@kernlang/review 3.3.5 → 3.3.7

package/dist/concept-rules/duplicate-route.js

@@ -0,0 +1,112 @@
+/**
+ * Rule: duplicate-route
+ *
+ * Server-side rule — fires when two or more route decorators declare the
+ * same `{path, method}` combination in the reviewed project. Real-bug
+ * classes:
+ *   - Someone renamed a handler but forgot to delete the old one; both fire,
+ *     order-dependent, one silently shadows the other.
+ *   - A copy-paste left an `@router.get("/users")` pair intact.
+ *   - A FastAPI router was mounted twice under the same prefix by accident.
+ *
+ * Fires on the SECOND and later occurrences (the first is the canonical
+ * declaration; duplicates are the bug). No-verb routes (`app.use`) key
+ * under `ANY` so two `use('/x')` calls still surface as duplicates.
+ *
+ * Path-only scope: does not cross-correlate client calls. Graph mode only.
+ */
+import { createFingerprint } from '../types.js';
+import { CROSS_STACK_EXACT_CONFIDENCE, collectRoutesAcrossGraph } from './cross-stack-utils.js';
+export function duplicateRoute(ctx) {
+    if (!ctx.allConcepts || ctx.allConcepts.size === 0)
+        return [];
+    const routes = collectRoutesAcrossGraph(ctx.allConcepts);
+    if (routes.length < 2)
+        return [];
+    // Group by `${METHOD} ${path}` for exact duplicates, BUT wildcard routes
+    // (`ALL`/`ANY`/undefined) shadow specific verbs on the same path. Codex
+    // review caught that the naïve keying missed `app.all('/x')` +
+    // `app.get('/x')` collisions. We do two passes:
+    //   1. Group routes at each path by wildcard-vs-specific classification.
+    //   2. Within a path, if there's a wildcard route AND any specific verb
+    //      route, they collide (pick the later one as the "duplicate").
+    //   3. Also flag same-path-same-method duplicates as before.
+    const byKey = new Map();
+    const byPath = new Map();
+    for (const r of routes) {
+        const method = (r.method ?? 'ANY').toUpperCase();
+        const key = `${method} ${r.path}`;
+        const keyList = byKey.get(key) ?? [];
+        keyList.push(r);
+        byKey.set(key, keyList);
+        const pathList = byPath.get(r.path) ?? [];
+        pathList.push(r);
+        byPath.set(r.path, pathList);
+    }
+    // Wildcard-vs-specific collisions: when a path has a wildcard-accepting
+    // route and any specific-verb route, the handlers shadow each other.
+    const WILDCARD = new Set(['ALL', 'ANY']);
+    for (const [, pathRoutes] of byPath) {
+        if (pathRoutes.length < 2)
+            continue;
+        const wildcards = pathRoutes.filter((r) => {
+            const m = (r.method ?? 'ANY').toUpperCase();
+            return WILDCARD.has(m);
+        });
+        if (wildcards.length === 0)
+            continue;
+        // Synthesize a collision key so the existing emission loop fires.
+        // Keep the wildcard as canonical (first), flag every specific-verb route
+        // on this path as the duplicate.
+        const specifics = pathRoutes.filter((r) => {
+            const m = (r.method ?? 'ANY').toUpperCase();
+            return !WILDCARD.has(m);
+        });
+        if (specifics.length === 0)
+            continue;
+        const collisionKey = `* ${wildcards[0].path}`;
+        if (!byKey.has(collisionKey))
+            byKey.set(collisionKey, [wildcards[0], ...specifics]);
+    }
+    const findings = [];
+    const seen = new Set();
+    for (const [key, list] of byKey) {
+        if (list.length < 2)
+            continue;
+        const isWildcardCollision = key.startsWith('* ');
+        const duplicates = list.slice(1);
+        for (const dup of duplicates) {
+            if (!dup.node || dup.node.primarySpan.file !== ctx.filePath)
+                continue;
+            const fingerprint = createFingerprint('duplicate-route', dup.node.primarySpan.startLine, dup.node.primarySpan.startCol);
+            if (seen.has(fingerprint))
+                continue;
+            seen.add(fingerprint);
+            const first = list[0];
+            const firstFile = first.node?.primarySpan.file ?? 'another file';
+            const firstLine = first.node?.primarySpan.startLine;
+            const firstRef = firstLine != null ? `${shortPath(firstFile)}:${firstLine}` : shortPath(firstFile);
+            const firstMethod = (first.method ?? 'ANY').toUpperCase();
+            const dupMethod = (dup.method ?? 'ANY').toUpperCase();
+            const message = isWildcardCollision
+                ? `Route \`${dupMethod} ${dup.path}\` is shadowed by wildcard route \`${firstMethod} ${dup.path}\` at ${firstRef}. The wildcard handler will match ${dupMethod} requests depending on registration order.`
+                : `Duplicate route declaration: \`${key}\` is already declared at ${firstRef}. One of the two handlers will silently shadow the other.`;
+            findings.push({
+                source: 'kern',
+                ruleId: 'duplicate-route',
+                severity: 'warning',
+                category: 'bug',
+                message,
+                primarySpan: dup.node.primarySpan,
+                fingerprint,
+                confidence: dup.node.confidence * CROSS_STACK_EXACT_CONFIDENCE,
+            });
+        }
+    }
+    return findings;
+}
+function shortPath(filePath) {
+    const parts = filePath.split('/');
+    return parts.slice(-2).join('/');
+}
+//# sourceMappingURL=duplicate-route.js.map

package/dist/concept-rules/duplicate-route.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"duplicate-route.js","sourceRoot":"","sources":["../../src/concept-rules/duplicate-route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAGhG,MAAM,UAAU,cAAc,CAAC,GAAuB;IACpD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,MAAM,GAAG,wBAAwB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAEjC,yEAAyE;IACzE,wEAAwE;IACxE,+DAA+D;IAC/D,gDAAgD;IAChD,yEAAyE;IACzE,wEAAwE;IACxE,oEAAoE;IACpE,6DAA6D;IAC7D,MAAM,KAAK,GAAG,IAAI,GAAG,EAAyB,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAyB,CAAC;IAChD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,wEAAwE;IACxE,qEAAqE;IACrE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;IACzC,KAAK,MAAM,CAAC,EAAE,UAAU,CAAC,IAAI,MAAM,EAAE,CAAC;QACpC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QACpC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACxC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;QACH,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACrC,kEAAkE;QAClE,yEAAyE;QACzE,iCAAiC;QACjC,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACxC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QACH,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACrC,MAAM,YAAY,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC;YAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC;QAChC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAC9B,MAAM,mBAAmB,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACjD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ;gBAAE,SAAS;YACtE,MAAM,WAAW,GAAG,iBAAiB,CACnC,iBAAiB,EACjB,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,EAC9B,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAC9B,CAAC;YACF,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;gBAAE,SAAS;YACpC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YAEtB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,IAAI,cAAc,CAAC;YACjE,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,SAAS,CAAC;YACpD,MAAM,QAAQ,GAAG,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACnG,MAAM,WAAW,GAAG,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YAC1D,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;YACtD,MAAM,OAAO,GAAG,mBAAmB;gBACjC,CAAC,CAAC,WAAW,SAAS,IAAI,GAAG,CAAC,IAAI,sCAAsC,WAAW,IAAI,GAAG,CAAC,IAAI,SAAS,QAAQ,qCAAqC,SAAS,4CAA4C;gBAC1M,CAAC,CAAC,kCAAkC,GAAG,6BAA6B,QAAQ,2DAA2D,CAAC;YAC1I,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,iBAAiB;gBACzB,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO;gBACP,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC,WAAW;gBACjC,WAAW;gBACX,UAAU,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,4BAA4B;aAC/D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAClC,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnC,CAAC"}

package/dist/concept-rules/index.js

@@ -4,21 +4,35 @@
  * These rules work on any language that emits concepts.
  * Language-agnostic by design.
  */
+import { authDrift } from './auth-drift.js';
 import { boundaryMutation } from './boundary-mutation.js';
 import { contractDrift } from './contract-drift.js';
+import { contractMethodDrift } from './contract-method-drift.js';
+import { duplicateRoute } from './duplicate-route.js';
 import { ignoredError } from './ignored-error.js';
+import { missingResponseModel } from './missing-response-model.js';
+import { orphanRoute } from './orphan-route.js';
+import { syncHandlerDoesIo } from './sync-handler-does-io.js';
 import { taintedAcrossWire } from './tainted-across-wire.js';
 import { unguardedEffect } from './unguarded-effect.js';
 import { unrecoveredEffect } from './unrecovered-effect.js';
 import { untypedApiResponse } from './untyped-api-response.js';
+import { untypedBothEndsResponse } from './untyped-both-ends-response.js';
 export const conceptRules = [
+    authDrift,
     boundaryMutation,
     contractDrift,
+    contractMethodDrift,
+    duplicateRoute,
     ignoredError,
+    missingResponseModel,
+    syncHandlerDoesIo,
+    orphanRoute,
     taintedAcrossWire,
     unguardedEffect,
     unrecoveredEffect,
     untypedApiResponse,
+    untypedBothEndsResponse,
 ];
 export function runConceptRules(concepts, filePath, allConcepts, graphImports) {
     const ctx = { concepts, filePath, allConcepts, graphImports };

package/dist/concept-rules/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/concept-rules/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAa/D,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,gBAAgB;IAChB,aAAa;IACb,YAAY;IACZ,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,kBAAkB;CACnB,CAAC;AAEF,MAAM,UAAU,eAAe,CAC7B,QAAoB,EACpB,QAAgB,EAChB,WAAqC,EACrC,YAAoC;IAEpC,MAAM,GAAG,GAAuB,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;IAClF,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/concept-rules/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAa1E,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,SAAS;IACT,gBAAgB;IAChB,aAAa;IACb,mBAAmB;IACnB,cAAc;IACd,YAAY;IACZ,oBAAoB;IACpB,iBAAiB;IACjB,WAAW;IACX,iBAAiB;IACjB,eAAe;IACf,iBAAiB;IACjB,kBAAkB;IAClB,uBAAuB;CACxB,CAAC;AAEF,MAAM,UAAU,eAAe,CAC7B,QAAoB,EACpB,QAAgB,EAChB,WAAqC,EACrC,YAAoC;IAEpC,MAAM,GAAG,GAAuB,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC;IAClF,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/missing-response-model.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Rule: missing-response-model
+ *
+ * Fires on Python route decorators that do not declare a FastAPI
+ * `response_model=...`. Kept Python-scoped because other route mappers do
+ * not currently surface an equivalent response-schema signal.
+ */
+import type { ReviewFinding } from '../types.js';
+import type { ConceptRuleContext } from './index.js';
+export declare function missingResponseModel(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/missing-response-model.js

@@ -0,0 +1,38 @@
+/**
+ * Rule: missing-response-model
+ *
+ * Fires on Python route decorators that do not declare a FastAPI
+ * `response_model=...`. Kept Python-scoped because other route mappers do
+ * not currently surface an equivalent response-schema signal.
+ */
+import { createFingerprint } from '../types.js';
+import { CROSS_STACK_HEURISTIC_CONFIDENCE, hasFastApiEvidence } from './cross-stack-utils.js';
+export function missingResponseModel(ctx) {
+    const findings = [];
+    if (!hasFastApiEvidence(ctx.concepts))
+        return findings;
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'entrypoint')
+            continue;
+        if (node.payload.kind !== 'entrypoint')
+            continue;
+        if (node.payload.subtype !== 'route')
+            continue;
+        if (node.language !== 'py')
+            continue;
+        if (node.payload.responseModel)
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'missing-response-model',
+            severity: 'warning',
+            category: 'bug',
+            message: `Route \`${node.payload.name}\` has no FastAPI response_model. Add response_model=... so backend response-shape drift is caught at the contract boundary.`,
+            primarySpan: node.primarySpan,
+            fingerprint: createFingerprint('missing-response-model', node.primarySpan.startLine, node.primarySpan.startCol),
+            confidence: node.confidence * CROSS_STACK_HEURISTIC_CONFIDENCE,
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=missing-response-model.js.map

package/dist/concept-rules/missing-response-model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"missing-response-model.js","sourceRoot":"","sources":["../../src/concept-rules/missing-response-model.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,gCAAgC,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAG9F,MAAM,UAAU,oBAAoB,CAAC,GAAuB;IAC1D,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAEvD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QACzC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QACjD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,OAAO;YAAE,SAAS;QAC/C,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI;YAAE,SAAS;QACrC,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa;YAAE,SAAS;QAEzC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,wBAAwB;YAChC,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,WAAW,IAAI,CAAC,OAAO,CAAC,IAAI,8HAA8H;YACnK,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,iBAAiB,CAAC,wBAAwB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC/G,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,gCAAgC;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/orphan-route.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Rule: orphan-route
+ *
+ * Cross-stack rule — mirror of contract-drift. Fires when a server-side route
+ * exists that no client call in the reviewed graph targets. Real-bug classes:
+ *   - Handler was kept live after the frontend renamed the URL it hits.
+ *   - Endpoint was written before the UI that would call it (forgotten TODO).
+ *   - A dev-only test endpoint made it into production code.
+ *
+ * v1 scope: path-only match (any client call whose normalized path matches
+ * the route template suppresses the finding, regardless of HTTP method). The
+ * method axis is left to `contract-method-drift` — compounding both here
+ * would double-fire on the same line.
+ *
+ * Requires graph mode: silent in single-file review. Single-file can't know
+ * "no one calls this" because callers live in other files by definition.
+ */
+import type { ReviewFinding } from '../types.js';
+import type { ConceptRuleContext } from './index.js';
+export declare function orphanRoute(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/orphan-route.js

@@ -0,0 +1,96 @@
+/**
+ * Rule: orphan-route
+ *
+ * Cross-stack rule — mirror of contract-drift. Fires when a server-side route
+ * exists that no client call in the reviewed graph targets. Real-bug classes:
+ *   - Handler was kept live after the frontend renamed the URL it hits.
+ *   - Endpoint was written before the UI that would call it (forgotten TODO).
+ *   - A dev-only test endpoint made it into production code.
+ *
+ * v1 scope: path-only match (any client call whose normalized path matches
+ * the route template suppresses the finding, regardless of HTTP method). The
+ * method axis is left to `contract-method-drift` — compounding both here
+ * would double-fire on the same line.
+ *
+ * Requires graph mode: silent in single-file review. Single-file can't know
+ * "no one calls this" because callers live in other files by definition.
+ */
+import { createFingerprint } from '../types.js';
+import { API_PATH_RE, CROSS_STACK_HEURISTIC_CONFIDENCE, collectRoutesAcrossGraph, findRoutesAtPath, normalizeClientUrl, } from './cross-stack-utils.js';
+export function orphanRoute(ctx) {
+    if (!ctx.allConcepts || ctx.allConcepts.size === 0)
+        return [];
+    const serverRoutes = collectRoutesAcrossGraph(ctx.allConcepts);
+    if (serverRoutes.length === 0)
+        return [];
+    // Collect every client-call path in the graph once so each route checks
+    // against a shared set rather than re-walking allConcepts.
+    //
+    // Codex review: if ANY network effect has an unresolved target (imported
+    // constant, URL builder, variable expression), the rule MUST abstain —
+    // the unresolved call could be hitting any of the "orphan" routes and
+    // we'd fire a false positive. Only run the rule when every client call
+    // is statically resolvable.
+    const clientPaths = new Set();
+    let hasUnresolvedTarget = false;
+    for (const [, conceptMap] of ctx.allConcepts) {
+        for (const node of conceptMap.nodes) {
+            if (node.kind !== 'effect' || node.payload.kind !== 'effect' || node.payload.subtype !== 'network')
+                continue;
+            const target = node.payload.target;
+            if (typeof target !== 'string') {
+                hasUnresolvedTarget = true;
+                continue;
+            }
+            const normalized = normalizeClientUrl(target);
+            if (!normalized) {
+                hasUnresolvedTarget = true;
+                continue;
+            }
+            if (!API_PATH_RE.test(normalized))
+                continue;
+            clientPaths.add(normalized);
+        }
+    }
+    // Gate: backend-only project (no client calls) — silent.
+    // Gate: any unresolved client targets — silent (Codex P2).
+    if (clientPaths.size === 0)
+        return [];
+    if (hasUnresolvedTarget)
+        return [];
+    const findings = [];
+    const seenFingerprints = new Set();
+    for (const route of serverRoutes) {
+        if (!route.node || route.node.primarySpan.file !== ctx.filePath)
+            continue;
+        if (clientCallMatches(route.path, clientPaths))
+            continue;
+        const fingerprint = createFingerprint('orphan-route', route.node.primarySpan.startLine, route.node.primarySpan.startCol);
+        // Router-mount expansion can cause the same per-file route to surface
+        // twice under different prefixes when two mounts share a router (rare
+        // but legal). Dedupe by fingerprint so we emit one finding per span.
+        if (seenFingerprints.has(fingerprint))
+            continue;
+        seenFingerprints.add(fingerprint);
+        const methodLabel = route.method ? `${route.method} ` : '';
+        findings.push({
+            source: 'kern',
+            ruleId: 'orphan-route',
+            severity: 'warning',
+            category: 'bug',
+            message: `Server defines \`${methodLabel}${route.path}\` but no client in the reviewed project calls this path. Either remove the handler or add the frontend caller.`,
+            primarySpan: route.node.primarySpan,
+            fingerprint,
+            confidence: route.node.confidence * CROSS_STACK_HEURISTIC_CONFIDENCE,
+        });
+    }
+    return findings;
+}
+function clientCallMatches(routePath, clientPaths) {
+    for (const cp of clientPaths) {
+        if (findRoutesAtPath(cp, [{ path: routePath, method: undefined }]).length > 0)
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=orphan-route.js.map

package/dist/concept-rules/orphan-route.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"orphan-route.js","sourceRoot":"","sources":["../../src/concept-rules/orphan-route.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,WAAW,EACX,gCAAgC,EAChC,wBAAwB,EACxB,gBAAgB,EAChB,kBAAkB,GACnB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,UAAU,WAAW,CAAC,GAAuB;IACjD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,YAAY,GAAG,wBAAwB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEzC,wEAAwE;IACxE,2DAA2D;IAC3D,EAAE;IACF,yEAAyE;IACzE,uEAAuE;IACvE,sEAAsE;IACtE,uEAAuE;IACvE,4BAA4B;IAC5B,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,IAAI,mBAAmB,GAAG,KAAK,CAAC;IAChC,KAAK,MAAM,CAAC,EAAE,UAAU,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;gBAAE,SAAS;YAC7G,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,mBAAmB,GAAG,IAAI,CAAC;gBAC3B,SAAS;YACX,CAAC;YACD,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,mBAAmB,GAAG,IAAI,CAAC;gBAC3B,SAAS;YACX,CAAC;YACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;gBAAE,SAAS;YAC5C,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,yDAAyD;IACzD,2DAA2D;IAC3D,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,IAAI,mBAAmB;QAAE,OAAO,EAAE,CAAC;IAEnC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAE3C,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ;YAAE,SAAS;QAC1E,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC;YAAE,SAAS;QAEzD,MAAM,WAAW,GAAG,iBAAiB,CACnC,cAAc,EACd,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,EAChC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAChC,CAAC;QACF,sEAAsE;QACtE,sEAAsE;QACtE,qEAAqE;QACrE,IAAI,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC;YAAE,SAAS;QAChD,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAElC,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,oBAAoB,WAAW,GAAG,KAAK,CAAC,IAAI,iHAAiH;YACtK,WAAW,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW;YACnC,WAAW;YACX,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,gCAAgC;SACrE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAiB,EAAE,WAAgC;IAC5E,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IAC7F,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/concept-rules/sync-handler-does-io.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Rule: sync-handler-does-io
+ *
+ * Fires when a route handler is explicitly synchronous and performs
+ * network/db/fs I/O in the same function container.
+ */
+import type { ReviewFinding } from '../types.js';
+import type { ConceptRuleContext } from './index.js';
+export declare function syncHandlerDoesIo(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/sync-handler-does-io.js

@@ -0,0 +1,56 @@
+/**
+ * Rule: sync-handler-does-io
+ *
+ * Fires when a route handler is explicitly synchronous and performs
+ * network/db/fs I/O in the same function container.
+ */
+import { createFingerprint } from '../types.js';
+const BLOCKING_IO_SUBTYPES = new Set(['network', 'db', 'fs']);
+export function syncHandlerDoesIo(ctx) {
+    const effectsByContainer = new Map();
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'effect')
+            continue;
+        if (node.payload.kind !== 'effect')
+            continue;
+        if (!BLOCKING_IO_SUBTYPES.has(node.payload.subtype))
+            continue;
+        if (!node.containerId)
+            continue;
+        const existing = effectsByContainer.get(node.containerId) ?? [];
+        existing.push(node);
+        effectsByContainer.set(node.containerId, existing);
+    }
+    const findings = [];
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'entrypoint')
+            continue;
+        if (node.payload.kind !== 'entrypoint')
+            continue;
+        if (node.payload.subtype !== 'route')
+            continue;
+        if (node.payload.isAsync !== false)
+            continue;
+        if (!node.containerId)
+            continue;
+        const effects = effectsByContainer.get(node.containerId);
+        if (!effects || effects.length === 0)
+            continue;
+        const firstEffect = effects[0];
+        if (firstEffect.payload.kind !== 'effect')
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'sync-handler-does-io',
+            severity: 'warning',
+            category: 'bug',
+            message: `Sync route handler \`${node.payload.name}\` performs ${firstEffect.payload.subtype} I/O. Make the handler async and use non-blocking I/O, or move the blocking work out of the request path.`,
+            primarySpan: node.primarySpan,
+            relatedSpans: effects.map((effect) => effect.primarySpan),
+            fingerprint: createFingerprint('sync-handler-does-io', node.primarySpan.startLine, node.primarySpan.startCol),
+            confidence: 0.9,
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=sync-handler-does-io.js.map

package/dist/concept-rules/sync-handler-does-io.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync-handler-does-io.js","sourceRoot":"","sources":["../../src/concept-rules/sync-handler-does-io.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAGhD,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE9D,MAAM,UAAU,iBAAiB,CAAC,GAAuB;IACvD,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAyB,CAAC;IAE5D,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;YAAE,SAAS;QACrC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;YAAE,SAAS;QAC7C,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,SAAS;QAC9D,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,SAAS;QAEhC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QAChE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpB,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QACzC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QACjD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,OAAO;YAAE,SAAS;QAC/C,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,KAAK;YAAE,SAAS;QAC7C,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,SAAS;QAEhC,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAC/B,IAAI,WAAW,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;YAAE,SAAS;QAEpD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sBAAsB;YAC9B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,wBAAwB,IAAI,CAAC,OAAO,CAAC,IAAI,eAAe,WAAW,CAAC,OAAO,CAAC,OAAO,2GAA2G;YACvM,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;YACzD,WAAW,EAAE,iBAAiB,CAAC,sBAAsB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC7G,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/tainted-across-wire.js

@@ -29,14 +29,11 @@
  * missing server matches (contract-drift owns that class).
  */
 import { createFingerprint } from '../types.js';
-import { API_PATH_RE, CROSS_STACK_HEURISTIC_CONFIDENCE, collectRoutes, findMatchingRoute, normalizeClientUrl, } from './cross-stack-utils.js';
+import { API_PATH_RE, CROSS_STACK_HEURISTIC_CONFIDENCE, collectRoutesAcrossGraph, findMatchingRoute, normalizeClientUrl, } from './cross-stack-utils.js';
 export function taintedAcrossWire(ctx) {
     if (!ctx.allConcepts || ctx.allConcepts.size === 0)
         return [];
-    const serverRoutes = [];
-    for (const [, conceptMap] of ctx.allConcepts) {
-        collectRoutes(conceptMap, serverRoutes);
-    }
+    const serverRoutes = collectRoutesAcrossGraph(ctx.allConcepts);
     if (serverRoutes.length === 0)
         return [];
     // Build the set of files that contain at least one validation guard.

package/dist/concept-rules/tainted-across-wire.js.map

@@ -1 +1 @@
-{"version":3,"file":"tainted-across-wire.js","sourceRoot":"","sources":["../../src/concept-rules/tainted-across-wire.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,WAAW,EACX,gCAAgC,EAChC,aAAa,EACb,iBAAiB,EACjB,kBAAkB,GAEnB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,UAAU,iBAAiB,CAAC,GAAuB;IACvD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,EAAE,UAAU,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7C,aAAa,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEzC,qEAAqE;IACrE,yEAAyE;IACzE,sEAAsE;IACtE,0EAA0E;IAC1E,yEAAyE;IACzE,sEAAsE;IACtE,0EAA0E;IAC1E,yEAAyE;IACzE,6CAA6C;IAC7C,MAAM,cAAc,GAAG,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAE9D,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;IAExE,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;YAAE,SAAS;QAC7G,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS;YAAE,SAAS;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,SAAS;QACzC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,SAAS;QAC3D,MAAM,YAAY,GAAG,iBAAiB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACjE,IAAI,CAAC,YAAY;YAAE,SAAS,CAAC,6CAA6C;QAC1E,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC;QACtD,IAAI,SAAS,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC;YAAE,SAAS;QAEzD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,qBAAqB;YAC7B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,0BAA0B,MAAM,gOAAgO;YACzQ,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC5G,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,gCAAgC;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAAC,WAAoC;IACjE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAsB,EAAE,CAAC;YACrD,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,OAAO;gBAAE,SAAS;YACrE,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,YAAY;gBAAE,SAAS;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACd,MAAM;QACR,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"tainted-across-wire.js","sourceRoot":"","sources":["../../src/concept-rules/tainted-across-wire.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,WAAW,EACX,gCAAgC,EAChC,wBAAwB,EACxB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,UAAU,iBAAiB,CAAC,GAAuB;IACvD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,YAAY,GAAG,wBAAwB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEzC,qEAAqE;IACrE,yEAAyE;IACzE,sEAAsE;IACtE,0EAA0E;IAC1E,yEAAyE;IACzE,sEAAsE;IACtE,0EAA0E;IAC1E,yEAAyE;IACzE,6CAA6C;IAC7C,MAAM,cAAc,GAAG,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAE9D,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;IAExE,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;YAAE,SAAS;QAC7G,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS;YAAE,SAAS;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,SAAS;QACzC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,SAAS;QAC3D,MAAM,YAAY,GAAG,iBAAiB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACjE,IAAI,CAAC,YAAY;YAAE,SAAS,CAAC,6CAA6C;QAC1E,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC;QACtD,IAAI,SAAS,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC;YAAE,SAAS;QAEzD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,qBAAqB;YAC7B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,0BAA0B,MAAM,gOAAgO;YACzQ,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,iBAAiB,CAAC,qBAAqB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC5G,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,gCAAgC;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAAC,WAAoC;IACjE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAsB,EAAE,CAAC;YACrD,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,OAAO;gBAAE,SAAS;YACrE,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,YAAY;gBAAE,SAAS;YACpD,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACd,MAAM;QACR,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/concept-rules/untyped-api-response.js

@@ -26,14 +26,11 @@
  * False positives here would poison the pitch.
  */
 import { createFingerprint } from '../types.js';
-import { API_PATH_RE, CROSS_STACK_HEURISTIC_CONFIDENCE, collectRoutes, hasMatchingRoute, normalizeClientUrl, } from './cross-stack-utils.js';
+import { API_PATH_RE, CROSS_STACK_HEURISTIC_CONFIDENCE, collectRoutesAcrossGraph, findMatchingRoute, isFastApiRouteMissingResponseModel, normalizeClientUrl, } from './cross-stack-utils.js';
 export function untypedApiResponse(ctx) {
     if (!ctx.allConcepts || ctx.allConcepts.size === 0)
         return [];
-    const serverRoutes = [];
-    for (const [, conceptMap] of ctx.allConcepts) {
-        collectRoutes(conceptMap, serverRoutes);
-    }
+    const serverRoutes = collectRoutesAcrossGraph(ctx.allConcepts);
     if (serverRoutes.length === 0)
         return [];
     const findings = [];
@@ -50,8 +47,13 @@ export function untypedApiResponse(ctx) {
         const normalized = normalizeClientUrl(target);
         if (!normalized || !API_PATH_RE.test(normalized))
             continue;
-        if (!hasMatchingRoute(normalized, serverRoutes))
+        const matchedRoute = findMatchingRoute(normalized, serverRoutes);
+        if (!matchedRoute)
+            continue;
+        if (matchedRoute.node &&
+            isFastApiRouteMissingResponseModel(matchedRoute.node, ctx.allConcepts.get(matchedRoute.node.primarySpan.file))) {
             continue;
+        }
         findings.push({
             source: 'kern',
             ruleId: 'untyped-api-response',

package/dist/concept-rules/untyped-api-response.js.map

@@ -1 +1 @@
-{"version":3,"file":"untyped-api-response.js","sourceRoot":"","sources":["../../src/concept-rules/untyped-api-response.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,WAAW,EACX,gCAAgC,EAChC,aAAa,EACb,gBAAgB,EAChB,kBAAkB,GAEnB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,UAAU,kBAAkB,CAAC,GAAuB;IACxD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,EAAE,UAAU,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7C,aAAa,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEzC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,0EAA0E;IAC1E,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;IACxE,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;YAAE,SAAS;QAC7G,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,KAAK,KAAK;YAAE,SAAS,CAAC,yBAAyB;QAChF,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,SAAS;QACzC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,SAAS;QAC3D,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,YAAY,CAAC;YAAE,SAAS;QAE1D,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sBAAsB;YAC9B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,mBAAmB,MAAM,wPAAwP;YAC1R,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,iBAAiB,CAAC,sBAAsB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC7G,uEAAuE;YACvE,sEAAsE;YACtE,wCAAwC;YACxC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,gCAAgC;SAC/D,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"untyped-api-response.js","sourceRoot":"","sources":["../../src/concept-rules/untyped-api-response.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,WAAW,EACX,gCAAgC,EAChC,wBAAwB,EACxB,iBAAiB,EACjB,kCAAkC,EAClC,kBAAkB,GACnB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,UAAU,kBAAkB,CAAC,GAAuB;IACxD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,YAAY,GAAG,wBAAwB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEzC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,0EAA0E;IAC1E,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;IACxE,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;YAAE,SAAS;QAC7G,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,KAAK,KAAK;YAAE,SAAS,CAAC,yBAAyB;QAChF,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,SAAS;QACzC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,SAAS;QAC3D,MAAM,YAAY,GAAG,iBAAiB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QACjE,IAAI,CAAC,YAAY;YAAE,SAAS;QAC5B,IACE,YAAY,CAAC,IAAI;YACjB,kCAAkC,CAAC,YAAY,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAC9G,CAAC;YACD,SAAS;QACX,CAAC;QAED,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sBAAsB;YAC9B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,mBAAmB,MAAM,wPAAwP;YAC1R,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,iBAAiB,CAAC,sBAAsB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC7G,uEAAuE;YACvE,sEAAsE;YACtE,wCAAwC;YACxC,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,gCAAgC;SAC/D,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/untyped-both-ends-response.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Rule: untyped-both-ends-response
+ *
+ * Cross-stack linker for the response typing wedge. Fires when the client
+ * consumes a matching API response without a type assertion and the Python
+ * server route also has no `response_model=...`.
+ */
+import type { ReviewFinding } from '../types.js';
+import type { ConceptRuleContext } from './index.js';
+export declare function untypedBothEndsResponse(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/untyped-both-ends-response.js

@@ -0,0 +1,55 @@
+/**
+ * Rule: untyped-both-ends-response
+ *
+ * Cross-stack linker for the response typing wedge. Fires when the client
+ * consumes a matching API response without a type assertion and the Python
+ * server route also has no `response_model=...`.
+ */
+import { createFingerprint } from '../types.js';
+import { API_PATH_RE, CROSS_STACK_HEURISTIC_CONFIDENCE, collectRoutesAcrossGraph, findMatchingRoute, isFastApiRouteMissingResponseModel, normalizeClientUrl, } from './cross-stack-utils.js';
+export function untypedBothEndsResponse(ctx) {
+    if (!ctx.allConcepts || ctx.allConcepts.size === 0)
+        return [];
+    const allConcepts = ctx.allConcepts;
+    const routesMissingModel = collectRoutesAcrossGraph(allConcepts).filter((route) => routeMissingResponseModel(route, allConcepts));
+    if (routesMissingModel.length === 0)
+        return [];
+    const findings = [];
+    const localConcepts = allConcepts.get(ctx.filePath) ?? ctx.concepts;
+    for (const node of localConcepts.nodes) {
+        if (node.language !== 'ts')
+            continue;
+        if (node.kind !== 'effect' || node.payload.kind !== 'effect' || node.payload.subtype !== 'network')
+            continue;
+        if (node.payload.responseAsserted !== false)
+            continue;
+        const target = node.payload.target;
+        if (typeof target !== 'string')
+            continue;
+        const normalized = normalizeClientUrl(target);
+        if (!normalized || !API_PATH_RE.test(normalized))
+            continue;
+        const matchedRoute = findMatchingRoute(normalized, routesMissingModel);
+        if (!matchedRoute?.node)
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'untyped-both-ends-response',
+            severity: 'warning',
+            category: 'bug',
+            message: `Response for \`${target}\` is untyped on both ends: the client consumes it without a type assertion and the matching backend route has no response_model.`,
+            primarySpan: node.primarySpan,
+            relatedSpans: [matchedRoute.node.primarySpan],
+            fingerprint: createFingerprint('untyped-both-ends-response', node.primarySpan.startLine, node.primarySpan.startCol),
+            confidence: Math.min(node.confidence, matchedRoute.node.confidence) * CROSS_STACK_HEURISTIC_CONFIDENCE,
+        });
+    }
+    return findings;
+}
+function routeMissingResponseModel(route, allConcepts) {
+    const node = route.node;
+    if (!node)
+        return false;
+    return isFastApiRouteMissingResponseModel(node, allConcepts.get(node.primarySpan.file));
+}
+//# sourceMappingURL=untyped-both-ends-response.js.map

package/dist/concept-rules/untyped-both-ends-response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"untyped-both-ends-response.js","sourceRoot":"","sources":["../../src/concept-rules/untyped-both-ends-response.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,WAAW,EACX,gCAAgC,EAChC,wBAAwB,EACxB,iBAAiB,EACjB,kCAAkC,EAClC,kBAAkB,GAEnB,MAAM,wBAAwB,CAAC;AAGhC,MAAM,UAAU,uBAAuB,CAAC,GAAuB;IAC7D,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9D,MAAM,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;IAEpC,MAAM,kBAAkB,GAAG,wBAAwB,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAChF,yBAAyB,CAAC,KAAK,EAAE,WAAW,CAAC,CAC9C,CAAC;IACF,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE/C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC;IAEpE,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,QAAQ,KAAK,IAAI;YAAE,SAAS;QACrC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;YAAE,SAAS;QAC7G,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,KAAK,KAAK;YAAE,SAAS;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACnC,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,SAAS;QACzC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;YAAE,SAAS;QAC3D,MAAM,YAAY,GAAG,iBAAiB,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;QACvE,IAAI,CAAC,YAAY,EAAE,IAAI;YAAE,SAAS;QAElC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,4BAA4B;YACpC,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,kBAAkB,MAAM,mIAAmI;YACpK,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC;YAC7C,WAAW,EAAE,iBAAiB,CAC5B,4BAA4B,EAC5B,IAAI,CAAC,WAAW,CAAC,SAAS,EAC1B,IAAI,CAAC,WAAW,CAAC,QAAQ,CAC1B;YACD,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,gCAAgC;SACvG,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAkB,EAAE,WAA4C;IACjG,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;IACxB,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,OAAO,kCAAkC,CAAC,IAAI,EAAE,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1F,CAAC"}