@grafema/core 0.1.1-alpha → 0.2.0-beta

package/dist/plugins/validation/CallResolverValidator.js

@@ -1,16 +1,18 @@
 /**
- * CallResolverValidator - проверяет что все вызовы функций ссылаются на определения
+ * CallResolverValidator - validates function call resolution (REG-227)
  *
- * Использует Datalog для декларативной проверки гарантии:
- * "Все внутренние вызовы функций (CALL_SITE) должны иметь CALLS ребро к FUNCTION"
+ * Checks that all function calls are properly resolved:
+ * - Internal calls: CALLS edge to FUNCTION node
+ * - External calls: CALLS edge to EXTERNAL_MODULE node
+ * - Builtin calls: recognized by name (no edge needed)
+ * - Unresolved: no edge, not builtin -> WARNING
  *
- * ПРАВИЛО (Datalog):
- * violation(X) :- node(X, "CALL"), \+ attr(X, "object", _), \+ edge(X, _, "CALLS").
- *
- * Это находит CALL узлы без "object" метаданных (т.е. CALL_SITE, не METHOD_CALL),
- * которые не имеют CALLS ребра к определению функции.
+ * This validator runs AFTER FunctionCallResolver and ExternalCallResolver
+ * to verify resolution quality and report issues.
  */
 import { Plugin, createSuccessResult } from '../Plugin.js';
+import { ValidationError } from '../../errors/GrafemaError.js';
+import { JS_GLOBAL_FUNCTIONS } from '../../data/builtins/index.js';
 export class CallResolverValidator extends Plugin {
     get metadata() {
         return {
@@ -20,90 +22,113 @@ export class CallResolverValidator extends Plugin {
             creates: {
                 nodes: [],
                 edges: []
-            }
+            },
+            dependencies: ['FunctionCallResolver', 'ExternalCallResolver']
         };
     }
     async execute(context) {
         const { graph } = context;
         const logger = this.log(context);
-        logger.info('Starting call resolution validation using Datalog');
-        // Check if graph supports checkGuarantee
-        if (!graph.checkGuarantee) {
-            logger.debug('Graph does not support checkGuarantee, skipping validation');
-            return createSuccessResult({ nodes: 0, edges: 0 }, { skipped: true });
-        }
-        // Datalog гарантия:
-        // CALL без "object" (т.е. CALL_SITE) должен иметь CALLS ребро
-        const violations = await graph.checkGuarantee(`
-      violation(X) :- node(X, "CALL"), \\+ attr(X, "object", _), \\+ edge(X, _, "CALLS").
-    `);
-        const issues = [];
-        if (violations.length > 0) {
-            logger.debug('Unresolved function calls found', { count: violations.length });
-            for (const v of violations) {
-                const nodeId = v.bindings.find(b => b.name === 'X')?.value;
-                if (nodeId) {
-                    const node = await graph.getNode(nodeId);
-                    if (node) {
-                        issues.push({
-                            type: 'UNRESOLVED_FUNCTION_CALL',
-                            severity: 'WARNING',
-                            message: `Call to "${node.name}" at ${node.file}:${node.line || '?'} does not resolve to a function definition`,
-                            callName: node.name,
-                            nodeId: nodeId,
-                            file: node.file,
-                            line: node.line
-                        });
-                    }
-                }
-            }
-        }
-        // Также проверим METHOD_CALL на известные внешние методы
-        // (это информационно, не ошибка)
-        const methodCallStats = await this.countMethodCalls(graph);
+        logger.info('Starting call resolution validation');
+        const warnings = [];
         const summary = {
-            totalCalls: methodCallStats.total,
-            resolvedInternalCalls: methodCallStats.resolved,
-            unresolvedInternalCalls: issues.length,
-            externalMethodCalls: methodCallStats.external,
-            issues: issues.length
+            totalCalls: 0,
+            resolvedInternal: 0,
+            resolvedExternal: 0,
+            resolvedBuiltin: 0,
+            methodCalls: 0,
+            unresolvedCalls: 0,
+            warnings: 0
         };
+        // Process all CALL nodes
+        for await (const node of graph.queryNodes({ nodeType: 'CALL' })) {
+            summary.totalCalls++;
+            const callNode = node;
+            const resolutionType = await this.determineResolutionType(graph, callNode);
+            switch (resolutionType) {
+                case 'internal':
+                    summary.resolvedInternal++;
+                    break;
+                case 'external':
+                    summary.resolvedExternal++;
+                    break;
+                case 'builtin':
+                    summary.resolvedBuiltin++;
+                    break;
+                case 'method':
+                    summary.methodCalls++;
+                    break;
+                case 'unresolved':
+                    summary.unresolvedCalls++;
+                    summary.warnings++;
+                    warnings.push(this.createWarning(callNode));
+                    break;
+            }
+        }
         logger.info('Validation complete', { ...summary });
-        if (issues.length > 0) {
-            logger.warn('Unresolved calls detected', { count: issues.length });
-            for (const issue of issues.slice(0, 10)) { // Show first 10
-                logger.warn(issue.message);
+        if (warnings.length > 0) {
+            logger.warn('Unresolved calls detected', { count: warnings.length });
+            for (const warning of warnings.slice(0, 10)) {
+                logger.warn(warning.message);
             }
-            if (issues.length > 10) {
-                logger.debug(`... and ${issues.length - 10} more`);
+            if (warnings.length > 10) {
+                logger.debug(`... and ${warnings.length - 10} more`);
             }
         }
-        return createSuccessResult({ nodes: 0, edges: 0 }, { summary, issues });
+        return createSuccessResult({ nodes: 0, edges: 0 }, { summary }, warnings);
     }
     /**
-     * Подсчитывает статистику по вызовам
+     * Determine the resolution type for a CALL node.
+     *
+     * Resolution priority:
+     * 1. Method call (has 'object' attribute) -> 'method'
+     * 2. Has CALLS edge to FUNCTION -> 'internal'
+     * 3. Has CALLS edge to EXTERNAL_MODULE -> 'external'
+     * 4. Name in JS_GLOBAL_FUNCTIONS -> 'builtin'
+     * 5. Otherwise -> 'unresolved'
      */
-    async countMethodCalls(graph) {
-        const stats = {
-            total: 0,
-            resolved: 0,
-            external: 0
-        };
-        // Подсчитываем все CALL узлы
-        for await (const node of graph.queryNodes({ nodeType: 'CALL' })) {
-            stats.total++;
-            // Проверяем наличие "object" в метаданных (METHOD_CALL)
-            if (node.object) {
-                stats.external++;
-            }
-            else {
-                // CALL_SITE - проверяем есть ли CALLS ребро
-                const edges = await graph.getOutgoingEdges(node.id, ['CALLS']);
-                if (edges.length > 0) {
-                    stats.resolved++;
+    async determineResolutionType(graph, callNode) {
+        // 1. Check if method call (has object attribute)
+        if (callNode.object) {
+            return 'method';
+        }
+        // 2. Check for CALLS edges
+        const edges = await graph.getOutgoingEdges(callNode.id, ['CALLS']);
+        if (edges.length > 0) {
+            // Determine destination type
+            const edge = edges[0];
+            const dstNode = await graph.getNode(edge.dst);
+            if (dstNode) {
+                if (dstNode.type === 'FUNCTION') {
+                    return 'internal';
+                }
+                if (dstNode.type === 'EXTERNAL_MODULE') {
+                    return 'external';
                 }
             }
+            // Has edge but unknown destination type - treat as resolved
+            return 'internal';
+        }
+        // 3. Check if builtin
+        const calledName = callNode.name;
+        if (calledName && JS_GLOBAL_FUNCTIONS.has(calledName)) {
+            return 'builtin';
         }
-        return stats;
+        // 4. Unresolved
+        return 'unresolved';
+    }
+    /**
+     * Create a warning for an unresolved call.
+     */
+    createWarning(callNode) {
+        return new ValidationError(`Unresolved call to "${callNode.name}" at ${callNode.file}:${callNode.line || '?'}`, 'WARN_UNRESOLVED_CALL', {
+            filePath: callNode.file,
+            lineNumber: callNode.line,
+            phase: 'VALIDATION',
+            plugin: 'CallResolverValidator',
+            nodeId: callNode.id,
+            callName: callNode.name,
+        }, 'Ensure the function is defined, imported, or is a known global', 'warning' // Severity: warning (not error)
+        );
     }
 }

package/dist/plugins/validation/DataFlowValidator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"DataFlowValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/DataFlowValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AA4ChF,qBAAa,iBAAkB,SAAQ,MAAM;IAC3C,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IAsH5D;;OAEG;IACH,OAAO,CAAC,cAAc;CA2CvB"}
+{"version":3,"file":"DataFlowValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/DataFlowValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAgChF,qBAAa,iBAAkB,SAAQ,MAAM;IAC3C,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IAwI5D;;OAEG;IACH,OAAO,CAAC,cAAc;CAsDvB"}

package/dist/plugins/validation/DataFlowValidator.js

@@ -12,6 +12,7 @@
  * - EVENT_LISTENER: события
  */
 import { Plugin, createSuccessResult } from '../Plugin.js';
+import { ValidationError } from '../../errors/GrafemaError.js';
 export class DataFlowValidator extends Plugin {
     get metadata() {
         return {
@@ -38,7 +39,7 @@ export class DataFlowValidator extends Plugin {
         const allEdges = await graph.getAllEdges();
         const variables = allNodes.filter(n => n.type === 'VARIABLE_DECLARATION' || n.type === 'CONSTANT');
         logger.debug('Variables collected', { count: variables.length });
-        const issues = [];
+        const errors = [];
         const leafTypes = new Set([
             'LITERAL',
             'net:stdio',
@@ -55,70 +56,69 @@ export class DataFlowValidator extends Plugin {
             // Проверяем наличие ASSIGNED_FROM ребра
             const assignment = allEdges.find(e => e.type === 'ASSIGNED_FROM' && e.src === variable.id);
             if (!assignment) {
-                issues.push({
-                    type: 'MISSING_ASSIGNMENT',
-                    severity: 'WARNING',
-                    message: `Variable "${variable.name}" (${variable.file}:${variable.line}) has no ASSIGNED_FROM edge`,
+                errors.push(new ValidationError(`Variable "${variable.name}" (${variable.file}:${variable.line}) has no ASSIGNED_FROM edge`, 'ERR_MISSING_ASSIGNMENT', {
+                    filePath: variable.file,
+                    lineNumber: variable.line,
+                    phase: 'VALIDATION',
+                    plugin: 'DataFlowValidator',
                     variable: variable.name,
-                    file: variable.file,
-                    line: variable.line
-                });
+                }, undefined, 'warning'));
                 continue;
             }
             // Проверяем что источник существует
             const source = allNodes.find(n => n.id === assignment.dst);
             if (!source) {
-                issues.push({
-                    type: 'BROKEN_REFERENCE',
-                    severity: 'ERROR',
-                    message: `Variable "${variable.name}" references non-existent node ${assignment.dst}`,
+                errors.push(new ValidationError(`Variable "${variable.name}" references non-existent node ${assignment.dst}`, 'ERR_BROKEN_REFERENCE', {
+                    filePath: variable.file,
+                    lineNumber: variable.line,
+                    phase: 'VALIDATION',
+                    plugin: 'DataFlowValidator',
                     variable: variable.name,
-                    file: variable.file,
-                    line: variable.line
-                });
+                    targetNodeId: assignment.dst,
+                }, undefined, 'error'));
                 continue;
             }
             // Проверяем путь до листового узла
             const path = this.findPathToLeaf(variable, allNodes, allEdges, leafTypes);
             if (!path.found) {
-                issues.push({
-                    type: 'NO_LEAF_NODE',
-                    severity: 'WARNING',
-                    message: `Variable "${variable.name}" (${variable.file}:${variable.line}) does not trace to a leaf node. Chain: ${path.chain.join(' -> ')}`,
+                errors.push(new ValidationError(`Variable "${variable.name}" (${variable.file}:${variable.line}) does not trace to a leaf node. Chain: ${path.chain.join(' -> ')}`, 'ERR_NO_LEAF_NODE', {
+                    filePath: variable.file,
+                    lineNumber: variable.line,
+                    phase: 'VALIDATION',
+                    plugin: 'DataFlowValidator',
                     variable: variable.name,
-                    file: variable.file,
-                    line: variable.line,
-                    chain: path.chain
-                });
+                    chain: path.chain,
+                }, undefined, 'warning'));
             }
         }
-        // Группируем issues по типу
+        // Группируем errors по коду
+        const byCode = {};
+        for (const error of errors) {
+            if (!byCode[error.code]) {
+                byCode[error.code] = 0;
+            }
+            byCode[error.code]++;
+        }
         const summary = {
             total: variables.length,
-            validated: variables.length - issues.length,
-            issues: issues.length,
-            byType: {}
+            validated: variables.length - errors.length,
+            issues: errors.length,
+            byType: byCode
         };
-        for (const issue of issues) {
-            if (!summary.byType[issue.type]) {
-                summary.byType[issue.type] = 0;
-            }
-            summary.byType[issue.type]++;
-        }
         logger.info('Validation complete', { ...summary });
-        // Выводим issues
-        if (issues.length > 0) {
-            logger.warn('Data flow issues found', { count: issues.length });
-            for (const issue of issues) {
-                if (issue.severity === 'ERROR') {
-                    logger.error(`[${issue.type}] ${issue.message}`);
+        // Выводим errors
+        if (errors.length > 0) {
+            logger.warn('Data flow issues found', { count: errors.length });
+            for (const error of errors) {
+                if (error.severity === 'error') {
+                    logger.error(`[${error.code}] ${error.message}`);
                 }
                 else {
-                    logger.warn(`[${issue.type}] ${issue.message}`);
+                    logger.warn(`[${error.code}] ${error.message}`);
                 }
             }
         }
-        return createSuccessResult({ nodes: 0, edges: 0 }, { summary, issues });
+        return createSuccessResult({ nodes: 0, edges: 0 }, { summary }, errors);
     }
     /**
      * Находит путь от переменной до листового узла
@@ -134,6 +134,14 @@ export class DataFlowValidator extends Plugin {
         if (leafTypes.has(startNode.type)) {
             return { found: true, chain };
         }
+        // REG-262: Check if variable is used by a method call (incoming USES edge)
+        // If something USES this variable, the variable is not dead
+        const usedByCall = allEdges.find(e => e.type === 'USES' && e.dst === startNode.id);
+        if (usedByCall) {
+            const callNode = allNodes.find(n => n.id === usedByCall.src);
+            const callName = callNode?.name ?? usedByCall.src;
+            return { found: true, chain: [...chain, `(used by ${callName})`] };
+        }
         // Ищем ASSIGNED_FROM ребро
         const assignment = allEdges.find(e => e.type === 'ASSIGNED_FROM' && e.src === startNode.id);
         if (!assignment) {

package/dist/plugins/validation/GraphConnectivityValidator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"GraphConnectivityValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/GraphConnectivityValidator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAyChF,qBAAa,0BAA2B,SAAQ,MAAM;IACpD,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CAwI7D"}
+{"version":3,"file":"GraphConnectivityValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/GraphConnectivityValidator.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AA0ChF,qBAAa,0BAA2B,SAAQ,MAAM;IACpD,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CA6K7D"}

package/dist/plugins/validation/GraphConnectivityValidator.js

@@ -3,6 +3,7 @@
  * Находит "островки" - узлы которые не имеют путей до SERVICE/MODULE
  */
 import { Plugin, createSuccessResult } from '../Plugin.js';
+import { ValidationError } from '../../errors/GrafemaError.js';
 export class GraphConnectivityValidator extends Plugin {
     get metadata() {
         return {
@@ -73,6 +74,7 @@ export class GraphConnectivityValidator extends Plugin {
         }
         // Находим недостижимые узлы
         const unreachable = allNodes.filter(n => !reachable.has(n.id));
+        const errors = [];
         if (unreachable.length > 0) {
             const percentage = ((unreachable.length / allNodes.length) * 100).toFixed(1);
             logger.error('GRAPH VALIDATION ERROR: DISCONNECTED NODES FOUND');
@@ -116,6 +118,28 @@ export class GraphConnectivityValidator extends Plugin {
             manifestWithValidation.validation.reachableNodes = reachable.size;
             manifestWithValidation.validation.unreachableCount = unreachable.length;
             manifestWithValidation.validation.unreachableByType = Object.fromEntries(Object.entries(byType).map(([type, nodes]) => [type, nodes.length]));
+            // Create summary error for disconnected nodes
+            errors.push(new ValidationError(`Found ${unreachable.length} unreachable nodes (${percentage}% of total)`, 'ERR_DISCONNECTED_NODES', {
+                phase: 'VALIDATION',
+                plugin: 'GraphConnectivityValidator',
+                totalNodes: allNodes.length,
+                reachableNodes: reachable.size,
+                unreachableCount: unreachable.length,
+                unreachableByType: Object.fromEntries(Object.entries(byType).map(([type, nodes]) => [type, nodes.length])),
+            }, 'Fix analysis plugins to ensure all nodes are connected'));
+            // Create individual errors for each disconnected node (limit to 50)
+            const maxIndividualErrors = 50;
+            for (const node of unreachable.slice(0, maxIndividualErrors)) {
+                errors.push(new ValidationError(`Node "${node.name || node.id}" (type: ${node.type}) is not connected to the main graph`, 'ERR_DISCONNECTED_NODE', {
+                    filePath: node.file,
+                    lineNumber: node.line,
+                    phase: 'VALIDATION',
+                    plugin: 'GraphConnectivityValidator',
+                    nodeId: node.id,
+                    nodeType: node.type,
+                    nodeName: node.name,
+                }));
+            }
         }
         else {
             logger.info('All nodes are reachable from root nodes');
@@ -126,6 +150,6 @@ export class GraphConnectivityValidator extends Plugin {
             manifestWithValidation.validation.reachableNodes = reachable.size;
         }
         logger.info('Validation complete', { reachable: reachable.size, total: allNodes.length });
-        return createSuccessResult({ nodes: 0, edges: 0 }, { totalNodes: allNodes.length, reachableNodes: reachable.size });
+        return createSuccessResult({ nodes: 0, edges: 0 }, { totalNodes: allNodes.length, reachableNodes: reachable.size }, errors);
     }
 }

package/dist/plugins/validation/SQLInjectionValidator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SQLInjectionValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/SQLInjectionValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAsEhF,qBAAa,qBAAsB,SAAQ,MAAM;IAC/C,OAAO,CAAC,aAAa,CAAsB;;IAO3C,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IAgH5D;;OAEG;YACW,gBAAgB;IAgF9B;;OAEG;YACW,gCAAgC;IAsC9C;;;OAGG;YACW,oBAAoB;CAsDnC;AAED,eAAe,qBAAqB,CAAC"}
+{"version":3,"file":"SQLInjectionValidator.d.ts","sourceRoot":"","sources":["../../../src/plugins/validation/SQLInjectionValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAsEhF,qBAAa,qBAAsB,SAAQ,MAAM;IAC/C,OAAO,CAAC,aAAa,CAAsB;;IAO3C,IAAI,QAAQ,IAAI,cAAc,CAU7B;IAEK,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IAgH5D;;OAEG;YACW,gBAAgB;IA8E9B;;OAEG;YACW,gCAAgC;IAqC9C;;;OAGG;YACW,oBAAoB;CAsDnC;AAED,eAAe,qBAAqB,CAAC"}

package/dist/plugins/validation/SQLInjectionValidator.js

@@ -149,7 +149,7 @@ export class SQLInjectionValidator extends Plugin {
         // We need to check if it has nondeterministic content
         // Check if this call has PASSES_ARGUMENT edges
         const outgoing = await graph.getOutgoingEdges(call.id);
-        const argEdges = outgoing.filter(e => (e.edgeType || e.edge_type) === 'PASSES_ARGUMENT');
+        const argEdges = outgoing.filter(e => e.type === 'PASSES_ARGUMENT');
         if (argEdges.length === 0) {
             // No tracked arguments - check via queryArgName attribute if available
             if (call.queryArgName) {
@@ -214,8 +214,7 @@ export class SQLInjectionValidator extends Plugin {
         const result = { hasUnknown: false, sources: [] };
         // Check DERIVES_FROM edges
         const outgoing = await graph.getOutgoingEdges(exprNode.id);
-        const derivesFromEdges = outgoing.filter(e => (e.edgeType || e.edge_type) === 'DERIVES_FROM' ||
-            (e.edgeType || e.edge_type) === 'ASSIGNED_FROM');
+        const derivesFromEdges = outgoing.filter(e => e.type === 'DERIVES_FROM' || e.type === 'ASSIGNED_FROM');
         for (const edge of derivesFromEdges) {
             const sourceId = edge.dst || edge.target_id;
             const sourceNode = await graph.getNode(sourceId);

package/dist/queries/findCallsInFunction.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Find all CALL and METHOD_CALL nodes inside a function.
+ *
+ * Graph structure:
+ * ```
+ * FUNCTION -[HAS_SCOPE]-> SCOPE -[CONTAINS]-> CALL
+ *                         SCOPE -[CONTAINS]-> METHOD_CALL
+ *                         SCOPE -[CONTAINS]-> SCOPE (nested blocks)
+ * ```
+ *
+ * Algorithm:
+ * 1. Get function's scope via HAS_SCOPE edge
+ * 2. BFS through CONTAINS edges, collecting CALL and METHOD_CALL nodes
+ * 3. Stop at nested FUNCTION/CLASS boundaries (don't enter inner functions)
+ * 4. For each call, check CALLS edge to determine if resolved
+ * 5. If transitive=true, recursively follow resolved CALLS edges
+ *
+ * Performance: O(S + C) where S = scopes, C = calls
+ * For functions with 100 calls, expect ~200 DB operations.
+ *
+ * @module queries/findCallsInFunction
+ */
+import type { CallInfo, FindCallsOptions } from './types.js';
+/**
+ * Graph backend interface (minimal surface)
+ */
+interface GraphBackend {
+    getNode(id: string): Promise<{
+        id: string;
+        type: string;
+        name: string;
+        file?: string;
+        line?: number;
+        object?: string;
+    } | null>;
+    getOutgoingEdges(nodeId: string, edgeTypes: string[] | null): Promise<Array<{
+        src: string;
+        dst: string;
+        type: string;
+    }>>;
+}
+/**
+ * Find all CALL and METHOD_CALL nodes inside a function.
+ *
+ * @param backend - Graph backend for queries
+ * @param functionId - ID of the FUNCTION node
+ * @param options - Options for traversal
+ * @returns Array of CallInfo objects
+ */
+export declare function findCallsInFunction(backend: GraphBackend, functionId: string, options?: FindCallsOptions): Promise<CallInfo[]>;
+export {};
+//# sourceMappingURL=findCallsInFunction.d.ts.map

package/dist/queries/findCallsInFunction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"findCallsInFunction.d.ts","sourceRoot":"","sources":["../../src/queries/findCallsInFunction.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE7D;;GAEG;AACH,UAAU,YAAY;IACpB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;QAC3B,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GAAG,IAAI,CAAC,CAAC;IACV,gBAAgB,CACd,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,GACzB,OAAO,CAAC,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,CAAC;CAC/D;AAED;;;;;;;GAOG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,YAAY,EACrB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,gBAAqB,GAC7B,OAAO,CAAC,QAAQ,EAAE,CAAC,CAkErB"}

package/dist/queries/findCallsInFunction.js

@@ -0,0 +1,135 @@
+/**
+ * Find all CALL and METHOD_CALL nodes inside a function.
+ *
+ * Graph structure:
+ * ```
+ * FUNCTION -[HAS_SCOPE]-> SCOPE -[CONTAINS]-> CALL
+ *                         SCOPE -[CONTAINS]-> METHOD_CALL
+ *                         SCOPE -[CONTAINS]-> SCOPE (nested blocks)
+ * ```
+ *
+ * Algorithm:
+ * 1. Get function's scope via HAS_SCOPE edge
+ * 2. BFS through CONTAINS edges, collecting CALL and METHOD_CALL nodes
+ * 3. Stop at nested FUNCTION/CLASS boundaries (don't enter inner functions)
+ * 4. For each call, check CALLS edge to determine if resolved
+ * 5. If transitive=true, recursively follow resolved CALLS edges
+ *
+ * Performance: O(S + C) where S = scopes, C = calls
+ * For functions with 100 calls, expect ~200 DB operations.
+ *
+ * @module queries/findCallsInFunction
+ */
+/**
+ * Find all CALL and METHOD_CALL nodes inside a function.
+ *
+ * @param backend - Graph backend for queries
+ * @param functionId - ID of the FUNCTION node
+ * @param options - Options for traversal
+ * @returns Array of CallInfo objects
+ */
+export async function findCallsInFunction(backend, functionId, options = {}) {
+    const { maxDepth = 10, transitive = false, transitiveDepth = 5, } = options;
+    const calls = [];
+    const visited = new Set();
+    const seenTargets = new Set(); // For deduplication in transitive mode
+    // Add the starting function to seenTargets to prevent cycles back to it
+    if (transitive) {
+        seenTargets.add(functionId);
+    }
+    // Step 1: Get function's scope via HAS_SCOPE
+    const hasScopeEdges = await backend.getOutgoingEdges(functionId, ['HAS_SCOPE']);
+    // BFS queue: { nodeId, currentDepth }
+    const queue = [];
+    for (const edge of hasScopeEdges) {
+        queue.push({ id: edge.dst, depth: 0 });
+    }
+    // Step 2: BFS through scopes
+    while (queue.length > 0) {
+        const { id, depth } = queue.shift();
+        if (visited.has(id) || depth > maxDepth)
+            continue;
+        visited.add(id);
+        const containsEdges = await backend.getOutgoingEdges(id, ['CONTAINS']);
+        for (const edge of containsEdges) {
+            const child = await backend.getNode(edge.dst);
+            if (!child)
+                continue;
+            // Collect CALL and METHOD_CALL nodes
+            if (child.type === 'CALL' || child.type === 'METHOD_CALL') {
+                const callInfo = await buildCallInfo(backend, child, 0);
+                calls.push(callInfo);
+                // Transitive: follow resolved calls
+                if (transitive && callInfo.resolved && callInfo.target) {
+                    await collectTransitiveCalls(backend, callInfo.target.id, 1, // Starting at depth 1
+                    transitiveDepth, calls, seenTargets);
+                }
+            }
+            // Continue into nested scopes, but NOT into nested functions/classes
+            if (child.type === 'SCOPE') {
+                queue.push({ id: child.id, depth: depth + 1 });
+            }
+            // Skip FUNCTION, CLASS - they have their own scope hierarchy
+        }
+    }
+    return calls;
+}
+/**
+ * Build CallInfo from a call node
+ */
+async function buildCallInfo(backend, callNode, depth) {
+    // Check for CALLS edge (resolved target)
+    const callsEdges = await backend.getOutgoingEdges(callNode.id, ['CALLS']);
+    const isResolved = callsEdges.length > 0;
+    let target = undefined;
+    if (isResolved) {
+        const targetNode = await backend.getNode(callsEdges[0].dst);
+        if (targetNode) {
+            target = {
+                id: targetNode.id,
+                name: targetNode.name,
+                file: targetNode.file,
+                line: targetNode.line,
+            };
+        }
+    }
+    return {
+        id: callNode.id,
+        name: callNode.name,
+        type: callNode.type,
+        object: callNode.object,
+        resolved: isResolved,
+        target,
+        file: callNode.file,
+        line: callNode.line,
+        depth,
+    };
+}
+/**
+ * Recursively collect transitive calls
+ *
+ * Infinite loop prevention:
+ * - Track seen function IDs in seenTargets
+ * - Stop when we've seen a function before (handles recursion)
+ * - Stop at transitiveDepth limit
+ */
+async function collectTransitiveCalls(backend, functionId, currentDepth, maxTransitiveDepth, calls, seenTargets) {
+    // Prevent infinite loops and limit depth
+    if (seenTargets.has(functionId) || currentDepth > maxTransitiveDepth) {
+        return;
+    }
+    seenTargets.add(functionId);
+    // Find calls in this function (non-transitive to avoid recursion)
+    const innerCalls = await findCallsInFunction(backend, functionId, {
+        maxDepth: 10,
+        transitive: false,
+    });
+    for (const call of innerCalls) {
+        // Add with updated depth
+        calls.push({ ...call, depth: currentDepth });
+        // Continue transitively if resolved
+        if (call.resolved && call.target) {
+            await collectTransitiveCalls(backend, call.target.id, currentDepth + 1, maxTransitiveDepth, calls, seenTargets);
+        }
+    }
+}