@neurcode-ai/cli 0.9.63 → 0.9.64

package/dist/patch-engine/index.js

@@ -6,58 +6,122 @@ exports.generatePatchForSuggestion = generatePatchForSuggestion;
 const patterns_1 = require("./patterns");
 const generator_1 = require("./generator");
 const diff_1 = require("./diff");
-// Patterns that must appear in original content for a patch to be considered safe.
-const PATCHABLE_PATTERN_RE = /db\.(query|execute|run|find[A-Za-z]*)\b|prisma\.\w+\.\w+\b|new\s+Pool\s*\(|knex\s*\(|TODO|FIXME|\bvalidat/i;
-/**
- * A patch is safe when:
- *  - updated content is non-empty
- *  - the diff is non-empty (something actually changed)
- *  - total added + removed lines ≤ 5 (not a full-file rewrite)
- *  - the original file contains at least one recognizable patchable pattern
- */
-function isPatchSafe(original, updated) {
-    if (!updated || !updated.trim())
-        return false;
-    const diff = (0, diff_1.generateUnifiedDiff)('', original, updated);
-    if (!diff)
-        return false;
-    let changed = 0;
-    for (const line of diff.split('\n')) {
-        if (line.startsWith('-') && !line.startsWith('---'))
-            changed++;
-        if (line.startsWith('+') && !line.startsWith('+++'))
-            changed++;
+const transaction_1 = require("./transaction");
+const safety_1 = require("./safety");
+function scorePatchConfidence(kind) {
+    switch (kind) {
+        case 'missing_validation':
+        case 'missing_timeout_handling':
+        case 'unsafe_inner_html_usage':
+            return 'high';
+        case 'missing_auth_middleware':
+        case 'missing_rate_limiting':
+        case 'unsafe_fetch_without_retries':
+        case 'missing_idempotency_keys':
+        case 'unsafe_file_uploads':
+        case 'missing_token_expiry':
+        case 'unsafe_sensitive_logging':
+            return 'medium';
+        case 'db_in_ui':
+        case 'todo_fixme':
+            return 'low';
+        default:
+            return 'low';
     }
-    if (changed > 5)
-        return false;
-    if (!PATCHABLE_PATTERN_RE.test(original))
-        return false;
-    return true;
 }
-function scorePatchConfidence(kind) {
-    if (kind === 'db_in_ui')
-        return 'high';
-    if (kind === 'missing_validation')
-        return 'medium';
-    return 'low'; // todo_fixme — simple removal, lowest confidence
+function patchPriorityKinds() {
+    return [
+        'missing_validation',
+        'missing_timeout_handling',
+        'unsafe_fetch_without_retries',
+        'missing_idempotency_keys',
+        'unsafe_file_uploads',
+        'unsafe_inner_html_usage',
+        'missing_token_expiry',
+        'missing_auth_middleware',
+        'missing_rate_limiting',
+        'unsafe_sensitive_logging',
+        'db_in_ui',
+        'todo_fixme',
+    ];
+}
+function buildPatchTokenPayload(input) {
+    return {
+        schemaVersion: 'neurcode.patch-preview-token.v1',
+        file: input.filePath,
+        createdAt: new Date().toISOString(),
+        beforeHash: input.beforeHash,
+        afterHash: input.afterHash,
+        diffHash: input.diffHash,
+        patchHash: input.patchHash,
+        patternKind: input.patternKind,
+        confidence: input.patchConfidence,
+    };
+}
+function buildPatchBundle(input) {
+    const generated = (0, generator_1.generatePatch)({
+        filePath: input.filePath,
+        issue: '',
+        policy: '',
+        fileContent: input.fileContent,
+        patternKind: input.patternKind,
+    });
+    if (!generated)
+        return null;
+    const diff = (0, diff_1.generateUnifiedDiff)(input.filePath, input.fileContent, generated.updatedContent);
+    if (!diff)
+        return null;
+    const patchConfidence = scorePatchConfidence(input.patternKind);
+    const validation = (0, safety_1.validatePatchCandidate)({
+        originalContent: input.fileContent,
+        updatedContent: generated.updatedContent,
+        diff,
+        kind: input.patternKind,
+        confidence: patchConfidence,
+    });
+    const beforeHash = (0, transaction_1.hashPatchValue)(input.fileContent);
+    const afterHash = (0, transaction_1.hashPatchValue)(generated.updatedContent);
+    const patchHash = (0, transaction_1.buildPatchHash)({
+        file: input.filePath,
+        beforeHash,
+        afterHash,
+        diffHash: validation.diffHash,
+        patternKind: input.patternKind,
+    });
+    const previewToken = (0, transaction_1.createPatchPreviewToken)(buildPatchTokenPayload({
+        filePath: input.filePath,
+        patternKind: input.patternKind,
+        patchConfidence,
+        beforeHash,
+        afterHash,
+        diffHash: validation.diffHash,
+        patchHash,
+    }));
+    return {
+        updatedContent: generated.updatedContent,
+        patternKind: input.patternKind,
+        patchConfidence,
+        diff,
+        validation,
+        previewToken,
+        patchHash,
+        recipe: generated.metadata,
+        beforeHash,
+        afterHash,
+    };
 }
 /**
  * Apply a unified diff (as produced by generateUnifiedDiff) to fileContent.
  *
- * Parses the single-hunk diff format, verifies every context and removal line
- * matches the current file, then reconstructs the updated content.
- *
- * Returns null when:
- *  - no hunk header found
- *  - a context or removal line does not match current file content (file changed)
+ * Parses a single-hunk diff format, verifies every context/removal line matches
+ * the current file, then reconstructs updated content.
  */
 function applyUnifiedDiff(fileContent, diff) {
     if (!diff)
         return null;
     const diffLines = diff.split('\n');
-    // Locate the hunk header (skip --- / +++ file headers)
     let hunkIdx = -1;
-    for (let i = 0; i < diffLines.length; i++) {
+    for (let i = 0; i < diffLines.length; i += 1) {
         if (diffLines[i].startsWith('@@')) {
             hunkIdx = i;
             break;
@@ -65,118 +129,101 @@ function applyUnifiedDiff(fileContent, diff) {
     }
     if (hunkIdx === -1)
         return null;
-    // Parse @@ -oldStart[,oldCount] +newStart[,newCount] @@
     const match = diffLines[hunkIdx].match(/^@@ -(\d+)(?:,\d+)? \+(\d+)(?:,\d+)? @@/);
     if (!match)
         return null;
-    // Diff uses 1-indexed lines; convert to 0-indexed
     const origStart = parseInt(match[1], 10) - 1;
     const origLines = fileContent.split('\n');
     const output = [];
-    // Lines before the hunk are copied unchanged
-    for (let i = 0; i < origStart; i++) {
+    for (let i = 0; i < origStart; i += 1) {
         output.push(origLines[i] ?? '');
     }
     let origIdx = origStart;
-    for (let i = hunkIdx + 1; i < diffLines.length; i++) {
+    for (let i = hunkIdx + 1; i < diffLines.length; i += 1) {
         const line = diffLines[i];
-        // A trailing empty string from split('\n') signals end of diff
         if (line.length === 0 && i === diffLines.length - 1)
             break;
         const prefix = line[0];
         const content = line.slice(1);
         if (prefix === ' ') {
-            // Context: must match current file — abort on mismatch (file changed)
             if (origIdx >= origLines.length || origLines[origIdx] !== content)
                 return null;
             output.push(content);
-            origIdx++;
+            origIdx += 1;
         }
         else if (prefix === '-') {
-            // Removal: must match current file — abort on mismatch
             if (origIdx >= origLines.length || origLines[origIdx] !== content)
                 return null;
-            origIdx++; // consume original line without adding to output
+            origIdx += 1;
         }
         else if (prefix === '+') {
-            // Addition: inject into output without consuming original
             output.push(content);
         }
         else {
-            break; // unexpected prefix — stop hunk processing
+            break;
         }
     }
-    // Copy remaining original lines after the hunk
     while (origIdx < origLines.length) {
         output.push(origLines[origIdx]);
-        origIdx++;
+        origIdx += 1;
     }
     return output.join('\n');
 }
 /**
- * Detect the first matching patchable pattern in fileContent and return the
- * updated content. Tries patterns in priority order: db_in_ui → missing_validation
- * → todo_fixme. Validates safety before returning.
+ * Deterministically build a patch bundle for the first matching remediation kind.
  *
- * Used by `neurcode patch --file` to apply a patch without needing suggestion metadata.
+ * Returns null when no deterministic recipe matches the target file.
  */
 function applyFirstMatchingPatch(filePath, fileContent) {
-    const kinds = ['db_in_ui', 'missing_validation', 'todo_fixme'];
-    for (const kind of kinds) {
-        const result = (0, generator_1.generatePatch)({
+    for (const kind of patchPriorityKinds()) {
+        const bundle = buildPatchBundle({
             filePath,
-            issue: '',
-            policy: '',
             fileContent,
             patternKind: kind,
         });
-        if (!result)
+        if (!bundle)
             continue;
-        const diff = (0, diff_1.generateUnifiedDiff)(filePath, fileContent, result.updatedContent);
-        if (!diff)
-            continue;
-        if (!isPatchSafe(fileContent, result.updatedContent))
-            continue;
-        return {
-            updatedContent: result.updatedContent,
-            patternKind: kind,
-            patchConfidence: scorePatchConfidence(kind),
-        };
+        return bundle;
     }
     return null;
 }
 /**
- * Given a fix suggestion and the current content of suggestion.file,
- * attempts to generate a deterministic, safety-validated code patch.
- *
- * Returns null when:
- *  - the violation type has no patchable pattern
- *  - the pattern is not found in the file content
- *  - the generated patch produces no diff
- *  - the patch fails the safety gate (isPatchSafe)
+ * Generate a deterministic patch for a specific verify/fix suggestion.
  */
 function generatePatchForSuggestion(suggestion, fileContent) {
     const kind = (0, patterns_1.classifyViolation)(suggestion.issue, suggestion.policy);
     if (!kind)
         return null;
-    const result = (0, generator_1.generatePatch)({
+    const generated = (0, generator_1.generatePatch)({
         filePath: suggestion.file,
         issue: suggestion.issue,
         policy: suggestion.policy,
         fileContent,
         patternKind: kind,
     });
-    if (!result)
+    if (!generated)
         return null;
-    const diff = (0, diff_1.generateUnifiedDiff)(suggestion.file, fileContent, result.updatedContent);
+    const diff = (0, diff_1.generateUnifiedDiff)(suggestion.file, fileContent, generated.updatedContent);
     if (!diff)
         return null;
-    if (!isPatchSafe(fileContent, result.updatedContent))
+    const patchConfidence = scorePatchConfidence(kind);
+    const validation = (0, safety_1.validatePatchCandidate)({
+        originalContent: fileContent,
+        updatedContent: generated.updatedContent,
+        diff,
+        kind,
+        confidence: patchConfidence,
+    });
+    // Keep low-confidence / unsafe transforms out of auto-fix suggestions.
+    if (!validation.safe)
         return null;
     return {
         file: suggestion.file,
         diff,
-        patchConfidence: scorePatchConfidence(kind),
+        patchConfidence,
+        patternKind: kind,
+        validation,
+        recipe: generated.metadata,
     };
 }
 //# sourceMappingURL=index.js.map

package/dist/patch-engine/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/patch-engine/index.ts"],"names":[],"mappings":";;AA2DA,4CAiEC;AASD,0DA6BC;AAYD,gEA0BC;AAxMD,yCAAiE;AACjE,2CAA4C;AAC5C,iCAA6C;AAY7C,mFAAmF;AACnF,MAAM,oBAAoB,GACxB,4GAA4G,CAAC;AAE/G;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAe;IACpD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IAE9C,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAExB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAC/D,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9B,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAEvD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAiB;IAC7C,IAAI,IAAI,KAAK,UAAU;QAAE,OAAO,MAAM,CAAC;IACvC,IAAI,IAAI,KAAK,oBAAoB;QAAE,OAAO,QAAQ,CAAC;IACnD,OAAO,KAAK,CAAC,CAAC,iDAAiD;AACjE,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAAC,WAAmB,EAAE,IAAY;IAChE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEnC,uDAAuD;IACvD,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,OAAO,GAAG,CAAC,CAAC;YACZ,MAAM;QACR,CAAC;IACH,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhC,wDAAwD;IACxD,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAClF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,kDAAkD;IAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,6CAA6C;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,GAAG,SAAS,CAAC;IAExB,KAAK,IAAI,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAE1B,+DAA+D;QAC/D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM;QAE3D,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE9B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,sEAAsE;YACtE,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC/E,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,EAAE,CAAC;QACZ,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,uDAAuD;YACvD,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC/E,OAAO,EAAE,CAAC,CAAC,iDAAiD;QAC9D,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,0DAA0D;YAC1D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,2CAA2C;QACpD,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,OAAO,OAAO,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAChC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,QAAgB,EAChB,WAAmB;IAEnB,MAAM,KAAK,GAAkB,CAAC,UAAU,EAAE,oBAAoB,EAAE,YAAY,CAAC,CAAC;IAE9E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAA,yBAAa,EAAC;YAC3B,QAAQ;YACR,KAAK,EAAE,EAAE;YACT,MAAM,EAAE,EAAE;YACV,WAAW;YACX,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;QAC/E,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC;YAAE,SAAS;QAE/D,OAAO;YACL,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,oBAAoB,CAAC,IAAI,CAAC;SAC5C,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,0BAA0B,CACxC,UAA2D,EAC3D,WAAmB;IAEnB,MAAM,IAAI,GAAG,IAAA,4BAAiB,EAAC,UAAU,CAAC,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IACpE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,MAAM,GAAG,IAAA,yBAAa,EAAC;QAC3B,QAAQ,EAAE,UAAU,CAAC,IAAI;QACzB,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,WAAW;QACX,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,UAAU,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACtF,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC;QAAE,OAAO,IAAI,CAAC;IAElE,OAAO;QACL,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,IAAI;QACJ,eAAe,EAAE,oBAAoB,CAAC,IAAI,CAAC;KAC5C,CAAC;AACJ,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/patch-engine/index.ts"],"names":[],"mappings":";;AAsKA,4CAuDC;AAOD,0DAcC;AAKD,gEAuCC;AA9RD,yCAAiE;AACjE,2CAAsE;AACtE,iCAA6C;AAC7C,+CAKuB;AACvB,qCAIkB;AA0BlB,SAAS,oBAAoB,CAAC,IAAiB;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,oBAAoB,CAAC;QAC1B,KAAK,0BAA0B,CAAC;QAChC,KAAK,yBAAyB;YAC5B,OAAO,MAAM,CAAC;QAChB,KAAK,yBAAyB,CAAC;QAC/B,KAAK,uBAAuB,CAAC;QAC7B,KAAK,8BAA8B,CAAC;QACpC,KAAK,0BAA0B,CAAC;QAChC,KAAK,qBAAqB,CAAC;QAC3B,KAAK,sBAAsB,CAAC;QAC5B,KAAK,0BAA0B;YAC7B,OAAO,QAAQ,CAAC;QAClB,KAAK,UAAU,CAAC;QAChB,KAAK,YAAY;YACf,OAAO,KAAK,CAAC;QACf;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB;IACzB,OAAO;QACL,oBAAoB;QACpB,0BAA0B;QAC1B,8BAA8B;QAC9B,0BAA0B;QAC1B,qBAAqB;QACrB,yBAAyB;QACzB,sBAAsB;QACtB,yBAAyB;QACzB,uBAAuB;QACvB,0BAA0B;QAC1B,UAAU;QACV,YAAY;KACb,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,KAQ/B;IACC,OAAO;QACL,aAAa,EAAE,iCAAiC;QAChD,IAAI,EAAE,KAAK,CAAC,QAAQ;QACpB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,UAAU,EAAE,KAAK,CAAC,eAAe;KAClC,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAIzB;IACC,MAAM,SAAS,GAAG,IAAA,yBAAa,EAAC;QAC9B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,KAAK,EAAE,EAAE;QACT,MAAM,EAAE,EAAE;QACV,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAC,CAAC;IACH,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,WAAW,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;IAC9F,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,eAAe,GAAG,oBAAoB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,IAAA,+BAAsB,EAAC;QACxC,eAAe,EAAE,KAAK,CAAC,WAAW;QAClC,cAAc,EAAE,SAAS,CAAC,cAAc;QACxC,IAAI;QACJ,IAAI,EAAE,KAAK,CAAC,WAAW;QACvB,UAAU,EAAE,eAAe;KAC5B,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAA,4BAAc,EAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,IAAA,4BAAc,EAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAG,IAAA,4BAAc,EAAC;QAC/B,IAAI,EAAE,KAAK,CAAC,QAAQ;QACpB,UAAU;QACV,SAAS;QACT,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,WAAW,EAAE,KAAK,CAAC,WAAW;KAC/B,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,IAAA,qCAAuB,EAAC,sBAAsB,CAAC;QAClE,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,eAAe;QACf,UAAU;QACV,SAAS;QACT,QAAQ,EAAE,UAAU,CAAC,QAAQ;QAC7B,SAAS;KACV,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,cAAc,EAAE,SAAS,CAAC,cAAc;QACxC,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,eAAe;QACf,IAAI;QACJ,UAAU;QACV,YAAY;QACZ,SAAS;QACT,MAAM,EAAE,SAAS,CAAC,QAAQ;QAC1B,UAAU;QACV,SAAS;KACV,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,WAAmB,EAAE,IAAY;IAChE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEnC,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,OAAO,GAAG,CAAC,CAAC;YACZ,MAAM;QACR,CAAC;IACH,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhC,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAClF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,GAAG,SAAS,CAAC;IAExB,KAAK,IAAI,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM;QAE3D,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE9B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC/E,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,IAAI,CAAC,CAAC;QACf,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC/E,OAAO,IAAI,CAAC,CAAC;QACf,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM;QACR,CAAC;IACH,CAAC;IAED,OAAO,OAAO,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,CAAC;IACf,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CACrC,QAAgB,EAChB,WAAmB;IAEnB,KAAK,MAAM,IAAI,IAAI,kBAAkB,EAAE,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,gBAAgB,CAAC;YAC9B,QAAQ;YACR,WAAW;YACX,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,0BAA0B,CACxC,UAA2D,EAC3D,WAAmB;IAEnB,MAAM,IAAI,GAAG,IAAA,4BAAiB,EAAC,UAAU,CAAC,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IACpE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,SAAS,GAAG,IAAA,yBAAa,EAAC;QAC9B,QAAQ,EAAE,UAAU,CAAC,IAAI;QACzB,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,WAAW;QACX,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAE5B,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,UAAU,CAAC,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;IACzF,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,eAAe,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,IAAA,+BAAsB,EAAC;QACxC,eAAe,EAAE,WAAW;QAC5B,cAAc,EAAE,SAAS,CAAC,cAAc;QACxC,IAAI;QACJ,IAAI;QACJ,UAAU,EAAE,eAAe;KAC5B,CAAC,CAAC;IAEH,uEAAuE;IACvE,IAAI,CAAC,UAAU,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAElC,OAAO;QACL,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,IAAI;QACJ,eAAe;QACf,WAAW,EAAE,IAAI;QACjB,UAAU;QACV,MAAM,EAAE,SAAS,CAAC,QAAQ;KAC3B,CAAC;AACJ,CAAC"}

package/dist/patch-engine/patterns.d.ts

@@ -1,4 +1,4 @@
-export type PatternKind = 'db_in_ui' | 'missing_validation' | 'todo_fixme';
+export type PatternKind = 'db_in_ui' | 'missing_validation' | 'todo_fixme' | 'missing_auth_middleware' | 'missing_role_checks' | 'unsafe_jwt_usage' | 'missing_token_expiry' | 'unsafe_secret_exposure' | 'insecure_cookie_configuration' | 'missing_csrf_protection' | 'missing_rate_limiting' | 'missing_try_catch' | 'missing_timeout_handling' | 'unsafe_fetch_without_retries' | 'missing_idempotency_keys' | 'unsafe_webhook_verification' | 'unsafe_serialization' | 'missing_transaction_wrappers' | 'unsafe_sql_string_concatenation' | 'unsafe_file_uploads' | 'missing_mime_validation' | 'missing_size_limits' | 'unsafe_path_traversal_usage' | 'dangerous_useeffect_cleanup' | 'missing_abort_controller_cleanup' | 'unsafe_inner_html_usage' | 'unhandled_promise_chains' | 'unsafe_websocket_lifecycle' | 'missing_audit_logs' | 'unsafe_sensitive_logging' | 'missing_error_boundaries' | 'missing_tracing_wrappers' | 'deprecated_package_migration_mappings' | 'unsafe_env_usage' | 'dangerous_hardcoded_credentials';
 export declare function classifyViolation(issue: string, policy: string): PatternKind | null;
 export declare function detectPattern(content: string, kind: PatternKind): number | null;
 //# sourceMappingURL=patterns.d.ts.map

package/dist/patch-engine/patterns.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/patch-engine/patterns.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,oBAAoB,GAAG,YAAY,CAAC;AAM3E,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAsBnF;AA2ED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,MAAM,GAAG,IAAI,CAO/E"}
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/patch-engine/patterns.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,WAAW,GACnB,UAAU,GACV,oBAAoB,GACpB,YAAY,GACZ,yBAAyB,GACzB,qBAAqB,GACrB,kBAAkB,GAClB,sBAAsB,GACtB,wBAAwB,GACxB,+BAA+B,GAC/B,yBAAyB,GACzB,uBAAuB,GACvB,mBAAmB,GACnB,0BAA0B,GAC1B,8BAA8B,GAC9B,0BAA0B,GAC1B,6BAA6B,GAC7B,sBAAsB,GACtB,8BAA8B,GAC9B,iCAAiC,GACjC,qBAAqB,GACrB,yBAAyB,GACzB,qBAAqB,GACrB,6BAA6B,GAC7B,6BAA6B,GAC7B,kCAAkC,GAClC,yBAAyB,GACzB,0BAA0B,GAC1B,4BAA4B,GAC5B,oBAAoB,GACpB,0BAA0B,GAC1B,0BAA0B,GAC1B,0BAA0B,GAC1B,uCAAuC,GACvC,kBAAkB,GAClB,iCAAiC,CAAC;AA6StC,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAwBnF;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,MAAM,GAAG,IAAI,CAgC/E"}