@fourteensystems/prodcheck 0.3.0

package/dist/next/wrappers.test.js

@@ -0,0 +1,361 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { buildWrapperIndex, analyzeWrapperBody, computeProtection } from "./wrappers.js";
+function makeRoute(overrides = {}) {
+    return {
+        kind: "route-handler",
+        file: "app/api/test/route.ts",
+        isApi: true,
+        isPublic: true,
+        signals: {
+            hasMutationEvidence: true,
+            hasDbWriteEvidence: true,
+            hasStripeWriteEvidence: false,
+            mutationDetails: ["prisma.create"],
+        },
+        ...overrides,
+    };
+}
+const DEFAULT_HINTS = {
+    auth: { functions: ["auth", "getSession", "getServerSession"], middlewareFiles: [], allowlistPaths: [] },
+    rateLimit: { wrappers: ["rateLimit", "withRateLimit"], allowlistPaths: [] },
+    tenancy: { orgFieldNames: [] },
+};
+const DEFAULT_MIDDLEWARE = {
+    authLikely: false,
+    rateLimitLikely: false,
+    matcherPatterns: [],
+};
+describe("buildWrapperIndex", () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = mkdtempSync(path.join(os.tmpdir(), "prodcheck-wrapper-"));
+    });
+    afterEach(() => {
+        rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it("discovers wrapper from route file", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        mkdirSync(path.join(tmpDir, "src", "lib"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `import { withWorkspace } from "@/lib/auth";
+       export const POST = withWorkspace(async (req) => {
+         await prisma.user.create({ data: { name: "test" } });
+         return Response.json({});
+       });`);
+        writeFileSync(path.join(tmpDir, "src", "lib", "auth.ts"), `export function withWorkspace(handler: any) {
+         return async (req: any) => {
+           const session = await getSession();
+           if (!session) throw new Error("Unauthorized");
+           return handler(req, { session });
+         };
+       }`);
+        const routes = [makeRoute({ file: "app/api/test/route.ts" })];
+        const result = buildWrapperIndex(routes, tmpDir, { rootDir: tmpDir }, ["auth", "getSession"], ["rateLimit"]);
+        expect(result.wrappers.size).toBe(1);
+        const wrapper = result.wrappers.get("withWorkspace");
+        expect(wrapper).toBeDefined();
+        expect(wrapper.resolved).toBe(true);
+        expect(wrapper.evidence.authCallPresent).toBe(true);
+        expect(wrapper.evidence.authEnforced).toBe(true);
+        expect(wrapper.usageCount).toBe(1);
+        expect(wrapper.mutationRouteCount).toBe(1);
+    });
+    it("detects unresolvable npm package wrapper", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `import { withAuth } from "some-npm-package";
+       export const POST = withAuth(async (req) => {
+         return Response.json({});
+       });`);
+        const routes = [makeRoute({ file: "app/api/test/route.ts" })];
+        const result = buildWrapperIndex(routes, tmpDir, { rootDir: tmpDir }, ["auth"], ["rateLimit"]);
+        const wrapper = result.wrappers.get("withAuth");
+        expect(wrapper).toBeDefined();
+        expect(wrapper.resolved).toBe(false);
+    });
+    it("aggregates usage across multiple routes", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "a"), { recursive: true });
+        mkdirSync(path.join(tmpDir, "app", "api", "b"), { recursive: true });
+        mkdirSync(path.join(tmpDir, "src", "lib"), { recursive: true });
+        const routeContent = `import { withWorkspace } from "@/lib/auth";
+       export const POST = withWorkspace(async (req) => {
+         await prisma.user.create({ data: {} });
+         return Response.json({});
+       });`;
+        writeFileSync(path.join(tmpDir, "app", "api", "a", "route.ts"), routeContent);
+        writeFileSync(path.join(tmpDir, "app", "api", "b", "route.ts"), routeContent);
+        writeFileSync(path.join(tmpDir, "src", "lib", "auth.ts"), `export function withWorkspace(handler: any) { return handler; }`);
+        const routes = [
+            makeRoute({ file: "app/api/a/route.ts" }),
+            makeRoute({ file: "app/api/b/route.ts" }),
+        ];
+        const result = buildWrapperIndex(routes, tmpDir, { rootDir: tmpDir }, ["auth"], ["rateLimit"]);
+        const wrapper = result.wrappers.get("withWorkspace");
+        expect(wrapper.usageCount).toBe(2);
+        expect(wrapper.mutationRouteCount).toBe(2);
+    });
+    it("handles same-file wrapper definition", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `function withAuth(handler: any) {
+         return async (req: any) => {
+           const session = await auth();
+           if (!session) throw new Error("Unauthorized");
+           return handler(req);
+         };
+       }
+       export const POST = withAuth(async (req) => {
+         return Response.json({});
+       });`);
+        const routes = [makeRoute({ file: "app/api/test/route.ts" })];
+        const result = buildWrapperIndex(routes, tmpDir, { rootDir: tmpDir }, ["auth"], ["rateLimit"]);
+        const wrapper = result.wrappers.get("withAuth");
+        expect(wrapper).toBeDefined();
+        expect(wrapper.resolved).toBe(true);
+        expect(wrapper.evidence.authCallPresent).toBe(true);
+    });
+});
+describe("analyzeWrapperBody", () => {
+    it("detects auth call + enforcement", () => {
+        const src = `
+      export function withAuth(handler: any) {
+        return async (req: any) => {
+          const session = await getSession();
+          if (!session) {
+            throw new Error("Unauthorized");
+          }
+          return handler(req, { session });
+        };
+      }
+    `;
+        const evidence = analyzeWrapperBody("withAuth", src, ["getSession"], []);
+        expect(evidence.authCallPresent).toBe(true);
+        expect(evidence.authEnforced).toBe(true);
+    });
+    it("detects auth call without enforcement", () => {
+        const src = `
+      export function withLogging(handler: any) {
+        return async (req: any) => {
+          const session = await getSession();
+          console.log("User:", session?.user?.name);
+          return handler(req);
+        };
+      }
+    `;
+        const evidence = analyzeWrapperBody("withLogging", src, ["getSession"], []);
+        expect(evidence.authCallPresent).toBe(true);
+        expect(evidence.authEnforced).toBe(false);
+    });
+    it("detects rate-limit call + enforcement", () => {
+        const src = `
+      export function withRateLimiting(handler: any) {
+        return async (req: any) => {
+          const { success } = await rateLimit(req);
+          if (!success) {
+            return new Response("Too many requests", { status: 429 });
+          }
+          return handler(req);
+        };
+      }
+    `;
+        const evidence = analyzeWrapperBody("withRateLimiting", src, [], ["rateLimit"]);
+        expect(evidence.rateLimitCallPresent).toBe(true);
+        expect(evidence.rateLimitEnforced).toBe(true);
+    });
+    it("detects both auth and rate-limit", () => {
+        const src = `
+      import { getSession } from "next-auth";
+      import { Ratelimit } from "@upstash/ratelimit";
+
+      export function withWorkspace(handler: any) {
+        return async (req: any) => {
+          const session = await getSession();
+          if (!session) return new Response("Unauthorized", { status: 401 });
+
+          const { success } = await rateLimit.limit(session.user.id);
+          if (!success) return new Response("Rate limited", { status: 429 });
+
+          return handler(req, { session });
+        };
+      }
+    `;
+        const evidence = analyzeWrapperBody("withWorkspace", src, ["getSession"], ["rateLimit"]);
+        expect(evidence.authCallPresent).toBe(true);
+        expect(evidence.authEnforced).toBe(true);
+        expect(evidence.rateLimitCallPresent).toBe(true);
+        expect(evidence.rateLimitEnforced).toBe(true);
+    });
+    it("detects Supabase auth pattern in wrapper", () => {
+        const src = `
+      export function withAuth(handler: any) {
+        return async (req: any) => {
+          const { data: { user } } = await supabase.auth.getUser();
+          if (!user) throw new Error("Unauthorized");
+          return handler(req, { user });
+        };
+      }
+    `;
+        const evidence = analyzeWrapperBody("withAuth", src, [], []);
+        expect(evidence.authCallPresent).toBe(true);
+        expect(evidence.authEnforced).toBe(true);
+    });
+    it("detects upstash ratelimit import as RL evidence", () => {
+        const src = `
+      import { Ratelimit } from "@upstash/ratelimit";
+      const ratelimit = new Ratelimit({ ... });
+
+      export function withRL(handler: any) {
+        return async (req: any) => {
+          const { success } = await ratelimit.limit("key");
+          if (!success) throw new Error("Rate limited");
+          return handler(req);
+        };
+      }
+    `;
+        const evidence = analyzeWrapperBody("withRL", src, [], []);
+        expect(evidence.rateLimitCallPresent).toBe(true);
+        expect(evidence.rateLimitEnforced).toBe(true);
+    });
+    it("returns no evidence for generic wrapper", () => {
+        const src = `
+      export function withErrorBoundary(handler: any) {
+        return async (req: any) => {
+          try {
+            return handler(req);
+          } catch (e) {
+            return new Response("Error", { status: 500 });
+          }
+        };
+      }
+    `;
+        const evidence = analyzeWrapperBody("withErrorBoundary", src, ["auth", "getSession"], ["rateLimit"]);
+        expect(evidence.authCallPresent).toBe(false);
+        expect(evidence.rateLimitCallPresent).toBe(false);
+    });
+});
+describe("computeProtection", () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = mkdtempSync(path.join(os.tmpdir(), "prodcheck-prot-"));
+    });
+    afterEach(() => {
+        rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it("marks satisfied when wrapper has auth enforcement", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `import { withWorkspace } from "@/lib/auth";
+       export const POST = withWorkspace(async (req) => {});`);
+        const wrapperIndex = {
+            wrappers: new Map([
+                ["withWorkspace", {
+                        name: "withWorkspace",
+                        definitionFile: "src/lib/auth.ts",
+                        resolved: true,
+                        evidence: {
+                            authCallPresent: true,
+                            authEnforced: true,
+                            rateLimitCallPresent: true,
+                            rateLimitEnforced: true,
+                            authDetails: ["calls getSession()"],
+                            rateLimitDetails: ["calls rateLimit()"],
+                        },
+                        usageCount: 1,
+                        usageFiles: ["app/api/test/route.ts"],
+                        mutationRouteCount: 1,
+                    }],
+            ]),
+        };
+        const route = makeRoute({ file: "app/api/test/route.ts" });
+        const protection = computeProtection(route, wrapperIndex, DEFAULT_MIDDLEWARE, DEFAULT_HINTS, tmpDir);
+        expect(protection.auth.satisfied).toBe(true);
+        expect(protection.auth.enforced).toBe(true);
+        expect(protection.auth.sources).toContain("wrapper");
+        expect(protection.rateLimit.satisfied).toBe(true);
+    });
+    it("marks unverified when wrapper calls auth but doesn't enforce", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `import { withLogging } from "@/lib/logging";
+       export const POST = withLogging(async (req) => {});`);
+        const wrapperIndex = {
+            wrappers: new Map([
+                ["withLogging", {
+                        name: "withLogging",
+                        definitionFile: "src/lib/logging.ts",
+                        resolved: true,
+                        evidence: {
+                            authCallPresent: true,
+                            authEnforced: false,
+                            rateLimitCallPresent: false,
+                            rateLimitEnforced: false,
+                            authDetails: ["calls getSession()"],
+                            rateLimitDetails: [],
+                        },
+                        usageCount: 1,
+                        usageFiles: ["app/api/test/route.ts"],
+                        mutationRouteCount: 1,
+                    }],
+            ]),
+        };
+        const route = makeRoute({ file: "app/api/test/route.ts" });
+        const protection = computeProtection(route, wrapperIndex, DEFAULT_MIDDLEWARE, DEFAULT_HINTS, tmpDir);
+        expect(protection.auth.satisfied).toBe(false);
+        expect(protection.auth.unverifiedWrappers).toContain("withLogging");
+    });
+    it("marks satisfied when direct auth call in route", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `export async function POST(req: Request) {
+         const session = await auth();
+         return Response.json({});
+       }`);
+        const emptyWrappers = { wrappers: new Map() };
+        const route = makeRoute({ file: "app/api/test/route.ts" });
+        const protection = computeProtection(route, emptyWrappers, DEFAULT_MIDDLEWARE, DEFAULT_HINTS, tmpDir);
+        expect(protection.auth.satisfied).toBe(true);
+        expect(protection.auth.sources).toContain("direct");
+    });
+    it("marks satisfied when middleware covers route", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `export async function POST(req: Request) {
+         return Response.json({});
+       }`);
+        const middleware = {
+            authLikely: true,
+            rateLimitLikely: false,
+            matcherPatterns: ["/api/:path*"],
+        };
+        const emptyWrappers = { wrappers: new Map() };
+        const route = makeRoute({ file: "app/api/test/route.ts", pathname: "/api/test" });
+        const protection = computeProtection(route, emptyWrappers, middleware, DEFAULT_HINTS, tmpDir);
+        expect(protection.auth.satisfied).toBe(true);
+        expect(protection.auth.sources).toContain("middleware");
+    });
+    it("marks unverified when wrapper is unresolved", () => {
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), `import { withUnknown } from "some-package";
+       export const POST = withUnknown(async (req) => {});`);
+        const wrapperIndex = {
+            wrappers: new Map([
+                ["withUnknown", {
+                        name: "withUnknown",
+                        resolved: false,
+                        evidence: {
+                            authCallPresent: false,
+                            authEnforced: false,
+                            rateLimitCallPresent: false,
+                            rateLimitEnforced: false,
+                            authDetails: [],
+                            rateLimitDetails: [],
+                        },
+                        usageCount: 1,
+                        usageFiles: ["app/api/test/route.ts"],
+                        mutationRouteCount: 1,
+                    }],
+            ]),
+        };
+        const route = makeRoute({ file: "app/api/test/route.ts" });
+        const protection = computeProtection(route, wrapperIndex, DEFAULT_MIDDLEWARE, DEFAULT_HINTS, tmpDir);
+        expect(protection.auth.satisfied).toBe(false);
+        expect(protection.auth.unverifiedWrappers).toContain("withUnknown");
+    });
+});
+//# sourceMappingURL=wrappers.test.js.map

package/dist/next/wrappers.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrappers.test.js","sourceRoot":"","sources":["../../src/next/wrappers.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAGzF,SAAS,SAAS,CAAC,YAAgC,EAAE;IACnD,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,IAAI,EAAE,uBAAuB;QAC7B,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE;YACP,mBAAmB,EAAE,IAAI;YACzB,kBAAkB,EAAE,IAAI;YACxB,sBAAsB,EAAE,KAAK;YAC7B,eAAe,EAAE,CAAC,eAAe,CAAC;SACnC;QACD,GAAG,SAAS;KACb,CAAC;AACJ,CAAC;AAED,MAAM,aAAa,GAAc;IAC/B,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,kBAAkB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;IACxG,SAAS,EAAE,EAAE,QAAQ,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC,EAAE,cAAc,EAAE,EAAE,EAAE;IAC3E,OAAO,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;CAC/B,CAAC;AAEF,MAAM,kBAAkB,GAAwB;IAC9C,UAAU,EAAE,KAAK;IACjB,eAAe,EAAE,KAAK;IACtB,eAAe,EAAE,EAAE;CACpB,CAAC;AAEF,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,IAAI,MAAc,CAAC;IAEnB,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,oBAAoB,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;;;;WAIK,CACN,CAAC;QAEF,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,EAC1C;;;;;;SAMG,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAE7G,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACrD,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,MAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,CAAC,OAAQ,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,OAAQ,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;;;WAGK,CACN,CAAC;QAEF,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAE/F,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhE,MAAM,YAAY,GAAG;;;;WAId,CAAC;QAER,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,EAAE,YAAY,CAAC,CAAC;QAC9E,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,CAAC,EAAE,YAAY,CAAC,CAAC;QAE9E,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,EAC1C,iEAAiE,CAClE,CAAC;QAEF,MAAM,MAAM,GAAG;YACb,SAAS,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,CAAC;YACzC,SAAS,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,CAAC;SAC1C,CAAC;QACF,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAE/F,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACrD,MAAM,CAAC,OAAQ,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,CAAC,OAAQ,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;;;;;;;;;WASK,CACN,CAAC;QAEF,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAE/F,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAChD,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,GAAG,GAAG;;;;;;;;;;KAUX,CAAC;QACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,UAAU,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,GAAG,GAAG;;;;;;;;KAQX,CAAC;QACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,GAAG,GAAG;;;;;;;;;;KAUX,CAAC;QACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,kBAAkB,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QAChF,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,GAAG,GAAG;;;;;;;;;;;;;;;KAeX,CAAC;QACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,eAAe,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,GAAG,GAAG;;;;;;;;KAQX,CAAC;QACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,UAAU,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7D,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,GAAG,GAAG;;;;;;;;;;;KAWX,CAAC;QACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3D,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,GAAG,GAAG;;;;;;;;;;KAUX,CAAC;QACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,mBAAmB,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,YAAY,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;QACrG,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,IAAI,MAAc,CAAC;IAEnB,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;6DACuD,CACxD,CAAC;QAEF,MAAM,YAAY,GAAiB;YACjC,QAAQ,EAAE,IAAI,GAAG,CAAC;gBAChB,CAAC,eAAe,EAAE;wBAChB,IAAI,EAAE,eAAe;wBACrB,cAAc,EAAE,iBAAiB;wBACjC,QAAQ,EAAE,IAAI;wBACd,QAAQ,EAAE;4BACR,eAAe,EAAE,IAAI;4BACrB,YAAY,EAAE,IAAI;4BAClB,oBAAoB,EAAE,IAAI;4BAC1B,iBAAiB,EAAE,IAAI;4BACvB,WAAW,EAAE,CAAC,oBAAoB,CAAC;4BACnC,gBAAgB,EAAE,CAAC,mBAAmB,CAAC;yBACxC;wBACD,UAAU,EAAE,CAAC;wBACb,UAAU,EAAE,CAAC,uBAAuB,CAAC;wBACrC,kBAAkB,EAAE,CAAC;qBACtB,CAAC;aACH,CAAC;SACH,CAAC;QAEF,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAErG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;2DACqD,CACtD,CAAC;QAEF,MAAM,YAAY,GAAiB;YACjC,QAAQ,EAAE,IAAI,GAAG,CAAC;gBAChB,CAAC,aAAa,EAAE;wBACd,IAAI,EAAE,aAAa;wBACnB,cAAc,EAAE,oBAAoB;wBACpC,QAAQ,EAAE,IAAI;wBACd,QAAQ,EAAE;4BACR,eAAe,EAAE,IAAI;4BACrB,YAAY,EAAE,KAAK;4BACnB,oBAAoB,EAAE,KAAK;4BAC3B,iBAAiB,EAAE,KAAK;4BACxB,WAAW,EAAE,CAAC,oBAAoB,CAAC;4BACnC,gBAAgB,EAAE,EAAE;yBACrB;wBACD,UAAU,EAAE,CAAC;wBACb,UAAU,EAAE,CAAC,uBAAuB,CAAC;wBACrC,kBAAkB,EAAE,CAAC;qBACtB,CAAC;aACH,CAAC;SACH,CAAC;QAEF,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAErG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9C,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;;;SAGG,CACJ,CAAC;QAEF,MAAM,aAAa,GAAiB,EAAE,QAAQ,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC;QAC5D,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAEtG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;;SAEG,CACJ,CAAC;QAEF,MAAM,UAAU,GAAwB;YACtC,UAAU,EAAE,IAAI;YAChB,eAAe,EAAE,KAAK;YACtB,eAAe,EAAE,CAAC,aAAa,CAAC;SACjC,CAAC;QAEF,MAAM,aAAa,GAAiB,EAAE,QAAQ,EAAE,IAAI,GAAG,EAAE,EAAE,CAAC;QAC5D,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;QAClF,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAE9F,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAExE,aAAa,CACX,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EACnD;2DACqD,CACtD,CAAC;QAEF,MAAM,YAAY,GAAiB;YACjC,QAAQ,EAAE,IAAI,GAAG,CAAC;gBAChB,CAAC,aAAa,EAAE;wBACd,IAAI,EAAE,aAAa;wBACnB,QAAQ,EAAE,KAAK;wBACf,QAAQ,EAAE;4BACR,eAAe,EAAE,KAAK;4BACtB,YAAY,EAAE,KAAK;4BACnB,oBAAoB,EAAE,KAAK;4BAC3B,iBAAiB,EAAE,KAAK;4BACxB,WAAW,EAAE,EAAE;4BACf,gBAAgB,EAAE,EAAE;yBACrB;wBACD,UAAU,EAAE,CAAC;wBACb,UAAU,EAAE,CAAC,uBAAuB,CAAC;wBACrC,kBAAkB,EAAE,CAAC;qBACtB,CAAC;aACH,CAAC;SACH,CAAC;QAEF,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAErG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9C,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/rules/auth-boundary-missing.d.ts

@@ -0,0 +1,5 @@
+import type { NextIndex } from "../next/types.js";
+import type { Finding, ProdcheckConfig } from "../engine/types.js";
+export declare const RULE_ID = "AUTH-BOUNDARY-MISSING";
+export declare function run(index: NextIndex, config: ProdcheckConfig): Finding[];
+//# sourceMappingURL=auth-boundary-missing.d.ts.map

package/dist/rules/auth-boundary-missing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-boundary-missing.d.ts","sourceRoot":"","sources":["../../src/rules/auth-boundary-missing.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAA+B,MAAM,kBAAkB,CAAC;AAC/E,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAInE,eAAO,MAAM,OAAO,0BAA0B,CAAC;AAc/C,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,GAAG,OAAO,EAAE,CAkGxE"}