@fourteensystems/prodcheck 0.3.0

package/dist/next/detect.test.js

@@ -0,0 +1,74 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { detectNextAppRouter } from "./detect.js";
+describe("detectNextAppRouter", () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = mkdtempSync(path.join(os.tmpdir(), "prodcheck-detect-"));
+    });
+    afterEach(() => {
+        rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it("fails when package.json is missing", () => {
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(false);
+        expect(result.reason).toContain("package.json not found");
+    });
+    it("fails when next is not a dependency", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({ dependencies: { react: "18" } }));
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(false);
+        expect(result.reason).toContain("next dependency not found");
+    });
+    it("fails when app/ directory is missing", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({ dependencies: { next: "14" } }));
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(false);
+        expect(result.reason).toContain("app/ directory not found");
+    });
+    it("detects app/ directory", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({ dependencies: { next: "14" } }));
+        mkdirSync(path.join(tmpDir, "app"));
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(true);
+        expect(result.appDir).toBe("app");
+    });
+    it("detects src/app/ directory", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({ dependencies: { next: "14" } }));
+        mkdirSync(path.join(tmpDir, "src", "app"), { recursive: true });
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(true);
+        expect(result.appDir).toBe("src/app");
+    });
+    it("detects next in devDependencies", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({ devDependencies: { next: "14" } }));
+        mkdirSync(path.join(tmpDir, "app"));
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(true);
+    });
+    it("detects route handlers", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({ dependencies: { next: "14" } }));
+        mkdirSync(path.join(tmpDir, "app", "api", "test"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "api", "test", "route.ts"), "export async function GET() {}");
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(true);
+        expect(result.hasRouteHandlers).toBe(true);
+    });
+    it("detects server actions", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({ dependencies: { next: "14" } }));
+        mkdirSync(path.join(tmpDir, "app", "actions"), { recursive: true });
+        writeFileSync(path.join(tmpDir, "app", "actions", "create.ts"), '"use server"\nexport async function create() {}');
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(true);
+        expect(result.hasServerActions).toBe(true);
+    });
+    it("handles malformed package.json", () => {
+        writeFileSync(path.join(tmpDir, "package.json"), "not json");
+        const result = detectNextAppRouter(tmpDir);
+        expect(result.ok).toBe(false);
+        expect(result.reason).toContain("Failed to parse package.json");
+    });
+});
+//# sourceMappingURL=detect.test.js.map

package/dist/next/detect.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"detect.test.js","sourceRoot":"","sources":["../../src/next/detect.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,IAAI,MAAc,CAAC;IAEnB,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACpG,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACnG,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACnG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACnG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,eAAe,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACtG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACnG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,gCAAgC,CAAC,CAAC;QACrG,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACnG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,CAAC,EAAE,iDAAiD,CAAC,CAAC;QACnH,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,UAAU,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/next/index.d.ts

@@ -0,0 +1,5 @@
+import type { NextIndex } from "./types.js";
+export type { NextIndex } from "./types.js";
+export { detectNextAppRouter } from "./detect.js";
+export declare function buildNextIndex(rootDir: string, exclude: string[], onProgress?: (step: string) => void): Promise<NextIndex>;
+//# sourceMappingURL=index.d.ts.map

package/dist/next/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/next/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAU5C,YAAY,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,wBAAsB,cAAc,CAClC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EAAE,EACjB,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GAClC,OAAO,CAAC,SAAS,CAAC,CA6DpB"}

package/dist/next/index.js

@@ -0,0 +1,59 @@
+import path from "node:path";
+import { existsSync } from "node:fs";
+import { detectNextAppRouter } from "./detect.js";
+import { readDeps, defaultHintsFromDeps } from "./deps.js";
+import { analyzeMiddleware } from "./middleware.js";
+import { findRouteHandlers, classifyMutationRoutes } from "./routes.js";
+import { findServerActions, classifyMutationActions } from "./server-actions.js";
+import { buildTrpcIndex } from "./trpc.js";
+import { buildWrapperIndex, computeProtection } from "./wrappers.js";
+import { loadTsconfigPaths } from "../util/resolve.js";
+export { detectNextAppRouter } from "./detect.js";
+export async function buildNextIndex(rootDir, exclude, onProgress) {
+    const progress = onProgress ?? (() => { });
+    const det = detectNextAppRouter(rootDir);
+    if (!det.ok) {
+        throw new Error(`Prodcheck v1 supports Next.js App Router only: ${det.reason ?? "unknown reason"}`);
+    }
+    const { appDir } = det;
+    progress("Reading dependencies");
+    const deps = readDeps(rootDir);
+    // Check for middleware in standard locations
+    const hasMiddlewareTs = existsSync(path.join(rootDir, "middleware.ts"))
+        || existsSync(path.join(rootDir, "middleware.js"))
+        || existsSync(path.join(rootDir, "src/middleware.ts"))
+        || existsSync(path.join(rootDir, "src/middleware.js"));
+    const hints = defaultHintsFromDeps(deps, hasMiddlewareTs);
+    progress("Analyzing middleware");
+    const middleware = analyzeMiddleware(rootDir);
+    progress("Discovering routes");
+    const allRoutes = await findRouteHandlers(rootDir, exclude, appDir);
+    const mutationRoutes = classifyMutationRoutes(allRoutes);
+    progress("Discovering server actions");
+    const allActions = await findServerActions(rootDir, exclude, appDir);
+    const mutationActions = classifyMutationActions(allActions);
+    progress("Analyzing tRPC procedures");
+    const trpc = await buildTrpcIndex(rootDir, appDir, exclude);
+    // Wrapper introspection: resolve, analyze, compute protection
+    progress("Resolving wrappers");
+    const tsconfigPaths = loadTsconfigPaths(rootDir);
+    const resolveOpts = { rootDir, tsconfigPaths };
+    const wrappers = buildWrapperIndex(allRoutes, rootDir, resolveOpts, hints.auth.functions, hints.rateLimit.wrappers);
+    // Compute protection summary for each route
+    for (const route of allRoutes) {
+        route.protection = computeProtection(route, wrappers, middleware, hints, rootDir);
+    }
+    return {
+        version: 1,
+        framework: "next-app-router",
+        rootDir,
+        deps,
+        hints,
+        middleware,
+        wrappers,
+        routes: { all: allRoutes, mutationRoutes },
+        serverActions: { all: allActions, mutationActions: mutationActions },
+        trpc,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/next/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/next/index.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAGvD,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,OAAiB,EACjB,UAAmC;IAEnC,MAAM,QAAQ,GAAG,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,kDAAkD,GAAG,CAAC,MAAM,IAAI,gBAAgB,EAAE,CAAC,CAAC;IACtG,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IACvB,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IAE/B,6CAA6C;IAC7C,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;WAClE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;WAC/C,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;WACnD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC,CAAC;IAEzD,MAAM,KAAK,GAAG,oBAAoB,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAC1D,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAE9C,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAG,MAAM,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,cAAc,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAEzD,QAAQ,CAAC,4BAA4B,CAAC,CAAC;IACvC,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACrE,MAAM,eAAe,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAE5D,QAAQ,CAAC,2BAA2B,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAE5D,8DAA8D;IAC9D,QAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC/B,MAAM,aAAa,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAG,iBAAiB,CAChC,SAAS,EACT,OAAO,EACP,WAAW,EACX,KAAK,CAAC,IAAI,CAAC,SAAS,EACpB,KAAK,CAAC,SAAS,CAAC,QAAQ,CACzB,CAAC;IAEF,4CAA4C;IAC5C,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,KAAK,CAAC,UAAU,GAAG,iBAAiB,CAAC,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACpF,CAAC;IAED,OAAO;QACL,OAAO,EAAE,CAAC;QACV,SAAS,EAAE,iBAAiB;QAC5B,OAAO;QACP,IAAI;QACJ,KAAK;QACL,UAAU;QACV,QAAQ;QACR,MAAM,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,cAAc,EAAE;QAC1C,aAAa,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,eAAe,EAAE,eAAe,EAAE;QACpE,IAAI;KACL,CAAC;AACJ,CAAC"}

package/dist/next/middleware.d.ts

@@ -0,0 +1,3 @@
+import type { NextMiddlewareIndex } from "./types.js";
+export declare function analyzeMiddleware(rootDir: string): NextMiddlewareIndex;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/next/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/next/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAGtD,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB,CAiDtE"}

package/dist/next/middleware.js

@@ -0,0 +1,48 @@
+import path from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { findWorkspaceRoot } from "../util/monorepo.js";
+export function analyzeMiddleware(rootDir) {
+    // Next.js middleware can be at root or src/
+    const candidates = ["middleware.ts", "middleware.js", "src/middleware.ts", "src/middleware.js"];
+    let file;
+    let src = "";
+    for (const candidate of candidates) {
+        const abs = path.join(rootDir, candidate);
+        if (existsSync(abs)) {
+            file = candidate;
+            src = readFileSync(abs, "utf8");
+            break;
+        }
+    }
+    // In monorepos, middleware may be at the workspace root
+    if (!file) {
+        const wsRoot = findWorkspaceRoot(rootDir);
+        if (wsRoot) {
+            for (const candidate of candidates) {
+                const abs = path.join(wsRoot, candidate);
+                if (existsSync(abs)) {
+                    file = candidate;
+                    src = readFileSync(abs, "utf8");
+                    break;
+                }
+            }
+        }
+    }
+    if (!file) {
+        return { authLikely: false, rateLimitLikely: false, matcherPatterns: [] };
+    }
+    // Best-effort heuristics (keep conservative)
+    const authLikely = /getToken\s*\(|auth\s*\(|clerkMiddleware\s*\(|authMiddleware\s*\(|withAuth\s*\(|getServerSession\s*\(|\.auth\.getUser\s*\(|createMiddlewareClient\s*\(|authkitMiddleware\s*\(|kindeMiddleware\s*\(|withMiddlewareAuthRequired\s*\(|validateRequest\s*\(|getIronSession\s*\(/.test(src);
+    const rateLimitLikely = /ratelimit|rateLimit|upstash/i.test(src);
+    // Extract matcher config if present
+    const matcherPatterns = [];
+    const matcherMatch = src.match(/matcher\s*:\s*(\[[\s\S]*?\])/);
+    if (matcherMatch) {
+        const literals = matcherMatch[1].matchAll(/"([^"]+)"|'([^']+)'/g);
+        for (const m of literals) {
+            matcherPatterns.push(m[1] ?? m[2]);
+        }
+    }
+    return { file, authLikely, rateLimitLikely, matcherPatterns };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/next/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/next/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,4CAA4C;IAC5C,MAAM,UAAU,GAAG,CAAC,eAAe,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,CAAC,CAAC;IAChG,IAAI,IAAwB,CAAC;IAC7B,IAAI,GAAG,GAAG,EAAE,CAAC;IAEb,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC1C,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,GAAG,SAAS,CAAC;YACjB,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAChC,MAAM;QACR,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;gBACzC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACpB,IAAI,GAAG,SAAS,CAAC;oBACjB,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;oBAChC,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;IAC5E,CAAC;IAED,6CAA6C;IAC7C,MAAM,UAAU,GAAG,4QAA4Q,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1S,MAAM,eAAe,GAAG,8BAA8B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEjE,oCAAoC;IACpC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC/D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,eAAe,EAAE,eAAe,EAAE,CAAC;AAChE,CAAC"}

package/dist/next/middleware.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=middleware.test.d.ts.map

package/dist/next/middleware.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.test.d.ts","sourceRoot":"","sources":["../../src/next/middleware.test.ts"],"names":[],"mappings":""}

package/dist/next/middleware.test.js

@@ -0,0 +1,203 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { analyzeMiddleware } from "./middleware.js";
+describe("analyzeMiddleware", () => {
+    let tmpDir;
+    beforeEach(() => {
+        tmpDir = mkdtempSync(path.join(os.tmpdir(), "prodcheck-mw-"));
+    });
+    afterEach(() => {
+        rmSync(tmpDir, { recursive: true, force: true });
+    });
+    it("returns defaults when no middleware file exists", () => {
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.file).toBeUndefined();
+        expect(result.authLikely).toBe(false);
+        expect(result.rateLimitLikely).toBe(false);
+        expect(result.matcherPatterns).toEqual([]);
+    });
+    it("finds middleware.ts at root", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), "export function middleware() {}");
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.file).toBe("middleware.ts");
+    });
+    it("finds middleware.js at root", () => {
+        writeFileSync(path.join(tmpDir, "middleware.js"), "export function middleware() {}");
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.file).toBe("middleware.js");
+    });
+    it("finds src/middleware.ts", () => {
+        mkdirSync(path.join(tmpDir, "src"));
+        writeFileSync(path.join(tmpDir, "src", "middleware.ts"), "export function middleware() {}");
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.file).toBe("src/middleware.ts");
+    });
+    it("prefers root middleware.ts over src/middleware.ts", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), "// root");
+        mkdirSync(path.join(tmpDir, "src"));
+        writeFileSync(path.join(tmpDir, "src", "middleware.ts"), "// src");
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.file).toBe("middleware.ts");
+    });
+    it("detects Clerk auth", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { clerkMiddleware } from "@clerk/nextjs/server";
+      export default clerkMiddleware();
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("detects NextAuth getToken", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { getToken } from "next-auth/jwt";
+      const token = await getToken({ req });
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("detects NextAuth auth()", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { auth } from "./auth";
+      export default auth((req) => {});
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("detects Supabase createMiddlewareClient", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      const supabase = createMiddlewareClient({ req, res });
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("detects WorkOS authkitMiddleware", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { authkitMiddleware } from "@workos-inc/authkit-nextjs";
+      export default authkitMiddleware();
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("detects Kinde middleware", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { kindeMiddleware } from "@kinde-oss/kinde-auth-nextjs";
+      export default kindeMiddleware();
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("detects Auth0 withMiddlewareAuthRequired", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { withMiddlewareAuthRequired } from "@auth0/nextjs-auth0";
+      export default withMiddlewareAuthRequired();
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("detects iron-session getIronSession", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      const session = await getIronSession(req, res, config);
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+    });
+    it("does not flag auth for generic middleware", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      export function middleware(req) {
+        return NextResponse.next();
+      }
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(false);
+    });
+    it("detects rate limiting with upstash", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { Ratelimit } from "@upstash/ratelimit";
+      const ratelimit = new Ratelimit({ redis });
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.rateLimitLikely).toBe(true);
+    });
+    it("detects rateLimit keyword (camelCase)", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      const { success } = await rateLimit(req);
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.rateLimitLikely).toBe(true);
+    });
+    it("does not flag rate limit for generic middleware", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      export function middleware(req) { return NextResponse.next(); }
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.rateLimitLikely).toBe(false);
+    });
+    it("extracts matcher patterns", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      export const config = {
+        matcher: ["/api/:path*", "/dashboard/:path*"]
+      };
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.matcherPatterns).toEqual(["/api/:path*", "/dashboard/:path*"]);
+    });
+    it("extracts single-quoted matcher patterns", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      export const config = {
+        matcher: ['/api/:path*']
+      };
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.matcherPatterns).toEqual(["/api/:path*"]);
+    });
+    it("returns empty matcher when no config", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      export function middleware(req) { return NextResponse.next(); }
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.matcherPatterns).toEqual([]);
+    });
+    it("detects auth and rate limit together", () => {
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { clerkMiddleware } from "@clerk/nextjs/server";
+      import { Ratelimit } from "@upstash/ratelimit";
+      export default clerkMiddleware();
+    `);
+        const result = analyzeMiddleware(tmpDir);
+        expect(result.authLikely).toBe(true);
+        expect(result.rateLimitLikely).toBe(true);
+    });
+    it("finds middleware at monorepo workspace root (pnpm-workspace.yaml)", () => {
+        // Simulate monorepo: tmpDir/apps/web with middleware at tmpDir
+        const webDir = path.join(tmpDir, "apps", "web");
+        mkdirSync(webDir, { recursive: true });
+        writeFileSync(path.join(tmpDir, "pnpm-workspace.yaml"), "packages:\n  - apps/*");
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({}));
+        writeFileSync(path.join(webDir, "package.json"), JSON.stringify({}));
+        writeFileSync(path.join(tmpDir, "middleware.ts"), `
+      import { auth } from "./auth";
+      export default auth((req) => {});
+    `);
+        const result = analyzeMiddleware(webDir);
+        expect(result.file).toBe("middleware.ts");
+        expect(result.authLikely).toBe(true);
+    });
+    it("prefers local middleware over workspace root middleware", () => {
+        const webDir = path.join(tmpDir, "apps", "web");
+        mkdirSync(webDir, { recursive: true });
+        writeFileSync(path.join(tmpDir, "pnpm-workspace.yaml"), "packages:\n  - apps/*");
+        writeFileSync(path.join(tmpDir, "package.json"), JSON.stringify({}));
+        writeFileSync(path.join(webDir, "package.json"), JSON.stringify({}));
+        writeFileSync(path.join(tmpDir, "middleware.ts"), "// root middleware");
+        writeFileSync(path.join(webDir, "middleware.ts"), `
+      import { clerkMiddleware } from "@clerk/nextjs/server";
+      export default clerkMiddleware();
+    `);
+        const result = analyzeMiddleware(webDir);
+        expect(result.file).toBe("middleware.ts");
+        expect(result.authLikely).toBe(true);
+    });
+});
+//# sourceMappingURL=middleware.test.js.map

package/dist/next/middleware.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.test.js","sourceRoot":"","sources":["../../src/next/middleware.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxE,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,IAAI,MAAc,CAAC;IAEnB,UAAU,CAAC,GAAG,EAAE;QACd,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,eAAe,CAAC,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,MAAM,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,iCAAiC,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,iCAAiC,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,eAAe,CAAC,EAAE,iCAAiC,CAAC,CAAC;QAC5F,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,SAAS,CAAC,CAAC;QAC7D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;QACpC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,eAAe,CAAC,EAAE,QAAQ,CAAC,CAAC;QACnE,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAC5B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;KAEjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;KAEjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;;KAIjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;KAEjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;KAEjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;;KAIjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,mBAAmB,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;;KAIjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;KAEjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;;KAIjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;QAC3E,+DAA+D;QAC/D,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAChD,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACvC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,qBAAqB,CAAC,EAAE,uBAAuB,CAAC,CAAC;QACjF,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAChD,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACvC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,qBAAqB,CAAC,EAAE,uBAAuB,CAAC,CAAC;QACjF,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,oBAAoB,CAAC,CAAC;QACxE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE;;;KAGjD,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/next/routes.d.ts

@@ -0,0 +1,10 @@
+import type { NextRoute, MutationSignals, PublicIntent, MalformedPublicIntent } from "./types.js";
+export declare function findRouteHandlers(rootDir: string, excludeGlobs: string[], appDir?: string): Promise<NextRoute[]>;
+export declare function classifyMutationRoutes(all: NextRoute[]): NextRoute[];
+export declare function detectMutationSignals(src: string): MutationSignals;
+/**
+ * Parse `// prodcheck:public-intent reason="..."` directive from route source.
+ * Returns valid PublicIntent, malformed indicator, or null if not present.
+ */
+export declare function parsePublicIntent(src: string): PublicIntent | MalformedPublicIntent | null;
+//# sourceMappingURL=routes.d.ts.map

package/dist/next/routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/next/routes.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAkDlG,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EAAE,EACtB,MAAM,GAAE,MAAc,GACrB,OAAO,CAAC,SAAS,EAAE,CAAC,CAwCtB;AAED,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,SAAS,EAAE,CAOpE;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CA+ClE;AAYD;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,MAAM,GACV,YAAY,GAAG,qBAAqB,GAAG,IAAI,CAY7C"}

package/dist/next/routes.js

@@ -0,0 +1,172 @@
+import path from "node:path";
+import { readFileSync } from "node:fs";
+import fg from "fast-glob";
+/**
+ * Prisma write methods that indicate mutation.
+ */
+const PRISMA_WRITE_METHODS = [
+    "create", "createMany", "createManyAndReturn",
+    "update", "updateMany",
+    "upsert",
+    "delete", "deleteMany",
+    "insert", "insertMany", // Drizzle, Knex, MongoDB
+];
+/**
+ * Stripe write patterns (method chains that indicate mutation).
+ */
+const STRIPE_WRITE_PATTERNS = [
+    /stripe\.\w+\.create\s*\(/,
+    /stripe\.\w+\.update\s*\(/,
+    /stripe\.\w+\.del\s*\(/,
+    /stripe\.checkout\.sessions\.create\s*\(/,
+    /stripe\.subscriptions\./,
+];
+/**
+ * Known non-DB objects whose .update()/.delete()/.create() are false positives.
+ * Lowercase for case-insensitive matching.
+ */
+const NON_DB_CALLERS = new Set([
+    // crypto / hashing
+    "crypto", "hmac", "hash", "cipher", "decipher", "sign", "verify",
+    "calculatedsignature", "signature", "digest",
+    // state / UI
+    "state", "setstate", "set", "ref", "context",
+    // collections / cache / web APIs
+    "cache", "map", "store", "headers", "params", "searchparams",
+    "formdata", "cookies", "cookie", "cookiestore", "localstorage", "sessionstorage",
+    // streams / events
+    "socket", "stream", "emitter", "readable", "writable",
+    // DOM
+    "document", "element", "node",
+    // React / Next
+    "router", "response", "nextresponse", "summary",
+]);
+/**
+ * Admin-like path segments that suggest privileged operations.
+ */
+const ADMIN_PATH_SEGMENTS = /\/(admin|billing|invite|role|plan|sync|reindex|delete|remove)\//i;
+export async function findRouteHandlers(rootDir, excludeGlobs, appDir = "app") {
+    const files = fg.globSync(`${appDir}/**/route.{ts,js,tsx,jsx}`, {
+        cwd: rootDir,
+        ignore: ["**/node_modules/**", ...excludeGlobs],
+    });
+    const routes = [];
+    for (const file of files) {
+        const abs = path.join(rootDir, file);
+        let src;
+        try {
+            src = readFileSync(abs, "utf8");
+        }
+        catch {
+            continue; // Skip unreadable files
+        }
+        const signals = detectMutationSignals(src);
+        const method = detectExportedMethods(src);
+        const pathname = fileToPathname(file, appDir);
+        const isApi = pathname.startsWith("/api/") || pathname === "/api";
+        const intent = parsePublicIntent(src);
+        const publicIntent = intent && "reason" in intent ? intent : undefined;
+        const malformedPublicIntent = intent && !("reason" in intent) ? intent : undefined;
+        routes.push({
+            kind: "route-handler",
+            file,
+            method,
+            pathname,
+            isApi,
+            isPublic: true, // conservative default; can be overridden by config
+            signals,
+            ...(publicIntent && { publicIntent }),
+            ...(malformedPublicIntent && { malformedPublicIntent }),
+        });
+    }
+    return routes;
+}
+export function classifyMutationRoutes(all) {
+    return all.filter((r) => r.signals.hasMutationEvidence ||
+        r.signals.hasDbWriteEvidence ||
+        r.signals.hasStripeWriteEvidence);
+}
+export function detectMutationSignals(src) {
+    const details = [];
+    // Prisma / ORM writes
+    let hasDbWrite = false;
+    for (const method of PRISMA_WRITE_METHODS) {
+        const pattern = new RegExp(`(\\w+)\\.${method}\\s*\\(`, "g");
+        const matches = [...src.matchAll(pattern)];
+        // Filter out known non-DB callers (crypto.update, cache.delete, etc.)
+        const dbMatches = matches.filter((m) => !NON_DB_CALLERS.has(m[1].toLowerCase()));
+        if (dbMatches.length > 0) {
+            hasDbWrite = true;
+            details.push(`prisma.${method}`);
+        }
+    }
+    // Stripe writes
+    let hasStripeWrite = false;
+    for (const pattern of STRIPE_WRITE_PATTERNS) {
+        if (pattern.test(src)) {
+            hasStripeWrite = true;
+            details.push("stripe write operation");
+            break;
+        }
+    }
+    // Raw SQL writes
+    const rawSqlWrite = /\$executeRaw|query\s*\(\s*["'`](?:INSERT|UPDATE|DELETE)/i.test(src);
+    if (rawSqlWrite) {
+        hasDbWrite = true;
+        details.push("raw SQL write");
+    }
+    // General mutation signals: request body reading, admin path patterns
+    const readBody = /request\.json\s*\(|request\.formData\s*\(|req\.body/.test(src);
+    if (readBody) {
+        details.push("reads request body");
+    }
+    const hasMutation = hasDbWrite || hasStripeWrite || readBody;
+    return {
+        hasMutationEvidence: hasMutation,
+        hasDbWriteEvidence: hasDbWrite,
+        hasStripeWriteEvidence: hasStripeWrite,
+        mutationDetails: details,
+    };
+}
+function detectExportedMethods(src) {
+    const methods = [];
+    if (/export\s+(?:async\s+)?function\s+GET/m.test(src))
+        methods.push("GET");
+    if (/export\s+(?:async\s+)?function\s+POST/m.test(src))
+        methods.push("POST");
+    if (/export\s+(?:async\s+)?function\s+PUT/m.test(src))
+        methods.push("PUT");
+    if (/export\s+(?:async\s+)?function\s+PATCH/m.test(src))
+        methods.push("PATCH");
+    if (/export\s+(?:async\s+)?function\s+DELETE/m.test(src))
+        methods.push("DELETE");
+    return methods.length > 0 ? methods.join(",") : undefined;
+}
+/**
+ * Parse `// prodcheck:public-intent reason="..."` directive from route source.
+ * Returns valid PublicIntent, malformed indicator, or null if not present.
+ */
+export function parsePublicIntent(src) {
+    const lines = src.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const match = lines[i].match(/\/\/\s*prodcheck:public-intent\b(.*)/);
+        if (!match)
+            continue;
+        const reasonMatch = match[1].match(/reason\s*=\s*["']([^"']+)["']/);
+        if (reasonMatch && reasonMatch[1].trim()) {
+            return { reason: reasonMatch[1].trim(), line: i + 1 };
+        }
+        return { line: i + 1, raw: lines[i].trim() };
+    }
+    return null;
+}
+function fileToPathname(file, appDir = "app") {
+    // app/api/users/[id]/route.ts → /api/users/[id]
+    // src/app/api/users/[id]/route.ts → /api/users/[id]
+    const prefix = appDir.endsWith("/") ? appDir : appDir + "/";
+    return "/" + file
+        .replace(new RegExp(`^${prefix.replace(/[/]/g, "\\/")}`), "")
+        .replace(/\/route\.\w+$/, "")
+        .replace(/\\/g, "/");
+}
+//# sourceMappingURL=routes.js.map