@hookwarden/engine 0.0.1 → 0.1.1

package/dist/adapters/django.d.ts

@@ -0,0 +1,4 @@
+import type { CandidateHandler } from "../model/catalog.js";
+import type { ParsedFile } from "../types/project-model.js";
+export declare function djangoAdapter(file: ParsedFile, allFiles: ReadonlyArray<ParsedFile>): ReadonlyArray<CandidateHandler>;
+//# sourceMappingURL=django.d.ts.map

package/dist/adapters/django.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"django.d.ts","sourceRoot":"","sources":["../../src/adapters/django.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAiB5D,wBAAgB,aAAa,CAC3B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,aAAa,CAAC,UAAU,CAAC,GAClC,aAAa,CAAC,gBAAgB,CAAC,CAyBjC"}

package/dist/adapters/django.js

@@ -0,0 +1,148 @@
+// D-31 bespoke adapter: Django. Two patterns:
+//   1. urls.py: urlpatterns = [path('webhooks/x', view_fn)] → view_fn (cross-file by name)
+//   2. CBV:     class StripeView(View): def post(self, ...) → the post method is the handler
+// Reflective dispatch is out of scope for v1; Phase 6 corpus run will surface what's missed.
+// Pure: tree-sitter trees + ParsedFile only. No I/O.
+const CBV_HTTP_METHODS = new Set(["POST", "PUT", "PATCH", "DELETE"]);
+const URL_FUNCTIONS = new Set(["path", "re_path"]);
+export function djangoAdapter(file, allFiles) {
+    if (file.dialect !== "tree-sitter-python")
+        return [];
+    if (file.parse_error !== null || file.raw_ast === null)
+        return [];
+    const usesDjango = file.imports.some((i) => i.to_module === "django" || i.to_module.startsWith("django."));
+    const isUrlsPy = file.file_path.endsWith("urls.py");
+    if (!usesDjango && !isUrlsPy)
+        return [];
+    const tree = file.raw_ast;
+    const out = [];
+    // Pattern 1 — class-based views.
+    for (const klass of tree.rootNode.descendantsOfType(["class_definition"])) {
+        out.push(...detectClassBasedView(klass, file, allFiles, usesDjango));
+    }
+    // Pattern 2 — urls.py function references.
+    if (isUrlsPy) {
+        for (const call of tree.rootNode.descendantsOfType(["call"])) {
+            const handler = matchUrlsPyPath(call, file);
+            if (handler !== null)
+                out.push(handler);
+        }
+    }
+    return out;
+}
+function detectClassBasedView(klass, file, allFiles, usesDjango) {
+    // CBV heuristic: superclass list contains View / APIView / GenericAPIView, OR the file imports django.
+    const superList = klass.childForFieldName("superclasses");
+    const superText = superList?.text ?? "";
+    const isCBV = /\b(View|APIView|GenericAPIView)\b/.test(superText) || usesDjango;
+    if (!isCBV)
+        return [];
+    const className = klass.childForFieldName("name")?.text ?? null;
+    const body = klass.childForFieldName("body");
+    if (!body)
+        return [];
+    const out = [];
+    for (const fnDef of body.descendantsOfType(["function_definition"])) {
+        const methodName = fnDef.childForFieldName("name")?.text;
+        if (!methodName)
+            continue;
+        const upper = methodName.toUpperCase();
+        if (!CBV_HTTP_METHODS.has(upper))
+            continue;
+        out.push({
+            framework: "django",
+            framework_version: null, // issue #5
+            route_pattern: resolveCBVRoute(className, allFiles),
+            http_methods: [upper],
+            file_path: file.file_path,
+            location: locOf(fnDef),
+            handler_function_name: `${className ?? "<view>"}.${methodName}`,
+            handler_body_node: fnDef,
+            handler_source_start: fnDef.startIndex,
+            handler_source_end: fnDef.endIndex,
+        });
+    }
+    return out;
+}
+function matchUrlsPyPath(call, file) {
+    const fnText = call.childForFieldName("function")?.text ?? "";
+    if (!URL_FUNCTIONS.has(fnText))
+        return null;
+    const args = call.childForFieldName("arguments");
+    if (!args)
+        return null;
+    const positional = args.namedChildren.filter((c) => c.type !== "keyword_argument");
+    const pathArg = positional[0];
+    const viewArg = positional[1];
+    if (!pathArg || pathArg.type !== "string" || !viewArg)
+        return null;
+    const path = `/${stripPyString(pathArg.text).replace(/^\/+/, "")}`;
+    // Filter to webhooky paths only — keeps signal high.
+    if (!/(webhook|hook|hooks)/i.test(path))
+        return null;
+    return {
+        framework: "django",
+        framework_version: null, // issue #5
+        route_pattern: path,
+        // urls.py alone doesn't carry methods — assume POST for webhook routes.
+        http_methods: ["POST"],
+        file_path: file.file_path,
+        location: locOf(call),
+        handler_function_name: viewArg.text,
+        handler_body_node: viewArg, // placeholder; reachability will resolve via the import graph
+        handler_source_start: call.startIndex,
+        handler_source_end: call.endIndex,
+    };
+}
+// Map className → '/<path>' by scanning every urls.py for `path('...', ClassName.as_view())`.
+function resolveCBVRoute(className, allFiles) {
+    if (!className)
+        return "/";
+    for (const f of allFiles) {
+        if (!f.file_path.endsWith("urls.py") ||
+            f.dialect !== "tree-sitter-python" ||
+            f.raw_ast === null) {
+            continue;
+        }
+        const tree = f.raw_ast;
+        for (const call of tree.rootNode.descendantsOfType(["call"])) {
+            const fnText = call.childForFieldName("function")?.text ?? "";
+            if (!URL_FUNCTIONS.has(fnText))
+                continue;
+            const args = call.childForFieldName("arguments");
+            if (!args)
+                continue;
+            const positional = args.namedChildren.filter((c) => c.type !== "keyword_argument");
+            const pathArg = positional[0];
+            const viewArg = positional[1];
+            if (!pathArg || pathArg.type !== "string" || !viewArg)
+                continue;
+            if (viewArg.text === `${className}.as_view()`) {
+                return `/${stripPyString(pathArg.text).replace(/^\/+/, "")}`;
+            }
+        }
+    }
+    return "/";
+}
+function locOf(n) {
+    return {
+        line: n.startPosition.row + 1,
+        col: n.startPosition.column + 1,
+        end_line: n.endPosition.row + 1,
+        end_col: n.endPosition.column + 1,
+    };
+}
+function stripPyString(raw) {
+    let i = 0;
+    while (i < raw.length && /[bBrRuUfF]/.test(raw[i] ?? ""))
+        i++;
+    const quoted = raw.slice(i);
+    if (quoted.startsWith('"""') || quoted.startsWith("'''")) {
+        return quoted.slice(3, quoted.length - 3);
+    }
+    if (quoted.startsWith('"') || quoted.startsWith("'")) {
+        return quoted.slice(1, quoted.length - 1);
+    }
+    return quoted;
+}
+//# sourceMappingURL=django.js.map

package/dist/adapters/django.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"django.js","sourceRoot":"","sources":["../../src/adapters/django.ts"],"names":[],"mappings":"AAAA,8CAA8C;AAC9C,2FAA2F;AAC3F,6FAA6F;AAC7F,6FAA6F;AAC7F,qDAAqD;AAmBrD,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC1F,MAAM,aAAa,GAAwB,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AAExE,MAAM,UAAU,aAAa,CAC3B,IAAgB,EAChB,QAAmC;IAEnC,IAAI,IAAI,CAAC,OAAO,KAAK,oBAAoB;QAAE,OAAO,EAAE,CAAC;IACrD,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,CACrE,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAExC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAqC,CAAC;IACxD,MAAM,GAAG,GAAuB,EAAE,CAAC;IAEnC,iCAAiC;IACjC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,kBAAkB,CAAC,CAAC,EAAE,CAAC;QAC1E,GAAG,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,2CAA2C;IAC3C,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YAC7D,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAC5C,IAAI,OAAO,KAAK,IAAI;gBAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAAmB,EACnB,IAAgB,EAChB,QAAmC,EACnC,UAAmB;IAEnB,uGAAuG;IACvG,MAAM,SAAS,GAAG,KAAK,CAAC,iBAAiB,CAAC,cAAc,CAAC,CAAC;IAC1D,MAAM,SAAS,GAAG,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,mCAAmC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC;IAChF,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,MAAM,SAAS,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC;IAChE,MAAM,IAAI,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IAErB,MAAM,GAAG,GAAuB,EAAE,CAAC;IACnC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC;QACpE,MAAM,UAAU,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC;QACzD,IAAI,CAAC,UAAU;YAAE,SAAS;QAC1B,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;QACvC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,SAAS;QAC3C,GAAG,CAAC,IAAI,CAAC;YACP,SAAS,EAAE,QAAqB;YAChC,iBAAiB,EAAE,IAAI,EAAE,WAAW;YACpC,aAAa,EAAE,eAAe,CAAC,SAAS,EAAE,QAAQ,CAAC;YACnD,YAAY,EAAE,CAAC,KAAK,CAAC;YACrB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC;YACtB,qBAAqB,EAAE,GAAG,SAAS,IAAI,QAAQ,IAAI,UAAU,EAAE;YAC/D,iBAAiB,EAAE,KAAK;YACxB,oBAAoB,EAAE,KAAK,CAAC,UAAU;YACtC,kBAAkB,EAAE,KAAK,CAAC,QAAQ;SACnC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,IAAkB,EAAE,IAAgB;IAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IACjD,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;IACnF,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAEnE,MAAM,IAAI,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;IACnE,qDAAqD;IACrD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,OAAO;QACL,SAAS,EAAE,QAAqB;QAChC,iBAAiB,EAAE,IAAI,EAAE,WAAW;QACpC,aAAa,EAAE,IAAI;QACnB,wEAAwE;QACxE,YAAY,EAAE,CAAC,MAAM,CAAC;QACtB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC;QACrB,qBAAqB,EAAE,OAAO,CAAC,IAAI;QACnC,iBAAiB,EAAE,OAAO,EAAE,8DAA8D;QAC1F,oBAAoB,EAAE,IAAI,CAAC,UAAU;QACrC,kBAAkB,EAAE,IAAI,CAAC,QAAQ;KAClC,CAAC;AACJ,CAAC;AAED,8FAA8F;AAC9F,SAAS,eAAe,CAAC,SAAwB,EAAE,QAAmC;IACpF,IAAI,CAAC,SAAS;QAAE,OAAO,GAAG,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IACE,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,OAAO,KAAK,oBAAoB;YAClC,CAAC,CAAC,OAAO,KAAK,IAAI,EAClB,CAAC;YACD,SAAS;QACX,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,CAAC,OAAqC,CAAC;QACrD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;YAC9D,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,SAAS;YACzC,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;YACjD,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;YACnF,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,OAAO;gBAAE,SAAS;YAChE,IAAI,OAAO,CAAC,IAAI,KAAK,GAAG,SAAS,YAAY,EAAE,CAAC;gBAC9C,OAAO,IAAI,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;YAC/D,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,KAAK,CAAC,CAAe;IAC5B,OAAO;QACL,IAAI,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC;QAC7B,GAAG,EAAE,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC;QAC/B,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,GAAG,CAAC;QAC/B,OAAO,EAAE,CAAC,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAAE,CAAC,EAAE,CAAC;IAC9D,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/adapters/fastapi.d.ts

@@ -0,0 +1,4 @@
+import type { CandidateHandler } from "../model/catalog.js";
+import type { ParsedFile } from "../types/project-model.js";
+export declare function fastapiAdapter(file: ParsedFile, allFiles: ReadonlyArray<ParsedFile>): ReadonlyArray<CandidateHandler>;
+//# sourceMappingURL=fastapi.d.ts.map

package/dist/adapters/fastapi.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fastapi.d.ts","sourceRoot":"","sources":["../../src/adapters/fastapi.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAE5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAiB5D,wBAAgB,cAAc,CAC5B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,aAAa,CAAC,UAAU,CAAC,GAClC,aAAa,CAAC,gBAAgB,CAAC,CAiBjC"}

package/dist/adapters/fastapi.js

@@ -0,0 +1,118 @@
+// D-31 bespoke adapter: FastAPI. @router.post('/x') / @app.post('/x') on async def.
+// Cross-file include_router prefix resolution via single-pass scan over allFiles.
+// Pure: tree-sitter trees + ParsedFile only. No I/O.
+const BODY_METHODS = new Set(["post", "put", "patch", "delete"]);
+export function fastapiAdapter(file, allFiles) {
+    if (file.dialect !== "tree-sitter-python")
+        return [];
+    if (file.parse_error !== null || file.raw_ast === null)
+        return [];
+    const usesFastAPI = file.imports.some((i) => i.to_module === "fastapi" || i.to_module.startsWith("fastapi."));
+    if (!usesFastAPI)
+        return [];
+    const tree = file.raw_ast;
+    const prefixByRouterVar = collectIncludeRouterPrefixes(allFiles);
+    const out = [];
+    for (const node of tree.rootNode.descendantsOfType(["decorated_definition"])) {
+        const handler = matchFastApiDecorator(node, file, prefixByRouterVar);
+        if (handler !== null)
+            out.push(handler);
+    }
+    return out;
+}
+function matchFastApiDecorator(node, file, prefixByRouterVar) {
+    const fnDef = node.namedChildren.find((c) => c.type === "function_definition");
+    if (!fnDef)
+        return null;
+    for (const dec of node.descendantsOfType(["decorator"])) {
+        const call = dec.descendantsOfType(["call"])[0];
+        if (!call)
+            continue;
+        const fnText = call.childForFieldName("function")?.text ?? "";
+        const dot = fnText.lastIndexOf(".");
+        if (dot < 0)
+            continue;
+        const routerVar = fnText.slice(0, dot);
+        const methodName = fnText.slice(dot + 1);
+        if (!BODY_METHODS.has(methodName))
+            continue;
+        const args = call.childForFieldName("arguments");
+        if (!args)
+            continue;
+        const pathArg = args.namedChildren.find((c) => c.type === "string");
+        if (!pathArg)
+            continue;
+        const path = stripPyString(pathArg.text);
+        const prefix = prefixByRouterVar.get(routerVar) ?? "";
+        const routePattern = prefix + path;
+        return {
+            framework: "fastapi",
+            framework_version: null, // issue #5
+            route_pattern: routePattern,
+            http_methods: [methodName.toUpperCase()],
+            file_path: file.file_path,
+            location: {
+                line: node.startPosition.row + 1,
+                col: node.startPosition.column + 1,
+                end_line: node.endPosition.row + 1,
+                end_col: node.endPosition.column + 1,
+            },
+            handler_function_name: fnDef.childForFieldName("name")?.text ?? null,
+            handler_body_node: fnDef,
+            handler_source_start: fnDef.startIndex,
+            handler_source_end: fnDef.endIndex,
+        };
+    }
+    return null;
+}
+// Map router-variable-name → prefix from `app.include_router(router_var, prefix='/api')`
+// across every Python file. Cross-file: a router defined in module A and included in module B
+// resolves as long as both files are in `allFiles`.
+function collectIncludeRouterPrefixes(allFiles) {
+    const out = new Map();
+    for (const f of allFiles) {
+        if (f.dialect !== "tree-sitter-python" || f.raw_ast === null)
+            continue;
+        const tree = f.raw_ast;
+        for (const call of tree.rootNode.descendantsOfType(["call"])) {
+            const fnText = call.childForFieldName("function")?.text ?? "";
+            if (!fnText.endsWith(".include_router"))
+                continue;
+            const args = call.childForFieldName("arguments");
+            if (!args)
+                continue;
+            const positional = args.namedChildren.filter((c) => c.type !== "keyword_argument");
+            const routerArg = positional[0];
+            if (!routerArg)
+                continue;
+            const routerName = routerArg.text;
+            let prefix = "";
+            for (const kw of args.namedChildren) {
+                if (kw.type !== "keyword_argument")
+                    continue;
+                if (kw.childForFieldName("name")?.text !== "prefix")
+                    continue;
+                const valNode = kw.childForFieldName("value");
+                if (valNode?.type === "string")
+                    prefix = stripPyString(valNode.text);
+            }
+            if (prefix !== "")
+                out.set(routerName, prefix);
+        }
+    }
+    return out;
+}
+function stripPyString(raw) {
+    let i = 0;
+    while (i < raw.length && /[bBrRuUfF]/.test(raw[i] ?? ""))
+        i++;
+    const quoted = raw.slice(i);
+    if (quoted.startsWith('"""') || quoted.startsWith("'''")) {
+        return quoted.slice(3, quoted.length - 3);
+    }
+    if (quoted.startsWith('"') || quoted.startsWith("'")) {
+        return quoted.slice(1, quoted.length - 1);
+    }
+    return quoted;
+}
+//# sourceMappingURL=fastapi.js.map

package/dist/adapters/fastapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fastapi.js","sourceRoot":"","sources":["../../src/adapters/fastapi.ts"],"names":[],"mappings":"AAAA,oFAAoF;AACpF,kFAAkF;AAClF,qDAAqD;AAmBrD,MAAM,YAAY,GAAwB,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAEtF,MAAM,UAAU,cAAc,CAC5B,IAAgB,EAChB,QAAmC;IAEnC,IAAI,IAAI,CAAC,OAAO,KAAK,oBAAoB;QAAE,OAAO,EAAE,CAAC;IACrD,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CACvE,CAAC;IACF,IAAI,CAAC,WAAW;QAAE,OAAO,EAAE,CAAC;IAE5B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAqC,CAAC;IACxD,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;IAEjE,MAAM,GAAG,GAAuB,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QAC7E,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,EAAE,IAAI,EAAE,iBAAiB,CAAC,CAAC;QACrE,IAAI,OAAO,KAAK,IAAI;YAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,qBAAqB,CAC5B,IAAkB,EAClB,IAAgB,EAChB,iBAAsC;IAEtC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,CAAC;IAC/E,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,GAAG,GAAG,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;QAC9D,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,GAAG,GAAG,CAAC;YAAE,SAAS;QACtB,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC;YAAE,SAAS;QAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACpE,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,MAAM,YAAY,GAAG,MAAM,GAAG,IAAI,CAAC;QAEnC,OAAO;YACL,SAAS,EAAE,SAAsB;YACjC,iBAAiB,EAAE,IAAI,EAAE,WAAW;YACpC,aAAa,EAAE,YAAY;YAC3B,YAAY,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YACxC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,QAAQ,EAAE;gBACR,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC;gBAChC,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC;gBAClC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,CAAC;gBAClC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC;aACrC;YACD,qBAAqB,EAAE,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,IAAI,IAAI;YACpE,iBAAiB,EAAE,KAAK;YACxB,oBAAoB,EAAE,KAAK,CAAC,UAAU;YACtC,kBAAkB,EAAE,KAAK,CAAC,QAAQ;SACnC,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yFAAyF;AACzF,8FAA8F;AAC9F,oDAAoD;AACpD,SAAS,4BAA4B,CAAC,QAAmC;IACvE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,OAAO,KAAK,oBAAoB,IAAI,CAAC,CAAC,OAAO,KAAK,IAAI;YAAE,SAAS;QACvE,MAAM,IAAI,GAAG,CAAC,CAAC,OAAqC,CAAC;QACrD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC;YAC9D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBAAE,SAAS;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;YACjD,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,kBAAkB,CAAC,CAAC;YACnF,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,CAAC,SAAS;gBAAE,SAAS;YACzB,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC;YAClC,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,IAAI,EAAE,CAAC,IAAI,KAAK,kBAAkB;oBAAE,SAAS;gBAC7C,IAAI,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,KAAK,QAAQ;oBAAE,SAAS;gBAC9D,MAAM,OAAO,GAAG,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAC9C,IAAI,OAAO,EAAE,IAAI,KAAK,QAAQ;oBAAE,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvE,CAAC;YACD,IAAI,MAAM,KAAK,EAAE;gBAAE,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAAE,CAAC,EAAE,CAAC;IAC9D,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACzD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/adapters/index.d.ts

@@ -0,0 +1,9 @@
+import type { CandidateHandler } from "../model/catalog.js";
+import type { ParsedFile } from "../types/project-model.js";
+import { djangoAdapter } from "./django.js";
+import { fastapiAdapter } from "./fastapi.js";
+import { nextjsAdapter } from "./nextjs.js";
+export type FrameworkAdapter = (file: ParsedFile, allFiles: ReadonlyArray<ParsedFile>) => ReadonlyArray<CandidateHandler>;
+export declare const ALL_ADAPTERS: ReadonlyArray<FrameworkAdapter>;
+export { djangoAdapter, fastapiAdapter, nextjsAdapter };
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,MAAM,gBAAgB,GAAG,CAC7B,IAAI,EAAE,UAAU,EAChB,QAAQ,EAAE,aAAa,CAAC,UAAU,CAAC,KAChC,aAAa,CAAC,gBAAgB,CAAC,CAAC;AAErC,eAAO,MAAM,YAAY,EAAE,aAAa,CAAC,gBAAgB,CAIxD,CAAC;AAEF,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC"}

package/dist/adapters/index.js

@@ -0,0 +1,10 @@
+import { djangoAdapter } from "./django.js";
+import { fastapiAdapter } from "./fastapi.js";
+import { nextjsAdapter } from "./nextjs.js";
+export const ALL_ADAPTERS = [
+    nextjsAdapter,
+    fastapiAdapter,
+    djangoAdapter,
+];
+export { djangoAdapter, fastapiAdapter, nextjsAdapter };
+//# sourceMappingURL=index.js.map

package/dist/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAO5C,MAAM,CAAC,MAAM,YAAY,GAAoC;IAC3D,aAAa;IACb,cAAc;IACd,aAAa;CACd,CAAC;AAEF,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,CAAC"}

package/dist/adapters/nextjs.d.ts

@@ -0,0 +1,4 @@
+import type { CandidateHandler } from "../model/catalog.js";
+import type { ParsedFile } from "../types/project-model.js";
+export declare function nextjsAdapter(file: ParsedFile, _allFiles: ReadonlyArray<ParsedFile>): ReadonlyArray<CandidateHandler>;
+//# sourceMappingURL=nextjs.d.ts.map

package/dist/adapters/nextjs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../src/adapters/nextjs.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAG5D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAa5D,wBAAgB,aAAa,CAC3B,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,aAAa,CAAC,UAAU,CAAC,GACnC,aAAa,CAAC,gBAAgB,CAAC,CAiBjC"}

package/dist/adapters/nextjs.js

@@ -0,0 +1,82 @@
+// D-31 bespoke adapter: Next.js App Router. Filesystem-derived routes + HTTP-method-named exports.
+// Pure: AST traversal + path-string matching only — engine purity gate (D-01) bans I/O imports.
+// Match `app/...` at the start of the path or after a `/` separator, so both
+// repo-root paths (`app/api/...`) and nested paths (`apps/web/app/api/...`) work.
+const ROUTE_FILE_RE = /(?:^|\/)app\/(?:.+\/)?route\.(?:ts|tsx|js|jsx)$/;
+const ROUTE_PATH_RE = /(?:^|\/)app\/(.+?)\/route\.(?:ts|tsx|js|jsx)$/;
+const BODY_METHOD_NAMES = new Set(["POST", "PUT", "PATCH", "DELETE"]);
+export function nextjsAdapter(file, _allFiles) {
+    if (file.dialect !== "babel")
+        return [];
+    if (file.parse_error !== null || file.raw_ast === null)
+        return [];
+    if (!ROUTE_FILE_RE.test(file.file_path))
+        return [];
+    const routePattern = deriveRoute(file.file_path);
+    const ast = file.raw_ast;
+    const out = [];
+    for (const stmt of ast.program.body) {
+        if (stmt.type !== "ExportNamedDeclaration")
+            continue;
+        for (const exported of collectNamedFunctionExports(stmt)) {
+            if (!BODY_METHOD_NAMES.has(exported.name))
+                continue;
+            out.push(buildHandler(file, routePattern, exported));
+        }
+    }
+    return out;
+}
+function deriveRoute(filePath) {
+    // app/api/webhooks/stripe/route.ts → /api/webhooks/stripe
+    const m = filePath.match(ROUTE_PATH_RE);
+    if (!m?.[1])
+        return "/";
+    return `/${m[1]}`;
+}
+// Pull out `export function POST(...)` and `export const POST = ...` named function shapes.
+function collectNamedFunctionExports(exp) {
+    const decl = exp.declaration;
+    if (!decl)
+        return [];
+    if (decl.type === "FunctionDeclaration" && decl.id) {
+        return [{ name: decl.id.name, fnNode: decl }];
+    }
+    if (decl.type === "VariableDeclaration") {
+        const out = [];
+        for (const v of decl.declarations) {
+            if (v.id.type !== "Identifier" || !v.init)
+                continue;
+            out.push({ name: v.id.name, fnNode: v.init });
+        }
+        return out;
+    }
+    return [];
+}
+function buildHandler(file, routePattern, exported) {
+    const span = spanOf(exported.fnNode);
+    return {
+        framework: "nextjs",
+        framework_version: null, // D-01 — never inferred in Phase 2 (issue #5).
+        route_pattern: routePattern,
+        http_methods: [exported.name],
+        file_path: file.file_path,
+        location: locationOf(exported.fnNode),
+        handler_function_name: exported.name,
+        handler_body_node: exported.fnNode,
+        handler_source_start: span.start,
+        handler_source_end: span.end,
+    };
+}
+function locationOf(node) {
+    const loc = node.loc;
+    return {
+        line: loc?.start.line ?? 1,
+        col: (loc?.start.column ?? 0) + 1,
+        end_line: loc?.end.line ?? 1,
+        end_col: (loc?.end.column ?? 0) + 1,
+    };
+}
+function spanOf(node) {
+    return { start: node.start ?? 0, end: node.end ?? 0 };
+}
+//# sourceMappingURL=nextjs.js.map

package/dist/adapters/nextjs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../src/adapters/nextjs.ts"],"names":[],"mappings":"AAAA,mGAAmG;AACnG,gGAAgG;AAQhG,6EAA6E;AAC7E,kFAAkF;AAClF,MAAM,aAAa,GAAG,iDAAiD,CAAC;AACxE,MAAM,aAAa,GAAG,+CAA+C,CAAC;AACtE,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAO3F,MAAM,UAAU,aAAa,CAC3B,IAAgB,EAChB,SAAoC;IAEpC,IAAI,IAAI,CAAC,OAAO,KAAK,OAAO;QAAE,OAAO,EAAE,CAAC;IACxC,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAClE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;QAAE,OAAO,EAAE,CAAC;IAEnD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAe,CAAC;IACjC,MAAM,GAAG,GAAuB,EAAE,CAAC;IAEnC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,IAAI,KAAK,wBAAwB;YAAE,SAAS;QACrD,KAAK,MAAM,QAAQ,IAAI,2BAA2B,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,SAAS;YACpD,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,0DAA0D;IAC1D,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,OAAO,GAAG,CAAC;IACxB,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACpB,CAAC;AAED,4FAA4F;AAC5F,SAAS,2BAA2B,CAClC,GAAkD;IAElD,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC;IAC7B,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,CAAC;IACrB,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;QACnD,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,IAA2B,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACxC,MAAM,GAAG,GAA0B,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,CAAC,IAAI;gBAAE,SAAS;YACpD,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,YAAY,CACnB,IAAgB,EAChB,YAAoB,EACpB,QAA6B;IAE7B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrC,OAAO;QACL,SAAS,EAAE,QAAqB;QAChC,iBAAiB,EAAE,IAAI,EAAE,+CAA+C;QACxE,aAAa,EAAE,YAAY;QAC3B,YAAY,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;QAC7B,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QACrC,qBAAqB,EAAE,QAAQ,CAAC,IAAI;QACpC,iBAAiB,EAAE,QAAQ,CAAC,MAAM;QAClC,oBAAoB,EAAE,IAAI,CAAC,KAAK;QAChC,kBAAkB,EAAE,IAAI,CAAC,GAAG;KAC7B,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,IAAU;IAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACrB,OAAO;QACL,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;QAC1B,GAAG,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;QACjC,QAAQ,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC;QAC5B,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,SAAS,MAAM,CAAC,IAAU;IACxB,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC;AACxD,CAAC"}

package/dist/evaluate.d.ts

@@ -0,0 +1,6 @@
+import type { Config } from "./types/config.js";
+import type { ProjectModel } from "./types/project-model.js";
+import type { RuleSet } from "./types/rule-set.js";
+import type { ScanResult } from "./types/scan-result.js";
+export declare function evaluate(model: ProjectModel, ruleSet: RuleSet, config: Config): Promise<ScanResult>;
+//# sourceMappingURL=evaluate.d.ts.map

package/dist/evaluate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../src/evaluate.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAGhD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,KAAK,EAAkB,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,KAAK,EAAgB,UAAU,EAAE,MAAM,wBAAwB,CAAC;AASvE,wBAAsB,QAAQ,CAC5B,KAAK,EAAE,YAAY,EACnB,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,CAAC,CAuDrB"}

package/dist/evaluate.js

@@ -0,0 +1,108 @@
+// Top-level evaluate(model, ruleSet, config) → Promise<ScanResult>.
+// D-35 + D-29 + D-30 + D-38. Pure: no I/O.
+//
+// Producer of ScanResult.inventory — DISCOVERY-01 (engine portion). The inventory carries every
+// field listed in D-36 (handler shape) and is internally consistent with findings + metadata.
+import { buildParseErrorFinding } from "./evaluator/parse-error.js";
+import { applyPathSeverityOverrides } from "./evaluator/path-severity-overrides.js";
+import { evaluateRulesForHandler } from "./evaluator/visit.js";
+import { ENGINE_VERSION } from "./version.js";
+const VERDICT_RANK = {
+    verified: 0,
+    "manual-review": 1,
+    "not-verified": 2,
+};
+export async function evaluate(model, ruleSet, config) {
+    const findings = [];
+    // 1. Parse-error findings (D-27 + ENGINE-07) — exactly one per parse-error file, no rules run.
+    let parseErrorsCount = 0;
+    let parsedFilesCount = 0;
+    for (const file of model.parsed_files) {
+        if (file.parse_error !== null) {
+            parseErrorsCount++;
+            findings.push(await buildParseErrorFinding(file));
+        }
+        else {
+            parsedFilesCount++;
+        }
+    }
+    // 2. Per-handler rule evaluation. Update verification_state + findings_ref on each handler.
+    // DISCOVERY-01: this loop is the producer of ScanResult.inventory.
+    // D-57: build a rule_id → RuleDefinition lookup once per scan so each emitted finding can be
+    // run through applyPathSeverityOverrides before being pushed onto findings[].
+    const rulesById = new Map();
+    for (const r of ruleSet.rules)
+        rulesById.set(r.rule_id, r);
+    const inventory = [];
+    for (const handler of model.handlers) {
+        const out = await evaluateRulesForHandler({ handler, ruleSet, model });
+        for (const f of out.findings) {
+            const rule = rulesById.get(f.rule_id);
+            // D-57 path_severity_overrides applied post-emit; identity when rule has no overrides.
+            findings.push(rule ? applyPathSeverityOverrides(f, rule) : f);
+        }
+        // Pick the worst verdict including the existing manual-review baseline.
+        const baseline = handler.verification_state;
+        const worst = VERDICT_RANK[out.worst_state] >= VERDICT_RANK[baseline] ? out.worst_state : baseline;
+        inventory.push({
+            ...handler,
+            verification_state: worst,
+            findings_ref: out.findings_ref,
+        });
+    }
+    // 3. Metadata (ENGINE-08, D-38).
+    const metadata = {
+        engine_version: ENGINE_VERSION,
+        engine_commit_sha: config.engine_commit_sha,
+        rule_pack_version: ruleSet.rule_pack_version,
+        rule_pack_content_hash: await computeRulePackContentHash(ruleSet),
+        scanned_at: config.scanned_at,
+        parse_errors_count: parseErrorsCount,
+        parsed_files_count: parsedFilesCount,
+        total_files_count: config.total_files_count,
+        parse_candidates_count: 0, // D-64 placeholder — Plan 09 (cli/src/pipeline.ts) overrides with walker-derived count.
+    };
+    return { findings, inventory, metadata };
+}
+// Same canonicalization algorithm as @hookwarden/rules' computeContentHash. Engine re-implements
+// here to avoid a runtime dependency on the rules package (D-23 — engine consumes RuleSet, not
+// the rules package itself).
+async function computeRulePackContentHash(ruleSet) {
+    const rules = ruleSet.rules.map((r) => ({
+        schema_version: ruleSet.schema_version,
+        rule_id: r.rule_id,
+        provider: r.provider,
+        severity: r.severity,
+        emits_state: r.emits_state,
+        message: r.message,
+        matcher: r.matcher,
+        predicate: r.predicate_name,
+        applies_to: r.applies_to,
+        // B-3: new RuleDefinition fields MUST be canonicalized — Phase 12 evidence-pack
+        // export consumes this hash for reproducibility. Adding a field without updating
+        // this function silently breaks the contract.
+        provider_docs_url: r.provider_docs_url,
+        path_severity_overrides: r.path_severity_overrides,
+    }));
+    const payload = canonicalize({ providers: ruleSet.providers, rules });
+    return sha256Hex(payload);
+}
+function canonicalize(value) {
+    if (value === null || typeof value !== "object")
+        return JSON.stringify(value);
+    if (Array.isArray(value))
+        return `[${value.map(canonicalize).join(",")}]`;
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    return `{${keys.map((k) => `${JSON.stringify(k)}:${canonicalize(obj[k])}`).join(",")}}`;
+}
+async function sha256Hex(input) {
+    const bytes = new TextEncoder().encode(input);
+    const buffer = await globalThis.crypto.subtle.digest("SHA-256", bytes);
+    const view = new Uint8Array(buffer);
+    let out = "";
+    for (let i = 0; i < view.length; i++)
+        out += (view[i] ?? 0).toString(16).padStart(2, "0");
+    return out;
+}
+//# sourceMappingURL=evaluate.js.map

package/dist/evaluate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../src/evaluate.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,2CAA2C;AAC3C,EAAE;AACF,gGAAgG;AAChG,8FAA8F;AAE9F,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,0BAA0B,EAAE,MAAM,wCAAwC,CAAC;AACpF,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAO/D,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,MAAM,YAAY,GAA4B;IAC5C,QAAQ,EAAE,CAAC;IACX,eAAe,EAAE,CAAC;IAClB,cAAc,EAAE,CAAC;CAClB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,KAAmB,EACnB,OAAgB,EAChB,MAAc;IAEd,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,+FAA+F;IAC/F,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YAC9B,gBAAgB,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC,MAAM,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,gBAAgB,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED,4FAA4F;IAC5F,mEAAmE;IACnE,6FAA6F;IAC7F,8EAA8E;IAC9E,MAAM,SAAS,GAAG,IAAI,GAAG,EAA0B,CAAC;IACpD,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK;QAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAE3D,MAAM,SAAS,GAAqB,EAAE,CAAC;IACvC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,MAAM,uBAAuB,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACvE,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACtC,uFAAuF;YACvF,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,0BAA0B,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;QACD,wEAAwE;QACxE,MAAM,QAAQ,GAAY,OAAO,CAAC,kBAAkB,CAAC;QACrD,MAAM,KAAK,GACT,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;QACvF,SAAS,CAAC,IAAI,CAAC;YACb,GAAG,OAAO;YACV,kBAAkB,EAAE,KAAK;YACzB,YAAY,EAAE,GAAG,CAAC,YAAY;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,QAAQ,GAAiB;QAC7B,cAAc,EAAE,cAAc;QAC9B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;QAC3C,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;QAC5C,sBAAsB,EAAE,MAAM,0BAA0B,CAAC,OAAO,CAAC;QACjE,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,kBAAkB,EAAE,gBAAgB;QACpC,kBAAkB,EAAE,gBAAgB;QACpC,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;QAC3C,sBAAsB,EAAE,CAAC,EAAE,wFAAwF;KACpH,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC3C,CAAC;AAED,iGAAiG;AACjG,+FAA+F;AAC/F,6BAA6B;AAC7B,KAAK,UAAU,0BAA0B,CAAC,OAAgB;IACxD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,SAAS,EAAE,CAAC,CAAC,cAAc;QAC3B,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,gFAAgF;QAChF,iFAAiF;QACjF,8CAA8C;QAC9C,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;QACtC,uBAAuB,EAAE,CAAC,CAAC,uBAAuB;KACnD,CAAC,CAAC,CAAC;IACJ,MAAM,OAAO,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC9E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IAC1E,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAC1F,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,KAAa;IACpC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACvE,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACpC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1F,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/evaluator/index.d.ts

@@ -0,0 +1,4 @@
+export { type ApplyMatcherInput, applyMatcher } from "./matchers.js";
+export { buildParseErrorFinding } from "./parse-error.js";
+export { type EvaluateForHandlerInput, type EvaluateForHandlerOutput, evaluateRulesForHandler, } from "./visit.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/evaluator/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/evaluator/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,iBAAiB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EACL,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,uBAAuB,GACxB,MAAM,YAAY,CAAC"}

package/dist/evaluator/index.js

@@ -0,0 +1,4 @@
+export { applyMatcher } from "./matchers.js";
+export { buildParseErrorFinding } from "./parse-error.js";
+export { evaluateRulesForHandler, } from "./visit.js";
+//# sourceMappingURL=index.js.map

package/dist/evaluator/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/evaluator/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAA0B,YAAY,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,EAAE,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAGL,uBAAuB,GACxB,MAAM,YAAY,CAAC"}

package/dist/evaluator/matchers.d.ts

@@ -0,0 +1,13 @@
+import type { Verdict } from "../types/finding.js";
+import type { WebhookHandler } from "../types/handler.js";
+import type { ProjectModel } from "../types/project-model.js";
+import type { DeclarativeMatcher, ProviderCatalog } from "../types/rule-set.js";
+export interface ApplyMatcherInput {
+    readonly matcher: DeclarativeMatcher;
+    readonly handler: WebhookHandler;
+    readonly model: ProjectModel;
+    readonly providers: ProviderCatalog;
+    readonly emits_state: Verdict;
+}
+export declare function applyMatcher(input: ApplyMatcherInput): Verdict | null;
+//# sourceMappingURL=matchers.d.ts.map

package/dist/evaluator/matchers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"matchers.d.ts","sourceRoot":"","sources":["../../src/evaluator/matchers.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAEhF,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,OAAO,EAAE,kBAAkB,CAAC;IACrC,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;IACjC,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;CAC/B;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,GAAG,IAAI,CAoErE"}