@fourteensystems/shipguard 0.1.0

package/dist/next/trpc.js

@@ -0,0 +1,339 @@
+import path from "node:path";
+import { readFileSync, existsSync } from "node:fs";
+import fg from "fast-glob";
+import { detectMutationSignals } from "./routes.js";
+/** Known tRPC handler markers in the proxy route file */
+const TRPC_PROXY_MARKERS = [
+    "fetchRequestHandler",
+    "createNextApiHandler",
+    "@trpc/server",
+    "trpcNext",
+];
+/** Procedure names that indicate authenticated access */
+const PROTECTED_PROCEDURE_NAMES = [
+    "protectedProcedure",
+    "authedProcedure",
+    "adminProcedure",
+    "privateProcedure",
+    "authenticatedProcedure",
+];
+const EMPTY_INDEX = {
+    detected: false,
+    procedures: [],
+    mutationProcedures: [],
+};
+export async function buildTrpcIndex(rootDir, appDir, _excludeGlobs) {
+    // Stage 1: Find tRPC proxy route
+    const proxyFile = findTrpcProxy(rootDir, appDir);
+    if (!proxyFile)
+        return EMPTY_INDEX;
+    const proxySrc = readSource(rootDir, proxyFile);
+    if (!proxySrc)
+        return EMPTY_INDEX;
+    // Stage 2: Resolve root router file
+    const rootRouterFile = resolveRootRouter(proxySrc, proxyFile, rootDir);
+    if (!rootRouterFile) {
+        return { detected: true, proxyFile, procedures: [], mutationProcedures: [] };
+    }
+    // Stage 3: Extract procedures from root router and sub-routers
+    const procedures = extractAllProcedures(rootDir, rootRouterFile);
+    const mutationProcedures = procedures.filter((p) => p.procedureKind === "mutation");
+    return {
+        detected: true,
+        proxyFile,
+        rootRouterFile,
+        procedures,
+        mutationProcedures,
+    };
+}
+// ---------------------------------------------------------------------------
+// Stage 1: Find tRPC proxy route
+// ---------------------------------------------------------------------------
+function findTrpcProxy(rootDir, appDir) {
+    // Look for App Router tRPC proxy: app/api/trpc/[trpc]/route.ts (or similar)
+    const candidates = fg.globSync(`${appDir}/**/api/trpc/**/route.{ts,js,tsx,jsx}`, { cwd: rootDir, ignore: ["**/node_modules/**"] });
+    for (const file of candidates) {
+        const src = readSource(rootDir, file);
+        if (!src)
+            continue;
+        if (TRPC_PROXY_MARKERS.some((m) => src.includes(m))) {
+            return file;
+        }
+    }
+    return undefined;
+}
+// ---------------------------------------------------------------------------
+// Stage 2: Resolve root router from proxy import
+// ---------------------------------------------------------------------------
+function resolveRootRouter(proxySrc, proxyFile, rootDir) {
+    // Pattern 1: import { appRouter } from '...'
+    // Pattern 2: import { someRouter as appRouter } from '...'
+    // Pattern 3: import appRouter from '...'
+    const importPatterns = [
+        /import\s+\{[^}]*appRouter[^}]*\}\s+from\s+['"]([^'"]+)['"]/,
+        /import\s+\{[^}]*\w+Router[^}]*\}\s+from\s+['"]([^'"]+)['"]/,
+        /import\s+(\w+Router)\s+from\s+['"]([^'"]+)['"]/,
+    ];
+    for (const pattern of importPatterns) {
+        const match = pattern.exec(proxySrc);
+        if (match) {
+            // Last capture group is always the path
+            const importPath = match[match.length - 1] ?? match[1];
+            if (importPath) {
+                const resolved = resolveImportPath(proxyFile, importPath, rootDir);
+                if (resolved)
+                    return resolved;
+            }
+        }
+    }
+    // Pattern 4: router: appRouter — find the import that defines appRouter
+    const routerPropMatch = /router\s*:\s*(\w+)/.exec(proxySrc);
+    if (routerPropMatch) {
+        const routerName = routerPropMatch[1];
+        const importForRouter = new RegExp(`import\\s+\\{[^}]*\\b${routerName}\\b[^}]*\\}\\s+from\\s+['"]([^'"]+)['"]`);
+        const m = importForRouter.exec(proxySrc);
+        if (m?.[1]) {
+            const resolved = resolveImportPath(proxyFile, m[1], rootDir);
+            if (resolved)
+                return resolved;
+        }
+    }
+    return undefined;
+}
+// ---------------------------------------------------------------------------
+// Stage 3: Extract procedures from router files
+// ---------------------------------------------------------------------------
+function extractAllProcedures(rootDir, rootRouterFile) {
+    const rootSrc = readSource(rootDir, rootRouterFile);
+    if (!rootSrc)
+        return [];
+    const procedures = [];
+    // Extract inline procedures from root router (e.g., healthcheck: publicProcedure.query(...))
+    const rootEntries = extractRouterEntries(rootSrc);
+    for (const entry of rootEntries) {
+        if (entry.type === "procedure") {
+            procedures.push(buildProcedure(entry.name, entry.name, rootRouterFile, entry, rootSrc));
+        }
+        else if (entry.type === "sub-router") {
+            // Resolve sub-router import and extract its procedures
+            const subRouterFile = resolveSubRouterImport(rootSrc, entry.importName, rootRouterFile, rootDir);
+            if (subRouterFile) {
+                const subSrc = readSource(rootDir, subRouterFile);
+                if (subSrc) {
+                    const subEntries = extractRouterEntries(subSrc);
+                    for (const sub of subEntries) {
+                        if (sub.type === "procedure") {
+                            procedures.push(buildProcedure(`${entry.name}.${sub.name}`, sub.name, subRouterFile, sub, subSrc));
+                        }
+                        // We don't follow nested sub-routers (one level only per spec)
+                    }
+                }
+            }
+        }
+    }
+    return procedures;
+}
+function extractRouterEntries(src) {
+    const entries = [];
+    const lines = src.split("\n");
+    // Find the router({ ... }) block
+    // Match: router({ or createTRPCRouter({
+    const routerBlockStart = lines.findIndex((l) => /(?:router|createTRPCRouter)\s*\(\s*\{/.test(l));
+    if (routerBlockStart === -1)
+        return entries;
+    // Walk through lines inside the router block looking for entries
+    // Pattern: `name: someIdentifier` (sub-router) or `name: publicProcedure.query(...)` (procedure)
+    let braceDepth = 0;
+    let insideRouter = false;
+    for (let i = routerBlockStart; i < lines.length; i++) {
+        const line = lines[i];
+        // Track brace depth
+        for (const ch of line) {
+            if (ch === "{")
+                braceDepth++;
+            if (ch === "}")
+                braceDepth--;
+        }
+        // Start tracking after the opening brace of router({
+        if (i === routerBlockStart) {
+            insideRouter = true;
+            // The opening { might be on this line — it's already counted above
+        }
+        // Stop when we close the router block
+        if (insideRouter && braceDepth <= 0)
+            break;
+        // Only look at entries at the top level of the router object (depth ~2: router({ entry: ... }))
+        // Match: `identifier: something`
+        const entryMatch = /^\s*(\w+)\s*:\s*(.+)/.exec(line);
+        if (!entryMatch)
+            continue;
+        const name = entryMatch[1];
+        const value = entryMatch[2].trim();
+        // Check if it's a procedure definition
+        if (isProcedureLine(value)) {
+            // Gather the full procedure text (may span multiple lines until the closing)
+            const procSrc = gatherProcedureSource(lines, i);
+            entries.push({
+                name,
+                type: "procedure",
+                procedureType: classifyProcedureType(procSrc),
+                procedureKind: classifyProcedureKind(procSrc),
+                line: i + 1,
+                procedureSrc: procSrc,
+                importName: name,
+            });
+        }
+        else {
+            // It's a sub-router reference (e.g., `post: postRouter` or `post: postRouter,`)
+            const identMatch = /^(\w+)/.exec(value);
+            if (identMatch) {
+                entries.push({
+                    name,
+                    type: "sub-router",
+                    importName: identMatch[1],
+                    line: i + 1,
+                });
+            }
+        }
+    }
+    return entries;
+}
+function isProcedureLine(value) {
+    // Matches: publicProcedure.query(...), protectedProcedure.input(...).mutation(...), etc.
+    return /(?:public|protected|authed|admin|private|authenticated)?[Pp]rocedure\b/.test(value);
+}
+function gatherProcedureSource(lines, startLine) {
+    // Collect lines from the entry start until we hit the next router entry
+    // or the closing of the router block.
+    // tRPC procedures are method chains that can span many lines:
+    //   name: publicProcedure
+    //     .input(z.object({...}))
+    //     .mutation(async ({input}) => {
+    //       ...
+    //     }),
+    const collected = [lines[startLine]];
+    const entryIndent = lines[startLine].search(/\S/);
+    for (let i = startLine + 1; i < lines.length && i < startLine + 100; i++) {
+        const line = lines[i];
+        const trimmed = line.trimStart();
+        // Stop at closing of router block
+        if (trimmed.startsWith("});") || trimmed === "})")
+            break;
+        // Stop if we hit the next entry at the same indent level
+        // (a line like `  nextEntry: ...` at similar indentation)
+        const lineIndent = line.search(/\S/);
+        if (lineIndent >= 0 && lineIndent <= entryIndent && /^\s*\w+\s*:/.test(line)) {
+            break;
+        }
+        collected.push(line);
+        // Stop after a trailing `),` at entry-level indentation (procedure chain ended)
+        if (trimmed === "),")
+            break;
+    }
+    return collected.join("\n");
+}
+function classifyProcedureType(src) {
+    if (/\bpublicProcedure\b/.test(src))
+        return "public";
+    for (const name of PROTECTED_PROCEDURE_NAMES) {
+        if (src.includes(name))
+            return "protected";
+    }
+    // Bare `procedure` without prefix — could be either, mark unknown
+    if (/\bprocedure\b/.test(src) && !/Procedure\b/.test(src))
+        return "unknown";
+    return "unknown";
+}
+function classifyProcedureKind(src) {
+    if (/\.mutation\s*\(/.test(src))
+        return "mutation";
+    if (/\.query\s*\(/.test(src))
+        return "query";
+    if (/\.subscription\s*\(/.test(src))
+        return "subscription";
+    return "unknown";
+}
+function buildProcedure(fullName, _localName, file, entry, fileSrc) {
+    // Detect mutation signals from the procedure's source (handler body)
+    const procSrc = entry.procedureSrc ?? "";
+    const signals = detectMutationSignals(procSrc);
+    // If the procedure is a mutation, that's also mutation evidence
+    if (entry.procedureKind === "mutation" && !signals.hasMutationEvidence) {
+        signals.hasMutationEvidence = true;
+        signals.mutationDetails.push("tRPC .mutation() endpoint");
+    }
+    return {
+        kind: "trpc-procedure",
+        name: fullName,
+        file,
+        line: entry.line,
+        procedureType: entry.procedureType ?? "unknown",
+        procedureKind: entry.procedureKind ?? "unknown",
+        signals,
+        routerName: entry.importName,
+    };
+}
+function resolveSubRouterImport(routerSrc, importName, routerFile, rootDir) {
+    // Find the import statement that defines this identifier
+    const importPattern = new RegExp(`import\\s+\\{[^}]*\\b${escapeRegex(importName)}\\b[^}]*\\}\\s+from\\s+['"]([^'"]+)['"]`);
+    const match = importPattern.exec(routerSrc);
+    if (match?.[1]) {
+        return resolveImportPath(routerFile, match[1], rootDir);
+    }
+    // Default import: import postRouter from './post'
+    const defaultImport = new RegExp(`import\\s+${escapeRegex(importName)}\\s+from\\s+['"]([^'"]+)['"]`);
+    const m2 = defaultImport.exec(routerSrc);
+    if (m2?.[1]) {
+        return resolveImportPath(routerFile, m2[1], rootDir);
+    }
+    return undefined;
+}
+// ---------------------------------------------------------------------------
+// Import resolution
+// ---------------------------------------------------------------------------
+function resolveImportPath(fromFile, importPath, rootDir) {
+    let resolved;
+    if (importPath.startsWith("~/") || importPath.startsWith("@/")) {
+        // T3 convention: ~/ and @/ map to src/
+        const stripped = importPath.slice(2);
+        resolved = path.join("src", stripped);
+    }
+    else if (importPath.startsWith(".")) {
+        // Relative import
+        const fromDir = path.dirname(fromFile);
+        resolved = path.join(fromDir, importPath);
+    }
+    else {
+        // Bare specifier (npm package) — can't resolve
+        return undefined;
+    }
+    // Try extensions
+    const extensions = [".ts", ".tsx", ".js", ".jsx"];
+    const candidates = [
+        resolved,
+        ...extensions.map((ext) => resolved + ext),
+        ...extensions.map((ext) => path.join(resolved, "index" + ext)),
+        ...extensions.map((ext) => path.join(resolved, "_app" + ext)),
+    ];
+    for (const candidate of candidates) {
+        if (existsSync(path.join(rootDir, candidate))) {
+            return candidate;
+        }
+    }
+    return undefined;
+}
+// ---------------------------------------------------------------------------
+// Utilities
+// ---------------------------------------------------------------------------
+function readSource(rootDir, file) {
+    try {
+        return readFileSync(path.join(rootDir, file), "utf8");
+    }
+    catch {
+        return null;
+    }
+}
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+//# sourceMappingURL=trpc.js.map

package/dist/next/trpc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"trpc.js","sourceRoot":"","sources":["../../src/next/trpc.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,MAAM,WAAW,CAAC;AAE3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAEpD,yDAAyD;AACzD,MAAM,kBAAkB,GAAG;IACzB,qBAAqB;IACrB,sBAAsB;IACtB,cAAc;IACd,UAAU;CACX,CAAC;AAEF,yDAAyD;AACzD,MAAM,yBAAyB,GAAG;IAChC,oBAAoB;IACpB,iBAAiB;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,wBAAwB;CACzB,CAAC;AAEF,MAAM,WAAW,GAAc;IAC7B,QAAQ,EAAE,KAAK;IACf,UAAU,EAAE,EAAE;IACd,kBAAkB,EAAE,EAAE;CACvB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,OAAe,EACf,MAAc,EACd,aAAuB;IAEvB,iCAAiC;IACjC,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACjD,IAAI,CAAC,SAAS;QAAE,OAAO,WAAW,CAAC;IAEnC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAChD,IAAI,CAAC,QAAQ;QAAE,OAAO,WAAW,CAAC;IAElC,oCAAoC;IACpC,MAAM,cAAc,GAAG,iBAAiB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IACvE,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAAC;IAC/E,CAAC;IAED,+DAA+D;IAC/D,MAAM,UAAU,GAAG,oBAAoB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACjE,MAAM,kBAAkB,GAAG,UAAU,CAAC,MAAM,CAC1C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,KAAK,UAAU,CACtC,CAAC;IAEF,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,SAAS;QACT,cAAc;QACd,UAAU;QACV,kBAAkB;KACnB,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E,SAAS,aAAa,CAAC,OAAe,EAAE,MAAc;IACpD,4EAA4E;IAC5E,MAAM,UAAU,GAAG,EAAE,CAAC,QAAQ,CAC5B,GAAG,MAAM,uCAAuC,EAChD,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,oBAAoB,CAAC,EAAE,CACjD,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E,SAAS,iBAAiB,CACxB,QAAgB,EAChB,SAAiB,EACjB,OAAe;IAEf,6CAA6C;IAC7C,2DAA2D;IAC3D,yCAAyC;IACzC,MAAM,cAAc,GAAG;QACrB,4DAA4D;QAC5D,4DAA4D;QAC5D,gDAAgD;KACjD,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,wCAAwC;YACxC,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YACvD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;gBACnE,IAAI,QAAQ;oBAAE,OAAO,QAAQ,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,MAAM,eAAe,GAAG,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5D,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,eAAe,GAAG,IAAI,MAAM,CAChC,wBAAwB,UAAU,yCAAyC,CAC5E,CAAC;QACF,MAAM,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACX,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAC7D,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,gDAAgD;AAChD,8EAA8E;AAE9E,SAAS,oBAAoB,CAC3B,OAAe,EACf,cAAsB;IAEtB,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,6FAA6F;IAC7F,MAAM,WAAW,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAElD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC/B,UAAU,CAAC,IAAI,CACb,cAAc,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,OAAO,CAAC,CACvE,CAAC;QACJ,CAAC;aAAM,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACvC,uDAAuD;YACvD,MAAM,aAAa,GAAG,sBAAsB,CAC1C,OAAO,EACP,KAAK,CAAC,UAAU,EAChB,cAAc,EACd,OAAO,CACR,CAAC;YACF,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;gBAClD,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;oBAChD,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;wBAC7B,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;4BAC7B,UAAU,CAAC,IAAI,CACb,cAAc,CACZ,GAAG,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,EAC3B,GAAG,CAAC,IAAI,EACR,aAAa,EACb,GAAG,EACH,MAAM,CACP,CACF,CAAC;wBACJ,CAAC;wBACD,+DAA+D;oBACjE,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAiBD,SAAS,oBAAoB,CAAC,GAAW;IACvC,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAE9B,iCAAiC;IACjC,wCAAwC;IACxC,MAAM,gBAAgB,GAAG,KAAK,CAAC,SAAS,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,uCAAuC,CAAC,IAAI,CAAC,CAAC,CAAC,CACvD,CAAC;IACF,IAAI,gBAAgB,KAAK,CAAC,CAAC;QAAE,OAAO,OAAO,CAAC;IAE5C,iEAAiE;IACjE,iGAAiG;IACjG,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,YAAY,GAAG,KAAK,CAAC;IAEzB,KAAK,IAAI,CAAC,GAAG,gBAAgB,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,oBAAoB;QACpB,KAAK,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC;YACtB,IAAI,EAAE,KAAK,GAAG;gBAAE,UAAU,EAAE,CAAC;YAC7B,IAAI,EAAE,KAAK,GAAG;gBAAE,UAAU,EAAE,CAAC;QAC/B,CAAC;QAED,qDAAqD;QACrD,IAAI,CAAC,KAAK,gBAAgB,EAAE,CAAC;YAC3B,YAAY,GAAG,IAAI,CAAC;YACpB,mEAAmE;QACrE,CAAC;QAED,sCAAsC;QACtC,IAAI,YAAY,IAAI,UAAU,IAAI,CAAC;YAAE,MAAM;QAE3C,gGAAgG;QAChG,iCAAiC;QACjC,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,CAAC,UAAU;YAAE,SAAS;QAE1B,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAEnC,uCAAuC;QACvC,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,6EAA6E;YAC7E,MAAM,OAAO,GAAG,qBAAqB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAEhD,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI;gBACJ,IAAI,EAAE,WAAW;gBACjB,aAAa,EAAE,qBAAqB,CAAC,OAAO,CAAC;gBAC7C,aAAa,EAAE,qBAAqB,CAAC,OAAO,CAAC;gBAC7C,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,YAAY,EAAE,OAAO;gBACrB,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,gFAAgF;YAChF,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxC,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,IAAI,EAAE,YAAY;oBAClB,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;oBACzB,IAAI,EAAE,CAAC,GAAG,CAAC;iBACZ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,yFAAyF;IACzF,OAAO,wEAAwE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC9F,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAe,EAAE,SAAiB;IAC/D,wEAAwE;IACxE,sCAAsC;IACtC,8DAA8D;IAC9D,0BAA0B;IAC1B,8BAA8B;IAC9B,qCAAqC;IACrC,YAAY;IACZ,UAAU;IACV,MAAM,SAAS,GAAa,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAElD,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,GAAG,SAAS,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACzE,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAEjC,kCAAkC;QAClC,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,OAAO,KAAK,IAAI;YAAE,MAAM;QAEzD,yDAAyD;QACzD,0DAA0D;QAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACrC,IAAI,UAAU,IAAI,CAAC,IAAI,UAAU,IAAI,WAAW,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7E,MAAM;QACR,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAErB,gFAAgF;QAChF,IAAI,OAAO,KAAK,IAAI;YAAE,MAAM;IAC9B,CAAC;IAED,OAAO,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAW;IAEX,IAAI,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,CAAC;IACrD,KAAK,MAAM,IAAI,IAAI,yBAAyB,EAAE,CAAC;QAC7C,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,OAAO,WAAW,CAAC;IAC7C,CAAC;IACD,kEAAkE;IAClE,IAAI,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5E,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,qBAAqB,CAC5B,GAAW;IAEX,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,UAAU,CAAC;IACnD,IAAI,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAC;IAC7C,IAAI,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,cAAc,CAAC;IAC3D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,cAAc,CACrB,QAAgB,EAChB,UAAkB,EAClB,IAAY,EACZ,KAAkB,EAClB,OAAe;IAEf,qEAAqE;IACrE,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,IAAI,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAE/C,gEAAgE;IAChE,IAAI,KAAK,CAAC,aAAa,KAAK,UAAU,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;QACvE,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;QACnC,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,QAAQ;QACd,IAAI;QACJ,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,aAAa,EAAE,KAAK,CAAC,aAAa,IAAI,SAAS;QAC/C,aAAa,EAAE,KAAK,CAAC,aAAa,IAAI,SAAS;QAC/C,OAAO;QACP,UAAU,EAAE,KAAK,CAAC,UAAU;KAC7B,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAC7B,SAAiB,EACjB,UAAkB,EAClB,UAAkB,EAClB,OAAe;IAEf,yDAAyD;IACzD,MAAM,aAAa,GAAG,IAAI,MAAM,CAC9B,wBAAwB,WAAW,CAAC,UAAU,CAAC,yCAAyC,CACzF,CAAC;IACF,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACf,OAAO,iBAAiB,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC1D,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,MAAM,CAC9B,aAAa,WAAW,CAAC,UAAU,CAAC,8BAA8B,CACnE,CAAC;IACF,MAAM,EAAE,GAAG,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACzC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACZ,OAAO,iBAAiB,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,SAAS,iBAAiB,CACxB,QAAgB,EAChB,UAAkB,EAClB,OAAe;IAEf,IAAI,QAAgB,CAAC;IAErB,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,uCAAuC;QACvC,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC;SAAM,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,kBAAkB;QAClB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACvC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,+CAA+C;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,iBAAiB;IACjB,MAAM,UAAU,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG;QACjB,QAAQ;QACR,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,GAAG,GAAG,CAAC;QAC1C,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,GAAG,GAAG,CAAC,CAAC;QAC9D,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,GAAG,CAAC,CAAC;KAC9D,CAAC;IAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC;YAC9C,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,SAAS,UAAU,CAAC,OAAe,EAAE,IAAY;IAC/C,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC"}

package/dist/next/types.d.ts

@@ -0,0 +1,100 @@
+export type Framework = "next-app-router";
+export type Severity = "low" | "med" | "high" | "critical";
+export type Confidence = "low" | "med" | "high";
+export type RouteKind = "route-handler" | "server-action";
+export interface NextRoute {
+    kind: "route-handler";
+    file: string;
+    method?: string;
+    pathname?: string;
+    isApi: boolean;
+    isPublic: boolean;
+    signals: MutationSignals;
+}
+export interface NextServerAction {
+    kind: "server-action";
+    file: string;
+    exportName?: string;
+    signals: MutationSignals;
+}
+export interface MutationSignals {
+    hasMutationEvidence: boolean;
+    hasDbWriteEvidence: boolean;
+    hasStripeWriteEvidence: boolean;
+    mutationDetails: string[];
+}
+export interface NextMiddlewareIndex {
+    file?: string;
+    authLikely: boolean;
+    rateLimitLikely: boolean;
+    matcherPatterns: string[];
+}
+export interface NextDepsIndex {
+    hasNextAuth: boolean;
+    hasClerk: boolean;
+    hasSupabase: boolean;
+    hasKinde: boolean;
+    hasWorkOS: boolean;
+    hasBetterAuth: boolean;
+    hasLucia: boolean;
+    hasAuth0: boolean;
+    hasIronSession: boolean;
+    hasFirebaseAuth: boolean;
+    hasUpstashRatelimit: boolean;
+    hasArcjet: boolean;
+    hasUnkey: boolean;
+    hasPrisma: boolean;
+    hasDrizzle: boolean;
+    hasTrpc: boolean;
+}
+export interface NextHints {
+    auth: {
+        functions: string[];
+        middlewareFiles: string[];
+        allowlistPaths: string[];
+    };
+    rateLimit: {
+        wrappers: string[];
+        allowlistPaths: string[];
+    };
+    tenancy: {
+        orgFieldNames: string[];
+    };
+}
+export interface TrpcProcedure {
+    kind: "trpc-procedure";
+    /** Dotted name, e.g. "post.add" */
+    name: string;
+    /** Router file where procedure is defined */
+    file: string;
+    line?: number;
+    procedureType: "public" | "protected" | "unknown";
+    procedureKind: "mutation" | "query" | "subscription" | "unknown";
+    signals: MutationSignals;
+    routerName?: string;
+}
+export interface TrpcIndex {
+    detected: boolean;
+    proxyFile?: string;
+    rootRouterFile?: string;
+    procedures: TrpcProcedure[];
+    mutationProcedures: TrpcProcedure[];
+}
+export interface NextIndex {
+    version: 1;
+    framework: Framework;
+    rootDir: string;
+    deps: NextDepsIndex;
+    hints: NextHints;
+    middleware: NextMiddlewareIndex;
+    routes: {
+        all: NextRoute[];
+        mutationRoutes: NextRoute[];
+    };
+    serverActions: {
+        all: NextServerAction[];
+        mutationActions: NextServerAction[];
+    };
+    trpc: TrpcIndex;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/next/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/next/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,SAAS,GAAG,iBAAiB,CAAC;AAE1C,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM,GAAG,UAAU,CAAC;AAC3D,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,KAAK,GAAG,MAAM,CAAC;AAEhD,MAAM,MAAM,SAAS,GAAG,eAAe,GAAG,eAAe,CAAC;AAE1D,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,eAAe,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,eAAe,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,sBAAsB,EAAE,OAAO,CAAC;IAChC,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,OAAO,CAAC;IACrB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,aAAa,EAAE,OAAO,CAAC;IACvB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,OAAO,CAAC;IACpB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE;QAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAAC,eAAe,EAAE,MAAM,EAAE,CAAC;QAAC,cAAc,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACnF,SAAS,EAAE;QAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,cAAc,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC5D,OAAO,EAAE;QAAE,aAAa,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CACtC;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,gBAAgB,CAAC;IACvB,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,6CAA6C;IAC7C,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,QAAQ,GAAG,WAAW,GAAG,SAAS,CAAC;IAClD,aAAa,EAAE,UAAU,GAAG,OAAO,GAAG,cAAc,GAAG,SAAS,CAAC;IACjE,OAAO,EAAE,eAAe,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,aAAa,EAAE,CAAC;IAC5B,kBAAkB,EAAE,aAAa,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,CAAC,CAAC;IACX,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,aAAa,CAAC;IACpB,KAAK,EAAE,SAAS,CAAC;IACjB,UAAU,EAAE,mBAAmB,CAAC;IAChC,MAAM,EAAE;QACN,GAAG,EAAE,SAAS,EAAE,CAAC;QACjB,cAAc,EAAE,SAAS,EAAE,CAAC;KAC7B,CAAC;IACF,aAAa,EAAE;QACb,GAAG,EAAE,gBAAgB,EAAE,CAAC;QACxB,eAAe,EAAE,gBAAgB,EAAE,CAAC;KACrC,CAAC;IACF,IAAI,EAAE,SAAS,CAAC;CACjB"}

package/dist/next/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/next/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/next/types.ts"],"names":[],"mappings":""}

package/dist/rules/auth-boundary-missing.d.ts

@@ -0,0 +1,5 @@
+import type { NextIndex } from "../next/types.js";
+import type { Finding, ShipguardConfig } from "../engine/types.js";
+export declare const RULE_ID = "AUTH-BOUNDARY-MISSING";
+export declare function run(index: NextIndex, config: ShipguardConfig): Finding[];
+//# sourceMappingURL=auth-boundary-missing.d.ts.map

package/dist/rules/auth-boundary-missing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-boundary-missing.d.ts","sourceRoot":"","sources":["../../src/rules/auth-boundary-missing.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAA+B,MAAM,kBAAkB,CAAC;AAC/E,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAInE,eAAO,MAAM,OAAO,0BAA0B,CAAC;AAE/C,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,eAAe,GAAG,OAAO,EAAE,CAqFxE"}