration.js.map +1 -0
  708. package/dist/core/governance/degradation.d.ts +35 -0
  709. package/dist/core/governance/degradation.d.ts.map +1 -0
  710. package/dist/core/governance/degradation.js +25 -0
  711. package/dist/core/governance/degradation.js.map +1 -0
  712. package/dist/core/governance/ethical-constraint.d.ts +55 -0
  713. package/dist/core/governance/ethical-constraint.d.ts.map +1 -0
  714. package/dist/core/governance/ethical-constraint.js +98 -0
  715. package/dist/core/governance/ethical-constraint.js.map +1 -0
  716. package/dist/core/governance/index.d.ts +9 -0
  717. package/dist/core/governance/index.d.ts.map +1 -0
  718. package/dist/core/governance/index.js +9 -0
  719. package/dist/core/governance/index.js.map +1 -0
  720. package/dist/core/harness/audit-log.d.ts +12 -0
  721. package/dist/core/harness/audit-log.d.ts.map +1 -0
  722. package/dist/core/harness/audit-log.js +62 -0
  723. package/dist/core/harness/audit-log.js.map +1 -0
  724. package/dist/core/harness/authorization.d.ts +24 -0
  725. package/dist/core/harness/authorization.d.ts.map +1 -0
  726. package/dist/core/harness/authorization.js +48 -0
  727. package/dist/core/harness/authorization.js.map +1 -0
  728. package/dist/core/harness/harness.d.ts +64 -0
  729. package/dist/core/harness/harness.d.ts.map +1 -0
  730. package/dist/core/harness/harness.js +188 -0
  731. package/dist/core/harness/harness.js.map +1 -0
  732. package/dist/core/harness/index.d.ts +10 -0
  733. package/dist/core/harness/index.d.ts.map +1 -0
  734. package/dist/core/harness/index.js +4 -0
  735. package/dist/core/harness/index.js.map +1 -0
  736. package/dist/core/harness/types.d.ts +88 -0
  737. package/dist/core/harness/types.d.ts.map +1 -0
  738. package/dist/core/harness/types.js +2 -0
  739. package/dist/core/harness/types.js.map +1 -0
  740. package/dist/core/health-check.d.ts +6 -0
  741. package/dist/core/health-check.d.ts.map +1 -1
  742. package/dist/core/health-check.js +14 -2
  743. package/dist/core/health-check.js.map +1 -1
  744. package/dist/core/init.d.ts.map +1 -1
  745. package/dist/core/init.js +58 -18
  746. package/dist/core/init.js.map +1 -1
  747. package/dist/core/knowledge/cached-map.d.ts +17 -0
  748. package/dist/core/knowledge/cached-map.d.ts.map +1 -0
  749. package/dist/core/knowledge/cached-map.js +23 -0
  750. package/dist/core/knowledge/cached-map.js.map +1 -0
  751. package/dist/core/knowledge/index.d.ts +10 -0
  752. package/dist/core/knowledge/index.d.ts.map +1 -0
  753. package/dist/core/knowledge/index.js +4 -0
  754. package/dist/core/knowledge/index.js.map +1 -0
  755. package/dist/core/knowledge/system-map.d.ts +50 -0
  756. package/dist/core/knowledge/system-map.d.ts.map +1 -0
  757. package/dist/core/knowledge/system-map.js +121 -0
  758. package/dist/core/knowledge/system-map.js.map +1 -0
  759. package/dist/core/knowledge/traversal.d.ts +12 -0
  760. package/dist/core/knowledge/traversal.d.ts.map +1 -0
  761. package/dist/core/knowledge/traversal.js +37 -0
  762. package/dist/core/knowledge/traversal.js.map +1 -0
  763. package/dist/core/knowledge/types.d.ts +41 -0
  764. package/dist/core/knowledge/types.d.ts.map +1 -0
  765. package/dist/core/knowledge/types.js +2 -0
  766. package/dist/core/knowledge/types.js.map +1 -0
  767. package/dist/core/license-gen.d.ts +1 -1
  768. package/dist/core/license-gen.d.ts.map +1 -1
  769. package/dist/core/license-gen.js +10 -5
  770. package/dist/core/license-gen.js.map +1 -1
  771. package/dist/core/license.d.ts +12 -2
  772. package/dist/core/license.d.ts.map +1 -1
  773. package/dist/core/license.js +104 -28
  774. package/dist/core/license.js.map +1 -1
  775. package/dist/core/loop-engine/circuit-breaker.d.ts +24 -0
  776. package/dist/core/loop-engine/circuit-breaker.d.ts.map +1 -0
  777. package/dist/core/loop-engine/circuit-breaker.js +48 -0
  778. package/dist/core/loop-engine/circuit-breaker.js.map +1 -0
  779. package/dist/core/loop-engine/demo.d.ts +35 -0
  780. package/dist/core/loop-engine/demo.d.ts.map +1 -0
  781. package/dist/core/loop-engine/demo.js +71 -0
  782. package/dist/core/loop-engine/demo.js.map +1 -0
  783. package/dist/core/loop-engine/event-store.d.ts +8 -0
  784. package/dist/core/loop-engine/event-store.d.ts.map +1 -0
  785. package/dist/core/loop-engine/event-store.js +9 -0
  786. package/dist/core/loop-engine/event-store.js.map +1 -0
  787. package/dist/core/loop-engine/index.d.ts +11 -0
  788. package/dist/core/loop-engine/index.d.ts.map +1 -0
  789. package/dist/core/loop-engine/index.js +11 -0
  790. package/dist/core/loop-engine/index.js.map +1 -0
  791. package/dist/core/loop-engine/kernel.d.ts +66 -0
  792. package/dist/core/loop-engine/kernel.d.ts.map +1 -0
  793. package/dist/core/loop-engine/kernel.js +196 -0
  794. package/dist/core/loop-engine/kernel.js.map +1 -0
  795. package/dist/core/loop-engine/tracing.d.ts +12 -0
  796. package/dist/core/loop-engine/tracing.d.ts.map +1 -0
  797. package/dist/core/loop-engine/tracing.js +15 -0
  798. package/dist/core/loop-engine/tracing.js.map +1 -0
  799. package/dist/core/loop-engine/types.d.ts +92 -0
  800. package/dist/core/loop-engine/types.d.ts.map +1 -0
  801. package/dist/core/loop-engine/types.js +21 -0
  802. package/dist/core/loop-engine/types.js.map +1 -0
  803. package/dist/core/messages.d.ts +1 -1
  804. package/dist/core/messages.d.ts.map +1 -1
  805. package/dist/core/messages.js +101 -1
  806. package/dist/core/messages.js.map +1 -1
  807. package/dist/core/orchestrator.d.ts +79 -8
  808. package/dist/core/orchestrator.d.ts.map +1 -1
  809. package/dist/core/orchestrator.js +340 -33
  810. package/dist/core/orchestrator.js.map +1 -1
  811. package/dist/core/phase-gate.d.ts +2 -2
  812. package/dist/core/quality-score/calculator.d.ts +125 -0
  813. package/dist/core/quality-score/calculator.d.ts.map +1 -0
  814. package/dist/core/quality-score/calculator.js +489 -0
  815. package/dist/core/quality-score/calculator.js.map +1 -0
  816. package/dist/core/quality-score/from-run.d.ts +27 -0
  817. package/dist/core/quality-score/from-run.d.ts.map +1 -0
  818. package/dist/core/quality-score/from-run.js +64 -0
  819. package/dist/core/quality-score/from-run.js.map +1 -0
  820. package/dist/core/quality-score/index.d.ts +9 -0
  821. package/dist/core/quality-score/index.d.ts.map +1 -0
  822. package/dist/core/quality-score/index.js +9 -0
  823. package/dist/core/quality-score/index.js.map +1 -0
  824. package/dist/core/quality-score/types.d.ts +225 -0
  825. package/dist/core/quality-score/types.d.ts.map +1 -0
  826. package/dist/core/quality-score/types.js +26 -0
  827. package/dist/core/quality-score/types.js.map +1 -0
  828. package/dist/core/report-html-script.d.ts +3 -0
  829. package/dist/core/report-html-script.d.ts.map +1 -0
  830. package/dist/core/report-html-script.js +47 -0
  831. package/dist/core/report-html-script.js.map +1 -0
  832. package/dist/core/report-html-styles.d.ts +3 -0
  833. package/dist/core/report-html-styles.d.ts.map +1 -0
  834. package/dist/core/report-html-styles.js +231 -0
  835. package/dist/core/report-html-styles.js.map +1 -0
  836. package/dist/core/report-html.d.ts +1 -1
  837. package/dist/core/report-html.d.ts.map +1 -1
  838. package/dist/core/report-html.js +5 -280
  839. package/dist/core/report-html.js.map +1 -1
  840. package/dist/core/report-upload.d.ts +8 -0
  841. package/dist/core/report-upload.d.ts.map +1 -1
  842. package/dist/core/report-upload.js +17 -4
  843. package/dist/core/report-upload.js.map +1 -1
  844. package/dist/core/run-counter.d.ts.map +1 -1
  845. package/dist/core/run-counter.js +25 -1
  846. package/dist/core/run-counter.js.map +1 -1
  847. package/dist/core/run-events/emitter.d.ts +112 -0
  848. package/dist/core/run-events/emitter.d.ts.map +1 -0
  849. package/dist/core/run-events/emitter.js +234 -0
  850. package/dist/core/run-events/emitter.js.map +1 -0
  851. package/dist/core/run-events/frame-sink.d.ts +24 -0
  852. package/dist/core/run-events/frame-sink.d.ts.map +1 -0
  853. package/dist/core/run-events/frame-sink.js +32 -0
  854. package/dist/core/run-events/frame-sink.js.map +1 -0
  855. package/dist/core/run-events/index.d.ts +7 -0
  856. package/dist/core/run-events/index.d.ts.map +1 -0
  857. package/dist/core/run-events/index.js +5 -0
  858. package/dist/core/run-events/index.js.map +1 -0
  859. package/dist/core/run-events/loop-event-sink.d.ts +56 -0
  860. package/dist/core/run-events/loop-event-sink.d.ts.map +1 -0
  861. package/dist/core/run-events/loop-event-sink.js +60 -0
  862. package/dist/core/run-events/loop-event-sink.js.map +1 -0
  863. package/dist/core/run-events/sse.d.ts +47 -0
  864. package/dist/core/run-events/sse.d.ts.map +1 -0
  865. package/dist/core/run-events/sse.js +64 -0
  866. package/dist/core/run-events/sse.js.map +1 -0
  867. package/dist/core/run-events/types.d.ts +147 -0
  868. package/dist/core/run-events/types.d.ts.map +1 -0
  869. package/dist/core/run-events/types.js +17 -0
  870. package/dist/core/run-events/types.js.map +1 -0
  871. package/dist/core/run-mode/capture.d.ts +37 -0
  872. package/dist/core/run-mode/capture.d.ts.map +1 -0
  873. package/dist/core/run-mode/capture.js +43 -0
  874. package/dist/core/run-mode/capture.js.map +1 -0
  875. package/dist/core/run-mode/index.d.ts +9 -0
  876. package/dist/core/run-mode/index.d.ts.map +1 -0
  877. package/dist/core/run-mode/index.js +3 -0
  878. package/dist/core/run-mode/index.js.map +1 -0
  879. package/dist/core/run-mode/run-mode.d.ts +35 -0
  880. package/dist/core/run-mode/run-mode.d.ts.map +1 -0
  881. package/dist/core/run-mode/run-mode.js +51 -0
  882. package/dist/core/run-mode/run-mode.js.map +1 -0
  883. package/dist/core/run-mode/types.d.ts +36 -0
  884. package/dist/core/run-mode/types.d.ts.map +1 -0
  885. package/dist/core/run-mode/types.js +15 -0
  886. package/dist/core/run-mode/types.js.map +1 -0
  887. package/dist/core/run-quota.d.ts +22 -0
  888. package/dist/core/run-quota.d.ts.map +1 -0
  889. package/dist/core/run-quota.js +44 -0
  890. package/dist/core/run-quota.js.map +1 -0
  891. package/dist/core/security-audit/index.d.ts +9 -0
  892. package/dist/core/security-audit/index.d.ts.map +1 -0
  893. package/dist/core/security-audit/index.js +10 -0
  894. package/dist/core/security-audit/index.js.map +1 -0
  895. package/dist/core/security-audit/sentinel.d.ts +196 -0
  896. package/dist/core/security-audit/sentinel.d.ts.map +1 -0
  897. package/dist/core/security-audit/sentinel.js +725 -0
  898. package/dist/core/security-audit/sentinel.js.map +1 -0
  899. package/dist/core/security-audit/types.d.ts +240 -0
  900. package/dist/core/security-audit/types.d.ts.map +1 -0
  901. package/dist/core/security-audit/types.js +42 -0
  902. package/dist/core/security-audit/types.js.map +1 -0
  903. package/dist/core/tech-debt/index.d.ts +11 -0
  904. package/dist/core/tech-debt/index.d.ts.map +1 -0
  905. package/dist/core/tech-debt/index.js +11 -0
  906. package/dist/core/tech-debt/index.js.map +1 -0
  907. package/dist/core/tech-debt/tech-debt-tracker.d.ts +46 -0
  908. package/dist/core/tech-debt/tech-debt-tracker.d.ts.map +1 -0
  909. package/dist/core/tech-debt/tech-debt-tracker.js +533 -0
  910. package/dist/core/tech-debt/tech-debt-tracker.js.map +1 -0
  911. package/dist/core/tech-debt/types.d.ts +263 -0
  912. package/dist/core/tech-debt/types.d.ts.map +1 -0
  913. package/dist/core/tech-debt/types.js +2 -0
  914. package/dist/core/tech-debt/types.js.map +1 -0
  915. package/dist/core/tester/diff-planner.d.ts +18 -0
  916. package/dist/core/tester/diff-planner.d.ts.map +1 -0
  917. package/dist/core/tester/diff-planner.js +37 -0
  918. package/dist/core/tester/diff-planner.js.map +1 -0
  919. package/dist/core/tester/honest-report.d.ts +13 -0
  920. package/dist/core/tester/honest-report.d.ts.map +1 -0
  921. package/dist/core/tester/honest-report.js +64 -0
  922. package/dist/core/tester/honest-report.js.map +1 -0
  923. package/dist/core/tester/index.d.ts +9 -0
  924. package/dist/core/tester/index.d.ts.map +1 -0
  925. package/dist/core/tester/index.js +3 -0
  926. package/dist/core/tester/index.js.map +1 -0
  927. package/dist/core/tester/types.d.ts +55 -0
  928. package/dist/core/tester/types.d.ts.map +1 -0
  929. package/dist/core/tester/types.js +8 -0
  930. package/dist/core/tester/types.js.map +1 -0
  931. package/dist/core/triggers/index.d.ts +9 -0
  932. package/dist/core/triggers/index.d.ts.map +1 -0
  933. package/dist/core/triggers/index.js +3 -0
  934. package/dist/core/triggers/index.js.map +1 -0
  935. package/dist/core/triggers/trigger-bus.d.ts +49 -0
  936. package/dist/core/triggers/trigger-bus.d.ts.map +1 -0
  937. package/dist/core/triggers/trigger-bus.js +167 -0
  938. package/dist/core/triggers/trigger-bus.js.map +1 -0
  939. package/dist/core/triggers/types.d.ts +56 -0
  940. package/dist/core/triggers/types.d.ts.map +1 -0
  941. package/dist/core/triggers/types.js +13 -0
  942. package/dist/core/triggers/types.js.map +1 -0
  943. package/dist/core/trust.d.ts +12 -0
  944. package/dist/core/trust.d.ts.map +1 -0
  945. package/dist/core/trust.js +13 -0
  946. package/dist/core/trust.js.map +1 -0
  947. package/dist/core/types.d.ts +24 -2
  948. package/dist/core/types.d.ts.map +1 -1
  949. package/dist/core/ui-ux/index.d.ts +12 -0
  950. package/dist/core/ui-ux/index.d.ts.map +1 -0
  951. package/dist/core/ui-ux/index.js +13 -0
  952. package/dist/core/ui-ux/index.js.map +1 -0
  953. package/dist/core/ui-ux/orchestrator.d.ts +206 -0
  954. package/dist/core/ui-ux/orchestrator.d.ts.map +1 -0
  955. package/dist/core/ui-ux/orchestrator.js +672 -0
  956. package/dist/core/ui-ux/orchestrator.js.map +1 -0
  957. package/dist/core/ui-ux/types.d.ts +339 -0
  958. package/dist/core/ui-ux/types.d.ts.map +1 -0
  959. package/dist/core/ui-ux/types.js +17 -0
  960. package/dist/core/ui-ux/types.js.map +1 -0
  961. package/dist/enterprise/audit-trail.d.ts +31 -0
  962. package/dist/enterprise/audit-trail.d.ts.map +1 -0
  963. package/dist/enterprise/audit-trail.js +111 -0
  964. package/dist/enterprise/audit-trail.js.map +1 -0
  965. package/dist/enterprise/sla.d.ts +26 -0
  966. package/dist/enterprise/sla.d.ts.map +1 -0
  967. package/dist/enterprise/sla.js +101 -0
  968. package/dist/enterprise/sla.js.map +1 -0
  969. package/dist/helpers/element-discovery.js +1 -1
  970. package/dist/helpers/element-discovery.js.map +1 -1
  971. package/dist/helpers/env-resolver.d.ts +2 -2
  972. package/dist/helpers/quality-gate.d.ts.map +1 -1
  973. package/dist/helpers/quality-gate.js +21 -3
  974. package/dist/helpers/quality-gate.js.map +1 -1
  975. package/dist/helpers/shape-fingerprint.d.ts +18 -0
  976. package/dist/helpers/shape-fingerprint.d.ts.map +1 -0
  977. package/dist/helpers/shape-fingerprint.js +40 -0
  978. package/dist/helpers/shape-fingerprint.js.map +1 -0
  979. package/dist/sdk/custom-agent.d.ts +51 -0
  980. package/dist/sdk/custom-agent.d.ts.map +1 -0
  981. package/dist/sdk/custom-agent.js +94 -0
  982. package/dist/sdk/custom-agent.js.map +1 -0
  983. package/dist/sdk/index.d.ts +5 -0
  984. package/dist/sdk/index.d.ts.map +1 -0
  985. package/dist/sdk/index.js +3 -0
  986. package/dist/sdk/index.js.map +1 -0
  987. package/dist/sdk/loader.d.ts +28 -0
  988. package/dist/sdk/loader.d.ts.map +1 -0
  989. package/dist/sdk/loader.js +140 -0
  990. package/dist/sdk/loader.js.map +1 -0
  991. package/package.json +46 -20
  992. package/agents/01-analyst.ts +0 -100
  993. package/agents/02-seed-architect.ts +0 -59
  994. package/agents/03-test-generator.ts +0 -191
  995. package/agents/04-unit-runner.ts +0 -160
  996. package/agents/05-browser-crawler.ts +0 -790
  997. package/agents/06-api-exerciser.ts +0 -311
  998. package/agents/07-security-scout.ts +0 -188
  999. package/agents/08-a11y-guardian.ts +0 -212
  1000. package/agents/09-healer.ts +0 -228
  1001. package/agents/10-reporter.ts +0 -266
  1002. package/agents/11-fixer.ts +0 -253
  1003. package/agents/12-ux-inspector.ts +0 -444
  1004. package/agents/13-performance-profiler.ts +0 -271
  1005. package/agents/14-data-integrity-auditor.ts +0 -417
  1006. package/agents/15-regression-sentinel.ts +0 -308
  1007. package/agents/16-chaos-agent.ts +0 -228
  1008. package/agents/17-documentation-validator.ts +0 -266
  1009. package/agents/18-integration-watchdog.ts +0 -178
  1010. package/agents/19-tenant-isolation-auditor.ts +0 -199
  1011. package/agents/20-workflow-completion-tester.ts +0 -203
  1012. package/agents/21-state-session-tester.ts +0 -262
  1013. package/agents/22-email-notification-verifier.ts +0 -244
  1014. package/agents/23-migration-tester.ts +0 -80
  1015. package/agents/24-signup-onboarding-tester.ts +0 -429
  1016. package/agents/25-crud-flow-tester.ts +0 -302
  1017. package/agents/26-form-validator.ts +0 -297
  1018. package/agents/27-search-filter-tester.ts +0 -326
  1019. package/agents/28-navigation-routing-tester.ts +0 -425
  1020. package/agents/29-responsive-interaction-tester.ts +0 -350
  1021. package/agents/30-multi-user-scenario-tester.ts +0 -319
  1022. package/agents/31-load-tester.ts +0 -134
  1023. package/agents/32-memory-leak-detector.ts +0 -194
  1024. package/agents/33-bundle-analyzer.ts +0 -132
  1025. package/agents/34-xss-scanner.ts +0 -191
  1026. package/agents/35-csrf-tester.ts +0 -82
  1027. package/agents/36-auth-fuzzer.ts +0 -194
  1028. package/agents/37-dependency-scanner.ts +0 -176
  1029. package/agents/38-secrets-scanner.ts +0 -137
  1030. package/agents/39-api-contract-tester.ts +0 -199
  1031. package/agents/40-rate-limit-tester.ts +0 -94
  1032. package/agents/41-api-pagination-tester.ts +0 -97
  1033. package/agents/42-graphql-tester.ts +0 -222
  1034. package/agents/43-data-consistency-checker.ts +0 -205
  1035. package/agents/44-backup-recovery-tester.ts +0 -152
  1036. package/agents/45-data-privacy-scanner.ts +0 -125
  1037. package/agents/46-seo-auditor.ts +0 -294
  1038. package/agents/47-social-preview-tester.ts +0 -232
  1039. package/agents/48-lighthouse-auditor.ts +0 -213
  1040. package/agents/49-i18n-tester.ts +0 -198
  1041. package/agents/50-timezone-tester.ts +0 -173
  1042. package/agents/51-error-recovery-tester.ts +0 -155
  1043. package/agents/52-offline-mode-tester.ts +0 -180
  1044. package/agents/53-graceful-degradation-tester.ts +0 -156
  1045. package/agents/54-websocket-tester.ts +0 -151
  1046. package/agents/55-realtime-sync-tester.ts +0 -194
  1047. package/agents/56-file-upload-tester.ts +0 -194
  1048. package/agents/57-export-tester.ts +0 -174
  1049. package/agents/58-payment-flow-tester.ts +0 -183
  1050. package/agents/59-ssl-tls-auditor.ts +0 -141
  1051. package/agents/60-dns-cdn-tester.ts +0 -117
  1052. package/agents/61-docker-health-checker.ts +0 -111
  1053. package/agents/62-env-config-validator.ts +0 -152
  1054. package/agents/63-log-quality-auditor.ts +0 -136
  1055. package/agents/64-analytics-tracker-tester.ts +0 -165
  1056. package/agents/65-gdpr-compliance-tester.ts +0 -215
  1057. package/agents/66-soc2-control-validator.ts +0 -210
  1058. package/agents/67-wcag-aaa-tester.ts +0 -241
  1059. package/agents/68-dead-code-detector.ts +0 -135
  1060. package/agents/69-type-safety-auditor.ts +0 -164
  1061. package/agents/70-complexity-analyzer.ts +0 -179
  1062. package/agents/__tests__/01-analyst.test.ts +0 -188
  1063. package/agents/__tests__/02-seed-architect.test.ts +0 -152
  1064. package/agents/__tests__/03-test-generator-full.test.ts +0 -321
  1065. package/agents/__tests__/03-test-generator.test.ts +0 -318
  1066. package/agents/__tests__/04-unit-runner.test.ts +0 -320
  1067. package/agents/__tests__/05-browser-crawler-beta.test.ts +0 -492
  1068. package/agents/__tests__/05-browser-crawler-release.test.ts +0 -412
  1069. package/agents/__tests__/05-browser-crawler-uat.test.ts +0 -578
  1070. package/agents/__tests__/05-browser-crawler.test.ts +0 -518
  1071. package/agents/__tests__/06-api-exerciser.test.ts +0 -619
  1072. package/agents/__tests__/07-security-scout.test.ts +0 -382
  1073. package/agents/__tests__/08-a11y-guardian.test.ts +0 -530
  1074. package/agents/__tests__/09-healer.test.ts +0 -384
  1075. package/agents/__tests__/10-reporter.test.ts +0 -366
  1076. package/agents/__tests__/11-fixer.test.ts +0 -406
  1077. package/agents/__tests__/12-ux-inspector-extended.test.ts +0 -465
  1078. package/agents/__tests__/12-ux-inspector.test.ts +0 -443
  1079. package/agents/__tests__/13-performance-profiler.test.ts +0 -411
  1080. package/agents/__tests__/14-data-integrity-auditor-extended.test.ts +0 -573
  1081. package/agents/__tests__/14-data-integrity-auditor.test.ts +0 -407
  1082. package/agents/__tests__/15-regression-sentinel.test.ts +0 -657
  1083. package/agents/__tests__/16-chaos-agent.test.ts +0 -427
  1084. package/agents/__tests__/17-documentation-validator.test.ts +0 -402
  1085. package/agents/__tests__/18-integration-watchdog.test.ts +0 -263
  1086. package/agents/__tests__/19-tenant-isolation-auditor.test.ts +0 -400
  1087. package/agents/__tests__/20-workflow-completion-tester.test.ts +0 -586
  1088. package/agents/__tests__/21-state-session-tester.test.ts +0 -374
  1089. package/agents/__tests__/22-email-notification-verifier.test.ts +0 -441
  1090. package/agents/__tests__/23-migration-tester.test.ts +0 -145
  1091. package/agents/__tests__/24-signup-onboarding-tester.test.ts +0 -274
  1092. package/agents/__tests__/25-crud-flow-tester.test.ts +0 -322
  1093. package/agents/__tests__/26-form-validator.test.ts +0 -345
  1094. package/agents/__tests__/27-search-filter-tester.test.ts +0 -311
  1095. package/agents/__tests__/28-navigation-routing-tester.test.ts +0 -328
  1096. package/agents/__tests__/29-responsive-interaction-tester.test.ts +0 -297
  1097. package/agents/__tests__/30-multi-user-scenario-tester.test.ts +0 -328
  1098. package/agents/__tests__/31-load-tester.test.ts +0 -189
  1099. package/agents/__tests__/32-memory-leak-detector.test.ts +0 -251
  1100. package/agents/__tests__/33-bundle-analyzer.test.ts +0 -237
  1101. package/agents/__tests__/34-xss-scanner.test.ts +0 -258
  1102. package/agents/__tests__/35-csrf-tester.test.ts +0 -200
  1103. package/agents/__tests__/36-auth-fuzzer.test.ts +0 -214
  1104. package/agents/__tests__/37-dependency-scanner.test.ts +0 -266
  1105. package/agents/__tests__/38-secrets-scanner.test.ts +0 -224
  1106. package/agents/__tests__/39-api-contract-tester.test.ts +0 -312
  1107. package/agents/__tests__/40-rate-limit-tester.test.ts +0 -192
  1108. package/agents/__tests__/41-api-pagination-tester.test.ts +0 -198
  1109. package/agents/__tests__/42-graphql-tester.test.ts +0 -252
  1110. package/agents/__tests__/43-data-consistency-checker.test.ts +0 -232
  1111. package/agents/__tests__/44-backup-recovery-tester.test.ts +0 -222
  1112. package/agents/__tests__/45-data-privacy-scanner.test.ts +0 -223
  1113. package/agents/__tests__/46-seo-auditor.test.ts +0 -261
  1114. package/agents/__tests__/47-social-preview-tester.test.ts +0 -245
  1115. package/agents/__tests__/48-lighthouse-auditor.test.ts +0 -276
  1116. package/agents/__tests__/49-i18n-tester.test.ts +0 -201
  1117. package/agents/__tests__/50-timezone-tester.test.ts +0 -172
  1118. package/agents/__tests__/51-error-recovery-tester.test.ts +0 -162
  1119. package/agents/__tests__/52-offline-mode-tester.test.ts +0 -164
  1120. package/agents/__tests__/53-graceful-degradation-tester.test.ts +0 -168
  1121. package/agents/__tests__/54-websocket-tester.test.ts +0 -157
  1122. package/agents/__tests__/55-realtime-sync-tester.test.ts +0 -181
  1123. package/agents/__tests__/56-file-upload-tester.test.ts +0 -172
  1124. package/agents/__tests__/57-export-tester.test.ts +0 -169
  1125. package/agents/__tests__/58-payment-flow-tester.test.ts +0 -182
  1126. package/agents/__tests__/59-ssl-tls-auditor.test.ts +0 -179
  1127. package/agents/__tests__/60-dns-cdn-tester.test.ts +0 -176
  1128. package/agents/__tests__/61-docker-health-checker.test.ts +0 -150
  1129. package/agents/__tests__/62-env-config-validator.test.ts +0 -166
  1130. package/agents/__tests__/63-log-quality-auditor.test.ts +0 -175
  1131. package/agents/__tests__/64-analytics-tracker-tester.test.ts +0 -158
  1132. package/agents/__tests__/65-gdpr-compliance-tester.test.ts +0 -174
  1133. package/agents/__tests__/66-soc2-control-validator.test.ts +0 -183
  1134. package/agents/__tests__/67-wcag-aaa-tester.test.ts +0 -190
  1135. package/agents/__tests__/68-dead-code-detector.test.ts +0 -174
  1136. package/agents/__tests__/69-type-safety-auditor.test.ts +0 -173
  1137. package/agents/__tests__/70-complexity-analyzer.test.ts +0 -177
  1138. package/agents/__tests__/base-agent.test.ts +0 -188
  1139. package/agents/__tests__/registry.test.ts +0 -218
  1140. package/agents/base-agent.ts +0 -85
  1141. package/agents/registry.ts +0 -279
  1142. package/baselines/api-schemas/.gitkeep +0 -0
  1143. package/baselines/performance/.gitkeep +0 -0
  1144. package/baselines/screenshots/.gitkeep +0 -0
  1145. package/core/__tests__/ci-output.test.ts +0 -430
  1146. package/core/__tests__/cli.test.ts +0 -387
  1147. package/core/__tests__/config.test.ts +0 -78
  1148. package/core/__tests__/cost-tracker.test.ts +0 -158
  1149. package/core/__tests__/evidence.test.ts +0 -265
  1150. package/core/__tests__/fix-loop.test.ts +0 -210
  1151. package/core/__tests__/health-check.test.ts +0 -44
  1152. package/core/__tests__/init.test.ts +0 -609
  1153. package/core/__tests__/integration.test.ts +0 -204
  1154. package/core/__tests__/license-gen.test.ts +0 -227
  1155. package/core/__tests__/license.test.ts +0 -326
  1156. package/core/__tests__/multi-browser.test.ts +0 -278
  1157. package/core/__tests__/orchestrator.test.ts +0 -520
  1158. package/core/__tests__/phase-gate.test.ts +0 -43
  1159. package/core/__tests__/report-html.test.ts +0 -398
  1160. package/core/__tests__/report-upload.test.ts +0 -325
  1161. package/core/__tests__/run-counter.test.ts +0 -234
  1162. package/core/ci-output.ts +0 -240
  1163. package/core/cli.ts +0 -354
  1164. package/core/config.ts +0 -178
  1165. package/core/cost-tracker.ts +0 -59
  1166. package/core/evidence.ts +0 -132
  1167. package/core/fix-loop.ts +0 -85
  1168. package/core/health-check.ts +0 -54
  1169. package/core/init.ts +0 -546
  1170. package/core/license-gen.ts +0 -212
  1171. package/core/license.ts +0 -208
  1172. package/core/messages.ts +0 -67
  1173. package/core/multi-browser.ts +0 -136
  1174. package/core/orchestrator.ts +0 -427
  1175. package/core/phase-gate.ts +0 -55
  1176. package/core/report-html.ts +0 -657
  1177. package/core/report-upload.ts +0 -188
  1178. package/core/run-counter.ts +0 -175
  1179. package/core/types.ts +0 -57
  1180. package/dist/core/multi-browser.d.ts +0 -36
  1181. package/dist/core/multi-browser.d.ts.map +0 -1
  1182. package/dist/core/multi-browser.js +0 -88
  1183. package/dist/core/multi-browser.js.map +0 -1
  1184. package/helpers/__tests__/api-client.test.ts +0 -199
  1185. package/helpers/__tests__/element-discovery.test.ts +0 -202
  1186. package/helpers/__tests__/form-filler-extended.test.ts +0 -212
  1187. package/helpers/__tests__/form-filler.test.ts +0 -99
  1188. package/helpers/__tests__/modal-handler.test.ts +0 -152
  1189. package/helpers/__tests__/navigation.test.ts +0 -214
  1190. package/helpers/__tests__/quality-gate.test.ts +0 -117
  1191. package/helpers/__tests__/screenshot.test.ts +0 -139
  1192. package/helpers/__tests__/seed-validator.test.ts +0 -114
  1193. package/helpers/api-client.ts +0 -111
  1194. package/helpers/element-discovery.ts +0 -105
  1195. package/helpers/env-resolver.ts +0 -69
  1196. package/helpers/form-filler.ts +0 -126
  1197. package/helpers/modal-handler.ts +0 -108
  1198. package/helpers/navigation.ts +0 -100
  1199. package/helpers/quality-gate.ts +0 -180
  1200. package/helpers/screenshot.ts +0 -111
  1201. package/helpers/seed-validator.ts +0 -70
@@ -0,0 +1,323 @@
1
+ /**
2
+ * SQL Injection Detector — static scan for raw SQL built by string
3
+ * interpolation or concatenation. OWASP #1. Parameterized queries are
4
+ * safe; a query string with `${userInput}` spliced in is not.
5
+ *
6
+ * Flagged sinks:
7
+ * - Prisma: $queryRawUnsafe(...) / $executeRawUnsafe(...) with ANY
8
+ * interpolation or `+` concat. (The *Unsafe variants take a plain
9
+ * string — the safe $queryRaw tagged template is parameterized and is
10
+ * never flagged. So "Unsafe + dynamic" is textbook injection.)
11
+ * - Generic: .query(...) / .execute(...) / .raw(...) / sequelize.query(...)
12
+ * whose argument is a template literal with `${...}` OR a `+` concat,
13
+ * AND references request input (req / request / .query / .params /
14
+ * .body). The request-input gate keeps false positives down on the
15
+ * generic sinks (a `.query()` with an interpolated constant is fine).
16
+ *
17
+ * Findings:
18
+ * - 108-sql-injection critical code-bug-security
19
+ * - 108-clean / 108-summary info
20
+ *
21
+ * Persists `evidence/sql-injection-audit.json`. Read-only, parallel-safe,
22
+ * static analysis only.
23
+ */
24
+ import * as fs from 'node:fs';
25
+ import * as path from 'node:path';
26
+ import { BaseAgent } from './base-agent.js';
27
+ import { maskNonCode, isTestPath } from './lib/source-scan.js';
28
+ const SRC_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs']);
29
+ const SKIP_DIRS = new Set([
30
+ 'node_modules', '.git', 'dist', 'build', '.next', '.nuxt', 'coverage', 'reports', 'baselines', 'evidence',
31
+ ]);
32
+ // `(?!\s*\()` keeps a request property access (`req.query.id`) a taint source while
33
+ // excluding a same-named method call — notably the ORM `conn.query(...)` that is also the
34
+ // SQL sink — so a constant `conn.query("SELECT 1")` is no longer flagged. Mirrors agents/112.
35
+ const TAINT_RE = /\b(?:req|request)\b|\.(?:query|params|body)\b(?!\s*\(|\s*\?\.\s*\()/;
36
+ function walk(dir, results = []) {
37
+ if (!fs.existsSync(dir))
38
+ return results;
39
+ let entries;
40
+ try {
41
+ entries = fs.readdirSync(dir, { withFileTypes: true });
42
+ }
43
+ catch {
44
+ return results;
45
+ }
46
+ for (const entry of entries) {
47
+ if (SKIP_DIRS.has(entry.name))
48
+ continue;
49
+ const full = path.join(dir, entry.name);
50
+ if (entry.isDirectory()) {
51
+ walk(full, results);
52
+ }
53
+ else if (entry.isFile() && SRC_EXTENSIONS.has(path.extname(entry.name))) {
54
+ results.push(full);
55
+ }
56
+ }
57
+ return results;
58
+ }
59
+ function relativise(absPath, root) {
60
+ return path.relative(root, absPath).split(path.sep).join('/');
61
+ }
62
+ function readParens(content, openIdx) {
63
+ if (content[openIdx] !== '(')
64
+ return null;
65
+ let depth = 0;
66
+ let inString = null;
67
+ let escape = false;
68
+ for (let i = openIdx; i < content.length; i++) {
69
+ const ch = content[i];
70
+ if (escape) {
71
+ escape = false;
72
+ continue;
73
+ }
74
+ if (inString) {
75
+ // Inside a template literal, `${` opens an expression that can contain
76
+ // its own parens/strings; for our depth purposes we still track the
77
+ // backtick boundary, and the interpolation parens net out.
78
+ if (ch === '\\')
79
+ escape = true;
80
+ else if (ch === inString)
81
+ inString = null;
82
+ continue;
83
+ }
84
+ if (ch === '"' || ch === "'" || ch === '`') {
85
+ inString = ch;
86
+ continue;
87
+ }
88
+ if (ch === '(')
89
+ depth++;
90
+ else if (ch === ')') {
91
+ depth--;
92
+ if (depth === 0)
93
+ return { text: content.slice(openIdx, i + 1), end: i };
94
+ }
95
+ }
96
+ return null;
97
+ }
98
+ function lineOf(content, index) {
99
+ return content.slice(0, index).split('\n').length;
100
+ }
101
+ function snippetOf(content, index) {
102
+ const start = content.lastIndexOf('\n', index) + 1;
103
+ let end = content.indexOf('\n', index);
104
+ if (end === -1)
105
+ end = content.length;
106
+ return content.slice(start, end).trim().slice(0, 160);
107
+ }
108
+ /** Does the call-arg text dynamically build a string (template interp or `+` concat)? */
109
+ function isDynamicString(argText) {
110
+ const hasTemplateInterp = /`[^`]*\$\{/.test(argText);
111
+ const hasConcat = /['"`]\s*\+|\+\s*['"`]/.test(argText);
112
+ return hasTemplateInterp || hasConcat;
113
+ }
114
+ /** Index of the backtick that closes the template opened at `open`, accounting
115
+ * for `${ ... }` interpolation (which may nest further templates). Runs on
116
+ * masked text, so string-literal bodies are already blanked — only real
117
+ * braces/backticks survive. Returns `s.length` if unterminated. */
118
+ function templateClose(s, open) {
119
+ let i = open + 1;
120
+ while (i < s.length) {
121
+ const c = s[i];
122
+ if (c === '\\') {
123
+ i += 2;
124
+ continue;
125
+ }
126
+ if (c === '`')
127
+ return i;
128
+ if (c === '$' && s[i + 1] === '{') {
129
+ i += 2;
130
+ let depth = 1;
131
+ while (i < s.length && depth > 0) {
132
+ const d = s[i];
133
+ if (d === '\\')
134
+ i += 2;
135
+ else if (d === '`')
136
+ i = templateClose(s, i) + 1;
137
+ else if (d === '{') {
138
+ depth++;
139
+ i++;
140
+ }
141
+ else if (d === '}') {
142
+ depth--;
143
+ i++;
144
+ }
145
+ else
146
+ i++;
147
+ }
148
+ continue;
149
+ }
150
+ i++;
151
+ }
152
+ return s.length;
153
+ }
154
+ /** Blank out `sql`-tagged template literals (`` sql`… ${x} …` ``). The `sql`
155
+ * tag (Drizzle, postgres.js, @vercel/postgres, slonik, …) is the *parameterized*
156
+ * query-builder API: its `${…}` interpolations become bind params / SQL
157
+ * fragments, never spliced-in string text. So a `sql` template is not
158
+ * injectable and must not read as a dynamic SQL string. `sql.raw(…)`, untagged
159
+ * templates, and `+` concatenation are unaffected (still flagged). The `sql`
160
+ * match requires a standalone identifier (so `mysql`…`` / `obj.sql`…`` are left
161
+ * alone). */
162
+ function stripSafeSqlTemplates(arg) {
163
+ const chars = arg.split('');
164
+ const tagRe = /(?:^|[^A-Za-z0-9_$.])sql\s*`/g;
165
+ let m;
166
+ while ((m = tagRe.exec(arg)) !== null) {
167
+ const sqlStart = m.index + m[0].indexOf('sql');
168
+ const backtick = m.index + m[0].length - 1;
169
+ const close = templateClose(arg, backtick);
170
+ for (let k = sqlStart; k <= close && k < chars.length; k++)
171
+ chars[k] = ' ';
172
+ tagRe.lastIndex = close + 1;
173
+ }
174
+ return chars.join('');
175
+ }
176
+ /** Scan a file for injectable raw-SQL sinks. */
177
+ export function scanSqlInjection(content) {
178
+ const hits = [];
179
+ const seen = new Set();
180
+ // Match against code only — never against sink patterns living in comments
181
+ // or string/template literals. Line numbers/snippets come from the original.
182
+ const masked = maskNonCode(content);
183
+ const record = (callIdx, sink, tainted) => {
184
+ const line = lineOf(content, callIdx);
185
+ if (seen.has(line))
186
+ return;
187
+ seen.add(line);
188
+ hits.push({ line, sink, snippet: snippetOf(content, callIdx), tainted });
189
+ };
190
+ // Prisma $queryRawUnsafe / $executeRawUnsafe — Unsafe + any dynamic string.
191
+ // Request-tainted → real injection (critical); dynamic-but-untainted (e.g. a
192
+ // constant table name in a dev seed) → a "prefer parameterized" smell, not critical.
193
+ const unsafeRe = /\$(?:queryRawUnsafe|executeRawUnsafe)\s*\(/g;
194
+ let m;
195
+ while ((m = unsafeRe.exec(masked)) !== null) {
196
+ const paren = m.index + m[0].length - 1;
197
+ const args = readParens(masked, paren);
198
+ if (!args)
199
+ continue;
200
+ if (isDynamicString(args.text))
201
+ record(m.index, m[0].replace(/\s*\($/, '()'), TAINT_RE.test(args.text));
202
+ }
203
+ // Generic raw sinks — dynamic string AND request-tainted. A `sql`-tagged
204
+ // template arg is the parameterized API (bind params, not string-built SQL),
205
+ // so strip those spans before judging dynamic-ness / taint to avoid flagging
206
+ // safe builder calls like `db.execute(sql`create view ${v} as ${q}`)`.
207
+ const genericRe = /(?:\b\w+\.)?\b(?:query|execute|raw)\s*\(/g;
208
+ while ((m = genericRe.exec(masked)) !== null) {
209
+ const paren = m.index + m[0].length - 1;
210
+ const args = readParens(masked, paren);
211
+ if (!args)
212
+ continue;
213
+ const sanitized = stripSafeSqlTemplates(args.text);
214
+ if (isDynamicString(sanitized) && TAINT_RE.test(sanitized)) {
215
+ record(m.index, m[0].replace(/\s*\($/, '()').trim(), true);
216
+ }
217
+ }
218
+ return hits;
219
+ }
220
+ export class SqlInjectionDetectorAgent extends BaseAgent {
221
+ agentId = 108;
222
+ agentName = 'SQL Injection Detector';
223
+ async preFlight() {
224
+ const root = this.config.projectRoot ?? process.cwd();
225
+ if (!fs.existsSync(root)) {
226
+ throw new Error(`projectRoot does not exist: ${root}`);
227
+ }
228
+ }
229
+ async execute() {
230
+ const findings = [];
231
+ const projectRoot = this.config.projectRoot ?? process.cwd();
232
+ const sourceFiles = new Set();
233
+ const mapPath = path.join(this.runDir, 'evidence', 'connection-map.json');
234
+ try {
235
+ const map = JSON.parse(fs.readFileSync(mapPath, 'utf-8'));
236
+ for (const f of map.files) {
237
+ if (!f.isTest)
238
+ sourceFiles.add(path.join(projectRoot, f.path));
239
+ }
240
+ }
241
+ catch {
242
+ for (const f of walk(projectRoot))
243
+ sourceFiles.add(f);
244
+ }
245
+ const allHits = [];
246
+ let filesScanned = 0;
247
+ for (const file of sourceFiles) {
248
+ if (isTestPath(file, projectRoot))
249
+ continue;
250
+ let content;
251
+ try {
252
+ content = fs.readFileSync(file, 'utf-8');
253
+ }
254
+ catch {
255
+ continue;
256
+ }
257
+ filesScanned++;
258
+ const rel = relativise(file, projectRoot);
259
+ for (const hit of scanSqlInjection(content)) {
260
+ allHits.push({ ...hit, file: rel });
261
+ }
262
+ }
263
+ if (allHits.length === 0) {
264
+ findings.push({
265
+ id: `${this.agentId}-clean`,
266
+ type: 'infra-issue',
267
+ severity: 'info',
268
+ agentId: this.agentId,
269
+ module: 'sql-injection-detector',
270
+ description: `Scanned ${filesScanned} non-test file(s) — no raw SQL built from interpolated/concatenated input.`,
271
+ });
272
+ this.persistAudit(projectRoot, filesScanned, allHits);
273
+ return findings;
274
+ }
275
+ for (const hit of allHits.slice(0, 100)) {
276
+ findings.push({
277
+ id: `${this.agentId}-sql-injection-${hit.file.replace(/[^\w]/g, '_')}-${hit.line}`,
278
+ type: 'code-bug-security',
279
+ severity: hit.tainted ? 'critical' : 'medium',
280
+ agentId: this.agentId,
281
+ module: 'sql-injection-detector',
282
+ description: hit.tainted
283
+ ? `Raw SQL built by string interpolation/concatenation from request input at ${hit.file}:${hit.line} (${hit.sink}) — SQL injection. Use parameterized queries (Prisma \`$queryRaw\` tagged template, or bind params / placeholders) instead of splicing values into the query string. \`${hit.snippet}\``
284
+ : `Raw SQL built by string interpolation at ${hit.file}:${hit.line} (${hit.sink}) using a non-request value (e.g. a constant). Not directly injectable, but prefer the safe \`$queryRaw\` tagged template / bind params over the Unsafe API. \`${hit.snippet}\``,
285
+ file: hit.file,
286
+ line: hit.line,
287
+ });
288
+ }
289
+ this.persistAudit(projectRoot, filesScanned, allHits);
290
+ findings.push({
291
+ id: `${this.agentId}-summary`,
292
+ type: 'infra-issue',
293
+ severity: 'info',
294
+ agentId: this.agentId,
295
+ module: 'sql-injection-detector',
296
+ description: `SQL-injection audit: ${allHits.length} injectable raw-SQL sink(s) across ${filesScanned} file(s).`,
297
+ });
298
+ return findings;
299
+ }
300
+ persistAudit(projectRoot, filesScanned, hits) {
301
+ const audit = {
302
+ version: 1,
303
+ generatedAt: new Date().toISOString(),
304
+ projectRoot,
305
+ filesScanned,
306
+ hits,
307
+ };
308
+ try {
309
+ const evidenceDir = path.join(this.runDir, 'evidence');
310
+ fs.mkdirSync(evidenceDir, { recursive: true });
311
+ fs.writeFileSync(path.join(evidenceDir, 'sql-injection-audit.json'), JSON.stringify(audit, null, 2), 'utf-8');
312
+ this.addEvidence({
313
+ type: 'report',
314
+ path: 'evidence/sql-injection-audit.json',
315
+ description: `SQL-injection audit: ${hits.length} sink(s) across ${filesScanned} file(s)`,
316
+ });
317
+ }
318
+ catch {
319
+ // non-fatal
320
+ }
321
+ }
322
+ }
323
+ //# sourceMappingURL=108-sql-injection-detector.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"108-sql-injection-detector.js","sourceRoot":"","sources":["../../agents/108-sql-injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE5D,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AACpG,MAAM,SAAS,GAAwB,IAAI,GAAG,CAAC;IAC7C,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU;CAC1G,CAAC,CAAC;AAEH,oFAAoF;AACpF,0FAA0F;AAC1F,8FAA8F;AAC9F,MAAM,QAAQ,GAAG,qEAAqE,CAAC;AAoBvF,SAAS,IAAI,CAAC,GAAW,EAAE,UAAoB,EAAE;IAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACxC,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACtB,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1E,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,IAAY;IAC/C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,OAAe;IAClD,IAAI,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,QAAQ,GAA2B,IAAI,CAAC;IAC5C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,MAAM,EAAE,CAAC;YAAC,MAAM,GAAG,KAAK,CAAC;YAAC,SAAS;QAAC,CAAC;QACzC,IAAI,QAAQ,EAAE,CAAC;YACb,uEAAuE;YACvE,oEAAoE;YACpE,2DAA2D;YAC3D,IAAI,EAAE,KAAK,IAAI;gBAAE,MAAM,GAAG,IAAI,CAAC;iBAC1B,IAAI,EAAE,KAAK,QAAQ;gBAAE,QAAQ,GAAG,IAAI,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAAC,QAAQ,GAAG,EAAE,CAAC;YAAC,SAAS;QAAC,CAAC;QACxE,IAAI,EAAE,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aACnB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACpB,KAAK,EAAE,CAAC;YACR,IAAI,KAAK,KAAK,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1E,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CAAC,OAAe,EAAE,KAAa;IAC5C,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,KAAa;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACvC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IACrC,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,yFAAyF;AACzF,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,iBAAiB,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxD,OAAO,iBAAiB,IAAI,SAAS,CAAC;AACxC,CAAC;AAED;;;oEAGoE;AACpE,SAAS,aAAa,CAAC,CAAS,EAAE,IAAY;IAC5C,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC;IACjB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACf,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YAAC,CAAC,IAAI,CAAC,CAAC;YAAC,SAAS;QAAC,CAAC;QACrC,IAAI,CAAC,KAAK,GAAG;YAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAClC,CAAC,IAAI,CAAC,CAAC;YACP,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACjC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACf,IAAI,CAAC,KAAK,IAAI;oBAAE,CAAC,IAAI,CAAC,CAAC;qBAClB,IAAI,CAAC,KAAK,GAAG;oBAAE,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;qBAC3C,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;oBAAC,KAAK,EAAE,CAAC;oBAAC,CAAC,EAAE,CAAC;gBAAC,CAAC;qBAChC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;oBAAC,KAAK,EAAE,CAAC;oBAAC,CAAC,EAAE,CAAC;gBAAC,CAAC;;oBAChC,CAAC,EAAE,CAAC;YACX,CAAC;YACD,SAAS;QACX,CAAC;QACD,CAAC,EAAE,CAAC;IACN,CAAC;IACD,OAAO,CAAC,CAAC,MAAM,CAAC;AAClB,CAAC;AAED;;;;;;;cAOc;AACd,SAAS,qBAAqB,CAAC,GAAW;IACxC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG,+BAA+B,CAAC;IAC9C,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC,IAAI,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QAC3E,KAAK,CAAC,SAAS,GAAG,KAAK,GAAG,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,MAAM,IAAI,GAAyC,EAAE,CAAC;IACtD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,2EAA2E;IAC3E,6EAA6E;IAC7E,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAEpC,MAAM,MAAM,GAAG,CAAC,OAAe,EAAE,IAAY,EAAE,OAAgB,EAAQ,EAAE;QACvE,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO;QAC3B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3E,CAAC,CAAC;IAEF,4EAA4E;IAC5E,6EAA6E;IAC7E,qFAAqF;IACrF,MAAM,QAAQ,GAAG,6CAA6C,CAAC;IAC/D,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1G,CAAC;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,6EAA6E;IAC7E,uEAAuE;IACvE,MAAM,SAAS,GAAG,2CAA2C,CAAC;IAC9D,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,SAAS,GAAG,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,eAAe,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3D,MAAM,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,OAAO,yBAA0B,SAAQ,SAAS;IAC7C,OAAO,GAAG,GAAG,CAAC;IACd,SAAS,GAAG,wBAAwB,CAAC;IAEpC,KAAK,CAAC,SAAS;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAE7D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,qBAAqB,CAAC,CAAC;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAkB,CAAC;YAC3E,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAC1B,IAAI,CAAC,CAAC,CAAC,MAAM;oBAAE,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC;gBAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,UAAU,CAAC,IAAI,EAAE,WAAW,CAAC;gBAAE,SAAS;YAC5C,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,YAAY,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC1C,KAAK,MAAM,GAAG,IAAI,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,QAAQ;gBAC3B,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,wBAAwB;gBAChC,WAAW,EAAE,WAAW,YAAY,4EAA4E;aACjH,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,kBAAkB,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE;gBAClF,IAAI,EAAE,mBAAmB;gBACzB,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;gBAC7C,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,wBAAwB;gBAChC,WAAW,EAAE,GAAG,CAAC,OAAO;oBACtB,CAAC,CAAC,6EAA6E,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,0KAA0K,GAAG,CAAC,OAAO,IAAI;oBACzS,CAAC,CAAC,4CAA4C,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,kKAAkK,GAAG,CAAC,OAAO,IAAI;gBAClQ,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;QAEtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,UAAU;YAC7B,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,wBAAwB;YAChC,WAAW,EAAE,wBAAwB,OAAO,CAAC,MAAM,sCAAsC,YAAY,WAAW;SACjH,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,YAAY,CAAC,WAAmB,EAAE,YAAoB,EAAE,IAAuB;QACrF,MAAM,KAAK,GAAsB;YAC/B,OAAO,EAAE,CAAC;YACV,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,WAAW;YACX,YAAY;YACZ,IAAI;SACL,CAAC;QACF,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACvD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/C,EAAE,CAAC,aAAa,CACd,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,EAClD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAC9B,OAAO,CACR,CAAC;YACF,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,mCAAmC;gBACzC,WAAW,EAAE,wBAAwB,IAAI,CAAC,MAAM,mBAAmB,YAAY,UAAU;aAC1F,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;CACF"}
@@ -0,0 +1,51 @@
1
+ /**
2
+ * Path Traversal Detector — static scan for filesystem operations whose
3
+ * path is derived from request input without sanitization. An attacker
4
+ * sends `?file=../../etc/passwd` and `fs.readFile(req.query.file)` serves
5
+ * it. OWASP path traversal / local file inclusion.
6
+ *
7
+ * Flagged sinks (path argument is request-tainted):
8
+ * - fs.readFile / readFileSync / createReadStream / writeFile / unlink /
9
+ * rm / readdir / open (incl. fs.promises and bare readFile imports)
10
+ * - res.sendFile / res.download (Express static file responders)
11
+ *
12
+ * "Tainted" = the path argument references req / request / .query /
13
+ * .params / .body. A `path.join(dir, req.params.x)` still concatenates
14
+ * untrusted input, so join() doesn't launder it.
15
+ *
16
+ * Suppressed when the same expression sanitizes: a `path.basename(` wrap
17
+ * (strips directory components) or an explicit `..` rejection
18
+ * (`.includes('..')` / `replace(/\.\./)`).
19
+ *
20
+ * Findings:
21
+ * - 109-path-traversal high code-bug-security
22
+ * - 109-clean / 109-summary info
23
+ *
24
+ * Persists `evidence/path-traversal-audit.json`. Read-only, parallel-safe,
25
+ * static analysis only.
26
+ */
27
+ import type { Finding } from '../core/types.js';
28
+ import { BaseAgent } from './base-agent.js';
29
+ export interface PathTraversalHit {
30
+ file: string;
31
+ line: number;
32
+ sink: string;
33
+ snippet: string;
34
+ }
35
+ export interface PathTraversalAudit {
36
+ version: 1;
37
+ generatedAt: string;
38
+ projectRoot: string;
39
+ filesScanned: number;
40
+ hits: PathTraversalHit[];
41
+ }
42
+ /** Scan a file for request-tainted filesystem sinks. */
43
+ export declare function scanPathTraversal(content: string): Array<Omit<PathTraversalHit, 'file'>>;
44
+ export declare class PathTraversalDetectorAgent extends BaseAgent {
45
+ readonly agentId = 109;
46
+ readonly agentName = "Path Traversal Detector";
47
+ protected preFlight(): Promise<void>;
48
+ protected execute(): Promise<Finding[]>;
49
+ private persistAudit;
50
+ }
51
+ //# sourceMappingURL=109-path-traversal-detector.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"109-path-traversal-detector.d.ts","sourceRoot":"","sources":["../../agents/109-path-traversal-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAoBzC,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,CAAC,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,gBAAgB,EAAE,CAAC;CAC1B;AA4DD,wDAAwD;AACxD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CA2BxF;AAED,qBAAa,0BAA2B,SAAQ,SAAS;IACvD,QAAQ,CAAC,OAAO,OAAO;IACvB,QAAQ,CAAC,SAAS,6BAA6B;cAE/B,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;cAO1B,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAwE7C,OAAO,CAAC,YAAY;CAyBrB"}
@@ -0,0 +1,244 @@
1
+ /**
2
+ * Path Traversal Detector — static scan for filesystem operations whose
3
+ * path is derived from request input without sanitization. An attacker
4
+ * sends `?file=../../etc/passwd` and `fs.readFile(req.query.file)` serves
5
+ * it. OWASP path traversal / local file inclusion.
6
+ *
7
+ * Flagged sinks (path argument is request-tainted):
8
+ * - fs.readFile / readFileSync / createReadStream / writeFile / unlink /
9
+ * rm / readdir / open (incl. fs.promises and bare readFile imports)
10
+ * - res.sendFile / res.download (Express static file responders)
11
+ *
12
+ * "Tainted" = the path argument references req / request / .query /
13
+ * .params / .body. A `path.join(dir, req.params.x)` still concatenates
14
+ * untrusted input, so join() doesn't launder it.
15
+ *
16
+ * Suppressed when the same expression sanitizes: a `path.basename(` wrap
17
+ * (strips directory components) or an explicit `..` rejection
18
+ * (`.includes('..')` / `replace(/\.\./)`).
19
+ *
20
+ * Findings:
21
+ * - 109-path-traversal high code-bug-security
22
+ * - 109-clean / 109-summary info
23
+ *
24
+ * Persists `evidence/path-traversal-audit.json`. Read-only, parallel-safe,
25
+ * static analysis only.
26
+ */
27
+ import * as fs from 'node:fs';
28
+ import * as path from 'node:path';
29
+ import { BaseAgent } from './base-agent.js';
30
+ import { maskNonCode, isTestPath } from './lib/source-scan.js';
31
+ const SRC_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs']);
32
+ const SKIP_DIRS = new Set([
33
+ 'node_modules', '.git', 'dist', 'build', '.next', '.nuxt', 'coverage', 'reports', 'baselines', 'evidence',
34
+ ]);
35
+ // `(?!\s*\()` keeps a request property access (`req.query.file`) a taint source while
36
+ // excluding a same-named method call (TypeORM `queryRunner.query(...)`), which is not
37
+ // request input. Mirrors agents/112 REQUEST_RE.
38
+ const TAINT_RE = /\b(?:req|request)\b|\.(?:query|params|body)\b(?!\s*\(|\s*\?\.\s*\()/;
39
+ /** Same-expression sanitizers that defang traversal. */
40
+ const SANITIZED_RE = /\bpath\.basename\s*\(|\.includes\s*\(\s*['"`]\.\.['"`]|\.replace\s*\(\s*\/\\?\.\\?\./;
41
+ /** Filesystem sink calls whose first/path argument we inspect. */
42
+ const FS_SINK_RE = /\bfs\.(?:promises\.)?(?:readFile|readFileSync|createReadStream|createWriteStream|writeFile|writeFileSync|appendFile|appendFileSync|copyFile|copyFileSync|cp|cpSync|rename|renameSync|truncate|truncateSync|unlink|unlinkSync|rm|rmSync|rmdir|rmdirSync|mkdir|mkdirSync|readdir|readdirSync|open|openSync)\s*\(|\b(?:readFile|readFileSync|createReadStream|writeFile|appendFile|copyFile|rename|unlink)\s*\(|\bres\.(?:sendFile|download)\s*\(/g;
43
+ function walk(dir, results = []) {
44
+ if (!fs.existsSync(dir))
45
+ return results;
46
+ let entries;
47
+ try {
48
+ entries = fs.readdirSync(dir, { withFileTypes: true });
49
+ }
50
+ catch {
51
+ return results;
52
+ }
53
+ for (const entry of entries) {
54
+ if (SKIP_DIRS.has(entry.name))
55
+ continue;
56
+ const full = path.join(dir, entry.name);
57
+ if (entry.isDirectory()) {
58
+ walk(full, results);
59
+ }
60
+ else if (entry.isFile() && SRC_EXTENSIONS.has(path.extname(entry.name))) {
61
+ results.push(full);
62
+ }
63
+ }
64
+ return results;
65
+ }
66
+ function relativise(absPath, root) {
67
+ return path.relative(root, absPath).split(path.sep).join('/');
68
+ }
69
+ function readParens(content, openIdx) {
70
+ if (content[openIdx] !== '(')
71
+ return null;
72
+ let depth = 0;
73
+ let inString = null;
74
+ let escape = false;
75
+ for (let i = openIdx; i < content.length; i++) {
76
+ const ch = content[i];
77
+ if (escape) {
78
+ escape = false;
79
+ continue;
80
+ }
81
+ if (inString) {
82
+ if (ch === '\\')
83
+ escape = true;
84
+ else if (ch === inString)
85
+ inString = null;
86
+ continue;
87
+ }
88
+ if (ch === '"' || ch === "'" || ch === '`') {
89
+ inString = ch;
90
+ continue;
91
+ }
92
+ if (ch === '(')
93
+ depth++;
94
+ else if (ch === ')') {
95
+ depth--;
96
+ if (depth === 0)
97
+ return { text: content.slice(openIdx, i + 1), end: i };
98
+ }
99
+ }
100
+ return null;
101
+ }
102
+ function lineOf(content, index) {
103
+ return content.slice(0, index).split('\n').length;
104
+ }
105
+ function snippetOf(content, index) {
106
+ const start = content.lastIndexOf('\n', index) + 1;
107
+ let end = content.indexOf('\n', index);
108
+ if (end === -1)
109
+ end = content.length;
110
+ return content.slice(start, end).trim().slice(0, 160);
111
+ }
112
+ /** Scan a file for request-tainted filesystem sinks. */
113
+ export function scanPathTraversal(content) {
114
+ const hits = [];
115
+ const seen = new Set();
116
+ // Match against code only — fs sinks in comments / string literals are not
117
+ // real. Line numbers/snippets come from the original source.
118
+ const masked = maskNonCode(content);
119
+ const re = new RegExp(FS_SINK_RE.source, 'g');
120
+ let m;
121
+ while ((m = re.exec(masked)) !== null) {
122
+ const paren = m.index + m[0].length - 1;
123
+ const args = readParens(masked, paren);
124
+ if (!args)
125
+ continue;
126
+ if (!TAINT_RE.test(args.text))
127
+ continue;
128
+ const snippet = snippetOf(content, m.index);
129
+ // Suppress if a sanitizer appears anywhere on the statement line — the
130
+ // guard (`!x.includes('..')`) often sits before the sink call, outside
131
+ // the call args; path.basename() usually sits inside.
132
+ if (SANITIZED_RE.test(snippet))
133
+ continue;
134
+ const line = lineOf(content, m.index);
135
+ if (seen.has(line))
136
+ continue;
137
+ seen.add(line);
138
+ const sink = m[0].replace(/\s*\($/, '()').trim();
139
+ hits.push({ line, sink, snippet });
140
+ }
141
+ return hits;
142
+ }
143
+ export class PathTraversalDetectorAgent extends BaseAgent {
144
+ agentId = 109;
145
+ agentName = 'Path Traversal Detector';
146
+ async preFlight() {
147
+ const root = this.config.projectRoot ?? process.cwd();
148
+ if (!fs.existsSync(root)) {
149
+ throw new Error(`projectRoot does not exist: ${root}`);
150
+ }
151
+ }
152
+ async execute() {
153
+ const findings = [];
154
+ const projectRoot = this.config.projectRoot ?? process.cwd();
155
+ const sourceFiles = new Set();
156
+ const mapPath = path.join(this.runDir, 'evidence', 'connection-map.json');
157
+ try {
158
+ const map = JSON.parse(fs.readFileSync(mapPath, 'utf-8'));
159
+ for (const f of map.files) {
160
+ if (!f.isTest)
161
+ sourceFiles.add(path.join(projectRoot, f.path));
162
+ }
163
+ }
164
+ catch {
165
+ for (const f of walk(projectRoot))
166
+ sourceFiles.add(f);
167
+ }
168
+ const allHits = [];
169
+ let filesScanned = 0;
170
+ for (const file of sourceFiles) {
171
+ if (isTestPath(file, projectRoot))
172
+ continue;
173
+ let content;
174
+ try {
175
+ content = fs.readFileSync(file, 'utf-8');
176
+ }
177
+ catch {
178
+ continue;
179
+ }
180
+ filesScanned++;
181
+ const rel = relativise(file, projectRoot);
182
+ for (const hit of scanPathTraversal(content)) {
183
+ allHits.push({ ...hit, file: rel });
184
+ }
185
+ }
186
+ if (allHits.length === 0) {
187
+ findings.push({
188
+ id: `${this.agentId}-clean`,
189
+ type: 'infra-issue',
190
+ severity: 'info',
191
+ agentId: this.agentId,
192
+ module: 'path-traversal-detector',
193
+ description: `Scanned ${filesScanned} non-test file(s) — no filesystem sinks fed by unsanitized request input.`,
194
+ });
195
+ this.persistAudit(projectRoot, filesScanned, allHits);
196
+ return findings;
197
+ }
198
+ for (const hit of allHits.slice(0, 100)) {
199
+ findings.push({
200
+ id: `${this.agentId}-path-traversal-${hit.file.replace(/[^\w]/g, '_')}-${hit.line}`,
201
+ type: 'code-bug-security',
202
+ severity: 'high',
203
+ agentId: this.agentId,
204
+ module: 'path-traversal-detector',
205
+ description: `Filesystem path at ${hit.file}:${hit.line} (${hit.sink}) is derived from request input with no visible sanitization — path traversal / LFI. A \`../../\` payload can escape the intended directory. Use \`path.basename()\` on the user portion, resolve and verify the result stays within an allowed root, or map IDs to known paths. \`${hit.snippet}\``,
206
+ file: hit.file,
207
+ line: hit.line,
208
+ });
209
+ }
210
+ this.persistAudit(projectRoot, filesScanned, allHits);
211
+ findings.push({
212
+ id: `${this.agentId}-summary`,
213
+ type: 'infra-issue',
214
+ severity: 'info',
215
+ agentId: this.agentId,
216
+ module: 'path-traversal-detector',
217
+ description: `Path-traversal audit: ${allHits.length} unsanitized filesystem sink(s) across ${filesScanned} file(s).`,
218
+ });
219
+ return findings;
220
+ }
221
+ persistAudit(projectRoot, filesScanned, hits) {
222
+ const audit = {
223
+ version: 1,
224
+ generatedAt: new Date().toISOString(),
225
+ projectRoot,
226
+ filesScanned,
227
+ hits,
228
+ };
229
+ try {
230
+ const evidenceDir = path.join(this.runDir, 'evidence');
231
+ fs.mkdirSync(evidenceDir, { recursive: true });
232
+ fs.writeFileSync(path.join(evidenceDir, 'path-traversal-audit.json'), JSON.stringify(audit, null, 2), 'utf-8');
233
+ this.addEvidence({
234
+ type: 'report',
235
+ path: 'evidence/path-traversal-audit.json',
236
+ description: `Path-traversal audit: ${hits.length} sink(s) across ${filesScanned} file(s)`,
237
+ });
238
+ }
239
+ catch {
240
+ // non-fatal
241
+ }
242
+ }
243
+ }
244
+ //# sourceMappingURL=109-path-traversal-detector.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"109-path-traversal-detector.js","sourceRoot":"","sources":["../../agents/109-path-traversal-detector.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE5D,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AACpG,MAAM,SAAS,GAAwB,IAAI,GAAG,CAAC;IAC7C,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU;CAC1G,CAAC,CAAC;AAEH,sFAAsF;AACtF,sFAAsF;AACtF,gDAAgD;AAChD,MAAM,QAAQ,GAAG,qEAAqE,CAAC;AACvF,wDAAwD;AACxD,MAAM,YAAY,GAAG,sFAAsF,CAAC;AAE5G,kEAAkE;AAClE,MAAM,UAAU,GACd,ibAAib,CAAC;AAiBpb,SAAS,IAAI,CAAC,GAAW,EAAE,UAAoB,EAAE;IAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IACxC,IAAI,OAAoB,CAAC;IACzB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;YAAE,SAAS;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACtB,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1E,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,IAAY;IAC/C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,UAAU,CAAC,OAAe,EAAE,OAAe;IAClD,IAAI,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,QAAQ,GAA2B,IAAI,CAAC;IAC5C,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,MAAM,EAAE,CAAC;YAAC,MAAM,GAAG,KAAK,CAAC;YAAC,SAAS;QAAC,CAAC;QACzC,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,EAAE,KAAK,IAAI;gBAAE,MAAM,GAAG,IAAI,CAAC;iBAC1B,IAAI,EAAE,KAAK,QAAQ;gBAAE,QAAQ,GAAG,IAAI,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YAAC,QAAQ,GAAG,EAAE,CAAC;YAAC,SAAS;QAAC,CAAC;QACxE,IAAI,EAAE,KAAK,GAAG;YAAE,KAAK,EAAE,CAAC;aACnB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACpB,KAAK,EAAE,CAAC;YACR,IAAI,KAAK,KAAK,CAAC;gBAAE,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAC1E,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,MAAM,CAAC,OAAe,EAAE,KAAa;IAC5C,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,KAAa;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACvC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IACrC,OAAO,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,MAAM,IAAI,GAA0C,EAAE,CAAC;IACvD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,2EAA2E;IAC3E,6DAA6D;IAC7D,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAEpC,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC9C,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAS;QACxC,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QAC5C,uEAAuE;QACvE,uEAAuE;QACvE,sDAAsD;QACtD,IAAI,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,SAAS;QACzC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QACtC,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACf,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,OAAO,0BAA2B,SAAQ,SAAS;IAC9C,OAAO,GAAG,GAAG,CAAC;IACd,SAAS,GAAG,yBAAyB,CAAC;IAErC,KAAK,CAAC,SAAS;QACvB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAES,KAAK,CAAC,OAAO;QACrB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAE7D,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,qBAAqB,CAAC,CAAC;QAC1E,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAkB,CAAC;YAC3E,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;gBAC1B,IAAI,CAAC,CAAC,CAAC,MAAM;oBAAE,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC;gBAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,OAAO,GAAuB,EAAE,CAAC;QACvC,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,UAAU,CAAC,IAAI,EAAE,WAAW,CAAC;gBAAE,SAAS;YAC5C,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,YAAY,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC1C,KAAK,MAAM,GAAG,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7C,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,QAAQ;gBAC3B,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,yBAAyB;gBACjC,WAAW,EAAE,WAAW,YAAY,2EAA2E;aAChH,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,mBAAmB,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE;gBACnF,IAAI,EAAE,mBAAmB;gBACzB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,yBAAyB;gBACjC,WAAW,EAAE,sBAAsB,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,sRAAsR,GAAG,CAAC,OAAO,IAAI;gBACzW,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,IAAI;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;QAEtD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,UAAU;YAC7B,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,yBAAyB;YACjC,WAAW,EAAE,yBAAyB,OAAO,CAAC,MAAM,0CAA0C,YAAY,WAAW;SACtH,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,YAAY,CAAC,WAAmB,EAAE,YAAoB,EAAE,IAAwB;QACtF,MAAM,KAAK,GAAuB;YAChC,OAAO,EAAE,CAAC;YACV,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,WAAW;YACX,YAAY;YACZ,IAAI;SACL,CAAC;QACF,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YACvD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/C,EAAE,CAAC,aAAa,CACd,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,2BAA2B,CAAC,EACnD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAC9B,OAAO,CACR,CAAC;YACF,IAAI,CAAC,WAAW,CAAC;gBACf,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,oCAAoC;gBAC1C,WAAW,EAAE,yBAAyB,IAAI,CAAC,MAAM,mBAAmB,YAAY,UAAU;aAC3F,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;CACF"}