@barissozen/csns 0.7.5 → 0.7.6

package/README.md

@@ -1,64 +1,93 @@
-# Project Consciousness
+# CSNS
 
-> Just say what you want. It handles the rest.
+> **C**ode-aware **S**elf-correcting **N**ever-forgetting **S**ystem
 
-AI agents that don't ask you "which framework?" or "JWT or session?" — you describe what you need, the system makes the technical decisions itself.
+Just say what you want. It handles the rest.
+Or point it at existing code — it reverse-engineers, audits, and scores your architecture.
 
-**Multi-model** · **Multi-language** · **Memory-first** · **Self-correcting**
+**Multi-model** · **Multi-language** · **Memory-first** · **Self-correcting** · **Codebase auditor**
+
+```bash
+npm install -g @barissozen/csns
+csns
+```
 
 ---
 
-## Demo
+## What It Does
 
 ```
-$ pc init
-
-📋 What do you want to build?
-> I want a URL shortener with user registration, redirect on click,
-  links never expire
-
-🔍 Analyzing...
-   ✅ JWT Auth (registration detected)
-   ✅ SQLite (lightweight, sufficient)
-   ✅ REST API
-   ✅ TypeScript + Node.js
-
-❓ A few product questions:
-
-   Are shortened links public or login-only?
-   1. Public
-   2. Login only
-   3. Both (configurable)
-   > 1
-
-   Can users see each other's links?
-   1. Yes, everyone sees all
-   2. No, only their own
-   3. Optional sharing
-   > 2
-
-╔══════════════════════════════════════════════╗
-║              Plan Summary                    ║
-╚══════════════════════════════════════════════╝
-
- ✅ JWT Auth        ❌ No frontend (API only)
- ✅ SQLite          ❌ No payment system
- ✅ REST API
-
-$ pc run
-
-🚀 Orchestration starting...
-📦 Milestone M01: Foundation — DB schema, config
-📦 Milestone M02: Auth — register, login, JWT
-📦 Milestone M03: URL Shortener — CRUD, redirect
-🤖 Agent working: M01...
-✅ M01 completed (tsc ✅, test ✅)
-🤖 Agent working: M02...
-✅ M02 completed (tsc ✅, test ✅, endpoint ✅)
-🤖 Agent working: M03...
-✅ M03 completed (tsc ✅, test ✅, endpoint ✅)
-
-✅ Project complete — 3/3 milestones successful
+csns> /new "URL shortener with auth"     → builds it from scratch
+csns> /audit                              → reverse-engineers & scores existing code
+csns> /trace                              → 4-layer deep analysis
+csns> /health                             → checks LLM + agent + memory status
+```
+
+**Two modes:**
+1. **Build** — describe what you want, CSNS makes technical decisions, writes code, tests it, audits the result
+2. **Audit** — point it at any TypeScript project, it classifies layers, traces data flows, checks architectural decisions, scores health 0–100
+
+---
+
+## Demo: Build
+
+```
+$ csns
+
+  ╔══════════════════════════════════════════════╗
+  ║   CSNS v0.7.5                                ║
+  ║   Code-aware Self-correcting                 ║
+  ║   Never-forgetting System                    ║
+  ╚══════════════════════════════════════════════╝
+
+  Type /help for commands, /quit to exit.
+
+  csns> /new
+  📋 What do you want to build?
+  > URL shortener with user registration
+
+  🔍 Analyzing...
+  ✅ JWT Auth · ✅ SQLite · ✅ REST API · ✅ TypeScript
+
+  🚀 Starting orchestration...
+  📦 M01: Foundation → ✅ (tsc ✅, test ✅)
+  📦 M02: Auth       → ✅ (tsc ✅, test ✅, endpoint ✅)
+  📦 M03: Shortener  → ✅ (tsc ✅, test ✅, endpoint ✅)
+
+  🔍 Post-build audit...
+  💯 Health: 94/100 — 2 minor violations, auto-fixing...
+  ✅ Re-audit: 100/100
+
+  csns> /quit
+  👋 Bye.
+```
+
+## Demo: Audit
+
+```
+  csns> /audit
+  🔍 Running reverse engineering audit...
+
+  ═══════════════════════════════════════════
+  📋 AUDIT REPORT
+  ═══════════════════════════════════════════
+
+  🏗️  Layer Distribution:
+     controller    42    service    37    middleware    17
+     repository    239   config     16    schema       10
+
+  🔀 Data Flows: 5/68 complete
+
+  ⚠️  Violations: 43 (43 acknowledged, 0 real)
+     ✅ 19x GraphQL resolver-first pattern
+     ✅ 30x Inline resolver logic — accepted convention
+
+  🧩 Patterns:
+     GraphQL Federation · GraphQL Resolvers · Event-Driven
+     Circuit Breaker · Service Layer · Middleware Chain
+
+  💯 Health Score: 96/100
+  ═══════════════════════════════════════════
 ```
 
 ---
@@ -66,11 +95,8 @@ $ pc run
 ## Install
 
 ```bash
-npx project-consciousness init     # try instantly
-# or
-npm install -g project-consciousness
-pc init
-pc run
+npm install -g @barissozen/csns
+csns
 ```
 
 **Requirements:** Node.js 20+, at least one LLM provider
@@ -86,8 +112,6 @@ export OLLAMA_HOST=http://localhost:11434  # Local (Llama, Mistral, etc.)
 
 ## Multi-Model Support
 
-Use any LLM provider — switch with a single env variable:
-
 | Provider | Env Variable | Models |
 |----------|-------------|--------|
 | **Anthropic** (default) | `ANTHROPIC_API_KEY` | Claude Sonnet, Opus, Haiku |
@@ -96,177 +120,151 @@ Use any LLM provider — switch with a single env variable:
 | **OpenAI-compatible** | `OPENAI_API_KEY` + `LLM_BASE_URL` | Groq, Together, Azure, etc. |
 
 ```bash
-# Auto-detect: whichever key exists is used
-export ANTHROPIC_API_KEY=sk-ant-...
-pc run "Build a todo API"
+# Auto-detect from env
+csns
 
 # Explicit override
-LLM_PROVIDER=openai OPENAI_API_KEY=sk-... pc run "Build a todo API"
+LLM_PROVIDER=openai OPENAI_API_KEY=sk-... csns
 
-# Local Ollama (no API key needed)
-LLM_PROVIDER=ollama pc run "Build a todo API"
+# Local — no API key needed
+LLM_PROVIDER=ollama csns
 ```
 
-### Programmatic
+---
 
-```typescript
-import { createProvider } from 'project-consciousness/llm';
+## CLI Commands
 
-// Auto-detect from env
-const provider = createProvider();
+### Interactive (REPL)
 
-// Or explicit
-const claude = createProvider({ provider: 'anthropic', apiKey: 'sk-ant-...' });
-const gpt = createProvider({ provider: 'openai', apiKey: 'sk-...', model: 'gpt-4o' });
-const local = createProvider({ provider: 'ollama', model: 'llama3' });
+```
+csns                           → starts interactive prompt
+csns> /new [brief]             → build a new project
+csns> /audit                   → reverse-engineer & audit codebase
+csns> /trace                   → full 4-layer analysis
+csns> /status                  → show STATE.md
+csns> /log                     → show DECISIONS.md
+csns> /health                  → check LLM + agent CLI + memory files
+csns> /help                    → list commands
+csns> /quit                    → exit
 ```
 
----
-
-## Multi-Language (i18n)
-
-All user-facing messages, prompts, and agent personas support multiple languages:
+### Non-interactive (CI / scripts)
 
 ```bash
-PC_LOCALE=en pc run "Build a todo API"     # English (default)
-PC_LOCALE=tr pc run "Todo API yap"         # Türkçe
+csns new "Build a todo API with auth"
+csns audit
+csns trace
+csns status
+csns health
 ```
 
-Currently supported: **English** (`en`), **Turkish** (`tr`). Adding a new locale is one file — see `src/i18n/`.
-
 ---
 
-## Agent CLI Abstraction
-
-The orchestrator spawns coding agents via CLI. Default is Claude Code, but any compatible CLI works:
+## Audit Engine
 
-```bash
-AGENT_BINARY=claude pc run "..."     # Claude Code (default)
-AGENT_BINARY=codex pc run "..."      # OpenAI Codex CLI
-AGENT_BINARY=aider pc run "..."      # Aider
-```
+The `/audit` command reverse-engineers any TypeScript project:
 
-The agent receives a prompt via stdin and returns structured output. Any CLI that accepts `--print` mode or stdin prompts can be plugged in.
+### 4 Layers
 
----
+| Layer | What | How |
+|-------|------|-----|
+| **Static** | Import/export graph, dead exports, circular deps, phantom deps | Regex scan of all `.ts` files |
+| **Semantic** | "This service should be injected but isn't" | LLM reasoning over graph + file summaries |
+| **Runtime** | Server started, HTTP probed, handler chain traced | Express middleware + HTTP probing |
+| **Audit** | Architecture recovery, decision archaeology, pattern detection | Layer classification + cross-reference |
 
-## How It Works
+### What It Finds
 
-### The 4-File Memory System
+| Finding | Example |
+|---------|---------|
+| **Layer skip** | Controller → Repository (skipping service layer) |
+| **Wrong direction** | Service imports controller (upward dependency) |
+| **Dead export** | `unusedHelper()` exported but never imported |
+| **Circular dep** | `logger → config → logger` |
+| **Phantom dep** | `winston` imported but not in `package.json` |
+| **Decision contradiction** | ARCHITECTURE says JWT but code uses session |
+| **Pattern inconsistency** | 7 routes use service layer, 52 don't |
 
-Everything runs on 4 markdown files. Agents read them before every task and never forget why they exist.
+### Smart Acknowledgement
 
-| File | What It Contains | Owned By |
-|------|-----------------|----------|
-| `MISSION.md` | What to build, what NOT to build, success criteria | You (immutable) |
-| `ARCHITECTURE.md` | Technical decisions — auth, DB, API style | System (auto) |
-| `DECISIONS.md` | Every decision, why it was made, when | Log (append-only) |
-| `STATE.md` | Current phase, what's done, what's left | Live status |
-
-### Architecture
+CSNS distinguishes **design decisions** from **real bugs**:
 
 ```
-You: "I want a URL shortener..."
- │
- ▼
-┌─────────────────────────────────┐
-│  SmartBrief                      │
-│  1 question → analysis →         │
-│  product questions only          │
-│  → MISSION.md + ARCHITECTURE.md  │
-└──────────┬──────────────────────┘
-           ▼
-┌─────────────────────────────────┐
-│  Orchestrator                    │
-│  Plan → Milestone → Agent → Test │
-│  Failed? → 3x retry → ask you   │
-└──────────┬──────────────────────┘
-           ▼
-┌─────────────────────────────────┐
-│  Memory Layer                    │
-│  Every decision → DECISIONS.md   │
-│  Every step → STATE.md           │
-│  Nothing is lost                 │
-└─────────────────────────────────┘
+Violation found
+    │
+    ├── GraphQL resolver → DB direct?  → ✅ Acknowledged (resolver-first pattern)
+    ├── Written in ARCHITECTURE.md?    → ✅ Acknowledged (explicit decision)
+    ├── >80% routes follow same way?   → ✅ Acknowledged (project convention)
+    │
+    └── None of the above?             → ⚠️ Real issue — counts against health
 ```
 
-### What It Asks vs. What It Decides
-
-| Asks you ✅ | Decides itself ❌ |
-|---|---|
-| "Are links public or private?" | JWT or session? |
-| "Can users see each other's data?" | Which database? |
-| "Will there be payments?" | REST or GraphQL? |
-| "Do links expire?" | File structure? |
-
-Technical decisions are inferred from your brief. Only **product decisions** — things you need to know — are asked.
-
-### Quality Control Pipeline
-
-After code is written, it's verified:
-
-1. **Type checking** — `tsc --noEmit`
-2. **Test execution** — `vitest run` / `pytest` / `go test`
-3. **HTTP endpoint testing** — server started, real HTTP requests sent
-4. **Anti-scope enforcement** — protected files touched? forbidden deps added?
+### Tested On Real Projects
 
-Failed? 3x auto-retry with feedback → still failing? → escalation to you.
-
-### Tracer Agent — Data Flow Inspector
+```
+Project               Files  Violations           Health
+──────────────────────────────────────────────────────────
+Cayman Data              37    0 (0 ack, 0 real)  100.0 💯
+Yieldex                  84    1 (0 ack, 1 real)   98.3
+Wallet SDK               26    1 (0 ack, 1 real)   97.8
+Cayman-Hashlock         530   43 (43 ack, 0 real)  96.0
+CSNS (self)              72    6 (2 ack, 4 real)   93.0
+Cayman Mobile            32    5 (0 ack, 5 real)   89.4
+```
 
-A specialized agent that "walks" through the project, tracking data flow and finding wiring problems:
+### Programmatic
 
 ```typescript
-import { TracerAgent } from 'project-consciousness/agent';
+import { ReverseEngineer } from '@barissozen/csns/agent';
 
-const tracer = new TracerAgent({
-  projectRoot: process.cwd(),
-  llmProvider: provider,     // any LLMProvider
-  port: 3000,
-});
+const auditor = new ReverseEngineer('/path/to/project');
+const report = await auditor.audit();
 
-const report = await tracer.run();
-// report.staticIssues     → dead exports, circular deps, phantom deps
-// report.semanticInsights → LLM-detected injection gaps, config mismatches
-// report.runtimeTraces    → HTTP probe results, handler chains, data flow
+report.classifications   // file → layer mapping
+report.dataFlows         // end-to-end request chains
+report.violations        // architectural issues (acknowledged vs real)
+report.decisionAudit     // DECISIONS.md cross-check
+report.patterns          // detected design patterns
+report.summary.healthScore  // 0–100
 ```
 
-**3-layer analysis:**
-
-| Layer | What | How |
-|-------|------|-----|
-| **Static** | Import/export graph, dead code, circular deps, phantom deps | Regex scan of all `.ts` files |
-| **Semantic** | "This service should be injected but isn't" | LLM reasoning over graph + file summaries |
-| **Runtime** | Server started, HTTP probed, handler chain traced | Express middleware injection + HTTP probing |
-
 ---
 
-## CLI Commands
-
-| Command | What It Does |
-|---------|-------------|
-| `pc init` | Collect brief → create 4 memory files |
-| `pc run` | Start the orchestrator |
-| `pc run "Build a todo API"` | Start with inline brief |
-| `pc status` | Show STATE.md |
-| `pc log` | Show DECISIONS.md |
-| `pc help` | Help |
+## Build Engine
 
----
+### The 4-File Memory System
 
-## Traceability
+| File | What | Who |
+|------|------|-----|
+| `MISSION.md` | What to build, what NOT to build, success criteria | You (immutable) |
+| `ARCHITECTURE.md` | Technical decisions — auth, DB, API style | System (auto) |
+| `DECISIONS.md` | Every decision + rationale (append-only) | Log |
+| `STATE.md` | Current phase, what's done, what's left | Live |
 
-Everything is logged, nothing is deleted:
+### Build → Audit → Fix Loop
 
-```markdown
-## D024 — Codebase Context: Pre-Task File Reading
-- **Date**: 2026-03-24T02:30:00+03:00
-- **Decision**: CodebaseReader scans src/, selects relevant files per task
-- **Rationale**: Agent must know existing code, otherwise writes duplicates
-- **Status**: active
+```
+/new "Build a todo API"
+    │
+    ▼
+SmartBrief → Scaffold → Orchestrator → Agents write code
+    │                                        │
+    │                                   tsc ✅ test ✅
+    │                                        │
+    ▼                                        ▼
+MISSION.md                             Audit Gate (automatic)
+ARCHITECTURE.md                        Health < 70? → Fix tasks
+DECISIONS.md                           Re-audit → ✅ Done
+STATE.md
 ```
 
-6 months later: "why did we do it this way?" → `DECISIONS.md`.
+### What It Asks vs. What It Decides
+
+| Asks you ✅ | Decides itself ❌ |
+|---|---|
+| "Are links public or private?" | JWT or session? |
+| "Can users see each other's data?" | Which database? |
+| "Will there be payments?" | REST or GraphQL? |
 
 ---
 
@@ -279,84 +277,76 @@ Everything is logged, nothing is deleted:
 | `ANTHROPIC_API_KEY` | Anthropic API key | — |
 | `OPENAI_API_KEY` | OpenAI API key | — |
 | `OLLAMA_HOST` | Ollama server URL | `http://localhost:11434` |
-| `LLM_PROVIDER` | Force provider: `anthropic`, `openai`, `ollama` | auto-detect |
+| `LLM_PROVIDER` | Force: `anthropic` / `openai` / `ollama` | auto-detect |
 | `LLM_MODEL` | Model name | provider default |
-| `LLM_BASE_URL` | Custom API base URL (OpenAI-compatible) | — |
+| `LLM_BASE_URL` | Custom API base URL | — |
 | `AGENT_BINARY` | Coding agent CLI binary | `claude` |
-| `PC_LOCALE` | Language: `en`, `tr` | `en` |
+| `CSNS_LOCALE` | Language: `en` / `tr` | `en` |
 
 ### Programmatic
 
 ```typescript
-import { Orchestrator } from 'project-consciousness/orchestrator';
+import { Orchestrator } from '@barissozen/csns/orchestrator';
+import { createProvider } from '@barissozen/csns/llm';
+import { TracerAgent } from '@barissozen/csns/agent';
 
+// Build
 const orchestrator = new Orchestrator({
   projectRoot: process.cwd(),
   llmProvider: 'openai',
   llmApiKey: 'sk-...',
-  llmModel: 'gpt-4o',
-  agentBinary: 'claude',
   locale: 'en',
   maxRetries: 3,
-  escalationThreshold: 0.4,
-  maxParallelAgents: 3,
   verbose: true,
 });
+await orchestrator.run('Build a REST API for todos');
 
-const session = await orchestrator.run('Build a REST API for todos');
+// Audit
+const tracer = new TracerAgent({
+  projectRoot: '/path/to/project',
+  llmProvider: createProvider(),
+});
+const report = await tracer.run();
 ```
 
 ---
 
-## Developer Notes
-
-### Project Structure
+## Project Structure
 
 ```
 src/
+├── bin/             CLI — csns (interactive REPL + non-interactive)
 ├── brief/           SmartBrief + BriefCollector
 ├── agent/           Agent Runner, Context Builder, Codebase Reader
-│   └── tracer/      Tracer Agent (static + semantic + runtime analysis)
-├── orchestrator/    Planner, Evaluator, Escalator, Integration Evaluator
+│   └── tracer/      Static Analyzer, Semantic Analyzer, Runtime Tracer,
+│                    Reverse Engineer (audit engine)
+├── orchestrator/    Planner, Evaluator, Escalator, Scaffold, Audit Gate
 ├── memory/          4-file read/write layer
-├── llm/             LLM provider abstraction (Anthropic, OpenAI, Ollama)
+├── llm/             Provider abstraction (Anthropic, OpenAI, Ollama)
 ├── i18n/            Internationalization (en, tr)
-├── types/           TypeScript interfaces
-└── bin/             CLI (pc init/run/status/log)
+└── types/           TypeScript interfaces
 ```
 
-### Test
+## Tests
 
 ```bash
-npm test                                    # 229 tests, 19 suites
-npx vitest run tests/tracer-agent.test.ts   # specific suite
-SKIP_E2E=1 npm test                         # skip real CLI tests
+npm test                          # 229 tests, 19 suites
+SKIP_E2E=1 npm test               # skip real CLI tests
 ```
 
-TypeScript strict mode, 0 errors. Vitest for testing.
-
-### Stack
-
-- **TypeScript + Node.js** — strict mode, ESM
-- **LLM Providers** — Anthropic SDK, OpenAI API, Ollama REST (pluggable)
-- **Agent Execution** — Claude Code CLI (configurable)
-- **Testing** — Vitest (229 tests)
-- **Storage** — File system (markdown, no DB)
-
-### Design Principles
+## Design Principles
 
 1. **Memory-First** — Every decision leaves a trace in files
 2. **Fail-Safe** — When in doubt, ask the human
 3. **Append-Only** — DECISIONS.md is never edited
-4. **Minimal** — File system is enough, no DB needed
-5. **Human-Readable** — All state is markdown
-6. **Provider-Agnostic** — Works with any LLM, any agent CLI
+4. **Provider-Agnostic** — Any LLM, any agent CLI
+5. **Acknowledged vs Real** — Design decisions ≠ bugs
 
-### Contributing
+## Contributing
 
 1. Fork → branch → test → PR
 2. `npm test` must pass
-3. `npx tsc --noEmit` must show 0 errors
+3. `npx tsc --noEmit` — 0 errors
 4. Conventional commits (`feat:`, `fix:`, `docs:`)
 
 ## License

package/dist/agent/index.d.ts

@@ -11,4 +11,5 @@ export { StaticAnalyzer } from './tracer/index.js';
 export { SemanticAnalyzer } from './tracer/index.js';
 export { RuntimeTracer } from './tracer/index.js';
 export { ReverseEngineer } from './tracer/index.js';
+export { SecurityScanner } from './tracer/index.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/agent/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agent/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agent/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/agent/index.js

@@ -9,4 +9,5 @@ export { StaticAnalyzer } from './tracer/index.js';
 export { SemanticAnalyzer } from './tracer/index.js';
 export { RuntimeTracer } from './tracer/index.js';
 export { ReverseEngineer } from './tracer/index.js';
+export { SecurityScanner } from './tracer/index.js';
 //# sourceMappingURL=index.js.map

package/dist/agent/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agent/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agent/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/agent/tracer/index.d.ts

@@ -5,4 +5,6 @@ export { SemanticAnalyzer } from './semantic-analyzer.js';
 export { RuntimeTracer } from './runtime-tracer.js';
 export { ReverseEngineer } from './reverse-engineer.js';
 export type { AuditReport, FileClassification, DataFlowChain, ArchitectureViolation, DecisionAuditResult, ArchLayer, } from './reverse-engineer.js';
+export { SecurityScanner } from './security-scanner.js';
+export type { SecurityReport, SecurityFinding } from './security-scanner.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/agent/tracer/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/agent/tracer/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,YAAY,EACV,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,qBAAqB,EACrB,mBAAmB,EACnB,SAAS,GACV,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/agent/tracer/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,YAAY,EACV,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,qBAAqB,EACrB,mBAAmB,EACnB,SAAS,GACV,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/agent/tracer/index.js

@@ -3,4 +3,5 @@ export { StaticAnalyzer } from './static-analyzer.js';
 export { SemanticAnalyzer } from './semantic-analyzer.js';
 export { RuntimeTracer } from './runtime-tracer.js';
 export { ReverseEngineer } from './reverse-engineer.js';
+export { SecurityScanner } from './security-scanner.js';
 //# sourceMappingURL=index.js.map

package/dist/agent/tracer/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/agent/tracer/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/agent/tracer/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AASxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/agent/tracer/security-scanner.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Security Scanner — Automated Security Vulnerability Detection
+ *
+ * Finds the vulnerabilities that structural audit can't:
+ * - Non-null env assertions without validation (crash risk)
+ * - JSON.parse without try/catch (crash risk)
+ * - Hardcoded secrets
+ * - SQL string concatenation (injection risk)
+ * - Weak CSP directives
+ * - Missing CORS origin
+ * - Exposed stack traces
+ * - Cookie/JWT TTL mismatches (cross-file value checker)
+ * - Dead imports
+ *
+ * Tested against real findings from manual Cayman-Hashlock audit.
+ */
+export type SecuritySeverity = 'critical' | 'high' | 'medium' | 'low' | 'info';
+export interface SecurityFinding {
+    id: string;
+    rule: string;
+    severity: SecuritySeverity;
+    file: string;
+    line: number;
+    code: string;
+    description: string;
+    fix: string;
+}
+export interface SecurityReport {
+    findings: SecurityFinding[];
+    summary: {
+        total: number;
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+        info: number;
+        securityScore: number;
+    };
+    scannedFiles: number;
+    duration: number;
+}
+export declare class SecurityScanner {
+    private projectRoot;
+    constructor(projectRoot: string);
+    scan(): Promise<SecurityReport>;
+    private detectValueMismatches;
+    private computeScore;
+    private deduplicate;
+    private getLineNumber;
+    private isTestFile;
+    private collectFiles;
+    private walk;
+}
+//# sourceMappingURL=security-scanner.d.ts.map

package/dist/agent/tracer/security-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-scanner.d.ts","sourceRoot":"","sources":["../../../src/agent/tracer/security-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AASH,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAE/E,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,OAAO,EAAE;QACP,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AA8ND,qBAAa,eAAe;IAC1B,OAAO,CAAC,WAAW,CAAS;gBAEhB,WAAW,EAAE,MAAM;IAIzB,IAAI,IAAI,OAAO,CAAC,cAAc,CAAC;IA2HrC,OAAO,CAAC,qBAAqB;IAgC7B,OAAO,CAAC,YAAY;IAUpB,OAAO,CAAC,WAAW;IAUnB,OAAO,CAAC,aAAa;IAUrB,OAAO,CAAC,UAAU;YAKJ,YAAY;YAMZ,IAAI;CAYnB"}

package/dist/agent/tracer/security-scanner.js

@@ -0,0 +1,397 @@
+/**
+ * Security Scanner — Automated Security Vulnerability Detection
+ *
+ * Finds the vulnerabilities that structural audit can't:
+ * - Non-null env assertions without validation (crash risk)
+ * - JSON.parse without try/catch (crash risk)
+ * - Hardcoded secrets
+ * - SQL string concatenation (injection risk)
+ * - Weak CSP directives
+ * - Missing CORS origin
+ * - Exposed stack traces
+ * - Cookie/JWT TTL mismatches (cross-file value checker)
+ * - Dead imports
+ *
+ * Tested against real findings from manual Cayman-Hashlock audit.
+ */
+import { readFile, readdir } from 'node:fs/promises';
+import { join, relative, extname } from 'node:path';
+const RULES = [
+    // ── Crash Risks ──────────────────────────────────────
+    {
+        id: 'SEC-01',
+        name: 'non-null-env-assertion',
+        severity: 'medium',
+        pattern: /process\.env\[?['"]?\w+['"]?\]?!/g,
+        antiPattern: /if\s*\(!?\s*process\.env|const\s+\w+\s*=\s*process\.env[^!]|process\.env\.\w+\s*\?\?|process\.env\.\w+\s*\|\|/,
+        description: 'Non-null assertion on process.env without prior validation — crashes with cryptic error if env var is missing',
+        fix: 'Add startup validation: const X = process.env.X; if (!X) throw new Error("X is required");',
+    },
+    {
+        id: 'SEC-02',
+        name: 'json-parse-no-try-catch',
+        severity: 'medium',
+        pattern: /JSON\.parse\s*\(\s*(?:process\.env|req\.|request\.|body|params|query|headers)/g,
+        antiPattern: /try\s*{[^}]*JSON\.parse/,
+        description: 'JSON.parse on untrusted input without try/catch — malformed input crashes the process',
+        fix: 'Wrap in try/catch or use a safe parse utility (e.g., zod .safeParse())',
+    },
+    // ── Secrets ──────────────────────────────────────────
+    {
+        id: 'SEC-03',
+        name: 'hardcoded-secret',
+        severity: 'critical',
+        pattern: /(?:password|secret|apikey|api_key|token|private_key)\s*[:=]\s*['"][^'"]{8,}['"]/gi,
+        antiPattern: /process\.env|example|placeholder|TODO|CHANGE|test|mock|fake|dummy|sample/i,
+        description: 'Possible hardcoded secret in source code',
+        fix: 'Move to environment variable or secrets manager',
+    },
+    {
+        id: 'SEC-04',
+        name: 'hardcoded-jwt-secret',
+        severity: 'critical',
+        pattern: /jwt\.sign\s*\([^)]*['"][a-zA-Z0-9+/=]{16,}['"]/g,
+        description: 'Hardcoded JWT signing secret in jwt.sign() call',
+        fix: 'Use process.env.JWT_SECRET with startup validation',
+    },
+    // ── SQL Injection ────────────────────────────────────
+    {
+        id: 'SEC-05',
+        name: 'sql-string-concat',
+        severity: 'critical',
+        pattern: /(?:query|execute|raw)\s*\(\s*`[^`]*\$\{(?!.*params|.*where|.*conditions|.*clause)/g,
+        antiPattern: /\$\d+|_patches|\.test\.|\.spec\./,
+        description: 'SQL query with template literal interpolation — potential SQL injection',
+        fix: 'Use parameterized queries: query("SELECT * FROM x WHERE id = $1", [id])',
+    },
+    {
+        id: 'SEC-06',
+        name: 'sql-string-concat-plus',
+        severity: 'critical',
+        pattern: /(?:query|execute|raw)\s*\(\s*['"][^'"]*['"]\s*\+\s*(?:req\.|args\.|params\.|body\.|input)/g,
+        description: 'SQL query built with string concatenation from user input',
+        fix: 'Use parameterized queries instead of string concatenation',
+    },
+    // ── CSP / Headers ────────────────────────────────────
+    {
+        id: 'SEC-07',
+        name: 'csp-unsafe-inline',
+        severity: 'low',
+        pattern: /(?:script-src|style-src)[^;]*'unsafe-inline'/g,
+        description: 'CSP allows unsafe-inline — enables XSS via inline scripts/styles',
+        fix: 'Use nonce-based or hash-based CSP instead of unsafe-inline',
+    },
+    {
+        id: 'SEC-08',
+        name: 'csp-unsafe-eval',
+        severity: 'medium',
+        pattern: /(?:script-src)[^;]*'unsafe-eval'/g,
+        description: 'CSP allows unsafe-eval — enables code injection via eval()',
+        fix: 'Remove unsafe-eval from CSP; refactor code to avoid eval()',
+    },
+    // ── CORS ─────────────────────────────────────────────
+    {
+        id: 'SEC-09',
+        name: 'cors-wildcard',
+        severity: 'medium',
+        pattern: /cors\s*\(\s*\)|origin\s*:\s*['"]?\*['"]?|Access-Control-Allow-Origin.*\*/g,
+        antiPattern: /NODE_ENV.*(?:dev|test)|development/,
+        description: 'CORS allows all origins — any website can make authenticated requests',
+        fix: 'Restrict origin to specific allowed domains',
+    },
+    // ── Error Exposure ───────────────────────────────────
+    {
+        id: 'SEC-10',
+        name: 'exposed-stack-trace',
+        severity: 'low',
+        pattern: /res\.(?:send|json)\s*\(\s*(?:err|error)(?:\.stack|\.message|\))/g,
+        antiPattern: /NODE_ENV.*prod|production/,
+        description: 'Raw error/stack trace sent in HTTP response — leaks internal details',
+        fix: 'Return generic error message in production; log full error server-side',
+    },
+    // ── Auth ─────────────────────────────────────────────
+    {
+        id: 'SEC-11',
+        name: 'jwt-alg-none',
+        severity: 'critical',
+        pattern: /algorithms?\s*:\s*\[?\s*['"]none['"]/gi,
+        description: 'JWT configured to accept "none" algorithm — allows unsigned tokens',
+        fix: 'Never allow alg: none; always specify: algorithms: ["HS256"]',
+    },
+    {
+        id: 'SEC-12',
+        name: 'eval-usage',
+        severity: 'high',
+        pattern: /\beval\s*\(/g,
+        antiPattern: /\/\/.*eval|eslint-disable|\.test\.|\.spec\./,
+        description: 'eval() usage — allows arbitrary code execution',
+        fix: 'Replace eval with JSON.parse, Function constructor, or domain-specific parser',
+    },
+    {
+        id: 'SEC-13',
+        name: 'innerhtml-usage',
+        severity: 'high',
+        pattern: /\.innerHTML\s*=|dangerouslySetInnerHTML/g,
+        antiPattern: /sanitize|DOMPurify|xss/i,
+        description: 'innerHTML/dangerouslySetInnerHTML usage — XSS risk if input not sanitized',
+        fix: 'Use textContent, or sanitize with DOMPurify before setting innerHTML',
+    },
+    // ── Dead Import ──────────────────────────────────────
+    {
+        id: 'SEC-14',
+        name: 'unused-import-hint',
+        severity: 'info',
+        pattern: /import\s+{?\s*(\w+).*}\s+from/g,
+        // This is a hint — real detection needs usage check (below)
+        description: 'Potential unused import',
+        fix: 'Remove if unused — reduces attack surface and bundle size',
+    },
+];
+/** Patterns to extract related values across files */
+const VALUE_PATTERNS = [
+    {
+        key: 'access-token-ttl',
+        pattern: /(?:ACCESS_TOKEN_TTL|access.*ttl|token.*expir(?:es|y|ation)|maxAge|max_age)\s*[:=]\s*['"]?(\d+[smhd]?|\d+\s*\*\s*\d+)['"]?/gi,
+        extractValue: (m) => {
+            const raw = m[1];
+            if (!raw)
+                return null;
+            return { value: raw, unit: 'time' };
+        },
+    },
+    {
+        key: 'refresh-token-ttl',
+        pattern: /(?:REFRESH_TOKEN_TTL|refresh.*ttl|refresh.*expir)\s*[:=]\s*['"]?(\d+[smhd]?|\d+\s*\*\s*\d+)['"]?/gi,
+        extractValue: (m) => {
+            const raw = m[1];
+            if (!raw)
+                return null;
+            return { value: raw, unit: 'time' };
+        },
+    },
+    {
+        key: 'cookie-max-age',
+        pattern: /maxAge\s*:\s*(\d+(?:\s*\*\s*\d+)*)/g,
+        extractValue: (m) => {
+            const raw = m[1];
+            if (!raw)
+                return null;
+            try {
+                // eslint-disable-next-line no-eval
+                const val = Function(`"use strict"; return (${raw})`)();
+                return { value: val, unit: 'seconds' };
+            }
+            catch {
+                return { value: raw, unit: 'expression' };
+            }
+        },
+    },
+];
+// ═══════════════════════════════════════════════════════════
+// Scanner
+// ═══════════════════════════════════════════════════════════
+const SOURCE_EXTS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs']);
+const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', 'coverage', '.next', '.turbo']);
+export class SecurityScanner {
+    projectRoot;
+    constructor(projectRoot) {
+        this.projectRoot = projectRoot;
+    }
+    async scan() {
+        const start = Date.now();
+        const files = await this.collectFiles();
+        const findings = [];
+        const valueExtractions = [];
+        let findingCounter = 0;
+        for (const file of files) {
+            let content;
+            try {
+                content = await readFile(join(this.projectRoot, file), 'utf-8');
+            }
+            catch {
+                continue;
+            }
+            const lines = content.split('\n');
+            // Run security rules
+            for (const rule of RULES) {
+                // Skip unused-import-hint (handled separately below)
+                if (rule.id === 'SEC-14')
+                    continue;
+                // Check anti-pattern on whole file first
+                if (rule.antiPattern) {
+                    // For some rules, anti-pattern means "this file has proper handling"
+                    // We check per-match below for more precision
+                }
+                const regex = new RegExp(rule.pattern.source, rule.pattern.flags);
+                let match;
+                while ((match = regex.exec(content)) !== null) {
+                    const lineNum = this.getLineNumber(content, match.index);
+                    const codeLine = lines[lineNum - 1]?.trim() ?? '';
+                    // Per-line anti-pattern check
+                    if (rule.antiPattern) {
+                        // Check surrounding context (5 lines before)
+                        const contextStart = Math.max(0, lineNum - 6);
+                        const context = lines.slice(contextStart, lineNum).join('\n');
+                        if (rule.antiPattern.test(context) || rule.antiPattern.test(codeLine)) {
+                            continue;
+                        }
+                    }
+                    // Skip test files for most rules
+                    if (this.isTestFile(file) && rule.severity !== 'critical')
+                        continue;
+                    // Skip test files for hardcoded secret rules — test fixtures are expected
+                    if (this.isTestFile(file) && (rule.id === 'SEC-03' || rule.id === 'SEC-04'))
+                        continue;
+                    findings.push({
+                        id: `F${++findingCounter}`,
+                        rule: rule.id,
+                        severity: rule.severity,
+                        file,
+                        line: lineNum,
+                        code: codeLine.slice(0, 150),
+                        description: rule.description,
+                        fix: rule.fix,
+                    });
+                }
+            }
+            // Extract values for cross-file mismatch detection
+            for (const vp of VALUE_PATTERNS) {
+                const regex = new RegExp(vp.pattern.source, vp.pattern.flags);
+                let match;
+                while ((match = regex.exec(content)) !== null) {
+                    const extracted = vp.extractValue(match);
+                    if (extracted) {
+                        valueExtractions.push({
+                            file,
+                            line: this.getLineNumber(content, match.index),
+                            key: vp.key,
+                            ...extracted,
+                        });
+                    }
+                }
+            }
+        }
+        // Cross-file value mismatch detection
+        const mismatches = this.detectValueMismatches(valueExtractions);
+        for (const mismatch of mismatches) {
+            findings.push({
+                id: `F${++findingCounter}`,
+                rule: 'SEC-XVAL',
+                severity: 'low',
+                file: mismatch.values.map(v => v.file).join(' ↔ '),
+                line: mismatch.values[0]?.line ?? 0,
+                code: mismatch.values.map(v => `${v.file}:${v.line} → ${v.value}`).join(' | '),
+                description: mismatch.description,
+                fix: 'Ensure related values are consistent; extract to shared constant',
+            });
+        }
+        // Deduplicate (same rule + same file + same line)
+        const deduped = this.deduplicate(findings);
+        // Sort by severity
+        const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+        deduped.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+        const summary = {
+            total: deduped.length,
+            critical: deduped.filter(f => f.severity === 'critical').length,
+            high: deduped.filter(f => f.severity === 'high').length,
+            medium: deduped.filter(f => f.severity === 'medium').length,
+            low: deduped.filter(f => f.severity === 'low').length,
+            info: deduped.filter(f => f.severity === 'info').length,
+            securityScore: this.computeScore(deduped),
+        };
+        return {
+            findings: deduped,
+            summary,
+            scannedFiles: files.length,
+            duration: Date.now() - start,
+        };
+    }
+    // ═══════════════════════════════════════════════════════════
+    // Helpers
+    // ═══════════════════════════════════════════════════════════
+    detectValueMismatches(extractions) {
+        const mismatches = [];
+        // Group by key
+        const byKey = new Map();
+        for (const e of extractions) {
+            if (!byKey.has(e.key))
+                byKey.set(e.key, []);
+            byKey.get(e.key).push(e);
+        }
+        // Check access-token-ttl vs cookie-max-age
+        const tokenTTLs = byKey.get('access-token-ttl') ?? [];
+        const cookieMaxAges = byKey.get('cookie-max-age') ?? [];
+        if (tokenTTLs.length > 0 && cookieMaxAges.length > 0) {
+            // Simple heuristic: if values look different and are from different files
+            const tokenFiles = new Set(tokenTTLs.map(t => t.file));
+            const cookieFiles = new Set(cookieMaxAges.map(c => c.file));
+            const crossFile = [...cookieFiles].some(f => !tokenFiles.has(f));
+            if (crossFile) {
+                mismatches.push({
+                    key: 'token-ttl-vs-cookie-maxage',
+                    values: [...tokenTTLs, ...cookieMaxAges],
+                    description: `Token TTL and cookie maxAge defined in different files — values may be mismatched. Token: ${tokenTTLs.map(t => `${t.value} (${t.file}:${t.line})`).join(', ')}. Cookie: ${cookieMaxAges.map(c => `${c.value} (${c.file}:${c.line})`).join(', ')}`,
+                });
+            }
+        }
+        return mismatches;
+    }
+    computeScore(findings) {
+        let score = 100;
+        score -= findings.filter(f => f.severity === 'critical').length * 20;
+        score -= findings.filter(f => f.severity === 'high').length * 10;
+        score -= findings.filter(f => f.severity === 'medium').length * 5;
+        score -= findings.filter(f => f.severity === 'low').length * 2;
+        score -= findings.filter(f => f.severity === 'info').length * 0.5;
+        return Math.max(0, Math.min(100, score));
+    }
+    deduplicate(findings) {
+        const seen = new Set();
+        return findings.filter(f => {
+            const key = `${f.rule}:${f.file}:${f.line}`;
+            if (seen.has(key))
+                return false;
+            seen.add(key);
+            return true;
+        });
+    }
+    getLineNumber(content, charIndex) {
+        let count = 0;
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            count += lines[i].length + 1;
+            if (count > charIndex)
+                return i + 1;
+        }
+        return lines.length;
+    }
+    isTestFile(file) {
+        return /\.(test|spec)\.(ts|tsx|js|jsx)$/.test(file) ||
+            /__tests__\//.test(file) || /\btests?\//.test(file);
+    }
+    async collectFiles() {
+        const files = [];
+        await this.walk(this.projectRoot, files);
+        return files;
+    }
+    async walk(dir, files) {
+        let entries;
+        try {
+            entries = await readdir(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.isDirectory()) {
+                if (SKIP_DIRS.has(entry.name) || entry.name.startsWith('.'))
+                    continue;
+                await this.walk(join(dir, entry.name), files);
+            }
+            else if (entry.isFile() && SOURCE_EXTS.has(extname(entry.name).toLowerCase())) {
+                files.push(relative(this.projectRoot, join(dir, entry.name)).replace(/\\/g, '/'));
+            }
+        }
+    }
+}
+//# sourceMappingURL=security-scanner.js.map

package/dist/agent/tracer/security-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../../src/agent/tracer/security-scanner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAiDpD,MAAM,KAAK,GAAe;IACxB,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,mCAAmC;QAC5C,WAAW,EAAE,+GAA+G;QAC5H,WAAW,EAAE,+GAA+G;QAC5H,GAAG,EAAE,4FAA4F;KAClG;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,gFAAgF;QACzF,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,uFAAuF;QACpG,GAAG,EAAE,wEAAwE;KAC9E;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,mFAAmF;QAC5F,WAAW,EAAE,2EAA2E;QACxF,WAAW,EAAE,0CAA0C;QACvD,GAAG,EAAE,iDAAiD;KACvD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,iDAAiD;QAC1D,WAAW,EAAE,iDAAiD;QAC9D,GAAG,EAAE,oDAAoD;KAC1D;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,oFAAoF;QAC7F,WAAW,EAAE,kCAAkC;QAC/C,WAAW,EAAE,yEAAyE;QACtF,GAAG,EAAE,yEAAyE;KAC/E;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,4FAA4F;QACrG,WAAW,EAAE,2DAA2D;QACxE,GAAG,EAAE,2DAA2D;KACjE;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,+CAA+C;QACxD,WAAW,EAAE,kEAAkE;QAC/E,GAAG,EAAE,4DAA4D;KAClE;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,mCAAmC;QAC5C,WAAW,EAAE,4DAA4D;QACzE,GAAG,EAAE,4DAA4D;KAClE;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2EAA2E;QACpF,WAAW,EAAE,oCAAoC;QACjD,WAAW,EAAE,uEAAuE;QACpF,GAAG,EAAE,6CAA6C;KACnD;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,kEAAkE;QAC3E,WAAW,EAAE,2BAA2B;QACxC,WAAW,EAAE,sEAAsE;QACnF,GAAG,EAAE,wEAAwE;KAC9E;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,wCAAwC;QACjD,WAAW,EAAE,oEAAoE;QACjF,GAAG,EAAE,8DAA8D;KACpE;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,cAAc;QACvB,WAAW,EAAE,6CAA6C;QAC1D,WAAW,EAAE,gDAAgD;QAC7D,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,0CAA0C;QACnD,WAAW,EAAE,yBAAyB;QACtC,WAAW,EAAE,2EAA2E;QACxF,GAAG,EAAE,sEAAsE;KAC5E;IAED,wDAAwD;IACxD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,gCAAgC;QACzC,4DAA4D;QAC5D,WAAW,EAAE,yBAAyB;QACtC,GAAG,EAAE,2DAA2D;KACjE;CACF,CAAC;AAoBF,sDAAsD;AACtD,MAAM,cAAc,GAIf;IACH;QACE,GAAG,EAAE,kBAAkB;QACvB,OAAO,EAAE,6HAA6H;QACtI,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE;YAClB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAC;YACtB,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACtC,CAAC;KACF;IACD;QACE,GAAG,EAAE,mBAAmB;QACxB,OAAO,EAAE,oGAAoG;QAC7G,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE;YAClB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAC;YACtB,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACtC,CAAC;KACF;IACD;QACE,GAAG,EAAE,gBAAgB;QACrB,OAAO,EAAE,qCAAqC;QAC9C,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE;YAClB,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjB,IAAI,CAAC,GAAG;gBAAE,OAAO,IAAI,CAAC;YACtB,IAAI,CAAC;gBACH,mCAAmC;gBACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,yBAAyB,GAAG,GAAG,CAAC,EAAE,CAAC;gBACxD,OAAO,EAAE,KAAK,EAAE,GAAa,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YACnD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;YAC5C,CAAC;QACH,CAAC;KACF;CACF,CAAC;AAEF,8DAA8D;AAC9D,UAAU;AACV,8DAA8D;AAE9D,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAC5E,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAEpG,MAAM,OAAO,eAAe;IAClB,WAAW,CAAS;IAE5B,YAAY,WAAmB;QAC7B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,MAAM,gBAAgB,GAAsB,EAAE,CAAC;QAC/C,IAAI,cAAc,GAAG,CAAC,CAAC;QAEvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YAClE,CAAC;YAAC,MAAM,CAAC;gBAAC,SAAS;YAAC,CAAC;YAErB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,qBAAqB;YACrB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,qDAAqD;gBACrD,IAAI,IAAI,CAAC,EAAE,KAAK,QAAQ;oBAAE,SAAS;gBAEnC,yCAAyC;gBACzC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,qEAAqE;oBACrE,8CAA8C;gBAChD,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAClE,IAAI,KAA6B,CAAC;gBAElC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACzD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;oBAElD,8BAA8B;oBAC9B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;wBACrB,6CAA6C;wBAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;wBAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;wBAC9D,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;4BACtE,SAAS;wBACX,CAAC;oBACH,CAAC;oBAED,iCAAiC;oBACjC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,KAAK,UAAU;wBAAE,SAAS;oBACpE,0EAA0E;oBAC1E,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,KAAK,QAAQ,IAAI,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC;wBAAE,SAAS;oBAEtF,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;wBAC1B,IAAI,EAAE,IAAI,CAAC,EAAE;wBACb,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,IAAI;wBACJ,IAAI,EAAE,OAAO;wBACb,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAC5B,WAAW,EAAE,IAAI,CAAC,WAAW;wBAC7B,GAAG,EAAE,IAAI,CAAC,GAAG;qBACd,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;gBAChC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC9D,IAAI,KAA6B,CAAC;gBAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBAC9C,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;oBACzC,IAAI,SAAS,EAAE,CAAC;wBACd,gBAAgB,CAAC,IAAI,CAAC;4BACpB,IAAI;4BACJ,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC;4BAC9C,GAAG,EAAE,EAAE,CAAC,GAAG;4BACX,GAAG,SAAS;yBACb,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,MAAM,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,CAAC;QAChE,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;gBAC1B,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,KAAK;gBACf,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;gBAClD,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC;gBACnC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC9E,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,GAAG,EAAE,kEAAkE;aACxE,CAAC,CAAC;QACL,CAAC;QAED,kDAAkD;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE3C,mBAAmB;QACnB,MAAM,aAAa,GAAqC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;QAC7G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE9E,MAAM,OAAO,GAAG;YACd,KAAK,EAAE,OAAO,CAAC,MAAM;YACrB,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;YAC/D,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACvD,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;YAC3D,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;YACrD,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;YACvD,aAAa,EAAE,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC;SAC1C,CAAC;QAEF,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,OAAO;YACP,YAAY,EAAE,KAAK,CAAC,MAAM;YAC1B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,8DAA8D;IAC9D,UAAU;IACV,8DAA8D;IAEtD,qBAAqB,CAAC,WAA8B;QAC1D,MAAM,UAAU,GAAoB,EAAE,CAAC;QAEvC,eAAe;QACf,MAAM,KAAK,GAAG,IAAI,GAAG,EAA6B,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC5C,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QAED,2CAA2C;QAC3C,MAAM,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;QACtD,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAExD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrD,0EAA0E;YAC1E,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YACvD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5D,MAAM,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAEjE,IAAI,SAAS,EAAE,CAAC;gBACd,UAAU,CAAC,IAAI,CAAC;oBACd,GAAG,EAAE,4BAA4B;oBACjC,MAAM,EAAE,CAAC,GAAG,SAAS,EAAE,GAAG,aAAa,CAAC;oBACxC,WAAW,EAAE,6FAA6F,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBAChQ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,YAAY,CAAC,QAA2B;QAC9C,IAAI,KAAK,GAAG,GAAG,CAAC;QAChB,KAAK,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC;QACrE,KAAK,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,GAAG,EAAE,CAAC;QACjE,KAAK,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAClE,KAAK,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAC/D,KAAK,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC;QAClE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC3C,CAAC;IAEO,WAAW,CAAC,QAA2B;QAC7C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACzB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,OAAe,EAAE,SAAiB;QACtD,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,KAAK,IAAI,KAAK,CAAC,CAAC,CAAE,CAAC,MAAM,GAAG,CAAC,CAAC;YAC9B,IAAI,KAAK,GAAG,SAAS;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACtC,CAAC;QACD,OAAO,KAAK,CAAC,MAAM,CAAC;IACtB,CAAC;IAEO,UAAU,CAAC,IAAY;QAC7B,OAAO,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC;YACjD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,KAAK,CAAC,IAAI,CAAC,GAAW,EAAE,KAAe;QAC7C,IAAI,OAAO,CAAC;QACZ,IAAI,CAAC;YAAC,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO;QAAC,CAAC;QAChF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBACtE,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;YAChD,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAChF,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;IACH,CAAC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@barissozen/csns",
-  "version": "0.7.5",
+  "version": "0.7.6",
   "description": "CSNS — Code-aware Self-correcting Never-forgetting System",
   "type": "module",
   "main": "dist/index.js",