@kevinrabun/judges 2.3.0 → 3.0.0

package/dist/ast/taint-tracker.js

@@ -0,0 +1,518 @@
+// ─────────────────────────────────────────────────────────────────────────────
+// Taint Tracker — Single-file data-flow analysis
+// ─────────────────────────────────────────────────────────────────────────────
+// Traces user-input sources (req.body, req.params, etc.) through variable
+// assignments to dangerous sinks (eval, exec, SQL queries, innerHTML).
+// Uses the TypeScript compiler API for JS/TS and lightweight regex for others.
+//
+// Enhancements over v1:
+// - Word-boundary-aware variable matching (prevents "id" matching "isValid")
+// - Sanitizer recognition (DOMPurify, encodeURIComponent, parameterized queries, etc.)
+// - Same-file inter-procedural taint (function parameter → return tracking)
+// - Guard clause sensitivity (validation guards reduce taint confidence)
+// ─────────────────────────────────────────────────────────────────────────────
+import ts from "typescript";
+import { normalizeLanguage } from "../language-patterns.js";
+// ─── Source / Sink Definitions ───────────────────────────────────────────────
+const SOURCE_PATTERNS = [
+    { pattern: /\breq(?:uest)?\.(?:body|query|params|headers|cookies)\b/i, kind: "http-param" },
+    { pattern: /\brequest\.(?:form|args|json|data|values|files|get)\b/i, kind: "http-param" },
+    { pattern: /\b(?:ctx|context)\.(?:query|params|request)\b/i, kind: "http-param" },
+    { pattern: /\bgetParameter\s*\(/i, kind: "http-param" },
+    { pattern: /\bRequest\.(?:Form|QueryString|Params)\b/i, kind: "http-param" },
+    { pattern: /\b(?:process\.argv|sys\.argv|os\.Args|args)\b/i, kind: "user-input" },
+    { pattern: /\b(?:prompt|readline|input)\s*\(/i, kind: "user-input" },
+    { pattern: /\bsearchParams\.get\s*\(/i, kind: "url-param" },
+    { pattern: /\.(?:useSearchParams|useParams)\b/i, kind: "url-param" },
+];
+const SINK_PATTERNS = [
+    { pattern: /\beval\s*\(/i, kind: "code-execution" },
+    { pattern: /\bnew\s+Function\s*\(/i, kind: "code-execution" },
+    { pattern: /\bvm\.run(?:InContext|InNewContext|InThisContext)?\s*\(/i, kind: "code-execution" },
+    {
+        pattern: /\b(?:exec|execSync|system|popen|subprocess\.(?:Popen|run|call)|os\.system|Runtime\.getRuntime\(\)\.exec)\s*\(/i,
+        kind: "command-exec",
+    },
+    { pattern: /\b(?:spawn|spawnSync)\s*\(/i, kind: "command-exec" },
+    {
+        pattern: /\.(?:query|execute|exec|prepare)\s*\(\s*[`"']?\s*(?:SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER)\b/i,
+        kind: "sql-query",
+    },
+    { pattern: /\.(?:query|execute|exec)\s*\(/i, kind: "sql-query" },
+    { pattern: /\.innerHTML\s*=/i, kind: "xss" },
+    { pattern: /\bdocument\.write\s*\(/i, kind: "xss" },
+    { pattern: /\bdangerouslySetInnerHTML/i, kind: "xss" },
+    { pattern: /\b(?:readFile|readFileSync|open)\s*\(/i, kind: "path-traversal" },
+    { pattern: /\.redirect\s*\(/i, kind: "redirect" },
+    { pattern: /\b(?:render_template_string|nunjucks\.renderString|Handlebars\.compile)\s*\(/i, kind: "template" },
+    { pattern: /\bJSON\.parse\s*\(/i, kind: "deserialization" },
+];
+// ─── Sanitizer Recognition ──────────────────────────────────────────────────
+/** Known sanitizer/escaping functions that neutralize taint */
+const SANITIZER_PATTERNS = [
+    // DOM / HTML sanitizers
+    /\bDOMPurify\.sanitize\s*\(/i,
+    /\bsanitizeHtml\s*\(/i,
+    /\bxss\s*\(/i,
+    /\bescapeHtml\s*\(/i,
+    /\bescape\s*\(/i,
+    // URL / encoding sanitizers
+    /\bencodeURIComponent\s*\(/i,
+    /\bencodeURI\s*\(/i,
+    /\burlEncode\s*\(/i,
+    /\bquote\s*\(/i,
+    // Input validation libraries
+    /\bvalidator\.\w+\s*\(/i,
+    /\b(?:joi|yup|zod|ajv)\b.*\.(?:validate|parse|safeParse)\s*\(/i,
+    // Parameterized query markers (taint is neutralized)
+    /\$\d+/, // PostgreSQL $1, $2, ...
+    /\?\s*(?:,|\))/, // MySQL ? placeholders
+    /:(?:param|value|id|name)\b/i, // Named parameters
+    // Path sanitization
+    /\bpath\.(?:normalize|resolve|basename)\s*\(/i,
+    // Python/Java/C# sanitizers
+    /\bbleach\.clean\s*\(/i,
+    /\bmarkup_safe\b/i,
+    /\bOWASP\.Encoder\b/i,
+    /\bAntiXss\.\w+\s*\(/i,
+    /\bHtmlEncoder\.Default\.Encode\s*\(/i,
+    /\bPreparedStatement\b/i,
+    /\b(?:html|url)\.EscapeString\s*\(/i,
+];
+/** Check if a code expression passes through a known sanitizer */
+function isSanitized(expression) {
+    return SANITIZER_PATTERNS.some((p) => p.test(expression));
+}
+// ─── Guard Clause Detection ─────────────────────────────────────────────────
+/** Patterns that indicate validation/guard clauses for a variable */
+const GUARD_PATTERNS = [
+    // Type checks
+    /typeof\s+\w+\s*(?:!==?|===?)\s*['"](?:string|number|boolean|object|undefined)['"]/i,
+    // Truthiness / nullish checks followed by return/throw
+    /if\s*\(\s*!?\s*\w+\s*\)\s*(?:return|throw|res\.status\(4\d\d\))/i,
+    // Validation function calls
+    /if\s*\(\s*!?\s*(?:isValid|validate|check|verify|sanitize|assert)\w*\s*\(/i,
+    // Length/range checks
+    /if\s*\(\s*\w+\.length\s*(?:[<>=!]+)/i,
+    /if\s*\(\s*\w+\s*(?:<|>|<=|>=)\s*\d+/i,
+    // Regex test guards
+    /if\s*\(\s*!?\s*\/[^/]+\/\.test\s*\(\s*\w+\s*\)/i,
+    // Express-validator / joi validation result check
+    /validationResult|\.isValid\(\)|\.error\b/i,
+];
+/**
+ * Detect if a tainted variable has guard clauses between its source and a
+ * given sink line. Returns a confidence reduction (0.0 = no guards, up to
+ * -0.25 for strong validation).
+ */
+function detectGuardClauses(varName, sourceLine, sinkLine, codeLines) {
+    const start = Math.min(sourceLine, sinkLine) - 1;
+    const end = Math.max(sourceLine, sinkLine);
+    let guardCount = 0;
+    for (let i = start; i < end && i < codeLines.length; i++) {
+        const line = codeLines[i];
+        // Check if the line references our variable in a guard pattern
+        if (!containsWordBoundary(line, varName))
+            continue;
+        for (const guard of GUARD_PATTERNS) {
+            if (guard.test(line)) {
+                guardCount++;
+                break;
+            }
+        }
+    }
+    // Each guard clause reduces confidence slightly (max -0.25)
+    return Math.min(guardCount * 0.1, 0.25);
+}
+// ─── Word-Boundary Matching ─────────────────────────────────────────────────
+/**
+ * Check if `text` contains `varName` as a whole word (not a substring of
+ * another identifier). Prevents "id" from matching "isValid", "width", etc.
+ */
+function containsWordBoundary(text, varName) {
+    // Escape regex special chars in varName
+    const escaped = varName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    // Use word boundary for alphanumeric names; for dotted names (req.body.name)
+    // use context-aware boundaries
+    const pattern = /^\w+$/.test(varName) ? new RegExp(`\\b${escaped}\\b`) : new RegExp(`(?<![\\w.])${escaped}(?![\\w])`);
+    return pattern.test(text);
+}
+/**
+ * Build a map of function name → taint propagation info.
+ * Tracks which function parameters flow to return values.
+ */
+function buildFunctionTaintMap(sourceFile, taintMap) {
+    const result = new Map();
+    ts.forEachChild(sourceFile, function walk(node) {
+        if (ts.isFunctionDeclaration(node) ||
+            ts.isFunctionExpression(node) ||
+            ts.isArrowFunction(node) ||
+            ts.isMethodDeclaration(node)) {
+            const name = getFnName(node);
+            if (!name) {
+                ts.forEachChild(node, walk);
+                return;
+            }
+            const paramNames = node.parameters.map((p) => p.name.getText(sourceFile));
+            const paramSet = new Set(paramNames);
+            const taintedParams = new Set();
+            // Walk the function body to find return statements referencing params
+            function walkBody(n) {
+                if (ts.isReturnStatement(n) && n.expression) {
+                    const retText = n.expression.getText(sourceFile);
+                    for (let i = 0; i < paramNames.length; i++) {
+                        if (containsWordBoundary(retText, paramNames[i])) {
+                            taintedParams.add(i);
+                        }
+                    }
+                }
+                // Also track simple assignments from params that reach returns
+                if (ts.isVariableDeclaration(n) && n.initializer) {
+                    const varName = n.name.getText(sourceFile);
+                    const initText = n.initializer.getText(sourceFile);
+                    for (const pName of paramSet) {
+                        if (containsWordBoundary(initText, pName)) {
+                            paramSet.add(varName);
+                        }
+                    }
+                }
+                ts.forEachChild(n, walkBody);
+            }
+            if (node.body) {
+                ts.forEachChild(node.body, walkBody);
+            }
+            if (taintedParams.size > 0) {
+                result.set(name, { taintedParams, paramNames, name });
+            }
+        }
+        ts.forEachChild(node, walk);
+    });
+    return result;
+}
+function getFnName(node) {
+    if (ts.isFunctionDeclaration(node) || ts.isMethodDeclaration(node)) {
+        return node.name?.getText();
+    }
+    if (ts.isVariableDeclaration(node.parent) && ts.isIdentifier(node.parent.name)) {
+        return node.parent.name.text;
+    }
+    if (ts.isArrowFunction(node) && ts.isVariableDeclaration(node.parent)) {
+        const decl = node.parent;
+        if (ts.isIdentifier(decl.name))
+            return decl.name.text;
+    }
+    return undefined;
+}
+// ─── Public API ──────────────────────────────────────────────────────────────
+/**
+ * Analyze a source file for taint flows: paths from untrusted input to
+ * dangerous sinks through variable assignments and string concatenation.
+ *
+ * For JS/TS, uses the TypeScript compiler AST for precise variable tracking.
+ * For other languages, falls back to regex-based lightweight analysis.
+ */
+export function analyzeTaintFlows(code, language) {
+    const lang = normalizeLanguage(language);
+    switch (lang) {
+        case "javascript":
+        case "typescript":
+            return analyzeTypeScriptTaint(code, lang);
+        default:
+            return analyzeRegexTaint(code);
+    }
+}
+// ─── TypeScript / JavaScript Taint Analysis ──────────────────────────────────
+function analyzeTypeScriptTaint(code, language) {
+    const scriptKind = language === "typescript" ? ts.ScriptKind.TS : ts.ScriptKind.JS;
+    const sourceFile = ts.createSourceFile("input." + (language === "typescript" ? "ts" : "js"), code, ts.ScriptTarget.Latest, true, scriptKind);
+    const flows = [];
+    const taintMap = new Map();
+    const codeLines = code.split("\n");
+    // Pass 1: Find tainted variable declarations/assignments
+    ts.forEachChild(sourceFile, function walk(node) {
+        // Variable declarations: const x = req.body.name
+        if (ts.isVariableDeclaration(node) && node.initializer) {
+            const varName = node.name.getText(sourceFile);
+            const initText = node.initializer.getText(sourceFile);
+            const line = sourceFile.getLineAndCharacterOfPosition(node.getStart()).line + 1;
+            // Skip if the initializer goes through a sanitizer
+            if (isSanitized(initText)) {
+                ts.forEachChild(node, walk);
+                return;
+            }
+            // Check if initializer is a source
+            for (const src of SOURCE_PATTERNS) {
+                if (src.pattern.test(initText)) {
+                    taintMap.set(varName, {
+                        sourceExpr: initText,
+                        sourceKind: src.kind,
+                        sourceLine: line,
+                        assignmentChain: [{ line, variable: varName }],
+                    });
+                    break;
+                }
+            }
+            // Check if initializer references a tainted variable (propagation)
+            // Uses word-boundary matching to prevent "id" matching "isValid"
+            if (!taintMap.has(varName)) {
+                for (const [taintedVar, taintInfo] of taintMap) {
+                    if (containsWordBoundary(initText, taintedVar)) {
+                        taintMap.set(varName, {
+                            ...taintInfo,
+                            assignmentChain: [...taintInfo.assignmentChain, { line, variable: varName }],
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        // Assignment expressions: x = req.body.name
+        if (ts.isBinaryExpression(node) && node.operatorToken.kind === ts.SyntaxKind.EqualsToken) {
+            const leftText = node.left.getText(sourceFile);
+            const rightText = node.right.getText(sourceFile);
+            const line = sourceFile.getLineAndCharacterOfPosition(node.getStart()).line + 1;
+            // Skip sanitized assignments
+            if (isSanitized(rightText)) {
+                ts.forEachChild(node, walk);
+                return;
+            }
+            for (const src of SOURCE_PATTERNS) {
+                if (src.pattern.test(rightText)) {
+                    taintMap.set(leftText, {
+                        sourceExpr: rightText,
+                        sourceKind: src.kind,
+                        sourceLine: line,
+                        assignmentChain: [{ line, variable: leftText }],
+                    });
+                    break;
+                }
+            }
+            if (!taintMap.has(leftText)) {
+                for (const [taintedVar, taintInfo] of taintMap) {
+                    if (containsWordBoundary(rightText, taintedVar)) {
+                        taintMap.set(leftText, {
+                            ...taintInfo,
+                            assignmentChain: [...taintInfo.assignmentChain, { line, variable: leftText }],
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        // Destructuring: const { name } = req.body
+        if (ts.isVariableDeclaration(node) && ts.isObjectBindingPattern(node.name) && node.initializer) {
+            const initText = node.initializer.getText(sourceFile);
+            const line = sourceFile.getLineAndCharacterOfPosition(node.getStart()).line + 1;
+            for (const src of SOURCE_PATTERNS) {
+                if (src.pattern.test(initText)) {
+                    for (const element of node.name.elements) {
+                        const propName = element.name.getText(sourceFile);
+                        taintMap.set(propName, {
+                            sourceExpr: `${initText}.${propName}`,
+                            sourceKind: src.kind,
+                            sourceLine: line,
+                            assignmentChain: [{ line, variable: propName }],
+                        });
+                    }
+                    break;
+                }
+            }
+        }
+        ts.forEachChild(node, walk);
+    });
+    // Pass 1.5: Inter-procedural — propagate taint through same-file function calls
+    const fnTaintMap = buildFunctionTaintMap(sourceFile, taintMap);
+    ts.forEachChild(sourceFile, function walkCalls(node) {
+        if (ts.isVariableDeclaration(node) && node.initializer && ts.isCallExpression(node.initializer)) {
+            const call = node.initializer;
+            const fnName = call.expression.getText(sourceFile);
+            const fnInfo = fnTaintMap.get(fnName);
+            if (fnInfo) {
+                const varName = node.name.getText(sourceFile);
+                const line = sourceFile.getLineAndCharacterOfPosition(node.getStart()).line + 1;
+                // Check if any tainted variable is passed as an argument at a tainted param index
+                for (const paramIdx of fnInfo.taintedParams) {
+                    if (paramIdx < call.arguments.length) {
+                        const argText = call.arguments[paramIdx].getText(sourceFile);
+                        for (const [taintedVar, taintInfo] of taintMap) {
+                            if (containsWordBoundary(argText, taintedVar)) {
+                                taintMap.set(varName, {
+                                    ...taintInfo,
+                                    assignmentChain: [...taintInfo.assignmentChain, { line, variable: `${fnName}(…) → ${varName}` }],
+                                });
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        ts.forEachChild(node, walkCalls);
+    });
+    // Pass 2: Check each line for sinks that use tainted variables
+    for (let i = 0; i < codeLines.length; i++) {
+        const line = codeLines[i];
+        const lineNum = i + 1;
+        // Skip lines that go through a sanitizer
+        if (isSanitized(line))
+            continue;
+        for (const sink of SINK_PATTERNS) {
+            if (!sink.pattern.test(line))
+                continue;
+            // Check if any tainted variable appears on this line (word-boundary match)
+            for (const [varName, taintInfo] of taintMap) {
+                if (containsWordBoundary(line, varName)) {
+                    // Avoid self-referential flows (source IS the sink line)
+                    if (lineNum === taintInfo.sourceLine)
+                        continue;
+                    // Detect guard clauses between source and sink
+                    const guardReduction = detectGuardClauses(varName, taintInfo.sourceLine, lineNum, codeLines);
+                    flows.push({
+                        source: {
+                            line: taintInfo.sourceLine,
+                            expression: taintInfo.sourceExpr,
+                            kind: taintInfo.sourceKind,
+                        },
+                        sink: {
+                            line: lineNum,
+                            api: sink.pattern.source.slice(0, 40),
+                            kind: sink.kind,
+                        },
+                        intermediates: taintInfo.assignmentChain.filter((a) => a.line !== taintInfo.sourceLine && a.line !== lineNum),
+                        confidence: Math.max(0.1, 1.0 - guardReduction),
+                    });
+                    break; // One flow per sink line
+                }
+            }
+        }
+        // Also check for inline source→sink (no variable): eval(req.body.code)
+        for (const sink of SINK_PATTERNS) {
+            if (!sink.pattern.test(line))
+                continue;
+            for (const src of SOURCE_PATTERNS) {
+                if (src.pattern.test(line)) {
+                    // Only report if not already captured via variable tracking
+                    const alreadyCaptured = flows.some((f) => f.sink.line === lineNum);
+                    if (!alreadyCaptured) {
+                        const srcMatch = line.match(src.pattern);
+                        flows.push({
+                            source: {
+                                line: lineNum,
+                                expression: srcMatch?.[0] ?? "user input",
+                                kind: src.kind,
+                            },
+                            sink: {
+                                line: lineNum,
+                                api: sink.pattern.source.slice(0, 40),
+                                kind: sink.kind,
+                            },
+                            intermediates: [],
+                            confidence: 1.0,
+                        });
+                    }
+                    break;
+                }
+            }
+        }
+    }
+    return deduplicateFlows(flows);
+}
+// ─── Regex-based Taint Analysis (non-JS/TS languages) ────────────────────────
+function analyzeRegexTaint(code) {
+    const codeLines = code.split("\n");
+    const flows = [];
+    // Track tainted variable names
+    const tainted = new Map();
+    // Assignment pattern: variable = source_expression
+    const assignPattern = /^\s*(?:(?:let|const|var|val|auto)\s+)?(\w+)\s*[:=]\s*(.+)/;
+    for (let i = 0; i < codeLines.length; i++) {
+        const line = codeLines[i];
+        const lineNum = i + 1;
+        // Check for source assignments
+        const assignMatch = line.match(assignPattern);
+        if (assignMatch) {
+            const [, varName, rhs] = assignMatch;
+            // Skip sanitized assignments
+            if (isSanitized(rhs))
+                continue;
+            // Direct source
+            for (const src of SOURCE_PATTERNS) {
+                if (src.pattern.test(rhs)) {
+                    tainted.set(varName, {
+                        sourceExpr: rhs.trim(),
+                        sourceKind: src.kind,
+                        sourceLine: lineNum,
+                    });
+                    break;
+                }
+            }
+            // Propagation from tainted variable (word-boundary aware)
+            if (!tainted.has(varName)) {
+                for (const [taintedVar, info] of tainted) {
+                    if (containsWordBoundary(rhs, taintedVar)) {
+                        tainted.set(varName, info);
+                        break;
+                    }
+                }
+            }
+        }
+        // Skip lines with sanitizers for sink checking
+        if (isSanitized(line))
+            continue;
+        // Check for sinks using tainted data
+        for (const sink of SINK_PATTERNS) {
+            if (!sink.pattern.test(line))
+                continue;
+            // Check tainted variables (word-boundary aware)
+            for (const [varName, info] of tainted) {
+                if (containsWordBoundary(line, varName) && lineNum !== info.sourceLine) {
+                    const guardReduction = detectGuardClauses(varName, info.sourceLine, lineNum, codeLines);
+                    flows.push({
+                        source: {
+                            line: info.sourceLine,
+                            expression: info.sourceExpr,
+                            kind: info.sourceKind,
+                        },
+                        sink: { line: lineNum, api: sink.pattern.source.slice(0, 40), kind: sink.kind },
+                        intermediates: [],
+                        confidence: Math.max(0.1, 1.0 - guardReduction),
+                    });
+                    break;
+                }
+            }
+            // Inline source→sink
+            for (const src of SOURCE_PATTERNS) {
+                if (src.pattern.test(line)) {
+                    const alreadyCaptured = flows.some((f) => f.sink.line === lineNum);
+                    if (!alreadyCaptured) {
+                        const srcMatch = line.match(src.pattern);
+                        flows.push({
+                            source: {
+                                line: lineNum,
+                                expression: srcMatch?.[0] ?? "user input",
+                                kind: src.kind,
+                            },
+                            sink: { line: lineNum, api: sink.pattern.source.slice(0, 40), kind: sink.kind },
+                            intermediates: [],
+                            confidence: 1.0,
+                        });
+                    }
+                    break;
+                }
+            }
+        }
+    }
+    return deduplicateFlows(flows);
+}
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+function deduplicateFlows(flows) {
+    const seen = new Set();
+    return flows.filter((f) => {
+        const key = `${f.source.line}:${f.sink.line}:${f.sink.kind}`;
+        if (seen.has(key))
+            return false;
+        seen.add(key);
+        return true;
+    });
+}
+//# sourceMappingURL=taint-tracker.js.map

package/dist/ast/taint-tracker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"taint-tracker.js","sourceRoot":"","sources":["../../src/ast/taint-tracker.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,iDAAiD;AACjD,gFAAgF;AAChF,0EAA0E;AAC1E,uEAAuE;AACvE,+EAA+E;AAC/E,EAAE;AACF,wBAAwB;AACxB,6EAA6E;AAC7E,uFAAuF;AACvF,4EAA4E;AAC5E,yEAAyE;AACzE,gFAAgF;AAEhF,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AA8C5D,gFAAgF;AAEhF,MAAM,eAAe,GAAsD;IACzE,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,YAAY,EAAE;IAC3F,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,YAAY,EAAE;IACzF,EAAE,OAAO,EAAE,gDAAgD,EAAE,IAAI,EAAE,YAAY,EAAE;IACjF,EAAE,OAAO,EAAE,sBAAsB,EAAE,IAAI,EAAE,YAAY,EAAE;IACvD,EAAE,OAAO,EAAE,2CAA2C,EAAE,IAAI,EAAE,YAAY,EAAE;IAC5E,EAAE,OAAO,EAAE,gDAAgD,EAAE,IAAI,EAAE,YAAY,EAAE;IACjF,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,YAAY,EAAE;IACpE,EAAE,OAAO,EAAE,2BAA2B,EAAE,IAAI,EAAE,WAAW,EAAE;IAC3D,EAAE,OAAO,EAAE,oCAAoC,EAAE,IAAI,EAAE,WAAW,EAAE;CACrE,CAAC;AAEF,MAAM,aAAa,GAAoD;IACrE,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACnD,EAAE,OAAO,EAAE,wBAAwB,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC7D,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC/F;QACE,OAAO,EACL,gHAAgH;QAClH,IAAI,EAAE,cAAc;KACrB;IACD,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,cAAc,EAAE;IAChE;QACE,OAAO,EAAE,uGAAuG;QAChH,IAAI,EAAE,WAAW;KAClB;IACD,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,WAAW,EAAE;IAChE,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,KAAK,EAAE;IAC5C,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,KAAK,EAAE;IACnD,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,KAAK,EAAE;IACtD,EAAE,OAAO,EAAE,wCAAwC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC7E,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,UAAU,EAAE;IACjD,EAAE,OAAO,EAAE,+EAA+E,EAAE,IAAI,EAAE,UAAU,EAAE;IAC9G,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,iBAAiB,EAAE;CAC5D,CAAC;AAEF,+EAA+E;AAE/E,+DAA+D;AAC/D,MAAM,kBAAkB,GAAa;IACnC,wBAAwB;IACxB,6BAA6B;IAC7B,sBAAsB;IACtB,aAAa;IACb,oBAAoB;IACpB,gBAAgB;IAChB,4BAA4B;IAC5B,4BAA4B;IAC5B,mBAAmB;IACnB,mBAAmB;IACnB,eAAe;IACf,6BAA6B;IAC7B,wBAAwB;IACxB,+DAA+D;IAC/D,qDAAqD;IACrD,OAAO,EAAE,yBAAyB;IAClC,eAAe,EAAE,uBAAuB;IACxC,6BAA6B,EAAE,mBAAmB;IAClD,oBAAoB;IACpB,8CAA8C;IAC9C,4BAA4B;IAC5B,uBAAuB;IACvB,kBAAkB;IAClB,qBAAqB;IACrB,sBAAsB;IACtB,sCAAsC;IACtC,wBAAwB;IACxB,oCAAoC;CACrC,CAAC;AAEF,kEAAkE;AAClE,SAAS,WAAW,CAAC,UAAkB;IACrC,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,+EAA+E;AAE/E,qEAAqE;AACrE,MAAM,cAAc,GAAa;IAC/B,cAAc;IACd,oFAAoF;IACpF,uDAAuD;IACvD,kEAAkE;IAClE,4BAA4B;IAC5B,2EAA2E;IAC3E,sBAAsB;IACtB,sCAAsC;IACtC,sCAAsC;IACtC,oBAAoB;IACpB,iDAAiD;IACjD,kDAAkD;IAClD,2CAA2C;CAC5C,CAAC;AAEF;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,OAAe,EAAE,UAAkB,EAAE,QAAgB,EAAE,SAAmB;IACpG,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC3C,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,+DAA+D;QAC/D,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC;YAAE,SAAS;QACnD,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,UAAU,EAAE,CAAC;gBACb,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,oBAAoB,CAAC,IAAY,EAAE,OAAe;IACzD,wCAAwC;IACxC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IAC/D,6EAA6E;IAC7E,+BAA+B;IAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,cAAc,OAAO,WAAW,CAAC,CAAC;IACtH,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAaD;;;GAGG;AACH,SAAS,qBAAqB,CAC5B,UAAyB,EACzB,QAAiC;IAEjC,MAAM,MAAM,GAAG,IAAI,GAAG,EAA6B,CAAC;IAEpD,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,SAAS,IAAI,CAAC,IAAI;QAC5C,IACE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;YAC9B,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;YAC7B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACxB,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAC5B,CAAC;YACD,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;YAC1E,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;YACrC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;YAExC,sEAAsE;YACtE,SAAS,QAAQ,CAAC,CAAU;gBAC1B,IAAI,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;oBAC5C,MAAM,OAAO,GAAG,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oBACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3C,IAAI,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BACjD,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;wBACvB,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,+DAA+D;gBAC/D,IAAI,EAAE,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;oBACjD,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oBAC3C,MAAM,QAAQ,GAAG,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oBACnD,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;wBAC7B,IAAI,oBAAoB,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;4BAC1C,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBACxB,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC/B,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACvC,CAAC;YAED,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC3B,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,IAAa;IAC9B,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;QACnE,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;IAC9B,CAAC;IACD,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/E,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;IAC/B,CAAC;IACD,IAAI,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC;QACzB,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACxD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAWD,gFAAgF;AAEhF;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,QAAgB;IAC9D,MAAM,IAAI,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAEzC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,YAAY,CAAC;QAClB,KAAK,YAAY;YACf,OAAO,sBAAsB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC5C;YACE,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF,SAAS,sBAAsB,CAAC,IAAY,EAAE,QAAqC;IACjF,MAAM,UAAU,GAAG,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;IACnF,MAAM,UAAU,GAAG,EAAE,CAAC,gBAAgB,CACpC,QAAQ,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EACpD,IAAI,EACJ,EAAE,CAAC,YAAY,CAAC,MAAM,EACtB,IAAI,EACJ,UAAU,CACX,CAAC;IAEF,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEnC,yDAAyD;IACzD,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,SAAS,IAAI,CAAC,IAAI;QAC5C,iDAAiD;QACjD,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACvD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACtD,MAAM,IAAI,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YAEhF,mDAAmD;YACnD,IAAI,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,mCAAmC;YACnC,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC/B,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE;wBACpB,UAAU,EAAE,QAAQ;wBACpB,UAAU,EAAE,GAAG,CAAC,IAAI;wBACpB,UAAU,EAAE,IAAI;wBAChB,eAAe,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;qBAC/C,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAED,mEAAmE;YACnE,iEAAiE;YACjE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,KAAK,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,QAAQ,EAAE,CAAC;oBAC/C,IAAI,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,CAAC;wBAC/C,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE;4BACpB,GAAG,SAAS;4BACZ,eAAe,EAAE,CAAC,GAAG,SAAS,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;yBAC7E,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YACzF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACjD,MAAM,IAAI,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YAEhF,6BAA6B;YAC7B,IAAI,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC3B,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBAChC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;wBACrB,UAAU,EAAE,SAAS;wBACrB,UAAU,EAAE,GAAG,CAAC,IAAI;wBACpB,UAAU,EAAE,IAAI;wBAChB,eAAe,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;qBAChD,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,KAAK,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,QAAQ,EAAE,CAAC;oBAC/C,IAAI,oBAAoB,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC;wBAChD,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;4BACrB,GAAG,SAAS;4BACZ,eAAe,EAAE,CAAC,GAAG,SAAS,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;yBAC9E,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/F,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACtD,MAAM,IAAI,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YAEhF,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC/B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACzC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;wBAClD,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;4BACrB,UAAU,EAAE,GAAG,QAAQ,IAAI,QAAQ,EAAE;4BACrC,UAAU,EAAE,GAAG,CAAC,IAAI;4BACpB,UAAU,EAAE,IAAI;4BAChB,eAAe,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;yBAChD,CAAC,CAAC;oBACL,CAAC;oBACD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,gFAAgF;IAChF,MAAM,UAAU,GAAG,qBAAqB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC/D,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,SAAS,SAAS,CAAC,IAAI;QACjD,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAChG,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACnD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACtC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBAC9C,MAAM,IAAI,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;gBAChF,kFAAkF;gBAClF,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;oBAC5C,IAAI,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;wBACrC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;wBAC7D,KAAK,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,IAAI,QAAQ,EAAE,CAAC;4BAC/C,IAAI,oBAAoB,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;gCAC9C,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE;oCACpB,GAAG,SAAS;oCACZ,eAAe,EAAE,CAAC,GAAG,SAAS,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,SAAS,OAAO,EAAE,EAAE,CAAC;iCACjG,CAAC,CAAC;gCACH,MAAM;4BACR,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,+DAA+D;IAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,yCAAyC;QACzC,IAAI,WAAW,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEvC,2EAA2E;YAC3E,KAAK,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,IAAI,QAAQ,EAAE,CAAC;gBAC5C,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC;oBACxC,yDAAyD;oBACzD,IAAI,OAAO,KAAK,SAAS,CAAC,UAAU;wBAAE,SAAS;oBAE/C,+CAA+C;oBAC/C,MAAM,cAAc,GAAG,kBAAkB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;oBAE7F,KAAK,CAAC,IAAI,CAAC;wBACT,MAAM,EAAE;4BACN,IAAI,EAAE,SAAS,CAAC,UAAU;4BAC1B,UAAU,EAAE,SAAS,CAAC,UAAU;4BAChC,IAAI,EAAE,SAAS,CAAC,UAAU;yBAC3B;wBACD,IAAI,EAAE;4BACJ,IAAI,EAAE,OAAO;4BACb,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;4BACrC,IAAI,EAAE,IAAI,CAAC,IAAI;yBAChB;wBACD,aAAa,EAAE,SAAS,CAAC,eAAe,CAAC,MAAM,CAC7C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,KAAK,OAAO,CAC7D;wBACD,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,cAAc,CAAC;qBAChD,CAAC,CAAC;oBACH,MAAM,CAAC,yBAAyB;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YACvC,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,4DAA4D;oBAC5D,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC;oBACnE,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBACzC,KAAK,CAAC,IAAI,CAAC;4BACT,MAAM,EAAE;gCACN,IAAI,EAAE,OAAO;gCACb,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,YAAY;gCACzC,IAAI,EAAE,GAAG,CAAC,IAAI;6BACf;4BACD,IAAI,EAAE;gCACJ,IAAI,EAAE,OAAO;gCACb,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gCACrC,IAAI,EAAE,IAAI,CAAC,IAAI;6BAChB;4BACD,aAAa,EAAE,EAAE;4BACjB,UAAU,EAAE,GAAG;yBAChB,CAAC,CAAC;oBACL,CAAC;oBACD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAED,gFAAgF;AAEhF,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,KAAK,GAAgB,EAAE,CAAC;IAE9B,+BAA+B;IAC/B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmF,CAAC;IAE3G,mDAAmD;IACnD,MAAM,aAAa,GAAG,2DAA2D,CAAC;IAElF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAEtB,+BAA+B;QAC/B,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC9C,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,GAAG,WAAW,CAAC;YAErC,6BAA6B;YAC7B,IAAI,WAAW,CAAC,GAAG,CAAC;gBAAE,SAAS;YAE/B,gBAAgB;YAChB,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;wBACnB,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE;wBACtB,UAAU,EAAE,GAAG,CAAC,IAAI;wBACpB,UAAU,EAAE,OAAO;qBACpB,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAED,0DAA0D;YAC1D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,KAAK,MAAM,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;oBACzC,IAAI,oBAAoB,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;wBAC1C,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;wBAC3B,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,IAAI,WAAW,CAAC,IAAI,CAAC;YAAE,SAAS;QAEhC,qCAAqC;QACrC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEvC,gDAAgD;YAChD,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;gBACtC,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,OAAO,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;oBACvE,MAAM,cAAc,GAAG,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;oBACxF,KAAK,CAAC,IAAI,CAAC;wBACT,MAAM,EAAE;4BACN,IAAI,EAAE,IAAI,CAAC,UAAU;4BACrB,UAAU,EAAE,IAAI,CAAC,UAAU;4BAC3B,IAAI,EAAE,IAAI,CAAC,UAAU;yBACtB;wBACD,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;wBAC/E,aAAa,EAAE,EAAE;wBACjB,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,GAAG,cAAc,CAAC;qBAChD,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAED,qBAAqB;YACrB,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC;oBACnE,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBACzC,KAAK,CAAC,IAAI,CAAC;4BACT,MAAM,EAAE;gCACN,IAAI,EAAE,OAAO;gCACb,UAAU,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,YAAY;gCACzC,IAAI,EAAE,GAAG,CAAC,IAAI;6BACf;4BACD,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;4BAC/E,aAAa,EAAE,EAAE;4BACjB,UAAU,EAAE,GAAG;yBAChB,CAAC,CAAC;oBACL,CAAC;oBACD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC;AAED,gFAAgF;AAEhF,SAAS,gBAAgB,CAAC,KAAkB;IAC1C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QACxB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7D,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/ast/types.d.ts

@@ -37,5 +37,7 @@ export interface CodeStructure {
     deepNestLines: number[];
     /** Line numbers with type-safety issues (e.g., `any` usage) */
     typeAnyLines: number[];
+    /** Imported module/package names (e.g., "express", "helmet", "DOMPurify") */
+    imports: string[];
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/ast/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/ast/types.ts"],"names":[],"mappings":"AAOA;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,2BAA2B;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,mCAAmC;IACnC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,gDAAgD;IAChD,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,kCAAkC;IAClC,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,8DAA8D;IAC9D,wBAAwB,EAAE,MAAM,CAAC;IACjC,iDAAiD;IACjD,eAAe,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,0CAA0C;IAC1C,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,+DAA+D;IAC/D,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/ast/types.ts"],"names":[],"mappings":"AAOA;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAClB,2BAA2B;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,mCAAmC;IACnC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,gDAAgD;IAChD,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,wBAAwB;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,kCAAkC;IAClC,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,8DAA8D;IAC9D,wBAAwB,EAAE,MAAM,CAAC;IACjC,iDAAiD;IACjD,eAAe,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,0CAA0C;IAC1C,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,+DAA+D;IAC/D,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,6EAA6E;IAC7E,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB"}

package/dist/ast/typescript-ast.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"typescript-ast.d.ts","sourceRoot":"","sources":["../../src/ast/typescript-ast.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAgB,aAAa,EAAE,MAAM,YAAY,CAAC;AAI9D;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,YAAY,GAAG,YAAY,GACpC,aAAa,CAyCf"}
+{"version":3,"file":"typescript-ast.d.ts","sourceRoot":"","sources":["../../src/ast/typescript-ast.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAgB,aAAa,EAAE,MAAM,YAAY,CAAC;AAI9D;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,GAAG,YAAY,GAAG,aAAa,CA0DpG"}

package/dist/ast/typescript-ast.js

@@ -19,7 +19,27 @@ export function analyzeTypeScript(code, language) {
     const deadCodeLines = [];
     const deepNestLines = [];
     const typeAnyLines = [];
+    const imports = [];
     const totalLines = code.split("\n").length;
+    // Extract imports (import declarations + require() calls)
+    ts.forEachChild(sourceFile, (node) => {
+        if (ts.isImportDeclaration(node) && ts.isStringLiteral(node.moduleSpecifier)) {
+            imports.push(node.moduleSpecifier.text);
+        }
+        // Handle const x = require("module")
+        if (ts.isVariableStatement(node)) {
+            for (const decl of node.declarationList.declarations) {
+                if (decl.initializer &&
+                    ts.isCallExpression(decl.initializer) &&
+                    ts.isIdentifier(decl.initializer.expression) &&
+                    decl.initializer.expression.text === "require" &&
+                    decl.initializer.arguments.length === 1 &&
+                    ts.isStringLiteral(decl.initializer.arguments[0])) {
+                    imports.push(decl.initializer.arguments[0].text);
+                }
+            }
+        }
+    });
     // Walk the AST
     visitNode(sourceFile, 0, sourceFile, functions, deadCodeLines, deepNestLines, typeAnyLines);
     // Compute file-level cyclomatic complexity
@@ -34,6 +54,7 @@ export function analyzeTypeScript(code, language) {
         deadCodeLines,
         deepNestLines,
         typeAnyLines,
+        imports,
     };
 }
 // ─── AST Walker ──────────────────────────────────────────────────────────────
@@ -109,8 +130,7 @@ function getFunctionName(node) {
     if (ts.isVariableDeclaration(node.parent) && ts.isIdentifier(node.parent.name)) {
         return node.parent.name.text;
     }
-    if (ts.isPropertyAssignment(node.parent) &&
-        ts.isIdentifier(node.parent.name)) {
+    if (ts.isPropertyAssignment(node.parent) && ts.isIdentifier(node.parent.name)) {
         return node.parent.name.text;
     }
     if (ts.isArrowFunction(node) && ts.isVariableDeclaration(node.parent)) {
@@ -149,11 +169,11 @@ function computeCyclomaticComplexity(node) {
                 break;
             case ts.SyntaxKind.BinaryExpression: {
                 const binOp = n.operatorToken.kind;
-                if (binOp === ts.SyntaxKind.AmpersandAmpersandToken ||
-                    binOp === ts.SyntaxKind.BarBarToken ||
-                    binOp === ts.SyntaxKind.QuestionQuestionToken) {
+                if (binOp === ts.SyntaxKind.AmpersandAmpersandToken || binOp === ts.SyntaxKind.BarBarToken) {
                     complexity++;
                 }
+                // Note: ?? (QuestionQuestionToken) is intentionally excluded —
+                // it's a null-safe default, not genuine branching logic.
                 break;
             }
         }