npm - @oculum/scanner - Versions diffs - 1.0.11 → 1.0.13 - Mend

@oculum/scanner 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1178) hide show

package/dist/ai-context/index.d.ts +6 -0
package/dist/ai-context/index.d.ts.map +1 -0
package/dist/ai-context/index.js +13 -0
package/dist/ai-context/index.js.map +1 -0
package/dist/ai-context/manager.d.ts +67 -0
package/dist/ai-context/manager.d.ts.map +1 -0
package/dist/ai-context/manager.js +104 -0
package/dist/ai-context/manager.js.map +1 -0
package/dist/category-filter.d.ts +125 -0
package/dist/category-filter.d.ts.map +1 -0
package/dist/category-filter.js +360 -0
package/dist/category-filter.js.map +1 -0
package/dist/detect/ai-code/agent-tools.d.ts +22 -0
package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
package/dist/detect/ai-code/agent-tools.js +1509 -0
package/dist/detect/ai-code/agent-tools.js.map +1 -0
package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
package/dist/detect/ai-code/byok-patterns.js +313 -0
package/dist/detect/ai-code/byok-patterns.js.map +1 -0
package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
package/dist/detect/ai-code/endpoint-protection.js +349 -0
package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
package/dist/detect/ai-code/execution-sinks.js +1158 -0
package/dist/detect/ai-code/execution-sinks.js.map +1 -0
package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
package/dist/detect/ai-code/fingerprinting.js +665 -0
package/dist/detect/ai-code/fingerprinting.js.map +1 -0
package/dist/detect/ai-code/index.d.ts +12 -0
package/dist/detect/ai-code/index.d.ts.map +1 -0
package/dist/detect/ai-code/index.js +26 -0
package/dist/detect/ai-code/index.js.map +1 -0
package/dist/detect/ai-code/mcp-security.d.ts +20 -0
package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
package/dist/detect/ai-code/mcp-security.js +880 -0
package/dist/detect/ai-code/mcp-security.js.map +1 -0
package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
package/dist/detect/ai-code/model-supply-chain.js +447 -0
package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
package/dist/detect/ai-code/package-hallucination.js +841 -0
package/dist/detect/ai-code/package-hallucination.js.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
package/dist/detect/ai-code/rag-safety.d.ts +24 -0
package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
package/dist/detect/ai-code/rag-safety.js +913 -0
package/dist/detect/ai-code/rag-safety.js.map +1 -0
package/dist/detect/ai-code/schema-validation.d.ts +28 -0
package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
package/dist/detect/ai-code/schema-validation.js +378 -0
package/dist/detect/ai-code/schema-validation.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts +27 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
package/dist/detect/config/agent-skill-injection.js +472 -0
package/dist/detect/config/agent-skill-injection.js.map +1 -0
package/dist/detect/config/comments.d.ts +11 -0
package/dist/detect/config/comments.d.ts.map +1 -0
package/dist/detect/config/comments.js +206 -0
package/dist/detect/config/comments.js.map +1 -0
package/dist/detect/config/file-flags.d.ts +10 -0
package/dist/detect/config/file-flags.d.ts.map +1 -0
package/dist/detect/config/file-flags.js +124 -0
package/dist/detect/config/file-flags.js.map +1 -0
package/dist/detect/config/index.d.ts +7 -0
package/dist/detect/config/index.d.ts.map +1 -0
package/dist/detect/config/index.js +17 -0
package/dist/detect/config/index.js.map +1 -0
package/dist/detect/config/osv-check.d.ts +75 -0
package/dist/detect/config/osv-check.d.ts.map +1 -0
package/dist/detect/config/osv-check.js +309 -0
package/dist/detect/config/osv-check.js.map +1 -0
package/dist/detect/config/package-check.d.ts +63 -0
package/dist/detect/config/package-check.d.ts.map +1 -0
package/dist/detect/config/package-check.js +509 -0
package/dist/detect/config/package-check.js.map +1 -0
package/dist/detect/config/urls.d.ts +11 -0
package/dist/detect/config/urls.d.ts.map +1 -0
package/dist/detect/config/urls.js +450 -0
package/dist/detect/config/urls.js.map +1 -0
package/dist/detect/index.d.ts +37 -0
package/dist/detect/index.d.ts.map +1 -0
package/dist/detect/index.js +77 -0
package/dist/detect/index.js.map +1 -0
package/dist/detect/secrets/config-audit.d.ts +11 -0
package/dist/detect/secrets/config-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-audit.js +315 -0
package/dist/detect/secrets/config-audit.js.map +1 -0
package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-mcp-audit.js +243 -0
package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
package/dist/detect/secrets/entropy.d.ts +11 -0
package/dist/detect/secrets/entropy.d.ts.map +1 -0
package/dist/detect/secrets/entropy.js +751 -0
package/dist/detect/secrets/entropy.js.map +1 -0
package/dist/detect/secrets/index.d.ts +36 -0
package/dist/detect/secrets/index.d.ts.map +1 -0
package/dist/detect/secrets/index.js +174 -0
package/dist/detect/secrets/index.js.map +1 -0
package/dist/detect/secrets/patterns.d.ts +11 -0
package/dist/detect/secrets/patterns.d.ts.map +1 -0
package/dist/detect/secrets/patterns.js +518 -0
package/dist/detect/secrets/patterns.js.map +1 -0
package/dist/detect/secrets/weak-crypto.d.ts +10 -0
package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
package/dist/detect/secrets/weak-crypto.js +432 -0
package/dist/detect/secrets/weak-crypto.js.map +1 -0
package/dist/detect/structural/auth-patterns.d.ts +22 -0
package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
package/dist/detect/structural/auth-patterns.js +533 -0
package/dist/detect/structural/auth-patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/index.js +1193 -0
package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/detect/structural/data-exposure.d.ts +19 -0
package/dist/detect/structural/data-exposure.d.ts.map +1 -0
package/dist/detect/structural/data-exposure.js +262 -0
package/dist/detect/structural/data-exposure.js.map +1 -0
package/dist/detect/structural/framework-checks.d.ts +10 -0
package/dist/detect/structural/framework-checks.d.ts.map +1 -0
package/dist/detect/structural/framework-checks.js +389 -0
package/dist/detect/structural/framework-checks.js.map +1 -0
package/dist/detect/structural/index.d.ts +71 -0
package/dist/detect/structural/index.d.ts.map +1 -0
package/dist/detect/structural/index.js +510 -0
package/dist/detect/structural/index.js.map +1 -0
package/dist/detect/structural/log-injection.d.ts +18 -0
package/dist/detect/structural/log-injection.d.ts.map +1 -0
package/dist/detect/structural/log-injection.js +217 -0
package/dist/detect/structural/log-injection.js.map +1 -0
package/dist/detect/structural/logic-gates.d.ts +10 -0
package/dist/detect/structural/logic-gates.d.ts.map +1 -0
package/dist/detect/structural/logic-gates.js +227 -0
package/dist/detect/structural/logic-gates.js.map +1 -0
package/dist/detect/structural/risky-imports.d.ts +10 -0
package/dist/detect/structural/risky-imports.d.ts.map +1 -0
package/dist/detect/structural/risky-imports.js +168 -0
package/dist/detect/structural/risky-imports.js.map +1 -0
package/dist/detect/structural/security-headers.d.ts +18 -0
package/dist/detect/structural/security-headers.d.ts.map +1 -0
package/dist/detect/structural/security-headers.js +196 -0
package/dist/detect/structural/security-headers.js.map +1 -0
package/dist/detect/structural/ssrf-detection.d.ts +18 -0
package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
package/dist/detect/structural/ssrf-detection.js +263 -0
package/dist/detect/structural/ssrf-detection.js.map +1 -0
package/dist/detect/structural/variables.d.ts +11 -0
package/dist/detect/structural/variables.d.ts.map +1 -0
package/dist/detect/structural/variables.js +159 -0
package/dist/detect/structural/variables.js.map +1 -0
package/dist/detect/structural/xxe-detection.d.ts +18 -0
package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
package/dist/detect/structural/xxe-detection.js +245 -0
package/dist/detect/structural/xxe-detection.js.map +1 -0
package/dist/filtering/context-adjustments.d.ts +23 -0
package/dist/filtering/context-adjustments.d.ts.map +1 -0
package/dist/filtering/context-adjustments.js +100 -0
package/dist/filtering/context-adjustments.js.map +1 -0
package/dist/filtering/index.d.ts +3 -0
package/dist/filtering/index.d.ts.map +1 -0
package/dist/filtering/index.js +8 -0
package/dist/filtering/index.js.map +1 -0
package/dist/filtering/pipeline.d.ts +48 -0
package/dist/filtering/pipeline.d.ts.map +1 -0
package/dist/filtering/pipeline.js +76 -0
package/dist/filtering/pipeline.js.map +1 -0
package/dist/formatters/ai-context.d.ts +23 -0
package/dist/formatters/ai-context.d.ts.map +1 -0
package/dist/formatters/ai-context.js +238 -0
package/dist/formatters/ai-context.js.map +1 -0
package/dist/formatters/github-comment.d.ts +1 -1
package/dist/formatters/github-comment.d.ts.map +1 -1
package/dist/formatters/github-comment.js +2 -2
package/dist/formatters/github-comment.js.map +1 -1
package/dist/formatters/ide/claude-code.d.ts +17 -0
package/dist/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/formatters/ide/claude-code.js +94 -0
package/dist/formatters/ide/claude-code.js.map +1 -0
package/dist/formatters/ide/cursor.d.ts +13 -0
package/dist/formatters/ide/cursor.d.ts.map +1 -0
package/dist/formatters/ide/cursor.js +125 -0
package/dist/formatters/ide/cursor.js.map +1 -0
package/dist/formatters/ide/index.d.ts +62 -0
package/dist/formatters/ide/index.d.ts.map +1 -0
package/dist/formatters/ide/index.js +184 -0
package/dist/formatters/ide/index.js.map +1 -0
package/dist/formatters/ide/windsurf.d.ts +13 -0
package/dist/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/formatters/ide/windsurf.js +117 -0
package/dist/formatters/ide/windsurf.js.map +1 -0
package/dist/formatters/index.d.ts +2 -0
package/dist/formatters/index.d.ts.map +1 -1
package/dist/formatters/index.js +17 -1
package/dist/formatters/index.js.map +1 -1
package/dist/index.d.ts +17 -60
package/dist/index.d.ts.map +1 -1
package/dist/index.js +67 -824
package/dist/index.js.map +1 -1
package/dist/layer1/comments.d.ts +4 -1
package/dist/layer1/comments.d.ts.map +1 -1
package/dist/layer1/comments.js +1 -1
package/dist/layer1/comments.js.map +1 -1
package/dist/layer1/config-audit.d.ts +4 -1
package/dist/layer1/config-audit.d.ts.map +1 -1
package/dist/layer1/config-audit.js +45 -11
package/dist/layer1/config-audit.js.map +1 -1
package/dist/layer1/config-mcp-audit.d.ts +4 -1
package/dist/layer1/config-mcp-audit.d.ts.map +1 -1
package/dist/layer1/config-mcp-audit.js +2 -2
package/dist/layer1/config-mcp-audit.js.map +1 -1
package/dist/layer1/entropy.d.ts +4 -1
package/dist/layer1/entropy.d.ts.map +1 -1
package/dist/layer1/entropy.js +212 -1
package/dist/layer1/entropy.js.map +1 -1
package/dist/layer1/file-flags.d.ts +4 -1
package/dist/layer1/file-flags.d.ts.map +1 -1
package/dist/layer1/file-flags.js +12 -5
package/dist/layer1/file-flags.js.map +1 -1
package/dist/layer1/index.d.ts.map +1 -1
package/dist/layer1/index.js +14 -19
package/dist/layer1/index.js.map +1 -1
package/dist/layer1/patterns.d.ts +4 -1
package/dist/layer1/patterns.d.ts.map +1 -1
package/dist/layer1/patterns.js +34 -4
package/dist/layer1/patterns.js.map +1 -1
package/dist/layer1/urls.d.ts +4 -1
package/dist/layer1/urls.d.ts.map +1 -1
package/dist/layer1/urls.js +162 -14
package/dist/layer1/urls.js.map +1 -1
package/dist/layer1/weak-crypto.d.ts +4 -1
package/dist/layer1/weak-crypto.d.ts.map +1 -1
package/dist/layer1/weak-crypto.js +144 -7
package/dist/layer1/weak-crypto.js.map +1 -1
package/dist/layer2/ai-agent-tools.d.ts +4 -1
package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
package/dist/layer2/ai-agent-tools.js +661 -2
package/dist/layer2/ai-agent-tools.js.map +1 -1
package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
package/dist/layer2/ai-endpoint-protection.js +1 -1
package/dist/layer2/ai-endpoint-protection.js.map +1 -1
package/dist/layer2/ai-execution-sinks.d.ts +4 -1
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
package/dist/layer2/ai-execution-sinks.js +252 -43
package/dist/layer2/ai-execution-sinks.js.map +1 -1
package/dist/layer2/ai-fingerprinting.d.ts +4 -1
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
package/dist/layer2/ai-fingerprinting.js +25 -32
package/dist/layer2/ai-fingerprinting.js.map +1 -1
package/dist/layer2/ai-mcp-security.d.ts +4 -1
package/dist/layer2/ai-mcp-security.d.ts.map +1 -1
package/dist/layer2/ai-mcp-security.js +200 -2
package/dist/layer2/ai-mcp-security.js.map +1 -1
package/dist/layer2/ai-package-hallucination.d.ts +4 -1
package/dist/layer2/ai-package-hallucination.d.ts.map +1 -1
package/dist/layer2/ai-package-hallucination.js +136 -4
package/dist/layer2/ai-package-hallucination.js.map +1 -1
package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
package/dist/layer2/ai-prompt-hygiene.js +342 -28
package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
package/dist/layer2/ai-rag-safety.d.ts +4 -1
package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
package/dist/layer2/ai-rag-safety.js +82 -2
package/dist/layer2/ai-rag-safety.js.map +1 -1
package/dist/layer2/ai-schema-validation.d.ts +4 -1
package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
package/dist/layer2/ai-schema-validation.js +2 -2
package/dist/layer2/ai-schema-validation.js.map +1 -1
package/dist/layer2/auth-antipatterns.d.ts +2 -0
package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
package/dist/layer2/auth-antipatterns.js +205 -20
package/dist/layer2/auth-antipatterns.js.map +1 -1
package/dist/layer2/byok-patterns.d.ts +4 -1
package/dist/layer2/byok-patterns.d.ts.map +1 -1
package/dist/layer2/byok-patterns.js +2 -2
package/dist/layer2/byok-patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/dom-xss.d.ts +9 -4
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/dom-xss.js +73 -22
package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -1
package/dist/layer2/dangerous-functions/index.d.ts +4 -1
package/dist/layer2/dangerous-functions/index.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/index.js +551 -20
package/dist/layer2/dangerous-functions/index.js.map +1 -1
package/dist/layer2/dangerous-functions/math-random.d.ts +54 -4
package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/math-random.js +241 -16
package/dist/layer2/dangerous-functions/math-random.js.map +1 -1
package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/patterns.js +3 -1
package/dist/layer2/dangerous-functions/patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +3 -2
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/control-flow.js +41 -120
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/helpers.js +26 -3
package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js +14 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -1
package/dist/layer2/data-exposure.d.ts +4 -1
package/dist/layer2/data-exposure.d.ts.map +1 -1
package/dist/layer2/data-exposure.js +11 -38
package/dist/layer2/data-exposure.js.map +1 -1
package/dist/layer2/framework-checks.d.ts +4 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +3 -10
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +13 -1
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +107 -52
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/log-injection.d.ts +18 -0
package/dist/layer2/log-injection.d.ts.map +1 -0
package/dist/layer2/log-injection.js +214 -0
package/dist/layer2/log-injection.js.map +1 -0
package/dist/layer2/logic-gates.d.ts +4 -1
package/dist/layer2/logic-gates.d.ts.map +1 -1
package/dist/layer2/logic-gates.js +54 -20
package/dist/layer2/logic-gates.js.map +1 -1
package/dist/layer2/model-supply-chain.d.ts +4 -1
package/dist/layer2/model-supply-chain.d.ts.map +1 -1
package/dist/layer2/model-supply-chain.js +72 -4
package/dist/layer2/model-supply-chain.js.map +1 -1
package/dist/layer2/risky-imports.d.ts +4 -1
package/dist/layer2/risky-imports.d.ts.map +1 -1
package/dist/layer2/risky-imports.js +2 -2
package/dist/layer2/risky-imports.js.map +1 -1
package/dist/layer2/security-headers.d.ts +18 -0
package/dist/layer2/security-headers.d.ts.map +1 -0
package/dist/layer2/security-headers.js +187 -0
package/dist/layer2/security-headers.js.map +1 -0
package/dist/layer2/ssrf-detection.d.ts +18 -0
package/dist/layer2/ssrf-detection.d.ts.map +1 -0
package/dist/layer2/ssrf-detection.js +252 -0
package/dist/layer2/ssrf-detection.js.map +1 -0
package/dist/layer2/variables.d.ts +4 -1
package/dist/layer2/variables.d.ts.map +1 -1
package/dist/layer2/variables.js +2 -2
package/dist/layer2/variables.js.map +1 -1
package/dist/layer2/xxe-detection.d.ts +18 -0
package/dist/layer2/xxe-detection.d.ts.map +1 -0
package/dist/layer2/xxe-detection.js +242 -0
package/dist/layer2/xxe-detection.js.map +1 -0
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -1
package/dist/layer3/anthropic/auto-dismiss.js +11 -0
package/dist/layer3/anthropic/auto-dismiss.js.map +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/index.js +3 -1
package/dist/layer3/anthropic/prompts/index.js.map +1 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/validation.js +14 -410
package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.js +6 -3
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/openai.js +6 -3
package/dist/layer3/anthropic/providers/openai.js.map +1 -1
package/dist/layer3/anthropic/request-builder.d.ts +11 -4
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
package/dist/layer3/anthropic/request-builder.js +32 -16
package/dist/layer3/anthropic/request-builder.js.map +1 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +2 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
package/dist/layer3/anthropic/utils/index.js +4 -1
package/dist/layer3/anthropic/utils/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts +56 -0
package/dist/model/auth-helper-detector.d.ts.map +1 -0
package/dist/model/auth-helper-detector.js +360 -0
package/dist/model/auth-helper-detector.js.map +1 -0
package/dist/model/cross-file-taint.d.ts +40 -0
package/dist/model/cross-file-taint.d.ts.map +1 -0
package/dist/model/cross-file-taint.js +290 -0
package/dist/model/cross-file-taint.js.map +1 -0
package/dist/model/framework-models/django.d.ts +9 -0
package/dist/model/framework-models/django.d.ts.map +1 -0
package/dist/model/framework-models/django.js +82 -0
package/dist/model/framework-models/django.js.map +1 -0
package/dist/model/framework-models/express.d.ts +9 -0
package/dist/model/framework-models/express.d.ts.map +1 -0
package/dist/model/framework-models/express.js +52 -0
package/dist/model/framework-models/express.js.map +1 -0
package/dist/model/framework-models/index.d.ts +20 -0
package/dist/model/framework-models/index.d.ts.map +1 -0
package/dist/model/framework-models/index.js +102 -0
package/dist/model/framework-models/index.js.map +1 -0
package/dist/model/framework-models/nextjs.d.ts +9 -0
package/dist/model/framework-models/nextjs.d.ts.map +1 -0
package/dist/model/framework-models/nextjs.js +71 -0
package/dist/model/framework-models/nextjs.js.map +1 -0
package/dist/model/framework-models/prisma.d.ts +10 -0
package/dist/model/framework-models/prisma.d.ts.map +1 -0
package/dist/model/framework-models/prisma.js +54 -0
package/dist/model/framework-models/prisma.js.map +1 -0
package/dist/model/framework-models/react.d.ts +9 -0
package/dist/model/framework-models/react.d.ts.map +1 -0
package/dist/model/framework-models/react.js +67 -0
package/dist/model/framework-models/react.js.map +1 -0
package/dist/model/framework-models/sequelize.d.ts +9 -0
package/dist/model/framework-models/sequelize.d.ts.map +1 -0
package/dist/model/framework-models/sequelize.js +62 -0
package/dist/model/framework-models/sequelize.js.map +1 -0
package/dist/model/framework-models/types.d.ts +43 -0
package/dist/model/framework-models/types.d.ts.map +1 -0
package/dist/model/framework-models/types.js +10 -0
package/dist/model/framework-models/types.js.map +1 -0
package/dist/model/function-classifier.d.ts +32 -0
package/dist/model/function-classifier.d.ts.map +1 -0
package/dist/model/function-classifier.js +143 -0
package/dist/model/function-classifier.js.map +1 -0
package/dist/model/import-resolver.d.ts +45 -0
package/dist/model/import-resolver.d.ts.map +1 -0
package/dist/model/import-resolver.js +410 -0
package/dist/model/import-resolver.js.map +1 -0
package/dist/model/imported-auth-detector.d.ts +38 -0
package/dist/model/imported-auth-detector.d.ts.map +1 -0
package/dist/model/imported-auth-detector.js +199 -0
package/dist/model/imported-auth-detector.js.map +1 -0
package/dist/model/index.d.ts +63 -0
package/dist/model/index.d.ts.map +1 -0
package/dist/model/index.js +272 -0
package/dist/model/index.js.map +1 -0
package/dist/model/middleware-detector.d.ts +55 -0
package/dist/model/middleware-detector.d.ts.map +1 -0
package/dist/model/middleware-detector.js +382 -0
package/dist/model/middleware-detector.js.map +1 -0
package/dist/model/module-graph.d.ts +46 -0
package/dist/model/module-graph.d.ts.map +1 -0
package/dist/model/module-graph.js +187 -0
package/dist/model/module-graph.js.map +1 -0
package/dist/model/oauth-flow-detector.d.ts +41 -0
package/dist/model/oauth-flow-detector.d.ts.map +1 -0
package/dist/model/oauth-flow-detector.js +202 -0
package/dist/model/oauth-flow-detector.js.map +1 -0
package/dist/model/project-context.d.ts +119 -0
package/dist/model/project-context.d.ts.map +1 -0
package/dist/model/project-context.js +534 -0
package/dist/model/project-context.js.map +1 -0
package/dist/model/route-auth-resolver.d.ts +27 -0
package/dist/model/route-auth-resolver.d.ts.map +1 -0
package/dist/model/route-auth-resolver.js +182 -0
package/dist/model/route-auth-resolver.js.map +1 -0
package/dist/model/route-discovery/express.d.ts +25 -0
package/dist/model/route-discovery/express.d.ts.map +1 -0
package/dist/model/route-discovery/express.js +225 -0
package/dist/model/route-discovery/express.js.map +1 -0
package/dist/model/route-discovery/index.d.ts +21 -0
package/dist/model/route-discovery/index.d.ts.map +1 -0
package/dist/model/route-discovery/index.js +67 -0
package/dist/model/route-discovery/index.js.map +1 -0
package/dist/model/route-discovery/nextjs.d.ts +16 -0
package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
package/dist/model/route-discovery/nextjs.js +179 -0
package/dist/model/route-discovery/nextjs.js.map +1 -0
package/dist/model/route-discovery/python.d.ts +16 -0
package/dist/model/route-discovery/python.d.ts.map +1 -0
package/dist/model/route-discovery/python.js +181 -0
package/dist/model/route-discovery/python.js.map +1 -0
package/dist/model/route-discovery/types.d.ts +36 -0
package/dist/model/route-discovery/types.d.ts.map +1 -0
package/dist/model/route-discovery/types.js +16 -0
package/dist/model/route-discovery/types.js.map +1 -0
package/dist/model/route-discovery/utils.d.ts +18 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -0
package/dist/model/route-discovery/utils.js +55 -0
package/dist/model/route-discovery/utils.js.map +1 -0
package/dist/model/route-hierarchy.d.ts +50 -0
package/dist/model/route-hierarchy.d.ts.map +1 -0
package/dist/model/route-hierarchy.js +226 -0
package/dist/model/route-hierarchy.js.map +1 -0
package/dist/model/sanitiser-detection.d.ts +27 -0
package/dist/model/sanitiser-detection.d.ts.map +1 -0
package/dist/model/sanitiser-detection.js +224 -0
package/dist/model/sanitiser-detection.js.map +1 -0
package/dist/model/sink-matcher.d.ts +17 -0
package/dist/model/sink-matcher.d.ts.map +1 -0
package/dist/model/sink-matcher.js +141 -0
package/dist/model/sink-matcher.js.map +1 -0
package/dist/model/sink-patterns.d.ts +19 -0
package/dist/model/sink-patterns.d.ts.map +1 -0
package/dist/model/sink-patterns.js +88 -0
package/dist/model/sink-patterns.js.map +1 -0
package/dist/model/source-discovery.d.ts +15 -0
package/dist/model/source-discovery.d.ts.map +1 -0
package/dist/model/source-discovery.js +170 -0
package/dist/model/source-discovery.js.map +1 -0
package/dist/model/taint-tracker.d.ts +21 -0
package/dist/model/taint-tracker.d.ts.map +1 -0
package/dist/model/taint-tracker.js +281 -0
package/dist/model/taint-tracker.js.map +1 -0
package/dist/model/taint-types.d.ts +74 -0
package/dist/model/taint-types.d.ts.map +1 -0
package/dist/model/taint-types.js +9 -0
package/dist/model/taint-types.js.map +1 -0
package/dist/model/trpc-analyzer.d.ts +78 -0
package/dist/model/trpc-analyzer.d.ts.map +1 -0
package/dist/model/trpc-analyzer.js +297 -0
package/dist/model/trpc-analyzer.js.map +1 -0
package/dist/modes/incremental.js +1 -1
package/dist/parse/file-classifier.d.ts +228 -0
package/dist/parse/file-classifier.d.ts.map +1 -0
package/dist/parse/file-classifier.js +933 -0
package/dist/parse/file-classifier.js.map +1 -0
package/dist/parse/path-exclusions.d.ts +55 -0
package/dist/parse/path-exclusions.d.ts.map +1 -0
package/dist/parse/path-exclusions.js +224 -0
package/dist/parse/path-exclusions.js.map +1 -0
package/dist/pipeline/config.d.ts +39 -0
package/dist/pipeline/config.d.ts.map +1 -0
package/dist/pipeline/config.js +46 -0
package/dist/pipeline/config.js.map +1 -0
package/dist/pipeline/index.d.ts +34 -0
package/dist/pipeline/index.d.ts.map +1 -0
package/dist/pipeline/index.js +377 -0
package/dist/pipeline/index.js.map +1 -0
package/dist/pipeline/modes/incremental.d.ts +66 -0
package/dist/pipeline/modes/incremental.d.ts.map +1 -0
package/dist/pipeline/modes/incremental.js +200 -0
package/dist/pipeline/modes/incremental.js.map +1 -0
package/dist/postprocess/aggregation.d.ts +14 -0
package/dist/postprocess/aggregation.d.ts.map +1 -0
package/dist/postprocess/aggregation.js +63 -0
package/dist/postprocess/aggregation.js.map +1 -0
package/dist/postprocess/contradictions.d.ts +18 -0
package/dist/postprocess/contradictions.d.ts.map +1 -0
package/dist/postprocess/contradictions.js +99 -0
package/dist/postprocess/contradictions.js.map +1 -0
package/dist/postprocess/dedup.d.ts +13 -0
package/dist/postprocess/dedup.d.ts.map +1 -0
package/dist/postprocess/dedup.js +58 -0
package/dist/postprocess/dedup.js.map +1 -0
package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
package/dist/postprocess/filtering/context-adjustments.js +100 -0
package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
package/dist/postprocess/filtering/index.d.ts +3 -0
package/dist/postprocess/filtering/index.d.ts.map +1 -0
package/dist/postprocess/filtering/index.js +8 -0
package/dist/postprocess/filtering/index.js.map +1 -0
package/dist/postprocess/filtering/pipeline.d.ts +48 -0
package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
package/dist/postprocess/filtering/pipeline.js +76 -0
package/dist/postprocess/filtering/pipeline.js.map +1 -0
package/dist/postprocess/index.d.ts +41 -0
package/dist/postprocess/index.d.ts.map +1 -0
package/dist/postprocess/index.js +85 -0
package/dist/postprocess/index.js.map +1 -0
package/dist/postprocess/suppression/config-loader.d.ts +74 -0
package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
package/dist/postprocess/suppression/config-loader.js +424 -0
package/dist/postprocess/suppression/config-loader.js.map +1 -0
package/dist/postprocess/suppression/hash.d.ts +48 -0
package/dist/postprocess/suppression/hash.d.ts.map +1 -0
package/dist/postprocess/suppression/hash.js +88 -0
package/dist/postprocess/suppression/hash.js.map +1 -0
package/dist/postprocess/suppression/index.d.ts +11 -0
package/dist/postprocess/suppression/index.d.ts.map +1 -0
package/dist/postprocess/suppression/index.js +39 -0
package/dist/postprocess/suppression/index.js.map +1 -0
package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
package/dist/postprocess/suppression/inline-parser.js +218 -0
package/dist/postprocess/suppression/inline-parser.js.map +1 -0
package/dist/postprocess/suppression/manager.d.ts +94 -0
package/dist/postprocess/suppression/manager.d.ts.map +1 -0
package/dist/postprocess/suppression/manager.js +292 -0
package/dist/postprocess/suppression/manager.js.map +1 -0
package/dist/postprocess/suppression/types.d.ts +151 -0
package/dist/postprocess/suppression/types.d.ts.map +1 -0
package/dist/postprocess/suppression/types.js +28 -0
package/dist/postprocess/suppression/types.js.map +1 -0
package/dist/postprocess/validation-cap.d.ts +17 -0
package/dist/postprocess/validation-cap.d.ts.map +1 -0
package/dist/postprocess/validation-cap.js +64 -0
package/dist/postprocess/validation-cap.js.map +1 -0
package/dist/report/build-result.d.ts +33 -0
package/dist/report/build-result.d.ts.map +1 -0
package/dist/report/build-result.js +59 -0
package/dist/report/build-result.js.map +1 -0
package/dist/report/enrichment.d.ts +19 -0
package/dist/report/enrichment.d.ts.map +1 -0
package/dist/report/enrichment.js +44 -0
package/dist/report/enrichment.js.map +1 -0
package/dist/report/formatters/ai-context.d.ts +23 -0
package/dist/report/formatters/ai-context.d.ts.map +1 -0
package/dist/report/formatters/ai-context.js +238 -0
package/dist/report/formatters/ai-context.js.map +1 -0
package/dist/report/formatters/cli-terminal.d.ts +65 -0
package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
package/dist/report/formatters/cli-terminal.js +735 -0
package/dist/report/formatters/cli-terminal.js.map +1 -0
package/dist/report/formatters/github-comment.d.ts +41 -0
package/dist/report/formatters/github-comment.d.ts.map +1 -0
package/dist/report/formatters/github-comment.js +370 -0
package/dist/report/formatters/github-comment.js.map +1 -0
package/dist/report/formatters/grouping.d.ts +52 -0
package/dist/report/formatters/grouping.d.ts.map +1 -0
package/dist/report/formatters/grouping.js +152 -0
package/dist/report/formatters/grouping.js.map +1 -0
package/dist/report/formatters/ide/claude-code.d.ts +17 -0
package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/report/formatters/ide/claude-code.js +94 -0
package/dist/report/formatters/ide/claude-code.js.map +1 -0
package/dist/report/formatters/ide/cursor.d.ts +13 -0
package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
package/dist/report/formatters/ide/cursor.js +125 -0
package/dist/report/formatters/ide/cursor.js.map +1 -0
package/dist/report/formatters/ide/index.d.ts +62 -0
package/dist/report/formatters/ide/index.d.ts.map +1 -0
package/dist/report/formatters/ide/index.js +184 -0
package/dist/report/formatters/ide/index.js.map +1 -0
package/dist/report/formatters/ide/windsurf.d.ts +13 -0
package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/report/formatters/ide/windsurf.js +117 -0
package/dist/report/formatters/ide/windsurf.js.map +1 -0
package/dist/report/formatters/index.d.ts +11 -0
package/dist/report/formatters/index.d.ts.map +1 -0
package/dist/report/formatters/index.js +54 -0
package/dist/report/formatters/index.js.map +1 -0
package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/report/formatters/vscode-diagnostic.js +151 -0
package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
package/dist/report/summary.d.ts +27 -0
package/dist/report/summary.d.ts.map +1 -0
package/dist/report/summary.js +57 -0
package/dist/report/summary.js.map +1 -0
package/dist/rules/metadata.d.ts.map +1 -1
package/dist/rules/metadata.js +66 -0
package/dist/rules/metadata.js.map +1 -1
package/dist/score/adjustments.d.ts +22 -0
package/dist/score/adjustments.d.ts.map +1 -0
package/dist/score/adjustments.js +373 -0
package/dist/score/adjustments.js.map +1 -0
package/dist/score/auto-dismiss.d.ts +28 -0
package/dist/score/auto-dismiss.d.ts.map +1 -0
package/dist/score/auto-dismiss.js +200 -0
package/dist/score/auto-dismiss.js.map +1 -0
package/dist/score/confidence.d.ts +19 -0
package/dist/score/confidence.d.ts.map +1 -0
package/dist/score/confidence.js +52 -0
package/dist/score/confidence.js.map +1 -0
package/dist/score/index.d.ts +61 -0
package/dist/score/index.d.ts.map +1 -0
package/dist/score/index.js +250 -0
package/dist/score/index.js.map +1 -0
package/dist/score/types.d.ts +160 -0
package/dist/score/types.d.ts.map +1 -0
package/dist/score/types.js +14 -0
package/dist/score/types.js.map +1 -0
package/dist/shared/ai-context/index.d.ts +6 -0
package/dist/shared/ai-context/index.d.ts.map +1 -0
package/dist/shared/ai-context/index.js +13 -0
package/dist/shared/ai-context/index.js.map +1 -0
package/dist/shared/ai-context/manager.d.ts +67 -0
package/dist/shared/ai-context/manager.d.ts.map +1 -0
package/dist/shared/ai-context/manager.js +104 -0
package/dist/shared/ai-context/manager.js.map +1 -0
package/dist/shared/baseline/diff.d.ts +32 -0
package/dist/shared/baseline/diff.d.ts.map +1 -0
package/dist/shared/baseline/diff.js +119 -0
package/dist/shared/baseline/diff.js.map +1 -0
package/dist/shared/baseline/index.d.ts +9 -0
package/dist/shared/baseline/index.d.ts.map +1 -0
package/dist/shared/baseline/index.js +19 -0
package/dist/shared/baseline/index.js.map +1 -0
package/dist/shared/baseline/manager.d.ts +67 -0
package/dist/shared/baseline/manager.d.ts.map +1 -0
package/dist/shared/baseline/manager.js +180 -0
package/dist/shared/baseline/manager.js.map +1 -0
package/dist/shared/baseline/types.d.ts +91 -0
package/dist/shared/baseline/types.d.ts.map +1 -0
package/dist/shared/baseline/types.js +12 -0
package/dist/shared/baseline/types.js.map +1 -0
package/dist/shared/category-filter.d.ts +125 -0
package/dist/shared/category-filter.d.ts.map +1 -0
package/dist/shared/category-filter.js +360 -0
package/dist/shared/category-filter.js.map +1 -0
package/dist/shared/code-analysis.d.ts +39 -0
package/dist/shared/code-analysis.d.ts.map +1 -0
package/dist/shared/code-analysis.js +159 -0
package/dist/shared/code-analysis.js.map +1 -0
package/dist/shared/comment-analyzer.d.ts +38 -0
package/dist/shared/comment-analyzer.d.ts.map +1 -0
package/dist/shared/comment-analyzer.js +218 -0
package/dist/shared/comment-analyzer.js.map +1 -0
package/dist/shared/diff-detector.d.ts +53 -0
package/dist/shared/diff-detector.d.ts.map +1 -0
package/dist/shared/diff-detector.js +104 -0
package/dist/shared/diff-detector.js.map +1 -0
package/dist/shared/diff-parser.d.ts +80 -0
package/dist/shared/diff-parser.d.ts.map +1 -0
package/dist/shared/diff-parser.js +202 -0
package/dist/shared/diff-parser.js.map +1 -0
package/dist/shared/environment-context.d.ts +76 -0
package/dist/shared/environment-context.d.ts.map +1 -0
package/dist/shared/environment-context.js +271 -0
package/dist/shared/environment-context.js.map +1 -0
package/dist/shared/intent-detector.d.ts +66 -0
package/dist/shared/intent-detector.d.ts.map +1 -0
package/dist/shared/intent-detector.js +282 -0
package/dist/shared/intent-detector.js.map +1 -0
package/dist/shared/parsed-file.d.ts +51 -0
package/dist/shared/parsed-file.d.ts.map +1 -0
package/dist/shared/parsed-file.js +95 -0
package/dist/shared/parsed-file.js.map +1 -0
package/dist/shared/registry-clients.d.ts +93 -0
package/dist/shared/registry-clients.d.ts.map +1 -0
package/dist/shared/registry-clients.js +273 -0
package/dist/shared/registry-clients.js.map +1 -0
package/dist/shared/rules/framework-fixes.d.ts +48 -0
package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
package/dist/shared/rules/framework-fixes.js +439 -0
package/dist/shared/rules/framework-fixes.js.map +1 -0
package/dist/shared/rules/index.d.ts +8 -0
package/dist/shared/rules/index.d.ts.map +1 -0
package/dist/shared/rules/index.js +18 -0
package/dist/shared/rules/index.js.map +1 -0
package/dist/shared/rules/metadata.d.ts +43 -0
package/dist/shared/rules/metadata.d.ts.map +1 -0
package/dist/shared/rules/metadata.js +819 -0
package/dist/shared/rules/metadata.js.map +1 -0
package/dist/shared/schema-semantics.d.ts +45 -0
package/dist/shared/schema-semantics.d.ts.map +1 -0
package/dist/shared/schema-semantics.js +193 -0
package/dist/shared/schema-semantics.js.map +1 -0
package/dist/shared/types.d.ts +337 -0
package/dist/shared/types.d.ts.map +1 -0
package/dist/shared/types.js +126 -0
package/dist/shared/types.js.map +1 -0
package/dist/tiers.d.ts +4 -4
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +17 -7
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +79 -9
package/dist/types.d.ts.map +1 -1
package/dist/types.js +34 -0
package/dist/types.js.map +1 -1
package/dist/utils/code-analysis.d.ts +39 -0
package/dist/utils/code-analysis.d.ts.map +1 -0
package/dist/utils/code-analysis.js +159 -0
package/dist/utils/code-analysis.js.map +1 -0
package/dist/utils/comment-analyzer.d.ts +38 -0
package/dist/utils/comment-analyzer.d.ts.map +1 -0
package/dist/utils/comment-analyzer.js +218 -0
package/dist/utils/comment-analyzer.js.map +1 -0
package/dist/utils/context-helpers.d.ts +108 -1
package/dist/utils/context-helpers.d.ts.map +1 -1
package/dist/utils/context-helpers.js +351 -2
package/dist/utils/context-helpers.js.map +1 -1
package/dist/utils/environment-context.d.ts +76 -0
package/dist/utils/environment-context.d.ts.map +1 -0
package/dist/utils/environment-context.js +271 -0
package/dist/utils/environment-context.js.map +1 -0
package/dist/utils/intent-detector.d.ts +66 -0
package/dist/utils/intent-detector.d.ts.map +1 -0
package/dist/utils/intent-detector.js +282 -0
package/dist/utils/intent-detector.js.map +1 -0
package/dist/utils/parsed-file.d.ts +51 -0
package/dist/utils/parsed-file.d.ts.map +1 -0
package/dist/utils/parsed-file.js +95 -0
package/dist/utils/parsed-file.js.map +1 -0
package/dist/utils/route-hierarchy.d.ts +50 -0
package/dist/utils/route-hierarchy.d.ts.map +1 -0
package/dist/utils/route-hierarchy.js +226 -0
package/dist/utils/route-hierarchy.js.map +1 -0
package/dist/utils/schema-semantics.d.ts +45 -0
package/dist/utils/schema-semantics.d.ts.map +1 -0
package/dist/utils/schema-semantics.js +193 -0
package/dist/utils/schema-semantics.js.map +1 -0
package/dist/validate/clients.d.ts +44 -0
package/dist/validate/clients.d.ts.map +1 -0
package/dist/validate/clients.js +81 -0
package/dist/validate/clients.js.map +1 -0
package/dist/validate/index.d.ts +41 -0
package/dist/validate/index.d.ts.map +1 -0
package/dist/validate/index.js +141 -0
package/dist/validate/index.js.map +1 -0
package/dist/validate/prompts/index.d.ts +8 -0
package/dist/validate/prompts/index.d.ts.map +1 -0
package/dist/validate/prompts/index.js +16 -0
package/dist/validate/prompts/index.js.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.js +156 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/validate/prompts/modules/auth-access.js +25 -0
package/dist/validate/prompts/modules/auth-access.js.map +1 -0
package/dist/validate/prompts/modules/common.d.ts +11 -0
package/dist/validate/prompts/modules/common.d.ts.map +1 -0
package/dist/validate/prompts/modules/common.js +186 -0
package/dist/validate/prompts/modules/common.js.map +1 -0
package/dist/validate/prompts/modules/index.d.ts +54 -0
package/dist/validate/prompts/modules/index.d.ts.map +1 -0
package/dist/validate/prompts/modules/index.js +186 -0
package/dist/validate/prompts/modules/index.js.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.js +84 -0
package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.js +22 -0
package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/validate/prompts/semantic-analysis.js +169 -0
package/dist/validate/prompts/semantic-analysis.js.map +1 -0
package/dist/validate/prompts/validation.d.ts +18 -0
package/dist/validate/prompts/validation.d.ts.map +1 -0
package/dist/validate/prompts/validation.js +25 -0
package/dist/validate/prompts/validation.js.map +1 -0
package/dist/validate/providers/anthropic.d.ts +17 -0
package/dist/validate/providers/anthropic.d.ts.map +1 -0
package/dist/validate/providers/anthropic.js +260 -0
package/dist/validate/providers/anthropic.js.map +1 -0
package/dist/validate/providers/index.d.ts +8 -0
package/dist/validate/providers/index.d.ts.map +1 -0
package/dist/validate/providers/index.js +13 -0
package/dist/validate/providers/index.js.map +1 -0
package/dist/validate/providers/openai.d.ts +14 -0
package/dist/validate/providers/openai.d.ts.map +1 -0
package/dist/validate/providers/openai.js +336 -0
package/dist/validate/providers/openai.js.map +1 -0
package/dist/validate/request-builder.d.ts +61 -0
package/dist/validate/request-builder.d.ts.map +1 -0
package/dist/validate/request-builder.js +346 -0
package/dist/validate/request-builder.js.map +1 -0
package/dist/validate/types.d.ts +88 -0
package/dist/validate/types.d.ts.map +1 -0
package/dist/validate/types.js +38 -0
package/dist/validate/types.js.map +1 -0
package/dist/validate/utils/context-extractor.d.ts +55 -0
package/dist/validate/utils/context-extractor.d.ts.map +1 -0
package/dist/validate/utils/context-extractor.js +161 -0
package/dist/validate/utils/context-extractor.js.map +1 -0
package/dist/validate/utils/index.d.ts +11 -0
package/dist/validate/utils/index.d.ts.map +1 -0
package/dist/validate/utils/index.js +27 -0
package/dist/validate/utils/index.js.map +1 -0
package/dist/validate/utils/path-helpers.d.ts +21 -0
package/dist/validate/utils/path-helpers.d.ts.map +1 -0
package/dist/validate/utils/path-helpers.js +69 -0
package/dist/validate/utils/path-helpers.js.map +1 -0
package/dist/validate/utils/response-parser.d.ts +40 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -0
package/dist/validate/utils/response-parser.js +286 -0
package/dist/validate/utils/response-parser.js.map +1 -0
package/dist/validate/utils/retry.d.ts +15 -0
package/dist/validate/utils/retry.d.ts.map +1 -0
package/dist/validate/utils/retry.js +62 -0
package/dist/validate/utils/retry.js.map +1 -0
package/package.json +8 -7
package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +27 -0
package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
package/src/__tests__/benchmark/run-depth-validation.ts +12 -12
package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
package/src/__tests__/benchmark/types.ts +1 -1
package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
package/src/__tests__/category-filter.test.ts +478 -0
package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
package/src/__tests__/context-engine/framework-models.test.ts +457 -0
package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
package/src/__tests__/context-engine/integration.test.ts +320 -0
package/src/__tests__/context-engine/module-graph.test.ts +159 -0
package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
package/src/__tests__/regression/known-false-positives.test.ts +801 -3
package/src/__tests__/score/adjustments.test.ts +385 -0
package/src/__tests__/score/confidence.test.ts +283 -0
package/src/__tests__/score/framework-scoring.test.ts +275 -0
package/src/__tests__/score/route-scoring.test.ts +156 -0
package/src/__tests__/score/scoring-integration.test.ts +165 -0
package/src/__tests__/score/taint-adjustments.test.ts +244 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +50 -58
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -12
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +3 -3
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
package/src/__tests__/validate/route-annotations.test.ts +138 -0
package/src/__tests__/validation/analyze-results.ts +1 -1
package/src/__tests__/validation/extract-for-triage.ts +1 -1
package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
package/src/__tests__/validation/run-validation.ts +7 -7
package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +729 -4
package/src/{layer2 → detect/ai-code}/byok-patterns.ts +20 -6
package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +10 -4
package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +272 -46
package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +46 -34
package/src/detect/ai-code/index.ts +11 -0
package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +212 -5
package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +85 -6
package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +170 -6
package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +393 -28
package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +91 -4
package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +10 -4
package/src/detect/config/agent-skill-injection.ts +551 -0
package/src/{layer1 → detect/config}/comments.ts +8 -2
package/src/{layer1 → detect/config}/file-flags.ts +23 -6
package/src/detect/config/index.ts +6 -0
package/src/{layer3 → detect/config}/osv-check.ts +3 -2
package/src/{layer3 → detect/config}/package-check.ts +3 -2
package/src/{layer1 → detect/config}/urls.ts +196 -15
package/src/detect/index.ts +131 -0
package/src/{layer1 → detect/secrets}/config-audit.ts +56 -12
package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +11 -4
package/src/{layer1 → detect/secrets}/entropy.ts +256 -11
package/src/{layer1 → detect/secrets}/index.ts +43 -46
package/src/{layer1 → detect/secrets}/patterns.ts +51 -6
package/src/{layer1 → detect/secrets}/weak-crypto.ts +174 -17
package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +249 -27
package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +94 -22
package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +672 -65
package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +269 -17
package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +4 -2
package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
package/src/detect/structural/dangerous-functions/utils/control-flow.ts +35 -0
package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +16 -1
package/src/{layer2 → detect/structural}/data-exposure.ts +23 -40
package/src/{layer2 → detect/structural}/framework-checks.ts +13 -12
package/src/{layer2 → detect/structural}/index.ts +144 -122
package/src/detect/structural/log-injection.ts +254 -0
package/src/{layer2 → detect/structural}/logic-gates.ts +69 -24
package/src/{layer2 → detect/structural}/risky-imports.ts +10 -4
package/src/detect/structural/security-headers.ts +231 -0
package/src/detect/structural/ssrf-detection.ts +300 -0
package/src/{layer2 → detect/structural}/variables.ts +10 -4
package/src/detect/structural/xxe-detection.ts +295 -0
package/src/index.ts +64 -1038
package/src/{utils → model}/auth-helper-detector.ts +1 -1
package/src/model/cross-file-taint.ts +374 -0
package/src/model/framework-models/django.ts +82 -0
package/src/model/framework-models/express.ts +54 -0
package/src/model/framework-models/index.ts +116 -0
package/src/model/framework-models/nextjs.ts +69 -0
package/src/model/framework-models/prisma.ts +57 -0
package/src/model/framework-models/react.ts +63 -0
package/src/model/framework-models/sequelize.ts +63 -0
package/src/model/framework-models/types.ts +46 -0
package/src/model/function-classifier.ts +184 -0
package/src/model/import-resolver.ts +453 -0
package/src/{utils → model}/imported-auth-detector.ts +21 -85
package/src/model/index.ts +353 -0
package/src/{utils → model}/middleware-detector.ts +156 -17
package/src/model/module-graph.ts +254 -0
package/src/{utils → model}/oauth-flow-detector.ts +1 -1
package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
package/src/model/route-auth-resolver.ts +216 -0
package/src/model/route-discovery/express.ts +251 -0
package/src/model/route-discovery/index.ts +83 -0
package/src/model/route-discovery/nextjs.ts +216 -0
package/src/model/route-discovery/python.ts +214 -0
package/src/model/route-discovery/types.ts +48 -0
package/src/model/route-discovery/utils.ts +54 -0
package/src/model/route-hierarchy.ts +250 -0
package/src/model/sanitiser-detection.ts +268 -0
package/src/model/sink-matcher.ts +178 -0
package/src/model/sink-patterns.ts +109 -0
package/src/model/source-discovery.ts +209 -0
package/src/model/taint-tracker.ts +333 -0
package/src/model/taint-types.ts +149 -0
package/src/{utils → model}/trpc-analyzer.ts +1 -1
package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +462 -2
package/src/{utils → parse}/path-exclusions.ts +1 -1
package/src/pipeline/config.ts +81 -0
package/src/pipeline/index.ts +437 -0
package/src/{modes → pipeline/modes}/incremental.ts +6 -6
package/src/postprocess/aggregation.ts +74 -0
package/src/postprocess/contradictions.ts +128 -0
package/src/postprocess/dedup.ts +62 -0
package/src/postprocess/filtering/__tests__/pipeline.test.ts +134 -0
package/src/postprocess/filtering/context-adjustments.ts +111 -0
package/src/postprocess/filtering/index.ts +10 -0
package/src/postprocess/filtering/pipeline.ts +130 -0
package/src/postprocess/index.ts +118 -0
package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
package/src/{suppression → postprocess/suppression}/types.ts +2 -2
package/src/postprocess/validation-cap.ts +66 -0
package/src/report/build-result.ts +94 -0
package/src/report/enrichment.ts +52 -0
package/src/report/formatters/__tests__/ai-context.test.ts +254 -0
package/src/report/formatters/ai-context.ts +302 -0
package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
package/src/{formatters → report/formatters}/github-comment.ts +4 -4
package/src/{formatters → report/formatters}/grouping.ts +8 -8
package/src/report/formatters/ide/__tests__/ide.test.ts +319 -0
package/src/report/formatters/ide/claude-code.ts +110 -0
package/src/report/formatters/ide/cursor.ts +147 -0
package/src/report/formatters/ide/index.ts +216 -0
package/src/report/formatters/ide/windsurf.ts +135 -0
package/src/{formatters → report/formatters}/index.ts +24 -0
package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
package/src/report/summary.ts +70 -0
package/src/score/adjustments.ts +387 -0
package/src/{layer3/anthropic → score}/auto-dismiss.ts +26 -14
package/src/score/confidence.ts +66 -0
package/src/score/index.ts +316 -0
package/src/score/types.ts +187 -0
package/src/shared/__tests__/code-analysis.test.ts +165 -0
package/src/shared/__tests__/parsed-file.test.ts +124 -0
package/src/shared/ai-context/__tests__/manager.test.ts +193 -0
package/src/shared/ai-context/index.ts +15 -0
package/src/shared/ai-context/manager.ts +145 -0
package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +2 -2
package/src/{baseline → shared/baseline}/diff.ts +1 -1
package/src/{baseline → shared/baseline}/manager.ts +1 -1
package/src/shared/category-filter.ts +400 -0
package/src/{layer2/dangerous-functions/utils/control-flow.ts → shared/code-analysis.ts} +56 -39
package/src/shared/comment-analyzer.ts +249 -0
package/src/shared/environment-context.ts +304 -0
package/src/shared/intent-detector.ts +318 -0
package/src/shared/parsed-file.ts +103 -0
package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
package/src/{rules → shared/rules}/metadata.ts +94 -0
package/src/shared/schema-semantics.ts +233 -0
package/src/{types.ts → shared/types.ts} +142 -11
package/src/tiers.ts +27 -10
package/src/validate/__tests__/context-extractor.test.ts +191 -0
package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
package/src/validate/__tests__/request-builder.test.ts +347 -0
package/src/{layer3/anthropic → validate}/index.ts +8 -7
package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
package/src/validate/prompts/modules/ai-patterns.ts +153 -0
package/src/validate/prompts/modules/auth-access.ts +22 -0
package/src/validate/prompts/modules/common.ts +183 -0
package/src/validate/prompts/modules/index.ts +204 -0
package/src/validate/prompts/modules/owasp-classic.ts +81 -0
package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
package/src/validate/prompts/modules/xss-prompt.ts +19 -0
package/src/validate/prompts/validation.ts +20 -0
package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
package/src/validate/providers/index.ts +8 -0
package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
package/src/validate/request-builder.ts +448 -0
package/src/{layer3/anthropic → validate}/types.ts +1 -1
package/src/validate/utils/context-extractor.ts +220 -0
package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
package/src/layer3/anthropic/prompts/validation.ts +0 -419
package/src/layer3/anthropic/providers/index.ts +0 -8
package/src/layer3/anthropic/request-builder.ts +0 -150
package/src/layer3/index.ts +0 -168
/package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
/package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/types.ts +0 -0
/package/src/{utils → shared}/diff-detector.ts +0 -0
/package/src/{utils → shared}/diff-parser.ts +0 -0
/package/src/{utils → shared}/registry-clients.ts +0 -0
/package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
/package/src/{rules → shared/rules}/index.ts +0 -0
/package/src/{layer3/anthropic → validate}/clients.ts +0 -0
/package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0

package/dist/utils/parsed-file.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * ParsedFile - Shared file representation for all detectors
+ *
+ * Provides lazy-cached line splitting and common context-extraction
+ * operations, eliminating duplicated content.split('\n') calls across 26+ detectors.
+ */
+export declare class ParsedFile {
+    readonly content: string;
+    readonly filePath: string;
+    private _lines;
+    constructor(content: string, filePath: string);
+    /** Lazy-cached array of lines from content.split('\n') */
+    get lines(): string[];
+    /** Number of lines in the file */
+    get lineCount(): number;
+    /** Get a single line by 0-based index. Returns '' for out-of-bounds. */
+    line(index: number): string;
+    /**
+     * Get surrounding lines around a center index, clamped to file bounds.
+     * @param lineIndex 0-based center line
+     * @param windowSize number of lines before and after center
+     */
+    getSurroundingLines(lineIndex: number, windowSize: number): {
+        lines: string[];
+        startIndex: number;
+        endIndex: number;
+        text: string;
+    };
+    /**
+     * Get a range of lines as a joined string.
+     * @param start 0-based start (inclusive), clamped to bounds
+     * @param end 0-based end (inclusive), clamped to bounds
+     */
+    getLineRange(start: number, end: number): string;
+    /** Construct from a ScanFile-like object with content and path */
+    static from(file: {
+        content: string;
+        path: string;
+    }): ParsedFile;
+}
+/**
+ * Numeric rank for severity comparisons.
+ * Only relative ordering matters — used for keeping the higher-severity finding
+ * during deduplication and merge operations.
+ */
+export declare function severityRank(severity: string): number;
+/**
+ * Numeric rank for confidence comparisons.
+ */
+export declare function confidenceRank(confidence: string): number;
+//# sourceMappingURL=parsed-file.d.ts.map

package/dist/utils/parsed-file.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parsed-file.d.ts","sourceRoot":"","sources":["../../src/utils/parsed-file.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,qBAAa,UAAU;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,OAAO,CAAC,MAAM,CAAwB;gBAE1B,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM;IAK7C,0DAA0D;IAC1D,IAAI,KAAK,IAAI,MAAM,EAAE,CAKpB;IAED,kCAAkC;IAClC,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,wEAAwE;IACxE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAK3B;;;;OAIG;IACH,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG;QAC1D,KAAK,EAAE,MAAM,EAAE,CAAA;QACf,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;QAChB,IAAI,EAAE,MAAM,CAAA;KACb;IAYD;;;;OAIG;IACH,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM;IAOhD,kEAAkE;IAClE,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,UAAU;CAGjE;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CASrD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAOzD"}

package/dist/utils/parsed-file.js ADDED Viewed

@@ -0,0 +1,95 @@
+"use strict";
+/**
+ * ParsedFile - Shared file representation for all detectors
+ *
+ * Provides lazy-cached line splitting and common context-extraction
+ * operations, eliminating duplicated content.split('\n') calls across 26+ detectors.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ParsedFile = void 0;
+exports.severityRank = severityRank;
+exports.confidenceRank = confidenceRank;
+class ParsedFile {
+    constructor(content, filePath) {
+        this._lines = null;
+        this.content = content;
+        this.filePath = filePath;
+    }
+    /** Lazy-cached array of lines from content.split('\n') */
+    get lines() {
+        if (this._lines === null) {
+            this._lines = this.content.split('\n');
+        }
+        return this._lines;
+    }
+    /** Number of lines in the file */
+    get lineCount() {
+        return this.lines.length;
+    }
+    /** Get a single line by 0-based index. Returns '' for out-of-bounds. */
+    line(index) {
+        if (index < 0 || index >= this.lines.length)
+            return '';
+        return this.lines[index];
+    }
+    /**
+     * Get surrounding lines around a center index, clamped to file bounds.
+     * @param lineIndex 0-based center line
+     * @param windowSize number of lines before and after center
+     */
+    getSurroundingLines(lineIndex, windowSize) {
+        const startIndex = Math.max(0, lineIndex - windowSize);
+        const endIndex = Math.min(this.lines.length - 1, lineIndex + windowSize);
+        const slice = this.lines.slice(startIndex, endIndex + 1);
+        return {
+            lines: slice,
+            startIndex,
+            endIndex,
+            text: slice.join('\n'),
+        };
+    }
+    /**
+     * Get a range of lines as a joined string.
+     * @param start 0-based start (inclusive), clamped to bounds
+     * @param end 0-based end (inclusive), clamped to bounds
+     */
+    getLineRange(start, end) {
+        const s = Math.max(0, start);
+        const e = Math.min(this.lines.length - 1, end);
+        if (s > e)
+            return '';
+        return this.lines.slice(s, e + 1).join('\n');
+    }
+    /** Construct from a ScanFile-like object with content and path */
+    static from(file) {
+        return new ParsedFile(file.content, file.path);
+    }
+}
+exports.ParsedFile = ParsedFile;
+/**
+ * Numeric rank for severity comparisons.
+ * Only relative ordering matters — used for keeping the higher-severity finding
+ * during deduplication and merge operations.
+ */
+function severityRank(severity) {
+    const ranks = {
+        critical: 5,
+        high: 4,
+        medium: 3,
+        low: 2,
+        info: 1,
+    };
+    return ranks[severity] || 0;
+}
+/**
+ * Numeric rank for confidence comparisons.
+ */
+function confidenceRank(confidence) {
+    const ranks = {
+        high: 3,
+        medium: 2,
+        low: 1,
+    };
+    return ranks[confidence] || 0;
+}
+//# sourceMappingURL=parsed-file.js.map

package/dist/utils/parsed-file.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parsed-file.js","sourceRoot":"","sources":["../../src/utils/parsed-file.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AA4EH,oCASC;AAKD,wCAOC;AA/FD,MAAa,UAAU;IAKrB,YAAY,OAAe,EAAE,QAAgB;QAFrC,WAAM,GAAoB,IAAI,CAAA;QAGpC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAA;IAC1B,CAAC;IAED,0DAA0D;IAC1D,IAAI,KAAK;QACP,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QACxC,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;IAED,kCAAkC;IAClC,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAA;IAC1B,CAAC;IAED,wEAAwE;IACxE,IAAI,CAAC,KAAa;QAChB,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM;YAAE,OAAO,EAAE,CAAA;QACtD,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAED;;;;OAIG;IACH,mBAAmB,CAAC,SAAiB,EAAE,UAAkB;QAMvD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;QACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,SAAS,GAAG,UAAU,CAAC,CAAA;QACxE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAA;QACxD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,UAAU;YACV,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;SACvB,CAAA;IACH,CAAC;IAED;;;;OAIG;IACH,YAAY,CAAC,KAAa,EAAE,GAAW;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;QAC5B,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,GAAG,CAAC,CAAA;QAC9C,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,EAAE,CAAA;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC;IAED,kEAAkE;IAClE,MAAM,CAAC,IAAI,CAAC,IAAuC;QACjD,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;IAChD,CAAC;CACF;AAnED,gCAmEC;AAED;;;;GAIG;AACH,SAAgB,YAAY,CAAC,QAAgB;IAC3C,MAAM,KAAK,GAA2B;QACpC,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;QACN,IAAI,EAAE,CAAC;KACR,CAAA;IACD,OAAO,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AAC7B,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,UAAkB;IAC/C,MAAM,KAAK,GAA2B;QACpC,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;KACP,CAAA;IACD,OAAO,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAA;AAC/B,CAAC"}

package/dist/utils/route-hierarchy.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Route Hierarchy Utility
+ * Understands framework-specific route hierarchy conventions
+ *
+ * This addresses false positives where routes inside authenticated layouts
+ * are flagged for "missing auth" when they inherit protection from parents.
+ *
+ * Key insight: Modern frameworks use layouts/middleware that protect entire
+ * route subtrees - child routes inherit this protection.
+ */
+export interface RouteProtectionContext {
+    /** Whether this route is in a protected hierarchy */
+    isInProtectedHierarchy: boolean;
+    /** Sources of protection (e.g., ["Remix _authenticated+ layout"]) */
+    protectionSource: string[];
+    /** Framework detected */
+    framework?: 'remix' | 'nextjs' | 'sveltekit' | 'nuxt' | 'unknown';
+    /** Whether this is in an admin section */
+    isAdminRoute: boolean;
+}
+/**
+ * Get route protection context for a file path
+ *
+ * @param filePath - The full file path to analyze
+ * @returns RouteProtectionContext with protection information
+ */
+export declare function getRouteProtectionContext(filePath: string): RouteProtectionContext;
+/**
+ * Check if a file path is inside a protected route hierarchy
+ *
+ * @param filePath - The full file path
+ * @returns true if the route is protected by its hierarchy
+ */
+export declare function isProtectedByRouteHierarchy(filePath: string): boolean;
+/**
+ * Check if a file path is inside an admin route section
+ *
+ * @param filePath - The full file path
+ * @returns true if this is an admin route
+ */
+export declare function isAdminRoute(filePath: string): boolean;
+/**
+ * Check if a component is likely used only within authenticated routes
+ * Useful for components in /components/admin/ or similar
+ *
+ * @param filePath - The full file path
+ * @returns true if this component is likely only used in authenticated contexts
+ */
+export declare function isAuthenticatedOnlyComponent(filePath: string): boolean;
+//# sourceMappingURL=route-hierarchy.d.ts.map

package/dist/utils/route-hierarchy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route-hierarchy.d.ts","sourceRoot":"","sources":["../../src/utils/route-hierarchy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,sBAAsB;IACrC,qDAAqD;IACrD,sBAAsB,EAAE,OAAO,CAAA;IAC/B,qEAAqE;IACrE,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,yBAAyB;IACzB,SAAS,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,WAAW,GAAG,MAAM,GAAG,SAAS,CAAA;IACjE,0CAA0C;IAC1C,YAAY,EAAE,OAAO,CAAA;CACtB;AAiHD;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG,sBAAsB,CA8DlF;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAGrE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAGtD;AAED;;;;;;GAMG;AACH,wBAAgB,4BAA4B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAiBtE"}

package/dist/utils/route-hierarchy.js ADDED Viewed

@@ -0,0 +1,226 @@
+"use strict";
+/**
+ * Route Hierarchy Utility
+ * Understands framework-specific route hierarchy conventions
+ *
+ * This addresses false positives where routes inside authenticated layouts
+ * are flagged for "missing auth" when they inherit protection from parents.
+ *
+ * Key insight: Modern frameworks use layouts/middleware that protect entire
+ * route subtrees - child routes inherit this protection.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRouteProtectionContext = getRouteProtectionContext;
+exports.isProtectedByRouteHierarchy = isProtectedByRouteHierarchy;
+exports.isAdminRoute = isAdminRoute;
+exports.isAuthenticatedOnlyComponent = isAuthenticatedOnlyComponent;
+/**
+ * Framework-specific route conventions
+ */
+const FRAMEWORK_ROUTE_CONVENTIONS = {
+    remix: {
+        // Pathless layout routes - children inherit from parent
+        protectedLayouts: [
+            { pattern: /_authenticated\+/, name: 'Remix _authenticated+ layout' },
+            { pattern: /\(authenticated\)/, name: 'Remix (authenticated) route group' },
+            { pattern: /_protected\+/, name: 'Remix _protected+ layout' },
+            { pattern: /\(protected\)/, name: 'Remix (protected) route group' },
+            { pattern: /__authenticated/, name: 'Remix __authenticated layout' },
+            { pattern: /_auth\+/, name: 'Remix _auth+ layout' },
+        ],
+        adminLayouts: [
+            { pattern: /admin\+/, name: 'Remix admin+ layout' },
+            { pattern: /\(admin\)/, name: 'Remix (admin) route group' },
+            { pattern: /_admin\+/, name: 'Remix _admin+ layout' },
+            { pattern: /__admin/, name: 'Remix __admin layout' },
+        ],
+        // Detection pattern for Remix routes
+        routeDetection: /routes\//,
+    },
+    nextjs: {
+        protectedGroups: [
+            { pattern: /\(authenticated\)/, name: 'Next.js (authenticated) route group' },
+            { pattern: /\(protected\)/, name: 'Next.js (protected) route group' },
+            { pattern: /\(dashboard\)/, name: 'Next.js (dashboard) route group' },
+            { pattern: /\(private\)/, name: 'Next.js (private) route group' },
+            { pattern: /\(secure\)/, name: 'Next.js (secure) route group' },
+            { pattern: /\(user\)/, name: 'Next.js (user) route group' },
+            { pattern: /\(account\)/, name: 'Next.js (account) route group' },
+            { pattern: /\(app\)/, name: 'Next.js (app) route group' },
+        ],
+        adminGroups: [
+            { pattern: /\(admin\)/, name: 'Next.js (admin) route group' },
+        ],
+        // Detection pattern for Next.js App Router
+        routeDetection: /\/app\//,
+    },
+    sveltekit: {
+        protectedGroups: [
+            { pattern: /\(authenticated\)/, name: 'SvelteKit (authenticated) group' },
+            { pattern: /\(protected\)/, name: 'SvelteKit (protected) group' },
+            { pattern: /\(authed\)/, name: 'SvelteKit (authed) group' },
+        ],
+        adminGroups: [
+            { pattern: /\(admin\)/, name: 'SvelteKit (admin) group' },
+        ],
+        routeDetection: /\/routes\//,
+    },
+};
+/**
+ * Generic protected path patterns (framework-agnostic)
+ */
+const GENERIC_PROTECTED_PATTERNS = [
+    // Dashboard sections typically require auth
+    { pattern: /\/dashboard\//, name: 'Dashboard section' },
+    // Account/settings sections
+    { pattern: /\/account\//, name: 'Account section' },
+    { pattern: /\/settings\//, name: 'Settings section' },
+    { pattern: /\/profile\//, name: 'Profile section' },
+    // Admin sections
+    { pattern: /\/admin\//, name: 'Admin section' },
+    // User-specific routes with dynamic segments
+    { pattern: /\/users\/\[/, name: 'User-specific route' },
+    { pattern: /\/user\/\[/, name: 'User-specific route' },
+    // My-* routes (personal content)
+    { pattern: /\/my-/, name: 'Personal content route' },
+];
+/**
+ * Admin path patterns
+ */
+const ADMIN_PATH_PATTERNS = [
+    /\/admin\//i,
+    /\(admin\)/i,
+    /_admin\+/i,
+    /admin\+/i,
+    /\/backoffice\//i,
+    /\/management\//i,
+];
+/**
+ * Detect which framework this file belongs to
+ */
+function detectFramework(filePath) {
+    // Check for Remix patterns
+    if (FRAMEWORK_ROUTE_CONVENTIONS.remix.routeDetection.test(filePath)) {
+        // Remix uses routes/ directory
+        if (/_authenticated\+|_\w+\+/.test(filePath)) {
+            return 'remix';
+        }
+    }
+    // Check for Next.js App Router patterns
+    if (FRAMEWORK_ROUTE_CONVENTIONS.nextjs.routeDetection.test(filePath)) {
+        return 'nextjs';
+    }
+    // Check for SvelteKit patterns
+    if (FRAMEWORK_ROUTE_CONVENTIONS.sveltekit.routeDetection.test(filePath)) {
+        return 'sveltekit';
+    }
+    return 'unknown';
+}
+/**
+ * Get route protection context for a file path
+ *
+ * @param filePath - The full file path to analyze
+ * @returns RouteProtectionContext with protection information
+ */
+function getRouteProtectionContext(filePath) {
+    const sources = [];
+    const framework = detectFramework(filePath);
+    let isAdminRoute = false;
+    // Check Remix conventions
+    for (const layout of FRAMEWORK_ROUTE_CONVENTIONS.remix.protectedLayouts) {
+        if (layout.pattern.test(filePath)) {
+            sources.push(layout.name);
+        }
+    }
+    for (const layout of FRAMEWORK_ROUTE_CONVENTIONS.remix.adminLayouts) {
+        if (layout.pattern.test(filePath)) {
+            sources.push(layout.name);
+            isAdminRoute = true;
+        }
+    }
+    // Check Next.js conventions
+    for (const group of FRAMEWORK_ROUTE_CONVENTIONS.nextjs.protectedGroups) {
+        if (group.pattern.test(filePath)) {
+            sources.push(group.name);
+        }
+    }
+    for (const group of FRAMEWORK_ROUTE_CONVENTIONS.nextjs.adminGroups) {
+        if (group.pattern.test(filePath)) {
+            sources.push(group.name);
+            isAdminRoute = true;
+        }
+    }
+    // Check SvelteKit conventions
+    for (const group of FRAMEWORK_ROUTE_CONVENTIONS.sveltekit.protectedGroups) {
+        if (group.pattern.test(filePath)) {
+            sources.push(group.name);
+        }
+    }
+    for (const group of FRAMEWORK_ROUTE_CONVENTIONS.sveltekit.adminGroups) {
+        if (group.pattern.test(filePath)) {
+            sources.push(group.name);
+            isAdminRoute = true;
+        }
+    }
+    // Check generic protected patterns
+    for (const pattern of GENERIC_PROTECTED_PATTERNS) {
+        if (pattern.pattern.test(filePath)) {
+            sources.push(pattern.name);
+        }
+    }
+    // Check if this is an admin route
+    if (!isAdminRoute) {
+        isAdminRoute = ADMIN_PATH_PATTERNS.some(pattern => pattern.test(filePath));
+    }
+    return {
+        isInProtectedHierarchy: sources.length > 0,
+        protectionSource: sources,
+        framework,
+        isAdminRoute,
+    };
+}
+/**
+ * Check if a file path is inside a protected route hierarchy
+ *
+ * @param filePath - The full file path
+ * @returns true if the route is protected by its hierarchy
+ */
+function isProtectedByRouteHierarchy(filePath) {
+    const context = getRouteProtectionContext(filePath);
+    return context.isInProtectedHierarchy;
+}
+/**
+ * Check if a file path is inside an admin route section
+ *
+ * @param filePath - The full file path
+ * @returns true if this is an admin route
+ */
+function isAdminRoute(filePath) {
+    const context = getRouteProtectionContext(filePath);
+    return context.isAdminRoute;
+}
+/**
+ * Check if a component is likely used only within authenticated routes
+ * Useful for components in /components/admin/ or similar
+ *
+ * @param filePath - The full file path
+ * @returns true if this component is likely only used in authenticated contexts
+ */
+function isAuthenticatedOnlyComponent(filePath) {
+    const authenticatedComponentPatterns = [
+        /\/components\/admin\//i,
+        /\/components\/dashboard\//i,
+        /\/components\/user\//i,
+        /\/components\/account\//i,
+        /\/components\/settings\//i,
+        /\/components\/protected\//i,
+        /\/components\/private\//i,
+        /\/components\/authenticated\//i,
+        // Features that are inherently authenticated
+        /\/features\/dashboard\//i,
+        /\/features\/admin\//i,
+        /\/features\/account\//i,
+    ];
+    return authenticatedComponentPatterns.some(pattern => pattern.test(filePath));
+}
+//# sourceMappingURL=route-hierarchy.js.map

package/dist/utils/route-hierarchy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route-hierarchy.js","sourceRoot":"","sources":["../../src/utils/route-hierarchy.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AAkIH,8DA8DC;AAQD,kEAGC;AAQD,oCAGC;AASD,oEAiBC;AAnOD;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,KAAK,EAAE;QACL,wDAAwD;QACxD,gBAAgB,EAAE;YAChB,EAAE,OAAO,EAAE,kBAAkB,EAAE,IAAI,EAAE,8BAA8B,EAAE;YACrE,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,mCAAmC,EAAE;YAC3E,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,0BAA0B,EAAE;YAC7D,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,+BAA+B,EAAE;YACnE,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,EAAE,8BAA8B,EAAE;YACpE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,qBAAqB,EAAE;SACpD;QACD,YAAY,EAAE;YACZ,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,qBAAqB,EAAE;YACnD,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,2BAA2B,EAAE;YAC3D,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,sBAAsB,EAAE;YACrD,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,sBAAsB,EAAE;SACrD;QACD,qCAAqC;QACrC,cAAc,EAAE,UAAU;KAC3B;IAED,MAAM,EAAE;QACN,eAAe,EAAE;YACf,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,qCAAqC,EAAE;YAC7E,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,iCAAiC,EAAE;YACrE,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,iCAAiC,EAAE;YACrE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,+BAA+B,EAAE;YACjE,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,8BAA8B,EAAE;YAC/D,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,4BAA4B,EAAE;YAC3D,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,+BAA+B,EAAE;YACjE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,2BAA2B,EAAE;SAC1D;QACD,WAAW,EAAE;YACX,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,6BAA6B,EAAE;SAC9D;QACD,2CAA2C;QAC3C,cAAc,EAAE,SAAS;KAC1B;IAED,SAAS,EAAE;QACT,eAAe,EAAE;YACf,EAAE,OAAO,EAAE,mBAAmB,EAAE,IAAI,EAAE,iCAAiC,EAAE;YACzE,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,6BAA6B,EAAE;YACjE,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,0BAA0B,EAAE;SAC5D;QACD,WAAW,EAAE;YACX,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,yBAAyB,EAAE;SAC1D;QACD,cAAc,EAAE,YAAY;KAC7B;CACF,CAAA;AAED;;GAEG;AACH,MAAM,0BAA0B,GAAG;IACjC,4CAA4C;IAC5C,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,mBAAmB,EAAE;IACvD,4BAA4B;IAC5B,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACnD,EAAE,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACrD,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACnD,iBAAiB;IACjB,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,eAAe,EAAE;IAC/C,6CAA6C;IAC7C,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,qBAAqB,EAAE;IACvD,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,qBAAqB,EAAE;IACtD,iCAAiC;IACjC,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,wBAAwB,EAAE;CACrD,CAAA;AAED;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,YAAY;IACZ,YAAY;IACZ,WAAW;IACX,UAAU;IACV,iBAAiB;IACjB,iBAAiB;CAClB,CAAA;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,QAAgB;IACvC,2BAA2B;IAC3B,IAAI,2BAA2B,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,+BAA+B;QAC/B,IAAI,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7C,OAAO,OAAO,CAAA;QAChB,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,2BAA2B,CAAC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrE,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,+BAA+B;IAC/B,IAAI,2BAA2B,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxE,OAAO,WAAW,CAAA;IACpB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,yBAAyB,CAAC,QAAgB;IACxD,MAAM,OAAO,GAAa,EAAE,CAAA;IAC5B,MAAM,SAAS,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;IAC3C,IAAI,YAAY,GAAG,KAAK,CAAA;IAExB,0BAA0B;IAC1B,KAAK,MAAM,MAAM,IAAI,2BAA2B,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,MAAM,IAAI,2BAA2B,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QACpE,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACzB,YAAY,GAAG,IAAI,CAAA;QACrB,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,KAAK,IAAI,2BAA2B,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;QACvE,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC1B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,2BAA2B,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACnE,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YACxB,YAAY,GAAG,IAAI,CAAA;QACrB,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,KAAK,MAAM,KAAK,IAAI,2BAA2B,CAAC,SAAS,CAAC,eAAe,EAAE,CAAC;QAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC1B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,2BAA2B,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;QACtE,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YACxB,YAAY,GAAG,IAAI,CAAA;QACrB,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,KAAK,MAAM,OAAO,IAAI,0BAA0B,EAAE,CAAC;QACjD,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QAC5B,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;IAC5E,CAAC;IAED,OAAO;QACL,sBAAsB,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC;QAC1C,gBAAgB,EAAE,OAAO;QACzB,SAAS;QACT,YAAY;KACb,CAAA;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,2BAA2B,CAAC,QAAgB;IAC1D,MAAM,OAAO,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAA;IACnD,OAAO,OAAO,CAAC,sBAAsB,CAAA;AACvC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,QAAgB;IAC3C,MAAM,OAAO,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAA;IACnD,OAAO,OAAO,CAAC,YAAY,CAAA;AAC7B,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,4BAA4B,CAAC,QAAgB;IAC3D,MAAM,8BAA8B,GAAG;QACrC,wBAAwB;QACxB,4BAA4B;QAC5B,uBAAuB;QACvB,0BAA0B;QAC1B,2BAA2B;QAC3B,4BAA4B;QAC5B,0BAA0B;QAC1B,gCAAgC;QAChC,6CAA6C;QAC7C,0BAA0B;QAC1B,sBAAsB;QACtB,wBAAwB;KACzB,CAAA;IAED,OAAO,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;AAC/E,CAAC"}

package/dist/utils/schema-semantics.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * Schema Semantics Utility
+ * Understands validation schema logic, particularly Zod/Yup/Joi patterns
+ *
+ * This addresses false positives where OR validation (either A or B required)
+ * is flagged as "bypass" when individual fields are marked optional.
+ *
+ * Key insight: `.optional()` + `.refine()` = OR validation, not bypass
+ */
+export interface SchemaAnalysis {
+    /** Whether the schema has cross-field refinement/validation */
+    hasRefinement: boolean;
+    /** Type of refinement detected */
+    refinementType?: 'or_logic' | 'super_refine' | 'custom_validation' | 'none';
+    /** Number of optional fields in the schema */
+    optionalFieldCount: number;
+    /** Whether this looks like legitimate OR validation */
+    isOrValidation: boolean;
+}
+/**
+ * Analyze a validation schema for OR-logic refinement patterns
+ *
+ * @param content - The full file content
+ * @param lineNumber - The 0-indexed line number where the pattern was found
+ * @returns SchemaAnalysis with refinement information
+ */
+export declare function analyzeSchemaSemantics(content: string, lineNumber: number): SchemaAnalysis;
+/**
+ * Check if a line with .optional() is part of legitimate OR validation
+ *
+ * @param content - The full file content
+ * @param lineNumber - The 0-indexed line number where .optional() was found
+ * @returns true if this is part of OR validation (not a bypass)
+ */
+export declare function isLegitimateOrValidation(content: string, lineNumber: number): boolean;
+/**
+ * Check if a 2FA-related field with .optional() has proper OR validation
+ * Specifically for 2FA patterns where either totpCode OR backupCode is required
+ *
+ * @param content - The full file content
+ * @param lineNumber - The 0-indexed line number
+ * @returns true if this is legitimate 2FA OR validation
+ */
+export declare function is2FAOrValidation(content: string, lineNumber: number): boolean;
+//# sourceMappingURL=schema-semantics.d.ts.map

package/dist/utils/schema-semantics.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"schema-semantics.d.ts","sourceRoot":"","sources":["../../src/utils/schema-semantics.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,aAAa,EAAE,OAAO,CAAA;IACtB,kCAAkC;IAClC,cAAc,CAAC,EAAE,UAAU,GAAG,cAAc,GAAG,mBAAmB,GAAG,MAAM,CAAA;IAC3E,8CAA8C;IAC9C,kBAAkB,EAAE,MAAM,CAAA;IAC1B,uDAAuD;IACvD,cAAc,EAAE,OAAO,CAAA;CACxB;AAuGD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,cAAc,CAuChB;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAGT;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAiCT"}