@hookwarden/engine 0.0.1 → 0.1.1

package/dist/model/evidence.js

@@ -0,0 +1,114 @@
+// D-32: every candidate handler is enriched with WebhookEvidence[] derived from the provider
+// catalog. Engine computes evidence; rules query thresholds. Engine never decides "is webhook?" —
+// that's rule-side. Engine assigns provider attribution heuristically (worst case "unknown").
+//
+// Phase 2 split: this function emits 6 of the 7 D-32 signals. The seventh —
+// `sdk_verify_call` — is appended in Plan 06b's build.ts after reachable_symbols is computed.
+export function computeEvidence(input) {
+    const out = [];
+    const handlerLoc = input.handler.location;
+    const handlerText = input.parsedFile.source_text.slice(input.handler.handler_source_start, input.handler.handler_source_end);
+    // Signal A — path_pattern_match (catalog conventional_paths).
+    for (const [providerName, entry] of Object.entries(input.providerCatalog)) {
+        for (const conv of entry.conventional_paths) {
+            if (input.handler.route_pattern.toLowerCase().includes(conv.toLowerCase())) {
+                out.push({
+                    kind: "path_pattern_match",
+                    provider: providerName,
+                    location: handlerLoc,
+                    detail: conv,
+                });
+            }
+        }
+    }
+    // Signal B — sdk_import (catalog sdk_packages).
+    for (const [providerName, entry] of Object.entries(input.providerCatalog)) {
+        for (const pkg of entry.sdk_packages) {
+            if (input.imports.some((i) => i.to_module === pkg)) {
+                out.push({
+                    kind: "sdk_import",
+                    provider: providerName,
+                    location: handlerLoc,
+                    detail: pkg,
+                });
+            }
+        }
+    }
+    // Signal C — secret_env_var_reference (catalog secret_env_prefix). Substring match within the
+    // handler's source range so we count only references in/near this handler.
+    for (const [providerName, entry] of Object.entries(input.providerCatalog)) {
+        for (const env of entry.secret_env_prefix) {
+            if (handlerText.includes(env)) {
+                out.push({
+                    kind: "secret_env_var_reference",
+                    provider: providerName,
+                    location: handlerLoc,
+                    detail: env,
+                });
+            }
+        }
+    }
+    // Signal D — secret_literal_match (catalog secret_literal_prefix). Restricted to handler text.
+    for (const [providerName, entry] of Object.entries(input.providerCatalog)) {
+        for (const prefix of entry.secret_literal_prefix) {
+            if (handlerText.includes(prefix)) {
+                out.push({
+                    kind: "secret_literal_match",
+                    provider: providerName,
+                    location: handlerLoc,
+                    detail: prefix,
+                });
+            }
+        }
+    }
+    // Signal E — signature_header_read (catalog signature_header). Substring match on handler text.
+    for (const [providerName, entry] of Object.entries(input.providerCatalog)) {
+        for (const header of entry.signature_header) {
+            if (handlerText.toLowerCase().includes(header.toLowerCase())) {
+                out.push({
+                    kind: "signature_header_read",
+                    provider: providerName,
+                    location: handlerLoc,
+                    detail: header,
+                });
+            }
+        }
+    }
+    // Signal F — body_as_bytes_or_buffer. Heuristic token search inside the handler.
+    if (/(Buffer|Uint8Array|\braw\b|\bbytes\b|c\.req\.raw|request\.get_data\(\)|request\.body)/i.test(handlerText)) {
+        out.push({
+            kind: "body_as_bytes_or_buffer",
+            provider: "unknown",
+            location: handlerLoc,
+            detail: "heuristic",
+        });
+    }
+    // Signal G — sdk_verify_call: NOT EMITTED HERE. Plan 06b's build.ts appends it after computing
+    // reachable_symbols, by cross-checking against catalog.providers[*].sdk_verify_calls.
+    // Provider attribution — most-cited provider wins; ties → "multiple"; zero → "unknown".
+    const counts = new Map();
+    for (const e of out) {
+        if (e.provider === "unknown")
+            continue;
+        counts.set(e.provider, (counts.get(e.provider) ?? 0) + 1);
+    }
+    let topProvider = "unknown";
+    let topCount = 0;
+    let tied = false;
+    for (const [p, c] of counts) {
+        if (c > topCount) {
+            topProvider = p;
+            topCount = c;
+            tied = false;
+        }
+        else if (c === topCount && c > 0) {
+            tied = true;
+        }
+    }
+    const provider = tied ? "multiple" : topProvider;
+    return { evidence: out, provider };
+}
+export function locationFromCandidate(handler) {
+    return handler.location;
+}
+//# sourceMappingURL=evidence.js.map

package/dist/model/evidence.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"evidence.js","sourceRoot":"","sources":["../../src/model/evidence.ts"],"names":[],"mappings":"AAAA,6FAA6F;AAC7F,kGAAkG;AAClG,8FAA8F;AAC9F,EAAE;AACF,4EAA4E;AAC5E,8FAA8F;AAoB9F,MAAM,UAAU,eAAe,CAAC,KAA2B;IACzD,MAAM,GAAG,GAAsB,EAAE,CAAC;IAClC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC1C,MAAM,WAAW,GAAG,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CACpD,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAClC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CACjC,CAAC;IAEF,8DAA8D;IAC9D,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC1E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,kBAAkB,EAAE,CAAC;YAC5C,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC3E,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,oBAAoB;oBAC1B,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,UAAU;oBACpB,MAAM,EAAE,IAAI;iBACb,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC1E,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACrC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,GAAG,CAAC,EAAE,CAAC;gBACnD,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,YAAY;oBAClB,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,UAAU;oBACpB,MAAM,EAAE,GAAG;iBACZ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,8FAA8F;IAC9F,2EAA2E;IAC3E,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC1E,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,iBAAiB,EAAE,CAAC;YAC1C,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,0BAA0B;oBAChC,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,UAAU;oBACpB,MAAM,EAAE,GAAG;iBACZ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,+FAA+F;IAC/F,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC1E,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,qBAAqB,EAAE,CAAC;YACjD,IAAI,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,sBAAsB;oBAC5B,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,UAAU;oBACpB,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,gGAAgG;IAChG,KAAK,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC1E,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,gBAAgB,EAAE,CAAC;YAC5C,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI,EAAE,uBAAuB;oBAC7B,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,UAAU;oBACpB,MAAM,EAAE,MAAM;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,iFAAiF;IACjF,IACE,wFAAwF,CAAC,IAAI,CAC3F,WAAW,CACZ,EACD,CAAC;QACD,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,yBAAyB;YAC/B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,UAAU;YACpB,MAAM,EAAE,WAAW;SACpB,CAAC,CAAC;IACL,CAAC;IAED,+FAA+F;IAC/F,sFAAsF;IAEtF,wFAAwF;IACxF,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACpB,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS;YAAE,SAAS;QACvC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IACD,IAAI,WAAW,GAAG,SAAS,CAAC;IAC5B,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC;YACjB,WAAW,GAAG,CAAC,CAAC;YAChB,QAAQ,GAAG,CAAC,CAAC;YACb,IAAI,GAAG,KAAK,CAAC;QACf,CAAC;aAAM,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,GAAG,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC;IACjD,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAyB;IAC7D,OAAO,OAAO,CAAC,QAAQ,CAAC;AAC1B,CAAC"}

package/dist/model/index.d.ts

@@ -0,0 +1,6 @@
+export { type BuildProjectModelInput, buildProjectModel } from "./build.js";
+export { type CandidateHandler, detectCatalogHandlers } from "./catalog.js";
+export { type ComputeEvidenceInput, type ComputeEvidenceOutput, computeEvidence, locationFromCandidate, } from "./evidence.js";
+export { type ExtractMiddlewareInput, extractMiddlewareChain, } from "./middleware.js";
+export { type ComputeReachabilityInput, computeReachableSymbols, } from "./reachability.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/model/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/model/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC5E,OAAO,EAAE,KAAK,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EACL,KAAK,oBAAoB,EACzB,KAAK,qBAAqB,EAC1B,eAAe,EACf,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,KAAK,sBAAsB,EAC3B,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,KAAK,wBAAwB,EAC7B,uBAAuB,GACxB,MAAM,mBAAmB,CAAC"}

package/dist/model/index.js

@@ -0,0 +1,7 @@
+// model/ barrel — Plan 06a + 06b combined surface.
+export { buildProjectModel } from "./build.js";
+export { detectCatalogHandlers } from "./catalog.js";
+export { computeEvidence, locationFromCandidate, } from "./evidence.js";
+export { extractMiddlewareChain, } from "./middleware.js";
+export { computeReachableSymbols, } from "./reachability.js";
+//# sourceMappingURL=index.js.map

package/dist/model/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/model/index.ts"],"names":[],"mappings":"AAAA,mDAAmD;AACnD,OAAO,EAA+B,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC5E,OAAO,EAAyB,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAC5E,OAAO,EAGL,eAAe,EACf,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EAEL,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAEL,uBAAuB,GACxB,MAAM,mBAAmB,CAAC"}

package/dist/model/middleware.d.ts

@@ -0,0 +1,10 @@
+import type { ResolvedMiddleware } from "../types/handler.js";
+import type { ImportEdge, ParsedFile } from "../types/project-model.js";
+import type { CandidateHandler } from "./catalog.js";
+export interface ExtractMiddlewareInput {
+    readonly handler: CandidateHandler;
+    readonly parsedFile: ParsedFile;
+    readonly imports: ReadonlyArray<ImportEdge>;
+}
+export declare function extractMiddlewareChain(input: ExtractMiddlewareInput): ReadonlyArray<ResolvedMiddleware>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/model/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/model/middleware.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACxE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAErD,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACnC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,sBAAsB,GAC5B,aAAa,CAAC,kBAAkB,CAAC,CAgCnC"}

package/dist/model/middleware.js

@@ -0,0 +1,140 @@
+// D-36 middleware_chain population. Express + Hono + Fastify covered.
+// Flask middleware chains are decorator-based and rare on webhook routes; chain stays [] for v1
+// (deferred per Plan 06b's known limitations; rule authors who need Flask middleware ordering
+// can use a TS predicate via the D-28 escape hatch).
+import { walkBabelAst } from "../parsers/walk.js";
+export function extractMiddlewareChain(input) {
+    const { handler, parsedFile, imports } = input;
+    if (parsedFile.parse_error !== null || parsedFile.raw_ast === null)
+        return [];
+    // Decorator-based middleware on Python webhook handlers is rare; v1 leaves chain empty.
+    // Phase 6 corpus run will surface whether this is actually needed; if so, lift to v1.x.
+    if (handler.framework === "flask" ||
+        handler.framework === "django" ||
+        handler.framework === "fastapi") {
+        return [];
+    }
+    if (parsedFile.dialect !== "babel")
+        return [];
+    const ast = parsedFile.raw_ast;
+    const globalUses = [];
+    const routeArgs = [];
+    walkBabelAst(ast, (node) => {
+        const useEntry = matchAppUseRegistration(node, handler, imports);
+        if (useEntry)
+            globalUses.push(useEntry);
+        const routeMiddleware = matchRouteArgsMiddleware(node, handler, imports);
+        routeArgs.push(...routeMiddleware);
+    });
+    // Final chain: global app.use(...) registrations (in source order) followed by per-route
+    // middleware. Position is renumbered so the chain reads as "first middleware to run = position 0".
+    const merged = [];
+    for (const m of [...globalUses, ...routeArgs]) {
+        merged.push({ ...m, position: merged.length });
+    }
+    return merged;
+}
+// Match `app.use(...)` registrations registered before the handler's source location.
+function matchAppUseRegistration(node, handler, imports) {
+    if (node.type !== "ExpressionStatement")
+        return null;
+    const expr = node.expression;
+    if (expr.type !== "CallExpression")
+        return null;
+    const callee = expr.callee;
+    if (callee.type !== "MemberExpression")
+        return null;
+    if (callee.property.type !== "Identifier" || callee.property.name !== "use")
+        return null;
+    const loc = nodeLocation(node);
+    if (loc.line >= handler.location.line)
+        return null; // only middleware registered before the handler
+    const arg = expr.arguments[0];
+    if (!arg)
+        return null;
+    const name = identifierOrMemberName(arg);
+    if (!name)
+        return null;
+    return {
+        name,
+        import_source: resolveImportSource(name, imports),
+        position: 0, // renumbered after collection
+        location: loc,
+    };
+}
+// Match per-route middleware: `app.post('/x', mw1, mw2, handler)` — every CallExpression arg
+// between the path (index 0) and handler (final) is middleware.
+function matchRouteArgsMiddleware(node, handler, imports) {
+    if (node.type !== "ExpressionStatement")
+        return [];
+    const expr = node.expression;
+    if (expr.type !== "CallExpression")
+        return [];
+    const callee = expr.callee;
+    if (callee.type !== "MemberExpression")
+        return [];
+    if (callee.property.type !== "Identifier")
+        return [];
+    if (expr.arguments.length < 3)
+        return []; // need: path, ...middleware, handler
+    // Match this call site to our handler by source location.
+    const loc = nodeLocation(node);
+    if (loc.line !== handler.location.line || loc.col !== handler.location.col)
+        return [];
+    const out = [];
+    // Middleware is args[1..args.length-2] (path is [0], handler is final).
+    for (let i = 1; i < expr.arguments.length - 1; i++) {
+        const arg = expr.arguments[i];
+        if (!arg)
+            continue;
+        if (arg.type === "SpreadElement" || arg.type === "ArgumentPlaceholder")
+            continue;
+        const name = identifierOrMemberName(arg);
+        if (!name)
+            continue;
+        out.push({
+            name,
+            import_source: resolveImportSource(name, imports),
+            position: i - 1, // renumbered after collection
+            location: nodeLocation(arg),
+        });
+    }
+    return out;
+}
+function identifierOrMemberName(node) {
+    if (node.type === "Identifier")
+        return node.name;
+    if (node.type === "MemberExpression") {
+        const obj = identifierOrMemberName(node.object);
+        if (obj && node.property.type === "Identifier")
+            return `${obj}.${node.property.name}`;
+        return null;
+    }
+    if (node.type === "CallExpression") {
+        // e.g. `express.json()` — collapse to the callee chain.
+        return identifierOrMemberName(node.callee);
+    }
+    return null;
+}
+function nodeLocation(node) {
+    const loc = node.loc;
+    return {
+        line: loc?.start.line ?? 1,
+        col: (loc?.start.column ?? 0) + 1,
+        end_line: loc?.end.line ?? 1,
+        end_col: (loc?.end.column ?? 0) + 1,
+    };
+}
+function resolveImportSource(qualifiedName, imports) {
+    const root = qualifiedName.split(".")[0];
+    if (!root)
+        return null;
+    for (const edge of imports) {
+        for (const n of edge.imported_names) {
+            if (n.local === root)
+                return edge.to_module;
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=middleware.js.map

package/dist/model/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/model/middleware.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,gGAAgG;AAChG,8FAA8F;AAC9F,qDAAqD;AAGrD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAYlD,MAAM,UAAU,sBAAsB,CACpC,KAA6B;IAE7B,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAC/C,IAAI,UAAU,CAAC,WAAW,KAAK,IAAI,IAAI,UAAU,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAC9E,wFAAwF;IACxF,wFAAwF;IACxF,IACE,OAAO,CAAC,SAAS,KAAK,OAAO;QAC7B,OAAO,CAAC,SAAS,KAAK,QAAQ;QAC9B,OAAO,CAAC,SAAS,KAAK,SAAS,EAC/B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,UAAU,CAAC,OAAO,KAAK,OAAO;QAAE,OAAO,EAAE,CAAC;IAE9C,MAAM,GAAG,GAAG,UAAU,CAAC,OAAe,CAAC;IACvC,MAAM,UAAU,GAAyB,EAAE,CAAC;IAC5C,MAAM,SAAS,GAAyB,EAAE,CAAC;IAE3C,YAAY,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE;QACzB,MAAM,QAAQ,GAAG,uBAAuB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,QAAQ;YAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxC,MAAM,eAAe,GAAG,wBAAwB,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QACzE,SAAS,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,yFAAyF;IACzF,mGAAmG;IACnG,MAAM,MAAM,GAAyB,EAAE,CAAC;IACxC,KAAK,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,EAAE,GAAG,SAAS,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,sFAAsF;AACtF,SAAS,uBAAuB,CAC9B,IAAU,EACV,OAAyB,EACzB,OAAkC;IAElC,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB;QAAE,OAAO,IAAI,CAAC;IACrD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;IAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAC3B,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAEzF,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC,CAAC,gDAAgD;IAEpG,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,IAAI,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,OAAO;QACL,IAAI;QACJ,aAAa,EAAE,mBAAmB,CAAC,IAAI,EAAE,OAAO,CAAC;QACjD,QAAQ,EAAE,CAAC,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,GAAG;KACd,CAAC;AACJ,CAAC;AAED,6FAA6F;AAC7F,gEAAgE;AAChE,SAAS,wBAAwB,CAC/B,IAAU,EACV,OAAyB,EACzB,OAAkC;IAElC,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB;QAAE,OAAO,EAAE,CAAC;IACnD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;IAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;QAAE,OAAO,EAAE,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAC3B,IAAI,MAAM,CAAC,IAAI,KAAK,kBAAkB;QAAE,OAAO,EAAE,CAAC;IAClD,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,EAAE,CAAC;IACrD,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC,CAAC,qCAAqC;IAE/E,0DAA0D;IAC1D,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IAEtF,MAAM,GAAG,GAAyB,EAAE,CAAC;IACrC,wEAAwE;IACxE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACnD,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,IAAI,GAAG,CAAC,IAAI,KAAK,eAAe,IAAI,GAAG,CAAC,IAAI,KAAK,qBAAqB;YAAE,SAAS;QACjF,MAAM,IAAI,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,GAAG,CAAC,IAAI,CAAC;YACP,IAAI;YACJ,aAAa,EAAE,mBAAmB,CAAC,IAAI,EAAE,OAAO,CAAC;YACjD,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,8BAA8B;YAC/C,QAAQ,EAAE,YAAY,CAAC,GAAG,CAAC;SAC5B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAU;IACxC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC;IACjD,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;YAAE,OAAO,GAAG,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;QACnC,wDAAwD;QACxD,OAAO,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,IAAU;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;IACrB,OAAO;QACL,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;QAC1B,GAAG,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;QACjC,QAAQ,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC;QAC5B,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,OAAkC;IAElC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/model/reachability.d.ts

@@ -0,0 +1,11 @@
+import type { ReachableSymbol } from "../types/handler.js";
+import type { ImportEdge, ParsedFile } from "../types/project-model.js";
+export interface ComputeReachabilityInput {
+    readonly handler_body_node: unknown;
+    readonly handler_file: ParsedFile;
+    readonly all_files: ReadonlyArray<ParsedFile>;
+    readonly imports: ReadonlyArray<ImportEdge>;
+    readonly maxDepth: number;
+}
+export declare function computeReachableSymbols(input: ComputeReachabilityInput): ReadonlyArray<ReachableSymbol>;
+//# sourceMappingURL=reachability.d.ts.map

package/dist/model/reachability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"reachability.d.ts","sourceRoot":"","sources":["../../src/model/reachability.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAiBxE,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,UAAU,CAAC;IAClC,QAAQ,CAAC,SAAS,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;IAC9C,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;IAC5C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAcD,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,wBAAwB,GAC9B,aAAa,CAAC,eAAe,CAAC,CA0DhC"}

package/dist/model/reachability.js

@@ -0,0 +1,260 @@
+// D-34: bounded-depth reachable symbols, with cross-file traversal via ImportEdge.
+// Walks the import graph + intra-file call graph + middleware chain to a configurable depth
+// (default 3 hops). Catches: middleware verification, util-extracted verification,
+// decorator-applied verification. Misses: dynamic dispatch, reflection — surfaced as
+// `manual-review` candidates by rules (PITFALLS #3 graded-confidence policy).
+//
+// Caps:
+//   - maxDepth (caller-supplied via config.reachability_max_depth; default 3)
+//   - MAX_VISITED_SYMBOLS = 1000 per handler (DoS defense — threat-model T-02-06b-04)
+import { walkBabelAst } from "../parsers/walk.js";
+const MAX_VISITED_SYMBOLS = 1000;
+export function computeReachableSymbols(input) {
+    const visited = new Set();
+    const out = [];
+    // Index every file's top-level symbols so cross-file traversal can resolve `mod.name` → AST.
+    const symbolTables = new Map();
+    for (const f of input.all_files) {
+        if (f.parse_error !== null || f.raw_ast === null)
+            continue;
+        symbolTables.set(f.file_path, { file: f, symbols: buildSymbolTable(f) });
+    }
+    const record = (entry) => {
+        if (visited.has(entry.qualified_name))
+            return false;
+        if (visited.size >= MAX_VISITED_SYMBOLS)
+            return false; // T-02-06b-04 DoS cap
+        visited.add(entry.qualified_name);
+        out.push(entry);
+        return true;
+    };
+    // Hop 1: direct calls in the handler body.
+    for (const call of collectCalls(input.handler_body_node, input.handler_file.dialect)) {
+        record({
+            qualified_name: call,
+            import_source: resolveImportSource(call, input.imports),
+            hops: 1,
+            via: "direct call",
+        });
+    }
+    // BFS frontier — each entry tracks the file that defined the symbol body so subsequent hops
+    // can keep resolving locally or follow imports into other files.
+    let frontier = out.map((e) => ({ entry: e, resolverFile: input.handler_file.file_path }));
+    for (let hop = 2; hop <= input.maxDepth; hop++) {
+        if (visited.size >= MAX_VISITED_SYMBOLS)
+            break;
+        const next = [];
+        for (const { entry, resolverFile } of frontier) {
+            const expansions = expandFrontierEntry(entry, resolverFile, symbolTables, input);
+            for (const exp of expansions) {
+                const newEntry = {
+                    qualified_name: exp.qualified_name,
+                    import_source: exp.import_source,
+                    hops: hop,
+                    via: exp.via,
+                };
+                if (record(newEntry)) {
+                    next.push({ entry: newEntry, resolverFile: exp.nextResolverFile });
+                }
+            }
+        }
+        if (next.length === 0)
+            break;
+        frontier = next;
+    }
+    return out;
+}
+// Expand one frontier entry — branches on whether it's a cross-file imported symbol or a local one.
+function expandFrontierEntry(entry, resolverFile, symbolTables, input) {
+    // Branch A — imported symbol → walk into target module's matching top-level symbol body.
+    if (entry.import_source !== null) {
+        const targetFile = resolveModuleToFile(entry.import_source, input.all_files);
+        if (!targetFile)
+            return [];
+        const targetTable = symbolTables.get(targetFile.file_path);
+        if (!targetTable)
+            return [];
+        const exportedName = findExportedName(entry.qualified_name, input.imports);
+        if (!exportedName)
+            return [];
+        const symbolBody = targetTable.symbols.get(exportedName);
+        if (!symbolBody)
+            return [];
+        return collectCalls(symbolBody, targetFile.dialect).map((inner) => ({
+            qualified_name: inner,
+            import_source: resolveImportSource(inner, targetFile.imports),
+            via: `${entry.qualified_name} (imported from ${entry.import_source})`,
+            nextResolverFile: targetFile.file_path,
+        }));
+    }
+    // Branch B — local symbol → walk its body in the resolver file.
+    const resolverTable = symbolTables.get(resolverFile);
+    if (!resolverTable)
+        return [];
+    const localBody = resolverTable.symbols.get(entry.qualified_name);
+    if (!localBody)
+        return [];
+    return collectCalls(localBody, resolverTable.file.dialect).map((inner) => ({
+        qualified_name: inner,
+        import_source: resolveImportSource(inner, resolverTable.file.imports),
+        via: `${entry.qualified_name} (local in ${resolverFile})`,
+        nextResolverFile: resolverFile,
+    }));
+}
+// Build per-file symbol table from FunctionDeclarations + VariableDeclarations holding
+// ArrowFunctionExpression / FunctionExpression. Python: function_definition + class methods.
+function buildSymbolTable(file) {
+    const out = new Map();
+    if (file.dialect === "babel") {
+        const ast = file.raw_ast;
+        for (const stmt of ast.program.body) {
+            collectTopLevelSymbols(stmt, out);
+        }
+    }
+    else if (file.dialect === "tree-sitter-python") {
+        const tree = file.raw_ast;
+        for (const fn of tree.rootNode.descendantsOfType(["function_definition"])) {
+            const name = fn.childForFieldName("name")?.text;
+            if (name)
+                out.set(name, fn);
+        }
+        for (const klass of tree.rootNode.descendantsOfType(["class_definition"])) {
+            const className = klass.childForFieldName("name")?.text;
+            const body = klass.childForFieldName("body");
+            if (!className || !body)
+                continue;
+            for (const fn of body.descendantsOfType(["function_definition"])) {
+                const methodName = fn.childForFieldName("name")?.text;
+                if (methodName)
+                    out.set(`${className}.${methodName}`, fn);
+            }
+        }
+    }
+    return out;
+}
+function collectTopLevelSymbols(stmt, out) {
+    if (stmt.type === "FunctionDeclaration") {
+        if (stmt.id?.name)
+            out.set(stmt.id.name, stmt);
+        return;
+    }
+    if (stmt.type === "VariableDeclaration") {
+        for (const decl of stmt.declarations) {
+            const name = decl.id.type === "Identifier" ? decl.id.name : null;
+            const init = decl.init;
+            if (!name || !init)
+                continue;
+            if (init.type === "ArrowFunctionExpression" || init.type === "FunctionExpression") {
+                out.set(name, init);
+            }
+        }
+        return;
+    }
+    if (stmt.type === "ExportNamedDeclaration" && stmt.declaration) {
+        collectTopLevelSymbols(stmt.declaration, out);
+        return;
+    }
+    if (stmt.type === "ExportDefaultDeclaration") {
+        const decl = stmt.declaration;
+        if (decl.type === "FunctionDeclaration" && decl.id?.name) {
+            out.set(decl.id.name, decl);
+        }
+    }
+}
+function collectCalls(body, dialect) {
+    if (dialect === "babel")
+        return collectCallsBabel(body);
+    if (dialect === "tree-sitter-python")
+        return collectCallsPython(body);
+    return [];
+}
+function collectCallsBabel(root) {
+    const out = [];
+    walkBabelAst(root, (node) => {
+        if (node.type !== "CallExpression")
+            return;
+        const qn = qnameBabel(node.callee);
+        if (qn)
+            out.push(qn);
+    });
+    return out;
+}
+function qnameBabel(node) {
+    if (node.type === "Identifier")
+        return node.name;
+    if (node.type === "MemberExpression") {
+        const obj = qnameBabel(node.object);
+        const prop = node.property;
+        if (!obj)
+            return null;
+        if (prop.type === "Identifier")
+            return `${obj}.${prop.name}`;
+    }
+    return null;
+}
+function collectCallsPython(body) {
+    if (!body || typeof body !== "object")
+        return [];
+    const node = body;
+    if (typeof node.descendantsOfType !== "function")
+        return [];
+    const out = [];
+    for (const c of node.descendantsOfType(["call"])) {
+        const fn = c.childForFieldName("function");
+        if (fn?.text)
+            out.push(fn.text);
+    }
+    return out;
+}
+function resolveImportSource(qualifiedName, imports) {
+    // qualified_name like `stripe.webhooks.constructEvent` — root identifier is `stripe`.
+    const root = qualifiedName.split(".")[0];
+    if (!root)
+        return null;
+    for (const edge of imports) {
+        for (const name of edge.imported_names) {
+            if (name.local === root)
+                return edge.to_module;
+        }
+    }
+    return null;
+}
+function findExportedName(qualifiedName, imports) {
+    // Map local name back to its source-side export name (e.g. `cd` → `compare_digest`
+    // when imported via `from hmac import compare_digest as cd`).
+    const root = qualifiedName.split(".")[0];
+    if (!root)
+        return null;
+    for (const edge of imports) {
+        for (const name of edge.imported_names) {
+            if (name.local === root)
+                return name.source === "default" ? root : name.source;
+        }
+    }
+    return null;
+}
+function resolveModuleToFile(moduleName, allFiles) {
+    // Best-effort lookup: relative paths only. Bare module names (e.g. `express`) live in
+    // node_modules — outside the scanned tree — so cannot be followed. Symbol stays as an
+    // external leaf with import_source set, which is what rules need for D-34 set-lookup.
+    if (!moduleName.startsWith(".") && !moduleName.startsWith("/"))
+        return null;
+    // Strip leading ./ or ../, then drop any source-file extension so ESM-style imports
+    // (`./foo.js` → src `./foo.ts`) and bare imports (`./foo`) both resolve.
+    const noLead = moduleName.replace(/^\.\.?\//, "").replace(/^\.\//, "");
+    const stem = noLead.replace(/\.(?:ts|tsx|js|jsx|mjs|cjs|py)$/i, "");
+    for (const f of allFiles) {
+        if (f.file_path === noLead)
+            return f;
+        for (const ext of [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".py"]) {
+            if (f.file_path.endsWith(`${stem}${ext}`))
+                return f;
+        }
+        for (const indexFile of ["/index.ts", "/index.js", "/index.tsx", "/index.jsx"]) {
+            if (f.file_path.endsWith(`${stem}${indexFile}`))
+                return f;
+        }
+    }
+    return null;
+}
+//# sourceMappingURL=reachability.js.map

package/dist/model/reachability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"reachability.js","sourceRoot":"","sources":["../../src/model/reachability.ts"],"names":[],"mappings":"AAAA,mFAAmF;AACnF,4FAA4F;AAC5F,mFAAmF;AACnF,qFAAqF;AACrF,8EAA8E;AAC9E,EAAE;AACF,QAAQ;AACR,8EAA8E;AAC9E,sFAAsF;AAGtF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAIlD,MAAM,mBAAmB,GAAG,IAAI,CAAC;AAmCjC,MAAM,UAAU,uBAAuB,CACrC,KAA+B;IAE/B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,GAAG,GAAkB,EAAE,CAAC;IAE9B,6FAA6F;IAC7F,MAAM,YAAY,GAAG,IAAI,GAAG,EAA2B,CAAC;IACxD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,WAAW,KAAK,IAAI,IAAI,CAAC,CAAC,OAAO,KAAK,IAAI;YAAE,SAAS;QAC3D,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,MAAM,GAAG,CAAC,KAAkB,EAAW,EAAE;QAC7C,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC;YAAE,OAAO,KAAK,CAAC;QACpD,IAAI,OAAO,CAAC,IAAI,IAAI,mBAAmB;YAAE,OAAO,KAAK,CAAC,CAAC,sBAAsB;QAC7E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QAClC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,2CAA2C;IAC3C,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,KAAK,CAAC,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;QACrF,MAAM,CAAC;YACL,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC;YACvD,IAAI,EAAE,CAAC;YACP,GAAG,EAAE,aAAa;SACnB,CAAC,CAAC;IACL,CAAC;IAED,4FAA4F;IAC5F,iEAAiE;IACjE,IAAI,QAAQ,GAA0E,GAAG,CAAC,GAAG,CAC3F,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC,CAClE,CAAC;IAEF,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,IAAI,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,IAAI,IAAI,mBAAmB;YAAE,MAAM;QAC/C,MAAM,IAAI,GAA0E,EAAE,CAAC;QAEvF,KAAK,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,QAAQ,EAAE,CAAC;YAC/C,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC,CAAC;YACjF,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;gBAC7B,MAAM,QAAQ,GAAgB;oBAC5B,cAAc,EAAE,GAAG,CAAC,cAAc;oBAClC,aAAa,EAAE,GAAG,CAAC,aAAa;oBAChC,IAAI,EAAE,GAAG;oBACT,GAAG,EAAE,GAAG,CAAC,GAAG;iBACb,CAAC;gBACF,IAAI,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBACrE,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM;QAC7B,QAAQ,GAAG,IAAI,CAAC;IAClB,CAAC;IAED,OAAO,GAAqC,CAAC;AAC/C,CAAC;AASD,oGAAoG;AACpG,SAAS,mBAAmB,CAC1B,KAAkB,EAClB,YAAoB,EACpB,YAA0C,EAC1C,KAA+B;IAE/B,yFAAyF;IACzF,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;QAC7E,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,OAAO,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,gBAAgB,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3E,IAAI,CAAC,YAAY;YAAE,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACzD,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,CAAC;QAC3B,OAAO,YAAY,CAAC,UAAU,EAAE,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YAClE,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,mBAAmB,CAAC,KAAK,EAAE,UAAU,CAAC,OAAO,CAAC;YAC7D,GAAG,EAAE,GAAG,KAAK,CAAC,cAAc,mBAAmB,KAAK,CAAC,aAAa,GAAG;YACrE,gBAAgB,EAAE,UAAU,CAAC,SAAS;SACvC,CAAC,CAAC,CAAC;IACN,CAAC;IACD,gEAAgE;IAChE,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,CAAC,aAAa;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAClE,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,CAAC;IAC1B,OAAO,YAAY,CAAC,SAAS,EAAE,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACzE,cAAc,EAAE,KAAK;QACrB,aAAa,EAAE,mBAAmB,CAAC,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC;QACrE,GAAG,EAAE,GAAG,KAAK,CAAC,cAAc,cAAc,YAAY,GAAG;QACzD,gBAAgB,EAAE,YAAY;KAC/B,CAAC,CAAC,CAAC;AACN,CAAC;AAED,uFAAuF;AACvF,6FAA6F;AAC7F,SAAS,gBAAgB,CAAC,IAAgB;IACxC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAmB,CAAC;IACvC,IAAI,IAAI,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAe,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACpC,sBAAsB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,OAAO,KAAK,oBAAoB,EAAE,CAAC;QACjD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAqC,CAAC;QACxD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,GAAG,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC;YAChD,IAAI,IAAI;gBAAE,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC9B,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,kBAAkB,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,SAAS,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC;YACxD,MAAM,IAAI,GAAG,KAAK,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI;gBAAE,SAAS;YAClC,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,iBAAiB,CAAC,CAAC,qBAAqB,CAAC,CAAC,EAAE,CAAC;gBACjE,MAAM,UAAU,GAAG,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC;gBACtD,IAAI,UAAU;oBAAE,GAAG,CAAC,GAAG,CAAC,GAAG,SAAS,IAAI,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAU,EAAE,GAAyB;IACnE,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACxC,IAAI,IAAI,CAAC,EAAE,EAAE,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YACjE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;gBAAE,SAAS;YAC7B,IAAI,IAAI,CAAC,IAAI,KAAK,yBAAyB,IAAI,IAAI,CAAC,IAAI,KAAK,oBAAoB,EAAE,CAAC;gBAClF,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACtB,CAAC;QACH,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,wBAAwB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QAC/D,sBAAsB,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,0BAA0B,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,IAAI,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC;YACzD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,OAA8B;IACjE,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,iBAAiB,CAAC,IAAY,CAAC,CAAC;IAChE,IAAI,OAAO,KAAK,oBAAoB;QAAE,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACtE,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAU;IACnC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,YAAY,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,EAAE;QAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;YAAE,OAAO;QAC3C,MAAM,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,EAAE;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,IAAuB;IACzC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC;IACjD,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;YAAE,OAAO,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;IAC/D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAa;IACvC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACjD,MAAM,IAAI,GAAG,IAA6B,CAAC;IAC3C,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,UAAU;QAAE,OAAO,EAAE,CAAC;IAC5D,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QACjD,MAAM,EAAE,GAAG,CAAC,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,EAAE,EAAE,IAAI;YAAE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,OAAkC;IAElC,sFAAsF;IACtF,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QACjD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CACvB,aAAqB,EACrB,OAAkC;IAElC,mFAAmF;IACnF,8DAA8D;IAC9D,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACvC,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QACjF,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAC1B,UAAkB,EAClB,QAAmC;IAEnC,sFAAsF;IACtF,sFAAsF;IACtF,sFAAsF;IACtF,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5E,oFAAoF;IACpF,yEAAyE;IACzE,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACvE,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,kCAAkC,EAAE,EAAE,CAAC,CAAC;IACpE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,SAAS,KAAK,MAAM;YAAE,OAAO,CAAC,CAAC;QACrC,KAAK,MAAM,GAAG,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;YACxE,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;gBAAE,OAAO,CAAC,CAAC;QACtD,CAAC;QACD,KAAK,MAAM,SAAS,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,CAAC,EAAE,CAAC;YAC/E,IAAI,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,SAAS,EAAE,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/parsers/babel.d.ts

@@ -0,0 +1,11 @@
+import type { File, Node } from "@babel/types";
+import type { ParsedFile } from "../types/project-model.js";
+export interface ParseJsTsInput {
+    readonly file_path: string;
+    readonly source_text: string;
+    readonly hint?: "ts" | "tsx" | "js" | "jsx";
+}
+export declare function parseJsTs(input: ParseJsTsInput): Promise<ParsedFile>;
+export type BabelFile = File;
+export type BabelNode = Node;
+//# sourceMappingURL=babel.d.ts.map

package/dist/parsers/babel.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"babel.d.ts","sourceRoot":"","sources":["../../src/parsers/babel.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,IAAI,EAAqB,IAAI,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,KAAK,EAAc,UAAU,EAAoB,MAAM,2BAA2B,CAAC;AAE1F,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,CAAC;CAC7C;AAiCD,wBAAsB,SAAS,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,CAoC1E;AAmDD,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC;AAC7B,MAAM,MAAM,SAAS,GAAG,IAAI,CAAC"}