npm - @oculum/scanner - Versions diffs - 1.0.11 → 1.0.13 - Mend

@oculum/scanner 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1178) hide show

package/dist/ai-context/index.d.ts +6 -0
package/dist/ai-context/index.d.ts.map +1 -0
package/dist/ai-context/index.js +13 -0
package/dist/ai-context/index.js.map +1 -0
package/dist/ai-context/manager.d.ts +67 -0
package/dist/ai-context/manager.d.ts.map +1 -0
package/dist/ai-context/manager.js +104 -0
package/dist/ai-context/manager.js.map +1 -0
package/dist/category-filter.d.ts +125 -0
package/dist/category-filter.d.ts.map +1 -0
package/dist/category-filter.js +360 -0
package/dist/category-filter.js.map +1 -0
package/dist/detect/ai-code/agent-tools.d.ts +22 -0
package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
package/dist/detect/ai-code/agent-tools.js +1509 -0
package/dist/detect/ai-code/agent-tools.js.map +1 -0
package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
package/dist/detect/ai-code/byok-patterns.js +313 -0
package/dist/detect/ai-code/byok-patterns.js.map +1 -0
package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
package/dist/detect/ai-code/endpoint-protection.js +349 -0
package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
package/dist/detect/ai-code/execution-sinks.js +1158 -0
package/dist/detect/ai-code/execution-sinks.js.map +1 -0
package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
package/dist/detect/ai-code/fingerprinting.js +665 -0
package/dist/detect/ai-code/fingerprinting.js.map +1 -0
package/dist/detect/ai-code/index.d.ts +12 -0
package/dist/detect/ai-code/index.d.ts.map +1 -0
package/dist/detect/ai-code/index.js +26 -0
package/dist/detect/ai-code/index.js.map +1 -0
package/dist/detect/ai-code/mcp-security.d.ts +20 -0
package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
package/dist/detect/ai-code/mcp-security.js +880 -0
package/dist/detect/ai-code/mcp-security.js.map +1 -0
package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
package/dist/detect/ai-code/model-supply-chain.js +447 -0
package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
package/dist/detect/ai-code/package-hallucination.js +841 -0
package/dist/detect/ai-code/package-hallucination.js.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
package/dist/detect/ai-code/rag-safety.d.ts +24 -0
package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
package/dist/detect/ai-code/rag-safety.js +913 -0
package/dist/detect/ai-code/rag-safety.js.map +1 -0
package/dist/detect/ai-code/schema-validation.d.ts +28 -0
package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
package/dist/detect/ai-code/schema-validation.js +378 -0
package/dist/detect/ai-code/schema-validation.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts +27 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
package/dist/detect/config/agent-skill-injection.js +472 -0
package/dist/detect/config/agent-skill-injection.js.map +1 -0
package/dist/detect/config/comments.d.ts +11 -0
package/dist/detect/config/comments.d.ts.map +1 -0
package/dist/detect/config/comments.js +206 -0
package/dist/detect/config/comments.js.map +1 -0
package/dist/detect/config/file-flags.d.ts +10 -0
package/dist/detect/config/file-flags.d.ts.map +1 -0
package/dist/detect/config/file-flags.js +124 -0
package/dist/detect/config/file-flags.js.map +1 -0
package/dist/detect/config/index.d.ts +7 -0
package/dist/detect/config/index.d.ts.map +1 -0
package/dist/detect/config/index.js +17 -0
package/dist/detect/config/index.js.map +1 -0
package/dist/detect/config/osv-check.d.ts +75 -0
package/dist/detect/config/osv-check.d.ts.map +1 -0
package/dist/detect/config/osv-check.js +309 -0
package/dist/detect/config/osv-check.js.map +1 -0
package/dist/detect/config/package-check.d.ts +63 -0
package/dist/detect/config/package-check.d.ts.map +1 -0
package/dist/detect/config/package-check.js +509 -0
package/dist/detect/config/package-check.js.map +1 -0
package/dist/detect/config/urls.d.ts +11 -0
package/dist/detect/config/urls.d.ts.map +1 -0
package/dist/detect/config/urls.js +450 -0
package/dist/detect/config/urls.js.map +1 -0
package/dist/detect/index.d.ts +37 -0
package/dist/detect/index.d.ts.map +1 -0
package/dist/detect/index.js +77 -0
package/dist/detect/index.js.map +1 -0
package/dist/detect/secrets/config-audit.d.ts +11 -0
package/dist/detect/secrets/config-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-audit.js +315 -0
package/dist/detect/secrets/config-audit.js.map +1 -0
package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-mcp-audit.js +243 -0
package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
package/dist/detect/secrets/entropy.d.ts +11 -0
package/dist/detect/secrets/entropy.d.ts.map +1 -0
package/dist/detect/secrets/entropy.js +751 -0
package/dist/detect/secrets/entropy.js.map +1 -0
package/dist/detect/secrets/index.d.ts +36 -0
package/dist/detect/secrets/index.d.ts.map +1 -0
package/dist/detect/secrets/index.js +174 -0
package/dist/detect/secrets/index.js.map +1 -0
package/dist/detect/secrets/patterns.d.ts +11 -0
package/dist/detect/secrets/patterns.d.ts.map +1 -0
package/dist/detect/secrets/patterns.js +518 -0
package/dist/detect/secrets/patterns.js.map +1 -0
package/dist/detect/secrets/weak-crypto.d.ts +10 -0
package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
package/dist/detect/secrets/weak-crypto.js +432 -0
package/dist/detect/secrets/weak-crypto.js.map +1 -0
package/dist/detect/structural/auth-patterns.d.ts +22 -0
package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
package/dist/detect/structural/auth-patterns.js +533 -0
package/dist/detect/structural/auth-patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/index.js +1193 -0
package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/detect/structural/data-exposure.d.ts +19 -0
package/dist/detect/structural/data-exposure.d.ts.map +1 -0
package/dist/detect/structural/data-exposure.js +262 -0
package/dist/detect/structural/data-exposure.js.map +1 -0
package/dist/detect/structural/framework-checks.d.ts +10 -0
package/dist/detect/structural/framework-checks.d.ts.map +1 -0
package/dist/detect/structural/framework-checks.js +389 -0
package/dist/detect/structural/framework-checks.js.map +1 -0
package/dist/detect/structural/index.d.ts +71 -0
package/dist/detect/structural/index.d.ts.map +1 -0
package/dist/detect/structural/index.js +510 -0
package/dist/detect/structural/index.js.map +1 -0
package/dist/detect/structural/log-injection.d.ts +18 -0
package/dist/detect/structural/log-injection.d.ts.map +1 -0
package/dist/detect/structural/log-injection.js +217 -0
package/dist/detect/structural/log-injection.js.map +1 -0
package/dist/detect/structural/logic-gates.d.ts +10 -0
package/dist/detect/structural/logic-gates.d.ts.map +1 -0
package/dist/detect/structural/logic-gates.js +227 -0
package/dist/detect/structural/logic-gates.js.map +1 -0
package/dist/detect/structural/risky-imports.d.ts +10 -0
package/dist/detect/structural/risky-imports.d.ts.map +1 -0
package/dist/detect/structural/risky-imports.js +168 -0
package/dist/detect/structural/risky-imports.js.map +1 -0
package/dist/detect/structural/security-headers.d.ts +18 -0
package/dist/detect/structural/security-headers.d.ts.map +1 -0
package/dist/detect/structural/security-headers.js +196 -0
package/dist/detect/structural/security-headers.js.map +1 -0
package/dist/detect/structural/ssrf-detection.d.ts +18 -0
package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
package/dist/detect/structural/ssrf-detection.js +263 -0
package/dist/detect/structural/ssrf-detection.js.map +1 -0
package/dist/detect/structural/variables.d.ts +11 -0
package/dist/detect/structural/variables.d.ts.map +1 -0
package/dist/detect/structural/variables.js +159 -0
package/dist/detect/structural/variables.js.map +1 -0
package/dist/detect/structural/xxe-detection.d.ts +18 -0
package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
package/dist/detect/structural/xxe-detection.js +245 -0
package/dist/detect/structural/xxe-detection.js.map +1 -0
package/dist/filtering/context-adjustments.d.ts +23 -0
package/dist/filtering/context-adjustments.d.ts.map +1 -0
package/dist/filtering/context-adjustments.js +100 -0
package/dist/filtering/context-adjustments.js.map +1 -0
package/dist/filtering/index.d.ts +3 -0
package/dist/filtering/index.d.ts.map +1 -0
package/dist/filtering/index.js +8 -0
package/dist/filtering/index.js.map +1 -0
package/dist/filtering/pipeline.d.ts +48 -0
package/dist/filtering/pipeline.d.ts.map +1 -0
package/dist/filtering/pipeline.js +76 -0
package/dist/filtering/pipeline.js.map +1 -0
package/dist/formatters/ai-context.d.ts +23 -0
package/dist/formatters/ai-context.d.ts.map +1 -0
package/dist/formatters/ai-context.js +238 -0
package/dist/formatters/ai-context.js.map +1 -0
package/dist/formatters/github-comment.d.ts +1 -1
package/dist/formatters/github-comment.d.ts.map +1 -1
package/dist/formatters/github-comment.js +2 -2
package/dist/formatters/github-comment.js.map +1 -1
package/dist/formatters/ide/claude-code.d.ts +17 -0
package/dist/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/formatters/ide/claude-code.js +94 -0
package/dist/formatters/ide/claude-code.js.map +1 -0
package/dist/formatters/ide/cursor.d.ts +13 -0
package/dist/formatters/ide/cursor.d.ts.map +1 -0
package/dist/formatters/ide/cursor.js +125 -0
package/dist/formatters/ide/cursor.js.map +1 -0
package/dist/formatters/ide/index.d.ts +62 -0
package/dist/formatters/ide/index.d.ts.map +1 -0
package/dist/formatters/ide/index.js +184 -0
package/dist/formatters/ide/index.js.map +1 -0
package/dist/formatters/ide/windsurf.d.ts +13 -0
package/dist/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/formatters/ide/windsurf.js +117 -0
package/dist/formatters/ide/windsurf.js.map +1 -0
package/dist/formatters/index.d.ts +2 -0
package/dist/formatters/index.d.ts.map +1 -1
package/dist/formatters/index.js +17 -1
package/dist/formatters/index.js.map +1 -1
package/dist/index.d.ts +17 -60
package/dist/index.d.ts.map +1 -1
package/dist/index.js +67 -824
package/dist/index.js.map +1 -1
package/dist/layer1/comments.d.ts +4 -1
package/dist/layer1/comments.d.ts.map +1 -1
package/dist/layer1/comments.js +1 -1
package/dist/layer1/comments.js.map +1 -1
package/dist/layer1/config-audit.d.ts +4 -1
package/dist/layer1/config-audit.d.ts.map +1 -1
package/dist/layer1/config-audit.js +45 -11
package/dist/layer1/config-audit.js.map +1 -1
package/dist/layer1/config-mcp-audit.d.ts +4 -1
package/dist/layer1/config-mcp-audit.d.ts.map +1 -1
package/dist/layer1/config-mcp-audit.js +2 -2
package/dist/layer1/config-mcp-audit.js.map +1 -1
package/dist/layer1/entropy.d.ts +4 -1
package/dist/layer1/entropy.d.ts.map +1 -1
package/dist/layer1/entropy.js +212 -1
package/dist/layer1/entropy.js.map +1 -1
package/dist/layer1/file-flags.d.ts +4 -1
package/dist/layer1/file-flags.d.ts.map +1 -1
package/dist/layer1/file-flags.js +12 -5
package/dist/layer1/file-flags.js.map +1 -1
package/dist/layer1/index.d.ts.map +1 -1
package/dist/layer1/index.js +14 -19
package/dist/layer1/index.js.map +1 -1
package/dist/layer1/patterns.d.ts +4 -1
package/dist/layer1/patterns.d.ts.map +1 -1
package/dist/layer1/patterns.js +34 -4
package/dist/layer1/patterns.js.map +1 -1
package/dist/layer1/urls.d.ts +4 -1
package/dist/layer1/urls.d.ts.map +1 -1
package/dist/layer1/urls.js +162 -14
package/dist/layer1/urls.js.map +1 -1
package/dist/layer1/weak-crypto.d.ts +4 -1
package/dist/layer1/weak-crypto.d.ts.map +1 -1
package/dist/layer1/weak-crypto.js +144 -7
package/dist/layer1/weak-crypto.js.map +1 -1
package/dist/layer2/ai-agent-tools.d.ts +4 -1
package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
package/dist/layer2/ai-agent-tools.js +661 -2
package/dist/layer2/ai-agent-tools.js.map +1 -1
package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
package/dist/layer2/ai-endpoint-protection.js +1 -1
package/dist/layer2/ai-endpoint-protection.js.map +1 -1
package/dist/layer2/ai-execution-sinks.d.ts +4 -1
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
package/dist/layer2/ai-execution-sinks.js +252 -43
package/dist/layer2/ai-execution-sinks.js.map +1 -1
package/dist/layer2/ai-fingerprinting.d.ts +4 -1
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
package/dist/layer2/ai-fingerprinting.js +25 -32
package/dist/layer2/ai-fingerprinting.js.map +1 -1
package/dist/layer2/ai-mcp-security.d.ts +4 -1
package/dist/layer2/ai-mcp-security.d.ts.map +1 -1
package/dist/layer2/ai-mcp-security.js +200 -2
package/dist/layer2/ai-mcp-security.js.map +1 -1
package/dist/layer2/ai-package-hallucination.d.ts +4 -1
package/dist/layer2/ai-package-hallucination.d.ts.map +1 -1
package/dist/layer2/ai-package-hallucination.js +136 -4
package/dist/layer2/ai-package-hallucination.js.map +1 -1
package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
package/dist/layer2/ai-prompt-hygiene.js +342 -28
package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
package/dist/layer2/ai-rag-safety.d.ts +4 -1
package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
package/dist/layer2/ai-rag-safety.js +82 -2
package/dist/layer2/ai-rag-safety.js.map +1 -1
package/dist/layer2/ai-schema-validation.d.ts +4 -1
package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
package/dist/layer2/ai-schema-validation.js +2 -2
package/dist/layer2/ai-schema-validation.js.map +1 -1
package/dist/layer2/auth-antipatterns.d.ts +2 -0
package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
package/dist/layer2/auth-antipatterns.js +205 -20
package/dist/layer2/auth-antipatterns.js.map +1 -1
package/dist/layer2/byok-patterns.d.ts +4 -1
package/dist/layer2/byok-patterns.d.ts.map +1 -1
package/dist/layer2/byok-patterns.js +2 -2
package/dist/layer2/byok-patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/dom-xss.d.ts +9 -4
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/dom-xss.js +73 -22
package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -1
package/dist/layer2/dangerous-functions/index.d.ts +4 -1
package/dist/layer2/dangerous-functions/index.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/index.js +551 -20
package/dist/layer2/dangerous-functions/index.js.map +1 -1
package/dist/layer2/dangerous-functions/math-random.d.ts +54 -4
package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/math-random.js +241 -16
package/dist/layer2/dangerous-functions/math-random.js.map +1 -1
package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/patterns.js +3 -1
package/dist/layer2/dangerous-functions/patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +3 -2
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/control-flow.js +41 -120
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/helpers.js +26 -3
package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js +14 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -1
package/dist/layer2/data-exposure.d.ts +4 -1
package/dist/layer2/data-exposure.d.ts.map +1 -1
package/dist/layer2/data-exposure.js +11 -38
package/dist/layer2/data-exposure.js.map +1 -1
package/dist/layer2/framework-checks.d.ts +4 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +3 -10
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +13 -1
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +107 -52
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/log-injection.d.ts +18 -0
package/dist/layer2/log-injection.d.ts.map +1 -0
package/dist/layer2/log-injection.js +214 -0
package/dist/layer2/log-injection.js.map +1 -0
package/dist/layer2/logic-gates.d.ts +4 -1
package/dist/layer2/logic-gates.d.ts.map +1 -1
package/dist/layer2/logic-gates.js +54 -20
package/dist/layer2/logic-gates.js.map +1 -1
package/dist/layer2/model-supply-chain.d.ts +4 -1
package/dist/layer2/model-supply-chain.d.ts.map +1 -1
package/dist/layer2/model-supply-chain.js +72 -4
package/dist/layer2/model-supply-chain.js.map +1 -1
package/dist/layer2/risky-imports.d.ts +4 -1
package/dist/layer2/risky-imports.d.ts.map +1 -1
package/dist/layer2/risky-imports.js +2 -2
package/dist/layer2/risky-imports.js.map +1 -1
package/dist/layer2/security-headers.d.ts +18 -0
package/dist/layer2/security-headers.d.ts.map +1 -0
package/dist/layer2/security-headers.js +187 -0
package/dist/layer2/security-headers.js.map +1 -0
package/dist/layer2/ssrf-detection.d.ts +18 -0
package/dist/layer2/ssrf-detection.d.ts.map +1 -0
package/dist/layer2/ssrf-detection.js +252 -0
package/dist/layer2/ssrf-detection.js.map +1 -0
package/dist/layer2/variables.d.ts +4 -1
package/dist/layer2/variables.d.ts.map +1 -1
package/dist/layer2/variables.js +2 -2
package/dist/layer2/variables.js.map +1 -1
package/dist/layer2/xxe-detection.d.ts +18 -0
package/dist/layer2/xxe-detection.d.ts.map +1 -0
package/dist/layer2/xxe-detection.js +242 -0
package/dist/layer2/xxe-detection.js.map +1 -0
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -1
package/dist/layer3/anthropic/auto-dismiss.js +11 -0
package/dist/layer3/anthropic/auto-dismiss.js.map +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/index.js +3 -1
package/dist/layer3/anthropic/prompts/index.js.map +1 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/validation.js +14 -410
package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.js +6 -3
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/openai.js +6 -3
package/dist/layer3/anthropic/providers/openai.js.map +1 -1
package/dist/layer3/anthropic/request-builder.d.ts +11 -4
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
package/dist/layer3/anthropic/request-builder.js +32 -16
package/dist/layer3/anthropic/request-builder.js.map +1 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +2 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
package/dist/layer3/anthropic/utils/index.js +4 -1
package/dist/layer3/anthropic/utils/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts +56 -0
package/dist/model/auth-helper-detector.d.ts.map +1 -0
package/dist/model/auth-helper-detector.js +360 -0
package/dist/model/auth-helper-detector.js.map +1 -0
package/dist/model/cross-file-taint.d.ts +40 -0
package/dist/model/cross-file-taint.d.ts.map +1 -0
package/dist/model/cross-file-taint.js +290 -0
package/dist/model/cross-file-taint.js.map +1 -0
package/dist/model/framework-models/django.d.ts +9 -0
package/dist/model/framework-models/django.d.ts.map +1 -0
package/dist/model/framework-models/django.js +82 -0
package/dist/model/framework-models/django.js.map +1 -0
package/dist/model/framework-models/express.d.ts +9 -0
package/dist/model/framework-models/express.d.ts.map +1 -0
package/dist/model/framework-models/express.js +52 -0
package/dist/model/framework-models/express.js.map +1 -0
package/dist/model/framework-models/index.d.ts +20 -0
package/dist/model/framework-models/index.d.ts.map +1 -0
package/dist/model/framework-models/index.js +102 -0
package/dist/model/framework-models/index.js.map +1 -0
package/dist/model/framework-models/nextjs.d.ts +9 -0
package/dist/model/framework-models/nextjs.d.ts.map +1 -0
package/dist/model/framework-models/nextjs.js +71 -0
package/dist/model/framework-models/nextjs.js.map +1 -0
package/dist/model/framework-models/prisma.d.ts +10 -0
package/dist/model/framework-models/prisma.d.ts.map +1 -0
package/dist/model/framework-models/prisma.js +54 -0
package/dist/model/framework-models/prisma.js.map +1 -0
package/dist/model/framework-models/react.d.ts +9 -0
package/dist/model/framework-models/react.d.ts.map +1 -0
package/dist/model/framework-models/react.js +67 -0
package/dist/model/framework-models/react.js.map +1 -0
package/dist/model/framework-models/sequelize.d.ts +9 -0
package/dist/model/framework-models/sequelize.d.ts.map +1 -0
package/dist/model/framework-models/sequelize.js +62 -0
package/dist/model/framework-models/sequelize.js.map +1 -0
package/dist/model/framework-models/types.d.ts +43 -0
package/dist/model/framework-models/types.d.ts.map +1 -0
package/dist/model/framework-models/types.js +10 -0
package/dist/model/framework-models/types.js.map +1 -0
package/dist/model/function-classifier.d.ts +32 -0
package/dist/model/function-classifier.d.ts.map +1 -0
package/dist/model/function-classifier.js +143 -0
package/dist/model/function-classifier.js.map +1 -0
package/dist/model/import-resolver.d.ts +45 -0
package/dist/model/import-resolver.d.ts.map +1 -0
package/dist/model/import-resolver.js +410 -0
package/dist/model/import-resolver.js.map +1 -0
package/dist/model/imported-auth-detector.d.ts +38 -0
package/dist/model/imported-auth-detector.d.ts.map +1 -0
package/dist/model/imported-auth-detector.js +199 -0
package/dist/model/imported-auth-detector.js.map +1 -0
package/dist/model/index.d.ts +63 -0
package/dist/model/index.d.ts.map +1 -0
package/dist/model/index.js +272 -0
package/dist/model/index.js.map +1 -0
package/dist/model/middleware-detector.d.ts +55 -0
package/dist/model/middleware-detector.d.ts.map +1 -0
package/dist/model/middleware-detector.js +382 -0
package/dist/model/middleware-detector.js.map +1 -0
package/dist/model/module-graph.d.ts +46 -0
package/dist/model/module-graph.d.ts.map +1 -0
package/dist/model/module-graph.js +187 -0
package/dist/model/module-graph.js.map +1 -0
package/dist/model/oauth-flow-detector.d.ts +41 -0
package/dist/model/oauth-flow-detector.d.ts.map +1 -0
package/dist/model/oauth-flow-detector.js +202 -0
package/dist/model/oauth-flow-detector.js.map +1 -0
package/dist/model/project-context.d.ts +119 -0
package/dist/model/project-context.d.ts.map +1 -0
package/dist/model/project-context.js +534 -0
package/dist/model/project-context.js.map +1 -0
package/dist/model/route-auth-resolver.d.ts +27 -0
package/dist/model/route-auth-resolver.d.ts.map +1 -0
package/dist/model/route-auth-resolver.js +182 -0
package/dist/model/route-auth-resolver.js.map +1 -0
package/dist/model/route-discovery/express.d.ts +25 -0
package/dist/model/route-discovery/express.d.ts.map +1 -0
package/dist/model/route-discovery/express.js +225 -0
package/dist/model/route-discovery/express.js.map +1 -0
package/dist/model/route-discovery/index.d.ts +21 -0
package/dist/model/route-discovery/index.d.ts.map +1 -0
package/dist/model/route-discovery/index.js +67 -0
package/dist/model/route-discovery/index.js.map +1 -0
package/dist/model/route-discovery/nextjs.d.ts +16 -0
package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
package/dist/model/route-discovery/nextjs.js +179 -0
package/dist/model/route-discovery/nextjs.js.map +1 -0
package/dist/model/route-discovery/python.d.ts +16 -0
package/dist/model/route-discovery/python.d.ts.map +1 -0
package/dist/model/route-discovery/python.js +181 -0
package/dist/model/route-discovery/python.js.map +1 -0
package/dist/model/route-discovery/types.d.ts +36 -0
package/dist/model/route-discovery/types.d.ts.map +1 -0
package/dist/model/route-discovery/types.js +16 -0
package/dist/model/route-discovery/types.js.map +1 -0
package/dist/model/route-discovery/utils.d.ts +18 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -0
package/dist/model/route-discovery/utils.js +55 -0
package/dist/model/route-discovery/utils.js.map +1 -0
package/dist/model/route-hierarchy.d.ts +50 -0
package/dist/model/route-hierarchy.d.ts.map +1 -0
package/dist/model/route-hierarchy.js +226 -0
package/dist/model/route-hierarchy.js.map +1 -0
package/dist/model/sanitiser-detection.d.ts +27 -0
package/dist/model/sanitiser-detection.d.ts.map +1 -0
package/dist/model/sanitiser-detection.js +224 -0
package/dist/model/sanitiser-detection.js.map +1 -0
package/dist/model/sink-matcher.d.ts +17 -0
package/dist/model/sink-matcher.d.ts.map +1 -0
package/dist/model/sink-matcher.js +141 -0
package/dist/model/sink-matcher.js.map +1 -0
package/dist/model/sink-patterns.d.ts +19 -0
package/dist/model/sink-patterns.d.ts.map +1 -0
package/dist/model/sink-patterns.js +88 -0
package/dist/model/sink-patterns.js.map +1 -0
package/dist/model/source-discovery.d.ts +15 -0
package/dist/model/source-discovery.d.ts.map +1 -0
package/dist/model/source-discovery.js +170 -0
package/dist/model/source-discovery.js.map +1 -0
package/dist/model/taint-tracker.d.ts +21 -0
package/dist/model/taint-tracker.d.ts.map +1 -0
package/dist/model/taint-tracker.js +281 -0
package/dist/model/taint-tracker.js.map +1 -0
package/dist/model/taint-types.d.ts +74 -0
package/dist/model/taint-types.d.ts.map +1 -0
package/dist/model/taint-types.js +9 -0
package/dist/model/taint-types.js.map +1 -0
package/dist/model/trpc-analyzer.d.ts +78 -0
package/dist/model/trpc-analyzer.d.ts.map +1 -0
package/dist/model/trpc-analyzer.js +297 -0
package/dist/model/trpc-analyzer.js.map +1 -0
package/dist/modes/incremental.js +1 -1
package/dist/parse/file-classifier.d.ts +228 -0
package/dist/parse/file-classifier.d.ts.map +1 -0
package/dist/parse/file-classifier.js +933 -0
package/dist/parse/file-classifier.js.map +1 -0
package/dist/parse/path-exclusions.d.ts +55 -0
package/dist/parse/path-exclusions.d.ts.map +1 -0
package/dist/parse/path-exclusions.js +224 -0
package/dist/parse/path-exclusions.js.map +1 -0
package/dist/pipeline/config.d.ts +39 -0
package/dist/pipeline/config.d.ts.map +1 -0
package/dist/pipeline/config.js +46 -0
package/dist/pipeline/config.js.map +1 -0
package/dist/pipeline/index.d.ts +34 -0
package/dist/pipeline/index.d.ts.map +1 -0
package/dist/pipeline/index.js +377 -0
package/dist/pipeline/index.js.map +1 -0
package/dist/pipeline/modes/incremental.d.ts +66 -0
package/dist/pipeline/modes/incremental.d.ts.map +1 -0
package/dist/pipeline/modes/incremental.js +200 -0
package/dist/pipeline/modes/incremental.js.map +1 -0
package/dist/postprocess/aggregation.d.ts +14 -0
package/dist/postprocess/aggregation.d.ts.map +1 -0
package/dist/postprocess/aggregation.js +63 -0
package/dist/postprocess/aggregation.js.map +1 -0
package/dist/postprocess/contradictions.d.ts +18 -0
package/dist/postprocess/contradictions.d.ts.map +1 -0
package/dist/postprocess/contradictions.js +99 -0
package/dist/postprocess/contradictions.js.map +1 -0
package/dist/postprocess/dedup.d.ts +13 -0
package/dist/postprocess/dedup.d.ts.map +1 -0
package/dist/postprocess/dedup.js +58 -0
package/dist/postprocess/dedup.js.map +1 -0
package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
package/dist/postprocess/filtering/context-adjustments.js +100 -0
package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
package/dist/postprocess/filtering/index.d.ts +3 -0
package/dist/postprocess/filtering/index.d.ts.map +1 -0
package/dist/postprocess/filtering/index.js +8 -0
package/dist/postprocess/filtering/index.js.map +1 -0
package/dist/postprocess/filtering/pipeline.d.ts +48 -0
package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
package/dist/postprocess/filtering/pipeline.js +76 -0
package/dist/postprocess/filtering/pipeline.js.map +1 -0
package/dist/postprocess/index.d.ts +41 -0
package/dist/postprocess/index.d.ts.map +1 -0
package/dist/postprocess/index.js +85 -0
package/dist/postprocess/index.js.map +1 -0
package/dist/postprocess/suppression/config-loader.d.ts +74 -0
package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
package/dist/postprocess/suppression/config-loader.js +424 -0
package/dist/postprocess/suppression/config-loader.js.map +1 -0
package/dist/postprocess/suppression/hash.d.ts +48 -0
package/dist/postprocess/suppression/hash.d.ts.map +1 -0
package/dist/postprocess/suppression/hash.js +88 -0
package/dist/postprocess/suppression/hash.js.map +1 -0
package/dist/postprocess/suppression/index.d.ts +11 -0
package/dist/postprocess/suppression/index.d.ts.map +1 -0
package/dist/postprocess/suppression/index.js +39 -0
package/dist/postprocess/suppression/index.js.map +1 -0
package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
package/dist/postprocess/suppression/inline-parser.js +218 -0
package/dist/postprocess/suppression/inline-parser.js.map +1 -0
package/dist/postprocess/suppression/manager.d.ts +94 -0
package/dist/postprocess/suppression/manager.d.ts.map +1 -0
package/dist/postprocess/suppression/manager.js +292 -0
package/dist/postprocess/suppression/manager.js.map +1 -0
package/dist/postprocess/suppression/types.d.ts +151 -0
package/dist/postprocess/suppression/types.d.ts.map +1 -0
package/dist/postprocess/suppression/types.js +28 -0
package/dist/postprocess/suppression/types.js.map +1 -0
package/dist/postprocess/validation-cap.d.ts +17 -0
package/dist/postprocess/validation-cap.d.ts.map +1 -0
package/dist/postprocess/validation-cap.js +64 -0
package/dist/postprocess/validation-cap.js.map +1 -0
package/dist/report/build-result.d.ts +33 -0
package/dist/report/build-result.d.ts.map +1 -0
package/dist/report/build-result.js +59 -0
package/dist/report/build-result.js.map +1 -0
package/dist/report/enrichment.d.ts +19 -0
package/dist/report/enrichment.d.ts.map +1 -0
package/dist/report/enrichment.js +44 -0
package/dist/report/enrichment.js.map +1 -0
package/dist/report/formatters/ai-context.d.ts +23 -0
package/dist/report/formatters/ai-context.d.ts.map +1 -0
package/dist/report/formatters/ai-context.js +238 -0
package/dist/report/formatters/ai-context.js.map +1 -0
package/dist/report/formatters/cli-terminal.d.ts +65 -0
package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
package/dist/report/formatters/cli-terminal.js +735 -0
package/dist/report/formatters/cli-terminal.js.map +1 -0
package/dist/report/formatters/github-comment.d.ts +41 -0
package/dist/report/formatters/github-comment.d.ts.map +1 -0
package/dist/report/formatters/github-comment.js +370 -0
package/dist/report/formatters/github-comment.js.map +1 -0
package/dist/report/formatters/grouping.d.ts +52 -0
package/dist/report/formatters/grouping.d.ts.map +1 -0
package/dist/report/formatters/grouping.js +152 -0
package/dist/report/formatters/grouping.js.map +1 -0
package/dist/report/formatters/ide/claude-code.d.ts +17 -0
package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/report/formatters/ide/claude-code.js +94 -0
package/dist/report/formatters/ide/claude-code.js.map +1 -0
package/dist/report/formatters/ide/cursor.d.ts +13 -0
package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
package/dist/report/formatters/ide/cursor.js +125 -0
package/dist/report/formatters/ide/cursor.js.map +1 -0
package/dist/report/formatters/ide/index.d.ts +62 -0
package/dist/report/formatters/ide/index.d.ts.map +1 -0
package/dist/report/formatters/ide/index.js +184 -0
package/dist/report/formatters/ide/index.js.map +1 -0
package/dist/report/formatters/ide/windsurf.d.ts +13 -0
package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/report/formatters/ide/windsurf.js +117 -0
package/dist/report/formatters/ide/windsurf.js.map +1 -0
package/dist/report/formatters/index.d.ts +11 -0
package/dist/report/formatters/index.d.ts.map +1 -0
package/dist/report/formatters/index.js +54 -0
package/dist/report/formatters/index.js.map +1 -0
package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/report/formatters/vscode-diagnostic.js +151 -0
package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
package/dist/report/summary.d.ts +27 -0
package/dist/report/summary.d.ts.map +1 -0
package/dist/report/summary.js +57 -0
package/dist/report/summary.js.map +1 -0
package/dist/rules/metadata.d.ts.map +1 -1
package/dist/rules/metadata.js +66 -0
package/dist/rules/metadata.js.map +1 -1
package/dist/score/adjustments.d.ts +22 -0
package/dist/score/adjustments.d.ts.map +1 -0
package/dist/score/adjustments.js +373 -0
package/dist/score/adjustments.js.map +1 -0
package/dist/score/auto-dismiss.d.ts +28 -0
package/dist/score/auto-dismiss.d.ts.map +1 -0
package/dist/score/auto-dismiss.js +200 -0
package/dist/score/auto-dismiss.js.map +1 -0
package/dist/score/confidence.d.ts +19 -0
package/dist/score/confidence.d.ts.map +1 -0
package/dist/score/confidence.js +52 -0
package/dist/score/confidence.js.map +1 -0
package/dist/score/index.d.ts +61 -0
package/dist/score/index.d.ts.map +1 -0
package/dist/score/index.js +250 -0
package/dist/score/index.js.map +1 -0
package/dist/score/types.d.ts +160 -0
package/dist/score/types.d.ts.map +1 -0
package/dist/score/types.js +14 -0
package/dist/score/types.js.map +1 -0
package/dist/shared/ai-context/index.d.ts +6 -0
package/dist/shared/ai-context/index.d.ts.map +1 -0
package/dist/shared/ai-context/index.js +13 -0
package/dist/shared/ai-context/index.js.map +1 -0
package/dist/shared/ai-context/manager.d.ts +67 -0
package/dist/shared/ai-context/manager.d.ts.map +1 -0
package/dist/shared/ai-context/manager.js +104 -0
package/dist/shared/ai-context/manager.js.map +1 -0
package/dist/shared/baseline/diff.d.ts +32 -0
package/dist/shared/baseline/diff.d.ts.map +1 -0
package/dist/shared/baseline/diff.js +119 -0
package/dist/shared/baseline/diff.js.map +1 -0
package/dist/shared/baseline/index.d.ts +9 -0
package/dist/shared/baseline/index.d.ts.map +1 -0
package/dist/shared/baseline/index.js +19 -0
package/dist/shared/baseline/index.js.map +1 -0
package/dist/shared/baseline/manager.d.ts +67 -0
package/dist/shared/baseline/manager.d.ts.map +1 -0
package/dist/shared/baseline/manager.js +180 -0
package/dist/shared/baseline/manager.js.map +1 -0
package/dist/shared/baseline/types.d.ts +91 -0
package/dist/shared/baseline/types.d.ts.map +1 -0
package/dist/shared/baseline/types.js +12 -0
package/dist/shared/baseline/types.js.map +1 -0
package/dist/shared/category-filter.d.ts +125 -0
package/dist/shared/category-filter.d.ts.map +1 -0
package/dist/shared/category-filter.js +360 -0
package/dist/shared/category-filter.js.map +1 -0
package/dist/shared/code-analysis.d.ts +39 -0
package/dist/shared/code-analysis.d.ts.map +1 -0
package/dist/shared/code-analysis.js +159 -0
package/dist/shared/code-analysis.js.map +1 -0
package/dist/shared/comment-analyzer.d.ts +38 -0
package/dist/shared/comment-analyzer.d.ts.map +1 -0
package/dist/shared/comment-analyzer.js +218 -0
package/dist/shared/comment-analyzer.js.map +1 -0
package/dist/shared/diff-detector.d.ts +53 -0
package/dist/shared/diff-detector.d.ts.map +1 -0
package/dist/shared/diff-detector.js +104 -0
package/dist/shared/diff-detector.js.map +1 -0
package/dist/shared/diff-parser.d.ts +80 -0
package/dist/shared/diff-parser.d.ts.map +1 -0
package/dist/shared/diff-parser.js +202 -0
package/dist/shared/diff-parser.js.map +1 -0
package/dist/shared/environment-context.d.ts +76 -0
package/dist/shared/environment-context.d.ts.map +1 -0
package/dist/shared/environment-context.js +271 -0
package/dist/shared/environment-context.js.map +1 -0
package/dist/shared/intent-detector.d.ts +66 -0
package/dist/shared/intent-detector.d.ts.map +1 -0
package/dist/shared/intent-detector.js +282 -0
package/dist/shared/intent-detector.js.map +1 -0
package/dist/shared/parsed-file.d.ts +51 -0
package/dist/shared/parsed-file.d.ts.map +1 -0
package/dist/shared/parsed-file.js +95 -0
package/dist/shared/parsed-file.js.map +1 -0
package/dist/shared/registry-clients.d.ts +93 -0
package/dist/shared/registry-clients.d.ts.map +1 -0
package/dist/shared/registry-clients.js +273 -0
package/dist/shared/registry-clients.js.map +1 -0
package/dist/shared/rules/framework-fixes.d.ts +48 -0
package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
package/dist/shared/rules/framework-fixes.js +439 -0
package/dist/shared/rules/framework-fixes.js.map +1 -0
package/dist/shared/rules/index.d.ts +8 -0
package/dist/shared/rules/index.d.ts.map +1 -0
package/dist/shared/rules/index.js +18 -0
package/dist/shared/rules/index.js.map +1 -0
package/dist/shared/rules/metadata.d.ts +43 -0
package/dist/shared/rules/metadata.d.ts.map +1 -0
package/dist/shared/rules/metadata.js +819 -0
package/dist/shared/rules/metadata.js.map +1 -0
package/dist/shared/schema-semantics.d.ts +45 -0
package/dist/shared/schema-semantics.d.ts.map +1 -0
package/dist/shared/schema-semantics.js +193 -0
package/dist/shared/schema-semantics.js.map +1 -0
package/dist/shared/types.d.ts +337 -0
package/dist/shared/types.d.ts.map +1 -0
package/dist/shared/types.js +126 -0
package/dist/shared/types.js.map +1 -0
package/dist/tiers.d.ts +4 -4
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +17 -7
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +79 -9
package/dist/types.d.ts.map +1 -1
package/dist/types.js +34 -0
package/dist/types.js.map +1 -1
package/dist/utils/code-analysis.d.ts +39 -0
package/dist/utils/code-analysis.d.ts.map +1 -0
package/dist/utils/code-analysis.js +159 -0
package/dist/utils/code-analysis.js.map +1 -0
package/dist/utils/comment-analyzer.d.ts +38 -0
package/dist/utils/comment-analyzer.d.ts.map +1 -0
package/dist/utils/comment-analyzer.js +218 -0
package/dist/utils/comment-analyzer.js.map +1 -0
package/dist/utils/context-helpers.d.ts +108 -1
package/dist/utils/context-helpers.d.ts.map +1 -1
package/dist/utils/context-helpers.js +351 -2
package/dist/utils/context-helpers.js.map +1 -1
package/dist/utils/environment-context.d.ts +76 -0
package/dist/utils/environment-context.d.ts.map +1 -0
package/dist/utils/environment-context.js +271 -0
package/dist/utils/environment-context.js.map +1 -0
package/dist/utils/intent-detector.d.ts +66 -0
package/dist/utils/intent-detector.d.ts.map +1 -0
package/dist/utils/intent-detector.js +282 -0
package/dist/utils/intent-detector.js.map +1 -0
package/dist/utils/parsed-file.d.ts +51 -0
package/dist/utils/parsed-file.d.ts.map +1 -0
package/dist/utils/parsed-file.js +95 -0
package/dist/utils/parsed-file.js.map +1 -0
package/dist/utils/route-hierarchy.d.ts +50 -0
package/dist/utils/route-hierarchy.d.ts.map +1 -0
package/dist/utils/route-hierarchy.js +226 -0
package/dist/utils/route-hierarchy.js.map +1 -0
package/dist/utils/schema-semantics.d.ts +45 -0
package/dist/utils/schema-semantics.d.ts.map +1 -0
package/dist/utils/schema-semantics.js +193 -0
package/dist/utils/schema-semantics.js.map +1 -0
package/dist/validate/clients.d.ts +44 -0
package/dist/validate/clients.d.ts.map +1 -0
package/dist/validate/clients.js +81 -0
package/dist/validate/clients.js.map +1 -0
package/dist/validate/index.d.ts +41 -0
package/dist/validate/index.d.ts.map +1 -0
package/dist/validate/index.js +141 -0
package/dist/validate/index.js.map +1 -0
package/dist/validate/prompts/index.d.ts +8 -0
package/dist/validate/prompts/index.d.ts.map +1 -0
package/dist/validate/prompts/index.js +16 -0
package/dist/validate/prompts/index.js.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.js +156 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/validate/prompts/modules/auth-access.js +25 -0
package/dist/validate/prompts/modules/auth-access.js.map +1 -0
package/dist/validate/prompts/modules/common.d.ts +11 -0
package/dist/validate/prompts/modules/common.d.ts.map +1 -0
package/dist/validate/prompts/modules/common.js +186 -0
package/dist/validate/prompts/modules/common.js.map +1 -0
package/dist/validate/prompts/modules/index.d.ts +54 -0
package/dist/validate/prompts/modules/index.d.ts.map +1 -0
package/dist/validate/prompts/modules/index.js +186 -0
package/dist/validate/prompts/modules/index.js.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.js +84 -0
package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.js +22 -0
package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/validate/prompts/semantic-analysis.js +169 -0
package/dist/validate/prompts/semantic-analysis.js.map +1 -0
package/dist/validate/prompts/validation.d.ts +18 -0
package/dist/validate/prompts/validation.d.ts.map +1 -0
package/dist/validate/prompts/validation.js +25 -0
package/dist/validate/prompts/validation.js.map +1 -0
package/dist/validate/providers/anthropic.d.ts +17 -0
package/dist/validate/providers/anthropic.d.ts.map +1 -0
package/dist/validate/providers/anthropic.js +260 -0
package/dist/validate/providers/anthropic.js.map +1 -0
package/dist/validate/providers/index.d.ts +8 -0
package/dist/validate/providers/index.d.ts.map +1 -0
package/dist/validate/providers/index.js +13 -0
package/dist/validate/providers/index.js.map +1 -0
package/dist/validate/providers/openai.d.ts +14 -0
package/dist/validate/providers/openai.d.ts.map +1 -0
package/dist/validate/providers/openai.js +336 -0
package/dist/validate/providers/openai.js.map +1 -0
package/dist/validate/request-builder.d.ts +61 -0
package/dist/validate/request-builder.d.ts.map +1 -0
package/dist/validate/request-builder.js +346 -0
package/dist/validate/request-builder.js.map +1 -0
package/dist/validate/types.d.ts +88 -0
package/dist/validate/types.d.ts.map +1 -0
package/dist/validate/types.js +38 -0
package/dist/validate/types.js.map +1 -0
package/dist/validate/utils/context-extractor.d.ts +55 -0
package/dist/validate/utils/context-extractor.d.ts.map +1 -0
package/dist/validate/utils/context-extractor.js +161 -0
package/dist/validate/utils/context-extractor.js.map +1 -0
package/dist/validate/utils/index.d.ts +11 -0
package/dist/validate/utils/index.d.ts.map +1 -0
package/dist/validate/utils/index.js +27 -0
package/dist/validate/utils/index.js.map +1 -0
package/dist/validate/utils/path-helpers.d.ts +21 -0
package/dist/validate/utils/path-helpers.d.ts.map +1 -0
package/dist/validate/utils/path-helpers.js +69 -0
package/dist/validate/utils/path-helpers.js.map +1 -0
package/dist/validate/utils/response-parser.d.ts +40 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -0
package/dist/validate/utils/response-parser.js +286 -0
package/dist/validate/utils/response-parser.js.map +1 -0
package/dist/validate/utils/retry.d.ts +15 -0
package/dist/validate/utils/retry.d.ts.map +1 -0
package/dist/validate/utils/retry.js +62 -0
package/dist/validate/utils/retry.js.map +1 -0
package/package.json +8 -7
package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +27 -0
package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
package/src/__tests__/benchmark/run-depth-validation.ts +12 -12
package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
package/src/__tests__/benchmark/types.ts +1 -1
package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
package/src/__tests__/category-filter.test.ts +478 -0
package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
package/src/__tests__/context-engine/framework-models.test.ts +457 -0
package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
package/src/__tests__/context-engine/integration.test.ts +320 -0
package/src/__tests__/context-engine/module-graph.test.ts +159 -0
package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
package/src/__tests__/regression/known-false-positives.test.ts +801 -3
package/src/__tests__/score/adjustments.test.ts +385 -0
package/src/__tests__/score/confidence.test.ts +283 -0
package/src/__tests__/score/framework-scoring.test.ts +275 -0
package/src/__tests__/score/route-scoring.test.ts +156 -0
package/src/__tests__/score/scoring-integration.test.ts +165 -0
package/src/__tests__/score/taint-adjustments.test.ts +244 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +50 -58
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -12
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +3 -3
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
package/src/__tests__/validate/route-annotations.test.ts +138 -0
package/src/__tests__/validation/analyze-results.ts +1 -1
package/src/__tests__/validation/extract-for-triage.ts +1 -1
package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
package/src/__tests__/validation/run-validation.ts +7 -7
package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +729 -4
package/src/{layer2 → detect/ai-code}/byok-patterns.ts +20 -6
package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +10 -4
package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +272 -46
package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +46 -34
package/src/detect/ai-code/index.ts +11 -0
package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +212 -5
package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +85 -6
package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +170 -6
package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +393 -28
package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +91 -4
package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +10 -4
package/src/detect/config/agent-skill-injection.ts +551 -0
package/src/{layer1 → detect/config}/comments.ts +8 -2
package/src/{layer1 → detect/config}/file-flags.ts +23 -6
package/src/detect/config/index.ts +6 -0
package/src/{layer3 → detect/config}/osv-check.ts +3 -2
package/src/{layer3 → detect/config}/package-check.ts +3 -2
package/src/{layer1 → detect/config}/urls.ts +196 -15
package/src/detect/index.ts +131 -0
package/src/{layer1 → detect/secrets}/config-audit.ts +56 -12
package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +11 -4
package/src/{layer1 → detect/secrets}/entropy.ts +256 -11
package/src/{layer1 → detect/secrets}/index.ts +43 -46
package/src/{layer1 → detect/secrets}/patterns.ts +51 -6
package/src/{layer1 → detect/secrets}/weak-crypto.ts +174 -17
package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +249 -27
package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +94 -22
package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +672 -65
package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +269 -17
package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +4 -2
package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
package/src/detect/structural/dangerous-functions/utils/control-flow.ts +35 -0
package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +16 -1
package/src/{layer2 → detect/structural}/data-exposure.ts +23 -40
package/src/{layer2 → detect/structural}/framework-checks.ts +13 -12
package/src/{layer2 → detect/structural}/index.ts +144 -122
package/src/detect/structural/log-injection.ts +254 -0
package/src/{layer2 → detect/structural}/logic-gates.ts +69 -24
package/src/{layer2 → detect/structural}/risky-imports.ts +10 -4
package/src/detect/structural/security-headers.ts +231 -0
package/src/detect/structural/ssrf-detection.ts +300 -0
package/src/{layer2 → detect/structural}/variables.ts +10 -4
package/src/detect/structural/xxe-detection.ts +295 -0
package/src/index.ts +64 -1038
package/src/{utils → model}/auth-helper-detector.ts +1 -1
package/src/model/cross-file-taint.ts +374 -0
package/src/model/framework-models/django.ts +82 -0
package/src/model/framework-models/express.ts +54 -0
package/src/model/framework-models/index.ts +116 -0
package/src/model/framework-models/nextjs.ts +69 -0
package/src/model/framework-models/prisma.ts +57 -0
package/src/model/framework-models/react.ts +63 -0
package/src/model/framework-models/sequelize.ts +63 -0
package/src/model/framework-models/types.ts +46 -0
package/src/model/function-classifier.ts +184 -0
package/src/model/import-resolver.ts +453 -0
package/src/{utils → model}/imported-auth-detector.ts +21 -85
package/src/model/index.ts +353 -0
package/src/{utils → model}/middleware-detector.ts +156 -17
package/src/model/module-graph.ts +254 -0
package/src/{utils → model}/oauth-flow-detector.ts +1 -1
package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
package/src/model/route-auth-resolver.ts +216 -0
package/src/model/route-discovery/express.ts +251 -0
package/src/model/route-discovery/index.ts +83 -0
package/src/model/route-discovery/nextjs.ts +216 -0
package/src/model/route-discovery/python.ts +214 -0
package/src/model/route-discovery/types.ts +48 -0
package/src/model/route-discovery/utils.ts +54 -0
package/src/model/route-hierarchy.ts +250 -0
package/src/model/sanitiser-detection.ts +268 -0
package/src/model/sink-matcher.ts +178 -0
package/src/model/sink-patterns.ts +109 -0
package/src/model/source-discovery.ts +209 -0
package/src/model/taint-tracker.ts +333 -0
package/src/model/taint-types.ts +149 -0
package/src/{utils → model}/trpc-analyzer.ts +1 -1
package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +462 -2
package/src/{utils → parse}/path-exclusions.ts +1 -1
package/src/pipeline/config.ts +81 -0
package/src/pipeline/index.ts +437 -0
package/src/{modes → pipeline/modes}/incremental.ts +6 -6
package/src/postprocess/aggregation.ts +74 -0
package/src/postprocess/contradictions.ts +128 -0
package/src/postprocess/dedup.ts +62 -0
package/src/postprocess/filtering/__tests__/pipeline.test.ts +134 -0
package/src/postprocess/filtering/context-adjustments.ts +111 -0
package/src/postprocess/filtering/index.ts +10 -0
package/src/postprocess/filtering/pipeline.ts +130 -0
package/src/postprocess/index.ts +118 -0
package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
package/src/{suppression → postprocess/suppression}/types.ts +2 -2
package/src/postprocess/validation-cap.ts +66 -0
package/src/report/build-result.ts +94 -0
package/src/report/enrichment.ts +52 -0
package/src/report/formatters/__tests__/ai-context.test.ts +254 -0
package/src/report/formatters/ai-context.ts +302 -0
package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
package/src/{formatters → report/formatters}/github-comment.ts +4 -4
package/src/{formatters → report/formatters}/grouping.ts +8 -8
package/src/report/formatters/ide/__tests__/ide.test.ts +319 -0
package/src/report/formatters/ide/claude-code.ts +110 -0
package/src/report/formatters/ide/cursor.ts +147 -0
package/src/report/formatters/ide/index.ts +216 -0
package/src/report/formatters/ide/windsurf.ts +135 -0
package/src/{formatters → report/formatters}/index.ts +24 -0
package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
package/src/report/summary.ts +70 -0
package/src/score/adjustments.ts +387 -0
package/src/{layer3/anthropic → score}/auto-dismiss.ts +26 -14
package/src/score/confidence.ts +66 -0
package/src/score/index.ts +316 -0
package/src/score/types.ts +187 -0
package/src/shared/__tests__/code-analysis.test.ts +165 -0
package/src/shared/__tests__/parsed-file.test.ts +124 -0
package/src/shared/ai-context/__tests__/manager.test.ts +193 -0
package/src/shared/ai-context/index.ts +15 -0
package/src/shared/ai-context/manager.ts +145 -0
package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +2 -2
package/src/{baseline → shared/baseline}/diff.ts +1 -1
package/src/{baseline → shared/baseline}/manager.ts +1 -1
package/src/shared/category-filter.ts +400 -0
package/src/{layer2/dangerous-functions/utils/control-flow.ts → shared/code-analysis.ts} +56 -39
package/src/shared/comment-analyzer.ts +249 -0
package/src/shared/environment-context.ts +304 -0
package/src/shared/intent-detector.ts +318 -0
package/src/shared/parsed-file.ts +103 -0
package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
package/src/{rules → shared/rules}/metadata.ts +94 -0
package/src/shared/schema-semantics.ts +233 -0
package/src/{types.ts → shared/types.ts} +142 -11
package/src/tiers.ts +27 -10
package/src/validate/__tests__/context-extractor.test.ts +191 -0
package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
package/src/validate/__tests__/request-builder.test.ts +347 -0
package/src/{layer3/anthropic → validate}/index.ts +8 -7
package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
package/src/validate/prompts/modules/ai-patterns.ts +153 -0
package/src/validate/prompts/modules/auth-access.ts +22 -0
package/src/validate/prompts/modules/common.ts +183 -0
package/src/validate/prompts/modules/index.ts +204 -0
package/src/validate/prompts/modules/owasp-classic.ts +81 -0
package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
package/src/validate/prompts/modules/xss-prompt.ts +19 -0
package/src/validate/prompts/validation.ts +20 -0
package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
package/src/validate/providers/index.ts +8 -0
package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
package/src/validate/request-builder.ts +448 -0
package/src/{layer3/anthropic → validate}/types.ts +1 -1
package/src/validate/utils/context-extractor.ts +220 -0
package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
package/src/layer3/anthropic/prompts/validation.ts +0 -419
package/src/layer3/anthropic/providers/index.ts +0 -8
package/src/layer3/anthropic/request-builder.ts +0 -150
package/src/layer3/index.ts +0 -168
/package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
/package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/types.ts +0 -0
/package/src/{utils → shared}/diff-detector.ts +0 -0
/package/src/{utils → shared}/diff-parser.ts +0 -0
/package/src/{utils → shared}/registry-clients.ts +0 -0
/package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
/package/src/{rules → shared/rules}/index.ts +0 -0
/package/src/{layer3/anthropic → validate}/clients.ts +0 -0
/package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0

package/src/__tests__/context-engine/module-graph.test.ts ADDED Viewed

@@ -0,0 +1,159 @@
+/**
+ * Tests for Module Graph — buildModuleGraph, resolveImportedName, circular detection
+ */
+import { buildModuleGraph, resolveImportedName } from '../../model/module-graph'
+import type { ScanFile } from '../../shared/types'
+function makeFile(path: string, content: string): ScanFile {
+  return { path, content, language: 'typescript' }
+}
+describe('buildModuleGraph', () => {
+  it('builds graph with forward and reverse edges', () => {
+    const files = [
+      makeFile('src/routes/users.ts', `
+import { getUser } from '../lib/db'
+export async function GET(req) { return getUser(req.params.id) }
+      `),
+      makeFile('src/lib/db.ts', `
+export function getUser(id: string) { return db.query('SELECT * FROM users WHERE id = ' + id) }
+      `),
+    ]
+    const graph = buildModuleGraph(files)
+    expect(graph.nodes.size).toBe(2)
+    const routeNode = graph.nodes.get('src/routes/users.ts')
+    expect(routeNode).toBeDefined()
+    expect(routeNode!.dependsOn.has('src/lib/db.ts')).toBe(true)
+    const dbNode = graph.nodes.get('src/lib/db.ts')
+    expect(dbNode).toBeDefined()
+    expect(dbNode!.importedBy.has('src/routes/users.ts')).toBe(true)
+  })
+  it('counts edges correctly', () => {
+    const files = [
+      makeFile('src/a.ts', `import { b } from './b'\nimport { c } from './c'`),
+      makeFile('src/b.ts', `export const b = 1`),
+      makeFile('src/c.ts', `export const c = 2`),
+    ]
+    const graph = buildModuleGraph(files)
+    expect(graph.stats.totalEdges).toBe(2)
+    expect(graph.stats.totalFiles).toBe(3)
+  })
+  it('detects circular imports', () => {
+    const files = [
+      makeFile('src/a.ts', `import { b } from './b'\nexport const a = 1`),
+      makeFile('src/b.ts', `import { a } from './a'\nexport const b = 2`),
+    ]
+    const graph = buildModuleGraph(files)
+    expect(graph.circularImports.size).toBeGreaterThan(0)
+    expect(graph.stats.circularImportCount).toBeGreaterThan(0)
+  })
+  it('handles no circular imports', () => {
+    const files = [
+      makeFile('src/a.ts', `import { b } from './b'`),
+      makeFile('src/b.ts', `export const b = 1`),
+    ]
+    const graph = buildModuleGraph(files)
+    expect(graph.circularImports.size).toBe(0)
+  })
+  it('skips non-code files', () => {
+    const files = [
+      makeFile('src/a.ts', `export const a = 1`),
+      makeFile('README.md', `# Hello`),
+      makeFile('.env', `SECRET=123`),
+    ]
+    const graph = buildModuleGraph(files)
+    expect(graph.nodes.size).toBe(1)
+  })
+  it('handles node_modules imports (not resolved)', () => {
+    const files = [
+      makeFile('src/app.ts', `import express from 'express'\nimport { db } from './db'`),
+      makeFile('src/db.ts', `export const db = {}`),
+    ]
+    const graph = buildModuleGraph(files)
+    const appNode = graph.nodes.get('src/app.ts')!
+    // express import should not create a resolved edge
+    expect(appNode.dependsOn.size).toBe(1)
+    expect(appNode.dependsOn.has('src/db.ts')).toBe(true)
+  })
+  it('extracts exports for nodes', () => {
+    const files = [
+      makeFile('src/db.ts', `
+export function getUser(id) { }
+export function createUser(data) { }
+export const DB_NAME = 'mydb'
+      `),
+    ]
+    const graph = buildModuleGraph(files)
+    const node = graph.nodes.get('src/db.ts')!
+    expect(node.exports.length).toBe(3)
+    expect(node.exports.map(e => e.name)).toEqual(expect.arrayContaining(['getUser', 'createUser', 'DB_NAME']))
+  })
+  it('includes duration in stats', () => {
+    const files = [makeFile('src/a.ts', `export const a = 1`)]
+    const graph = buildModuleGraph(files)
+    expect(graph.stats.duration).toBeGreaterThanOrEqual(0)
+  })
+})
+describe('resolveImportedName', () => {
+  it('resolves a directly exported name', () => {
+    const files = [
+      makeFile('src/routes.ts', `import { getUser } from './db'`),
+      makeFile('src/db.ts', `export function getUser(id) { }`),
+    ]
+    const graph = buildModuleGraph(files)
+    const resolved = resolveImportedName(graph, 'src/routes.ts', 'getUser')
+    expect(resolved).not.toBeNull()
+    expect(resolved!.filePath).toBe('src/db.ts')
+    expect(resolved!.exportName).toBe('getUser')
+  })
+  it('returns null for unknown import', () => {
+    const files = [
+      makeFile('src/routes.ts', `import { getUser } from './db'`),
+      makeFile('src/db.ts', `export function getUser(id) { }`),
+    ]
+    const graph = buildModuleGraph(files)
+    const resolved = resolveImportedName(graph, 'src/routes.ts', 'nonExistent')
+    expect(resolved).toBeNull()
+  })
+  it('returns null for unknown file', () => {
+    const files = [makeFile('src/a.ts', `export const a = 1`)]
+    const graph = buildModuleGraph(files)
+    const resolved = resolveImportedName(graph, 'src/nonexistent.ts', 'a')
+    expect(resolved).toBeNull()
+  })
+  it('resolves through one-hop re-export', () => {
+    const files = [
+      makeFile('src/app.ts', `import { query } from './index'`),
+      makeFile('src/index.ts', `export { query } from './db'`),
+      makeFile('src/db.ts', `export function query(sql) { }`),
+    ]
+    const graph = buildModuleGraph(files)
+    const resolved = resolveImportedName(graph, 'src/app.ts', 'query')
+    expect(resolved).not.toBeNull()
+    expect(resolved!.filePath).toBe('src/db.ts')
+  })
+})

package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts ADDED Viewed

@@ -0,0 +1,353 @@
+import { resolveRouteAuth } from '../../../model/route-auth-resolver'
+import type { RouteMap, RouteDefinition, MountPoint } from '../../../model/route-discovery'
+import { isRouteProtectedByMiddleware, detectGlobalAuthMiddleware } from '../../../model/middleware-detector'
+import type { MiddlewareAuthConfig } from '../../../model/middleware-detector'
+import type { ScanFile } from '../../../shared/types'
+function makeRoute(overrides: Partial<RouteDefinition>): RouteDefinition {
+  return {
+    filePath: 'src/routes.ts',
+    methods: ['GET'],
+    path: '/api/test',
+    handler: 'testHandler',
+    handlerLine: 5,
+    framework: 'express',
+    authMiddleware: [],
+    rateLimiting: false,
+    isPublic: false,
+    inputs: [],
+    ...overrides,
+  }
+}
+function makeRouteMap(routes: RouteDefinition[]): RouteMap {
+  const fileToRoutes = new Map<string, RouteDefinition[]>()
+  for (const r of routes) {
+    const existing = fileToRoutes.get(r.filePath) || []
+    existing.push(r)
+    fileToRoutes.set(r.filePath, existing)
+  }
+  return { routes, fileToRoutes }
+}
+const emptyMiddlewareConfig: MiddlewareAuthConfig = {
+  hasAuthMiddleware: false,
+  protectedPaths: [],
+  publicPaths: [],
+  matchers: [],
+  context: { usesAuthProtect: false, usesGetToken: false, usesSession: false, hasPublicRoutes: false },
+}
+describe('Route Auth Resolver', () => {
+  it('preserves direct middleware from extractors', () => {
+    const route = makeRoute({ authMiddleware: ['authGuard'] })
+    const result = resolveRouteAuth(
+      makeRouteMap([route]), [], [], emptyMiddlewareConfig
+    )
+    expect(result.routes[0].authMiddleware).toContain('authGuard')
+  })
+  it('resolves mount-level auth', () => {
+    const route = makeRoute({ path: '/api/users' })
+    const mounts: MountPoint[] = [
+      { path: '/api', middleware: ['authMiddleware'], line: 1, isGlobal: false, filePath: 'src/app.ts' },
+    ]
+    const result = resolveRouteAuth(
+      makeRouteMap([route]), mounts, [], emptyMiddlewareConfig
+    )
+    expect(result.routes[0].authMiddleware).toContain('authMiddleware')
+  })
+  it('resolves global middleware', () => {
+    const route = makeRoute({ path: '/anything' })
+    const mounts: MountPoint[] = [
+      { path: '/', middleware: ['passportAuth'], line: 1, isGlobal: true, filePath: 'src/app.ts' },
+    ]
+    const result = resolveRouteAuth(
+      makeRouteMap([route]), mounts, [], emptyMiddlewareConfig
+    )
+    expect(result.routes[0].authMiddleware).toContain('passportAuth')
+  })
+  it('resolves Next.js middleware.ts protection', () => {
+    const route = makeRoute({ path: '/api/protected' })
+    const config: MiddlewareAuthConfig = {
+      ...emptyMiddlewareConfig,
+      hasAuthMiddleware: true,
+      authType: 'clerk',
+      protectedPaths: ['/api'],
+      publicPaths: ['/api/public'],
+    }
+    const result = resolveRouteAuth(
+      makeRouteMap([route]), [], [], config
+    )
+    expect(result.routes[0].authMiddleware.some(m => m.includes('clerk'))).toBe(true)
+  })
+  it('excludes public paths from middleware protection', () => {
+    const route = makeRoute({ path: '/api/public/data' })
+    const config: MiddlewareAuthConfig = {
+      ...emptyMiddlewareConfig,
+      hasAuthMiddleware: true,
+      authType: 'clerk',
+      protectedPaths: ['/api/:path*'],
+      publicPaths: ['/api/public/:path*'],
+    }
+    const result = resolveRouteAuth(
+      makeRouteMap([route]), [], [], config
+    )
+    // Public path should NOT get middleware.ts auth
+    expect(result.routes[0].authMiddleware.filter(m => m.includes('clerk'))).toHaveLength(0)
+  })
+  it('detects throwing auth helpers in handler body', () => {
+    const route = makeRoute({ filePath: 'src/api/profile.ts', handlerLine: 3 })
+    const files: ScanFile[] = [
+      {
+        path: 'src/api/profile.ts',
+        content: `import { auth } from '@clerk/nextjs'
+export async function GET() {
+  const userId = getCurrentUserId()
+  return Response.json({ userId })
+}`,
+        language: 'typescript',
+      },
+    ]
+    const result = resolveRouteAuth(
+      makeRouteMap([route]), [], files, emptyMiddlewareConfig
+    )
+    expect(result.routes[0].authMiddleware).toContain('throwing_auth_helper')
+  })
+  it('does not duplicate auth middleware', () => {
+    const route = makeRoute({ authMiddleware: ['authGuard'] })
+    const mounts: MountPoint[] = [
+      { path: '/api', middleware: ['authGuard'], line: 1, isGlobal: false, filePath: 'src/app.ts' },
+    ]
+    const result = resolveRouteAuth(
+      makeRouteMap([route]), mounts, [], emptyMiddlewareConfig
+    )
+    const authCount = result.routes[0].authMiddleware.filter(m => m === 'authGuard').length
+    expect(authCount).toBe(1)
+  })
+  it('rebuilds fileToRoutes map correctly', () => {
+    const routes = [
+      makeRoute({ filePath: 'a.ts', path: '/a' }),
+      makeRoute({ filePath: 'a.ts', path: '/b' }),
+      makeRoute({ filePath: 'c.ts', path: '/c' }),
+    ]
+    const result = resolveRouteAuth(
+      makeRouteMap(routes), [], [], emptyMiddlewareConfig
+    )
+    expect(result.fileToRoutes.get('a.ts')).toHaveLength(2)
+    expect(result.fileToRoutes.get('c.ts')).toHaveLength(1)
+  })
+})
+// ==========================================================================
+// Middleware Detector: isRouteProtectedByMiddleware
+// ==========================================================================
+describe('isRouteProtectedByMiddleware', () => {
+  describe('Clerk with createRouteMatcher', () => {
+    // Clerk defines public routes as regex patterns via createRouteMatcher.
+    // Everything else is protected by auth().protect().
+    const clerkConfig: MiddlewareAuthConfig = {
+      hasAuthMiddleware: true,
+      authType: 'clerk',
+      protectedPaths: ['/api/**'],
+      publicPaths: ['/sign-in(.*)', '/sign-up(.*)'],
+      matchers: ['/((?!.*\\..*|_next).*)'],
+      context: { usesAuthProtect: true, usesGetToken: false, usesSession: false, hasPublicRoutes: true },
+    }
+    it('marks /api/users as protected', () => {
+      const r = isRouteProtectedByMiddleware('/api/users', clerkConfig)
+      expect(r.isProtected).toBe(true)
+    })
+    it('marks /sign-in as public (Clerk regex pattern)', () => {
+      const r = isRouteProtectedByMiddleware('/sign-in', clerkConfig)
+      expect(r.isProtected).toBe(false)
+    })
+    it('marks /sign-up/sso as public (Clerk regex subpath)', () => {
+      const r = isRouteProtectedByMiddleware('/sign-up/sso', clerkConfig)
+      expect(r.isProtected).toBe(false)
+    })
+    it('marks / as not protected (no explicit match)', () => {
+      const r = isRouteProtectedByMiddleware('/', clerkConfig)
+      expect(r.isProtected).toBe(false)
+    })
+  })
+  describe('NextAuth with explicit matcher', () => {
+    // NextAuth: matcher IS the protection scope
+    const nextAuthConfig: MiddlewareAuthConfig = {
+      hasAuthMiddleware: true,
+      authType: 'nextauth',
+      protectedPaths: ['/dashboard/:path*', '/api/:path*'],
+      publicPaths: [],
+      matchers: ['/dashboard/:path*', '/api/:path*'],
+      context: { usesAuthProtect: false, usesGetToken: false, usesSession: true, hasPublicRoutes: false },
+    }
+    it('marks /dashboard/settings as protected', () => {
+      const r = isRouteProtectedByMiddleware('/dashboard/settings', nextAuthConfig)
+      expect(r.isProtected).toBe(true)
+    })
+    it('marks /api/users as protected', () => {
+      const r = isRouteProtectedByMiddleware('/api/users', nextAuthConfig)
+      expect(r.isProtected).toBe(true)
+    })
+    it('marks / as not protected', () => {
+      const r = isRouteProtectedByMiddleware('/', nextAuthConfig)
+      expect(r.isProtected).toBe(false)
+    })
+    it('marks /about as not protected', () => {
+      const r = isRouteProtectedByMiddleware('/about', nextAuthConfig)
+      expect(r.isProtected).toBe(false)
+    })
+  })
+  describe('Supabase with helper-extracted paths', () => {
+    // Supabase: helper file defines isProtectedRoute and isPublicRoute
+    const supabaseConfig: MiddlewareAuthConfig = {
+      hasAuthMiddleware: true,
+      authType: 'supabase',
+      protectedPaths: ['/dashboard', '/scan'],
+      publicPaths: ['/auth/', '/login', '/'],
+      matchers: ['/((?!_next/static|_next/image|favicon.ico|.*\\.(?:svg|png|jpg|jpeg|gif|webp)$).*)'],
+      context: { usesAuthProtect: false, usesGetToken: false, usesSession: true, hasPublicRoutes: true },
+    }
+    it('marks /dashboard as protected', () => {
+      const r = isRouteProtectedByMiddleware('/dashboard', supabaseConfig)
+      expect(r.isProtected).toBe(true)
+    })
+    it('marks /scan as protected', () => {
+      const r = isRouteProtectedByMiddleware('/scan', supabaseConfig)
+      expect(r.isProtected).toBe(true)
+    })
+    it('marks / as public', () => {
+      const r = isRouteProtectedByMiddleware('/', supabaseConfig)
+      expect(r.isProtected).toBe(false)
+    })
+    it('marks /login as public', () => {
+      const r = isRouteProtectedByMiddleware('/login', supabaseConfig)
+      expect(r.isProtected).toBe(false)
+    })
+    it('marks /auth/callback as public', () => {
+      const r = isRouteProtectedByMiddleware('/auth/callback', supabaseConfig)
+      expect(r.isProtected).toBe(false)
+    })
+    it('does not mark /pricing as protected (not in any list)', () => {
+      const r = isRouteProtectedByMiddleware('/pricing', supabaseConfig)
+      expect(r.isProtected).toBe(false)
+    })
+    it('marks /api/users as protected (API fallback)', () => {
+      const r = isRouteProtectedByMiddleware('/api/users', supabaseConfig)
+      expect(r.isProtected).toBe(true)
+    })
+    it('does not use matchers as protection when protectedPaths exist', () => {
+      // /about is not in protectedPaths, publicPaths, or /api —
+      // the catch-all matcher SHOULD NOT mark it as protected
+      const r = isRouteProtectedByMiddleware('/about', supabaseConfig)
+      expect(r.isProtected).toBe(false)
+    })
+  })
+  describe('No middleware detected', () => {
+    it('returns not protected', () => {
+      const r = isRouteProtectedByMiddleware('/api/users', emptyMiddlewareConfig)
+      expect(r.isProtected).toBe(false)
+    })
+  })
+})
+// ==========================================================================
+// detectGlobalAuthMiddleware integration
+// ==========================================================================
+describe('detectGlobalAuthMiddleware', () => {
+  it('detects Clerk middleware', () => {
+    const files: ScanFile[] = [{
+      path: 'src/middleware.ts',
+      content: `import { clerkMiddleware, createRouteMatcher } from '@clerk/nextjs/server'
+const isPublicRoute = createRouteMatcher(['/sign-in(.*)', '/sign-up(.*)'])
+export default clerkMiddleware((auth, request) => {
+  if (!isPublicRoute(request)) auth().protect()
+})
+export const config = { matcher: ['/((?!.*\\\\..*|_next).*)'] }`,
+      language: 'typescript',
+    }]
+    const config = detectGlobalAuthMiddleware(files)
+    expect(config.hasAuthMiddleware).toBe(true)
+    expect(config.authType).toBe('clerk')
+    expect(config.publicPaths).toContain('/sign-in(.*)')
+    expect(config.publicPaths).toContain('/sign-up(.*)')
+    expect(config.context.usesAuthProtect).toBe(true)
+  })
+  it('detects NextAuth middleware', () => {
+    const files: ScanFile[] = [{
+      path: 'middleware.ts',
+      content: `export { default } from 'next-auth/middleware'
+export const config = { matcher: ['/dashboard/:path*', '/api/:path*'] }`,
+      language: 'typescript',
+    }]
+    const config = detectGlobalAuthMiddleware(files)
+    expect(config.hasAuthMiddleware).toBe(true)
+    expect(config.authType).toBe('nextauth')
+    expect(config.protectedPaths.length).toBeGreaterThan(0)
+  })
+  it('detects Supabase middleware with helper import', () => {
+    const files: ScanFile[] = [
+      {
+        path: 'src/middleware.ts',
+        content: `import { updateSession } from '@/lib/supabase/middleware'
+export async function middleware(request) { return await updateSession(request) }
+export const config = { matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'] }`,
+        language: 'typescript',
+      },
+      {
+        path: 'src/lib/supabase/middleware.ts',
+        content: `import { createServerClient } from '@supabase/ssr'
+export async function updateSession(request) {
+  const supabase = createServerClient(process.env.URL, process.env.KEY, {})
+  const { data: { user } } = await supabase.auth.getUser()
+  const pathname = request.nextUrl.pathname
+  const isAuthRoute = pathname.startsWith('/auth/') || pathname === '/login'
+  const isPublicRoute = pathname === '/' || isAuthRoute
+  const isProtectedRoute = pathname.startsWith('/dashboard') || pathname.startsWith('/scan')
+  if (!user && isProtectedRoute) { return redirect('/login') }
+  return response
+}`,
+        language: 'typescript',
+      },
+    ]
+    const config = detectGlobalAuthMiddleware(files)
+    expect(config.hasAuthMiddleware).toBe(true)
+    expect(config.authType).toBe('supabase')
+    expect(config.protectedPaths).toContain('/dashboard')
+    expect(config.protectedPaths).toContain('/scan')
+    expect(config.publicPaths).toContain('/')
+    expect(config.publicPaths).toContain('/auth/')
+    expect(config.publicPaths).toContain('/login')
+    expect(config.context.usesSession).toBe(true)
+    expect(config.context.hasPublicRoutes).toBe(true)
+  })
+})

package/src/__tests__/context-engine/route-discovery/express.test.ts ADDED Viewed

@@ -0,0 +1,150 @@
+import { extractExpressRoutes, extractMountPoints } from '../../../model/route-discovery/express'
+describe('Express Route Extractor', () => {
+  describe('extractExpressRoutes', () => {
+    it('extracts app.get route', () => {
+      const content = `
+const express = require('express')
+const app = express()
+app.get('/api/users', getUsers)
+`
+      const routes = extractExpressRoutes(content, 'src/server.js')
+      expect(routes).toHaveLength(1)
+      expect(routes[0].methods).toEqual(['GET'])
+      expect(routes[0].path).toBe('/api/users')
+      expect(routes[0].framework).toBe('express')
+    })
+    it('extracts router.post route', () => {
+      const content = `
+const router = require('express').Router()
+router.post('/api/items', createItem)
+`
+      const routes = extractExpressRoutes(content, 'src/routes.js')
+      expect(routes).toHaveLength(1)
+      expect(routes[0].methods).toEqual(['POST'])
+      expect(routes[0].path).toBe('/api/items')
+    })
+    it('detects multi-middleware route', () => {
+      const content = `
+const app = require('express')()
+app.post('/api/data', authMiddleware, validateBody, handleData)
+`
+      const routes = extractExpressRoutes(content, 'src/server.js')
+      expect(routes).toHaveLength(1)
+      expect(routes[0].authMiddleware).toContain('authMiddleware')
+    })
+    it('detects rate limiting middleware', () => {
+      const content = `
+const app = require('express')()
+app.get('/api/search', rateLimiter, searchHandler)
+`
+      const routes = extractExpressRoutes(content, 'src/server.js')
+      expect(routes).toHaveLength(1)
+      expect(routes[0].rateLimiting).toBe(true)
+    })
+    it('detects public endpoints', () => {
+      const content = `
+const app = require('express')()
+app.get('/health', healthCheck)
+app.get('/healthz', healthCheck)
+app.get('/ready', readyCheck)
+app.get('/ping', pingHandler)
+app.get('/status', statusHandler)
+`
+      const routes = extractExpressRoutes(content, 'src/server.js')
+      expect(routes).toHaveLength(5)
+      routes.forEach(r => expect(r.isPublic).toBe(true))
+    })
+    it('detects input sources from handler body', () => {
+      const content = `
+const app = require('express')()
+app.post('/api/users', async (req, res) => {
+  const { name, email } = req.body
+  const page = req.query.page
+  const id = req.params.id
+  res.json({ ok: true })
+})
+`
+      const routes = extractExpressRoutes(content, 'src/server.js')
+      expect(routes).toHaveLength(1)
+      const sources = routes[0].inputs.map(i => i.source)
+      expect(sources).toContain('body')
+      expect(sources).toContain('query')
+      expect(sources).toContain('params')
+    })
+    it('extracts multiple routes in one file', () => {
+      const content = `
+const app = require('express')()
+app.get('/api/users', listUsers)
+app.post('/api/users', createUser)
+app.delete('/api/users', deleteUser)
+`
+      const routes = extractExpressRoutes(content, 'src/server.js')
+      expect(routes).toHaveLength(3)
+      expect(routes.map(r => r.methods[0])).toEqual(['GET', 'POST', 'DELETE'])
+    })
+    it('detects Fastify preHandler route', () => {
+      const content = `
+import Fastify from 'fastify'
+const server = Fastify()
+server.route({
+  method: 'GET',
+  url: '/api/data',
+  preHandler: [authenticate, rateLimit],
+  handler: getData
+})
+`
+      const routes = extractExpressRoutes(content, 'src/server.ts')
+      expect(routes).toHaveLength(1)
+      expect(routes[0].framework).toBe('fastify')
+      expect(routes[0].methods).toEqual(['GET'])
+      expect(routes[0].path).toBe('/api/data')
+      expect(routes[0].authMiddleware).toContain('authenticate')
+    })
+    it('detects Hono routes', () => {
+      const content = `
+import { Hono } from 'hono'
+const app = new Hono()
+app.get('/api/hello', (c) => {
+  return c.json({ message: 'hello' })
+})
+`
+      const routes = extractExpressRoutes(content, 'src/server.ts')
+      expect(routes).toHaveLength(1)
+      expect(routes[0].framework).toBe('hono')
+    })
+  })
+  describe('extractMountPoints', () => {
+    it('extracts path-scoped mount', () => {
+      const content = `
+const app = require('express')()
+app.use('/api', authMiddleware)
+`
+      const mounts = extractMountPoints(content, 'src/server.js')
+      expect(mounts).toHaveLength(1)
+      expect(mounts[0].path).toBe('/api')
+      expect(mounts[0].middleware).toContain('authMiddleware')
+      expect(mounts[0].isGlobal).toBe(false)
+    })
+    it('extracts global mount', () => {
+      const content = `
+const app = require('express')()
+app.use(helmet())
+`
+      const mounts = extractMountPoints(content, 'src/server.js')
+      expect(mounts).toHaveLength(1)
+      expect(mounts[0].isGlobal).toBe(true)
+      expect(mounts[0].middleware).toContain('helmet')
+    })
+  })
+})