npm - @oculum/scanner - Versions diffs - 1.0.11 → 1.0.13 - Mend

@oculum/scanner 1.0.11 → 1.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1178) hide show

package/dist/ai-context/index.d.ts +6 -0
package/dist/ai-context/index.d.ts.map +1 -0
package/dist/ai-context/index.js +13 -0
package/dist/ai-context/index.js.map +1 -0
package/dist/ai-context/manager.d.ts +67 -0
package/dist/ai-context/manager.d.ts.map +1 -0
package/dist/ai-context/manager.js +104 -0
package/dist/ai-context/manager.js.map +1 -0
package/dist/category-filter.d.ts +125 -0
package/dist/category-filter.d.ts.map +1 -0
package/dist/category-filter.js +360 -0
package/dist/category-filter.js.map +1 -0
package/dist/detect/ai-code/agent-tools.d.ts +22 -0
package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
package/dist/detect/ai-code/agent-tools.js +1509 -0
package/dist/detect/ai-code/agent-tools.js.map +1 -0
package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
package/dist/detect/ai-code/byok-patterns.js +313 -0
package/dist/detect/ai-code/byok-patterns.js.map +1 -0
package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
package/dist/detect/ai-code/endpoint-protection.js +349 -0
package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
package/dist/detect/ai-code/execution-sinks.js +1158 -0
package/dist/detect/ai-code/execution-sinks.js.map +1 -0
package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
package/dist/detect/ai-code/fingerprinting.js +665 -0
package/dist/detect/ai-code/fingerprinting.js.map +1 -0
package/dist/detect/ai-code/index.d.ts +12 -0
package/dist/detect/ai-code/index.d.ts.map +1 -0
package/dist/detect/ai-code/index.js +26 -0
package/dist/detect/ai-code/index.js.map +1 -0
package/dist/detect/ai-code/mcp-security.d.ts +20 -0
package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
package/dist/detect/ai-code/mcp-security.js +880 -0
package/dist/detect/ai-code/mcp-security.js.map +1 -0
package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
package/dist/detect/ai-code/model-supply-chain.js +447 -0
package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
package/dist/detect/ai-code/package-hallucination.js +841 -0
package/dist/detect/ai-code/package-hallucination.js.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
package/dist/detect/ai-code/rag-safety.d.ts +24 -0
package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
package/dist/detect/ai-code/rag-safety.js +913 -0
package/dist/detect/ai-code/rag-safety.js.map +1 -0
package/dist/detect/ai-code/schema-validation.d.ts +28 -0
package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
package/dist/detect/ai-code/schema-validation.js +378 -0
package/dist/detect/ai-code/schema-validation.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts +27 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
package/dist/detect/config/agent-skill-injection.js +472 -0
package/dist/detect/config/agent-skill-injection.js.map +1 -0
package/dist/detect/config/comments.d.ts +11 -0
package/dist/detect/config/comments.d.ts.map +1 -0
package/dist/detect/config/comments.js +206 -0
package/dist/detect/config/comments.js.map +1 -0
package/dist/detect/config/file-flags.d.ts +10 -0
package/dist/detect/config/file-flags.d.ts.map +1 -0
package/dist/detect/config/file-flags.js +124 -0
package/dist/detect/config/file-flags.js.map +1 -0
package/dist/detect/config/index.d.ts +7 -0
package/dist/detect/config/index.d.ts.map +1 -0
package/dist/detect/config/index.js +17 -0
package/dist/detect/config/index.js.map +1 -0
package/dist/detect/config/osv-check.d.ts +75 -0
package/dist/detect/config/osv-check.d.ts.map +1 -0
package/dist/detect/config/osv-check.js +309 -0
package/dist/detect/config/osv-check.js.map +1 -0
package/dist/detect/config/package-check.d.ts +63 -0
package/dist/detect/config/package-check.d.ts.map +1 -0
package/dist/detect/config/package-check.js +509 -0
package/dist/detect/config/package-check.js.map +1 -0
package/dist/detect/config/urls.d.ts +11 -0
package/dist/detect/config/urls.d.ts.map +1 -0
package/dist/detect/config/urls.js +450 -0
package/dist/detect/config/urls.js.map +1 -0
package/dist/detect/index.d.ts +37 -0
package/dist/detect/index.d.ts.map +1 -0
package/dist/detect/index.js +77 -0
package/dist/detect/index.js.map +1 -0
package/dist/detect/secrets/config-audit.d.ts +11 -0
package/dist/detect/secrets/config-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-audit.js +315 -0
package/dist/detect/secrets/config-audit.js.map +1 -0
package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
package/dist/detect/secrets/config-mcp-audit.js +243 -0
package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
package/dist/detect/secrets/entropy.d.ts +11 -0
package/dist/detect/secrets/entropy.d.ts.map +1 -0
package/dist/detect/secrets/entropy.js +751 -0
package/dist/detect/secrets/entropy.js.map +1 -0
package/dist/detect/secrets/index.d.ts +36 -0
package/dist/detect/secrets/index.d.ts.map +1 -0
package/dist/detect/secrets/index.js +174 -0
package/dist/detect/secrets/index.js.map +1 -0
package/dist/detect/secrets/patterns.d.ts +11 -0
package/dist/detect/secrets/patterns.d.ts.map +1 -0
package/dist/detect/secrets/patterns.js +518 -0
package/dist/detect/secrets/patterns.js.map +1 -0
package/dist/detect/secrets/weak-crypto.d.ts +10 -0
package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
package/dist/detect/secrets/weak-crypto.js +432 -0
package/dist/detect/secrets/weak-crypto.js.map +1 -0
package/dist/detect/structural/auth-patterns.d.ts +22 -0
package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
package/dist/detect/structural/auth-patterns.js +533 -0
package/dist/detect/structural/auth-patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/index.js +1193 -0
package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/detect/structural/data-exposure.d.ts +19 -0
package/dist/detect/structural/data-exposure.d.ts.map +1 -0
package/dist/detect/structural/data-exposure.js +262 -0
package/dist/detect/structural/data-exposure.js.map +1 -0
package/dist/detect/structural/framework-checks.d.ts +10 -0
package/dist/detect/structural/framework-checks.d.ts.map +1 -0
package/dist/detect/structural/framework-checks.js +389 -0
package/dist/detect/structural/framework-checks.js.map +1 -0
package/dist/detect/structural/index.d.ts +71 -0
package/dist/detect/structural/index.d.ts.map +1 -0
package/dist/detect/structural/index.js +510 -0
package/dist/detect/structural/index.js.map +1 -0
package/dist/detect/structural/log-injection.d.ts +18 -0
package/dist/detect/structural/log-injection.d.ts.map +1 -0
package/dist/detect/structural/log-injection.js +217 -0
package/dist/detect/structural/log-injection.js.map +1 -0
package/dist/detect/structural/logic-gates.d.ts +10 -0
package/dist/detect/structural/logic-gates.d.ts.map +1 -0
package/dist/detect/structural/logic-gates.js +227 -0
package/dist/detect/structural/logic-gates.js.map +1 -0
package/dist/detect/structural/risky-imports.d.ts +10 -0
package/dist/detect/structural/risky-imports.d.ts.map +1 -0
package/dist/detect/structural/risky-imports.js +168 -0
package/dist/detect/structural/risky-imports.js.map +1 -0
package/dist/detect/structural/security-headers.d.ts +18 -0
package/dist/detect/structural/security-headers.d.ts.map +1 -0
package/dist/detect/structural/security-headers.js +196 -0
package/dist/detect/structural/security-headers.js.map +1 -0
package/dist/detect/structural/ssrf-detection.d.ts +18 -0
package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
package/dist/detect/structural/ssrf-detection.js +263 -0
package/dist/detect/structural/ssrf-detection.js.map +1 -0
package/dist/detect/structural/variables.d.ts +11 -0
package/dist/detect/structural/variables.d.ts.map +1 -0
package/dist/detect/structural/variables.js +159 -0
package/dist/detect/structural/variables.js.map +1 -0
package/dist/detect/structural/xxe-detection.d.ts +18 -0
package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
package/dist/detect/structural/xxe-detection.js +245 -0
package/dist/detect/structural/xxe-detection.js.map +1 -0
package/dist/filtering/context-adjustments.d.ts +23 -0
package/dist/filtering/context-adjustments.d.ts.map +1 -0
package/dist/filtering/context-adjustments.js +100 -0
package/dist/filtering/context-adjustments.js.map +1 -0
package/dist/filtering/index.d.ts +3 -0
package/dist/filtering/index.d.ts.map +1 -0
package/dist/filtering/index.js +8 -0
package/dist/filtering/index.js.map +1 -0
package/dist/filtering/pipeline.d.ts +48 -0
package/dist/filtering/pipeline.d.ts.map +1 -0
package/dist/filtering/pipeline.js +76 -0
package/dist/filtering/pipeline.js.map +1 -0
package/dist/formatters/ai-context.d.ts +23 -0
package/dist/formatters/ai-context.d.ts.map +1 -0
package/dist/formatters/ai-context.js +238 -0
package/dist/formatters/ai-context.js.map +1 -0
package/dist/formatters/github-comment.d.ts +1 -1
package/dist/formatters/github-comment.d.ts.map +1 -1
package/dist/formatters/github-comment.js +2 -2
package/dist/formatters/github-comment.js.map +1 -1
package/dist/formatters/ide/claude-code.d.ts +17 -0
package/dist/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/formatters/ide/claude-code.js +94 -0
package/dist/formatters/ide/claude-code.js.map +1 -0
package/dist/formatters/ide/cursor.d.ts +13 -0
package/dist/formatters/ide/cursor.d.ts.map +1 -0
package/dist/formatters/ide/cursor.js +125 -0
package/dist/formatters/ide/cursor.js.map +1 -0
package/dist/formatters/ide/index.d.ts +62 -0
package/dist/formatters/ide/index.d.ts.map +1 -0
package/dist/formatters/ide/index.js +184 -0
package/dist/formatters/ide/index.js.map +1 -0
package/dist/formatters/ide/windsurf.d.ts +13 -0
package/dist/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/formatters/ide/windsurf.js +117 -0
package/dist/formatters/ide/windsurf.js.map +1 -0
package/dist/formatters/index.d.ts +2 -0
package/dist/formatters/index.d.ts.map +1 -1
package/dist/formatters/index.js +17 -1
package/dist/formatters/index.js.map +1 -1
package/dist/index.d.ts +17 -60
package/dist/index.d.ts.map +1 -1
package/dist/index.js +67 -824
package/dist/index.js.map +1 -1
package/dist/layer1/comments.d.ts +4 -1
package/dist/layer1/comments.d.ts.map +1 -1
package/dist/layer1/comments.js +1 -1
package/dist/layer1/comments.js.map +1 -1
package/dist/layer1/config-audit.d.ts +4 -1
package/dist/layer1/config-audit.d.ts.map +1 -1
package/dist/layer1/config-audit.js +45 -11
package/dist/layer1/config-audit.js.map +1 -1
package/dist/layer1/config-mcp-audit.d.ts +4 -1
package/dist/layer1/config-mcp-audit.d.ts.map +1 -1
package/dist/layer1/config-mcp-audit.js +2 -2
package/dist/layer1/config-mcp-audit.js.map +1 -1
package/dist/layer1/entropy.d.ts +4 -1
package/dist/layer1/entropy.d.ts.map +1 -1
package/dist/layer1/entropy.js +212 -1
package/dist/layer1/entropy.js.map +1 -1
package/dist/layer1/file-flags.d.ts +4 -1
package/dist/layer1/file-flags.d.ts.map +1 -1
package/dist/layer1/file-flags.js +12 -5
package/dist/layer1/file-flags.js.map +1 -1
package/dist/layer1/index.d.ts.map +1 -1
package/dist/layer1/index.js +14 -19
package/dist/layer1/index.js.map +1 -1
package/dist/layer1/patterns.d.ts +4 -1
package/dist/layer1/patterns.d.ts.map +1 -1
package/dist/layer1/patterns.js +34 -4
package/dist/layer1/patterns.js.map +1 -1
package/dist/layer1/urls.d.ts +4 -1
package/dist/layer1/urls.d.ts.map +1 -1
package/dist/layer1/urls.js +162 -14
package/dist/layer1/urls.js.map +1 -1
package/dist/layer1/weak-crypto.d.ts +4 -1
package/dist/layer1/weak-crypto.d.ts.map +1 -1
package/dist/layer1/weak-crypto.js +144 -7
package/dist/layer1/weak-crypto.js.map +1 -1
package/dist/layer2/ai-agent-tools.d.ts +4 -1
package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
package/dist/layer2/ai-agent-tools.js +661 -2
package/dist/layer2/ai-agent-tools.js.map +1 -1
package/dist/layer2/ai-endpoint-protection.d.ts +2 -0
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
package/dist/layer2/ai-endpoint-protection.js +1 -1
package/dist/layer2/ai-endpoint-protection.js.map +1 -1
package/dist/layer2/ai-execution-sinks.d.ts +4 -1
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
package/dist/layer2/ai-execution-sinks.js +252 -43
package/dist/layer2/ai-execution-sinks.js.map +1 -1
package/dist/layer2/ai-fingerprinting.d.ts +4 -1
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
package/dist/layer2/ai-fingerprinting.js +25 -32
package/dist/layer2/ai-fingerprinting.js.map +1 -1
package/dist/layer2/ai-mcp-security.d.ts +4 -1
package/dist/layer2/ai-mcp-security.d.ts.map +1 -1
package/dist/layer2/ai-mcp-security.js +200 -2
package/dist/layer2/ai-mcp-security.js.map +1 -1
package/dist/layer2/ai-package-hallucination.d.ts +4 -1
package/dist/layer2/ai-package-hallucination.d.ts.map +1 -1
package/dist/layer2/ai-package-hallucination.js +136 -4
package/dist/layer2/ai-package-hallucination.js.map +1 -1
package/dist/layer2/ai-prompt-hygiene.d.ts +4 -1
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
package/dist/layer2/ai-prompt-hygiene.js +342 -28
package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
package/dist/layer2/ai-rag-safety.d.ts +4 -1
package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
package/dist/layer2/ai-rag-safety.js +82 -2
package/dist/layer2/ai-rag-safety.js.map +1 -1
package/dist/layer2/ai-schema-validation.d.ts +4 -1
package/dist/layer2/ai-schema-validation.d.ts.map +1 -1
package/dist/layer2/ai-schema-validation.js +2 -2
package/dist/layer2/ai-schema-validation.js.map +1 -1
package/dist/layer2/auth-antipatterns.d.ts +2 -0
package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
package/dist/layer2/auth-antipatterns.js +205 -20
package/dist/layer2/auth-antipatterns.js.map +1 -1
package/dist/layer2/byok-patterns.d.ts +4 -1
package/dist/layer2/byok-patterns.d.ts.map +1 -1
package/dist/layer2/byok-patterns.js +2 -2
package/dist/layer2/byok-patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/dom-xss.d.ts +9 -4
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/dom-xss.js +73 -22
package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -1
package/dist/layer2/dangerous-functions/index.d.ts +4 -1
package/dist/layer2/dangerous-functions/index.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/index.js +551 -20
package/dist/layer2/dangerous-functions/index.js.map +1 -1
package/dist/layer2/dangerous-functions/math-random.d.ts +54 -4
package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/math-random.js +241 -16
package/dist/layer2/dangerous-functions/math-random.js.map +1 -1
package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/patterns.js +3 -1
package/dist/layer2/dangerous-functions/patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +3 -2
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/control-flow.js +41 -120
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/helpers.js +26 -3
package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js +14 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -1
package/dist/layer2/data-exposure.d.ts +4 -1
package/dist/layer2/data-exposure.d.ts.map +1 -1
package/dist/layer2/data-exposure.js +11 -38
package/dist/layer2/data-exposure.js.map +1 -1
package/dist/layer2/framework-checks.d.ts +4 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +3 -10
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +13 -1
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +107 -52
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/log-injection.d.ts +18 -0
package/dist/layer2/log-injection.d.ts.map +1 -0
package/dist/layer2/log-injection.js +214 -0
package/dist/layer2/log-injection.js.map +1 -0
package/dist/layer2/logic-gates.d.ts +4 -1
package/dist/layer2/logic-gates.d.ts.map +1 -1
package/dist/layer2/logic-gates.js +54 -20
package/dist/layer2/logic-gates.js.map +1 -1
package/dist/layer2/model-supply-chain.d.ts +4 -1
package/dist/layer2/model-supply-chain.d.ts.map +1 -1
package/dist/layer2/model-supply-chain.js +72 -4
package/dist/layer2/model-supply-chain.js.map +1 -1
package/dist/layer2/risky-imports.d.ts +4 -1
package/dist/layer2/risky-imports.d.ts.map +1 -1
package/dist/layer2/risky-imports.js +2 -2
package/dist/layer2/risky-imports.js.map +1 -1
package/dist/layer2/security-headers.d.ts +18 -0
package/dist/layer2/security-headers.d.ts.map +1 -0
package/dist/layer2/security-headers.js +187 -0
package/dist/layer2/security-headers.js.map +1 -0
package/dist/layer2/ssrf-detection.d.ts +18 -0
package/dist/layer2/ssrf-detection.d.ts.map +1 -0
package/dist/layer2/ssrf-detection.js +252 -0
package/dist/layer2/ssrf-detection.js.map +1 -0
package/dist/layer2/variables.d.ts +4 -1
package/dist/layer2/variables.d.ts.map +1 -1
package/dist/layer2/variables.js +2 -2
package/dist/layer2/variables.js.map +1 -1
package/dist/layer2/xxe-detection.d.ts +18 -0
package/dist/layer2/xxe-detection.d.ts.map +1 -0
package/dist/layer2/xxe-detection.js +242 -0
package/dist/layer2/xxe-detection.js.map +1 -0
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -1
package/dist/layer3/anthropic/auto-dismiss.js +11 -0
package/dist/layer3/anthropic/auto-dismiss.js.map +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/index.js +3 -1
package/dist/layer3/anthropic/prompts/index.js.map +1 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
package/dist/layer3/anthropic/prompts/validation.js +14 -410
package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/anthropic.js +6 -3
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
package/dist/layer3/anthropic/providers/openai.js +6 -3
package/dist/layer3/anthropic/providers/openai.js.map +1 -1
package/dist/layer3/anthropic/request-builder.d.ts +11 -4
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
package/dist/layer3/anthropic/request-builder.js +32 -16
package/dist/layer3/anthropic/request-builder.js.map +1 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +2 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
package/dist/layer3/anthropic/utils/index.js +4 -1
package/dist/layer3/anthropic/utils/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts +56 -0
package/dist/model/auth-helper-detector.d.ts.map +1 -0
package/dist/model/auth-helper-detector.js +360 -0
package/dist/model/auth-helper-detector.js.map +1 -0
package/dist/model/cross-file-taint.d.ts +40 -0
package/dist/model/cross-file-taint.d.ts.map +1 -0
package/dist/model/cross-file-taint.js +290 -0
package/dist/model/cross-file-taint.js.map +1 -0
package/dist/model/framework-models/django.d.ts +9 -0
package/dist/model/framework-models/django.d.ts.map +1 -0
package/dist/model/framework-models/django.js +82 -0
package/dist/model/framework-models/django.js.map +1 -0
package/dist/model/framework-models/express.d.ts +9 -0
package/dist/model/framework-models/express.d.ts.map +1 -0
package/dist/model/framework-models/express.js +52 -0
package/dist/model/framework-models/express.js.map +1 -0
package/dist/model/framework-models/index.d.ts +20 -0
package/dist/model/framework-models/index.d.ts.map +1 -0
package/dist/model/framework-models/index.js +102 -0
package/dist/model/framework-models/index.js.map +1 -0
package/dist/model/framework-models/nextjs.d.ts +9 -0
package/dist/model/framework-models/nextjs.d.ts.map +1 -0
package/dist/model/framework-models/nextjs.js +71 -0
package/dist/model/framework-models/nextjs.js.map +1 -0
package/dist/model/framework-models/prisma.d.ts +10 -0
package/dist/model/framework-models/prisma.d.ts.map +1 -0
package/dist/model/framework-models/prisma.js +54 -0
package/dist/model/framework-models/prisma.js.map +1 -0
package/dist/model/framework-models/react.d.ts +9 -0
package/dist/model/framework-models/react.d.ts.map +1 -0
package/dist/model/framework-models/react.js +67 -0
package/dist/model/framework-models/react.js.map +1 -0
package/dist/model/framework-models/sequelize.d.ts +9 -0
package/dist/model/framework-models/sequelize.d.ts.map +1 -0
package/dist/model/framework-models/sequelize.js +62 -0
package/dist/model/framework-models/sequelize.js.map +1 -0
package/dist/model/framework-models/types.d.ts +43 -0
package/dist/model/framework-models/types.d.ts.map +1 -0
package/dist/model/framework-models/types.js +10 -0
package/dist/model/framework-models/types.js.map +1 -0
package/dist/model/function-classifier.d.ts +32 -0
package/dist/model/function-classifier.d.ts.map +1 -0
package/dist/model/function-classifier.js +143 -0
package/dist/model/function-classifier.js.map +1 -0
package/dist/model/import-resolver.d.ts +45 -0
package/dist/model/import-resolver.d.ts.map +1 -0
package/dist/model/import-resolver.js +410 -0
package/dist/model/import-resolver.js.map +1 -0
package/dist/model/imported-auth-detector.d.ts +38 -0
package/dist/model/imported-auth-detector.d.ts.map +1 -0
package/dist/model/imported-auth-detector.js +199 -0
package/dist/model/imported-auth-detector.js.map +1 -0
package/dist/model/index.d.ts +63 -0
package/dist/model/index.d.ts.map +1 -0
package/dist/model/index.js +272 -0
package/dist/model/index.js.map +1 -0
package/dist/model/middleware-detector.d.ts +55 -0
package/dist/model/middleware-detector.d.ts.map +1 -0
package/dist/model/middleware-detector.js +382 -0
package/dist/model/middleware-detector.js.map +1 -0
package/dist/model/module-graph.d.ts +46 -0
package/dist/model/module-graph.d.ts.map +1 -0
package/dist/model/module-graph.js +187 -0
package/dist/model/module-graph.js.map +1 -0
package/dist/model/oauth-flow-detector.d.ts +41 -0
package/dist/model/oauth-flow-detector.d.ts.map +1 -0
package/dist/model/oauth-flow-detector.js +202 -0
package/dist/model/oauth-flow-detector.js.map +1 -0
package/dist/model/project-context.d.ts +119 -0
package/dist/model/project-context.d.ts.map +1 -0
package/dist/model/project-context.js +534 -0
package/dist/model/project-context.js.map +1 -0
package/dist/model/route-auth-resolver.d.ts +27 -0
package/dist/model/route-auth-resolver.d.ts.map +1 -0
package/dist/model/route-auth-resolver.js +182 -0
package/dist/model/route-auth-resolver.js.map +1 -0
package/dist/model/route-discovery/express.d.ts +25 -0
package/dist/model/route-discovery/express.d.ts.map +1 -0
package/dist/model/route-discovery/express.js +225 -0
package/dist/model/route-discovery/express.js.map +1 -0
package/dist/model/route-discovery/index.d.ts +21 -0
package/dist/model/route-discovery/index.d.ts.map +1 -0
package/dist/model/route-discovery/index.js +67 -0
package/dist/model/route-discovery/index.js.map +1 -0
package/dist/model/route-discovery/nextjs.d.ts +16 -0
package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
package/dist/model/route-discovery/nextjs.js +179 -0
package/dist/model/route-discovery/nextjs.js.map +1 -0
package/dist/model/route-discovery/python.d.ts +16 -0
package/dist/model/route-discovery/python.d.ts.map +1 -0
package/dist/model/route-discovery/python.js +181 -0
package/dist/model/route-discovery/python.js.map +1 -0
package/dist/model/route-discovery/types.d.ts +36 -0
package/dist/model/route-discovery/types.d.ts.map +1 -0
package/dist/model/route-discovery/types.js +16 -0
package/dist/model/route-discovery/types.js.map +1 -0
package/dist/model/route-discovery/utils.d.ts +18 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -0
package/dist/model/route-discovery/utils.js +55 -0
package/dist/model/route-discovery/utils.js.map +1 -0
package/dist/model/route-hierarchy.d.ts +50 -0
package/dist/model/route-hierarchy.d.ts.map +1 -0
package/dist/model/route-hierarchy.js +226 -0
package/dist/model/route-hierarchy.js.map +1 -0
package/dist/model/sanitiser-detection.d.ts +27 -0
package/dist/model/sanitiser-detection.d.ts.map +1 -0
package/dist/model/sanitiser-detection.js +224 -0
package/dist/model/sanitiser-detection.js.map +1 -0
package/dist/model/sink-matcher.d.ts +17 -0
package/dist/model/sink-matcher.d.ts.map +1 -0
package/dist/model/sink-matcher.js +141 -0
package/dist/model/sink-matcher.js.map +1 -0
package/dist/model/sink-patterns.d.ts +19 -0
package/dist/model/sink-patterns.d.ts.map +1 -0
package/dist/model/sink-patterns.js +88 -0
package/dist/model/sink-patterns.js.map +1 -0
package/dist/model/source-discovery.d.ts +15 -0
package/dist/model/source-discovery.d.ts.map +1 -0
package/dist/model/source-discovery.js +170 -0
package/dist/model/source-discovery.js.map +1 -0
package/dist/model/taint-tracker.d.ts +21 -0
package/dist/model/taint-tracker.d.ts.map +1 -0
package/dist/model/taint-tracker.js +281 -0
package/dist/model/taint-tracker.js.map +1 -0
package/dist/model/taint-types.d.ts +74 -0
package/dist/model/taint-types.d.ts.map +1 -0
package/dist/model/taint-types.js +9 -0
package/dist/model/taint-types.js.map +1 -0
package/dist/model/trpc-analyzer.d.ts +78 -0
package/dist/model/trpc-analyzer.d.ts.map +1 -0
package/dist/model/trpc-analyzer.js +297 -0
package/dist/model/trpc-analyzer.js.map +1 -0
package/dist/modes/incremental.js +1 -1
package/dist/parse/file-classifier.d.ts +228 -0
package/dist/parse/file-classifier.d.ts.map +1 -0
package/dist/parse/file-classifier.js +933 -0
package/dist/parse/file-classifier.js.map +1 -0
package/dist/parse/path-exclusions.d.ts +55 -0
package/dist/parse/path-exclusions.d.ts.map +1 -0
package/dist/parse/path-exclusions.js +224 -0
package/dist/parse/path-exclusions.js.map +1 -0
package/dist/pipeline/config.d.ts +39 -0
package/dist/pipeline/config.d.ts.map +1 -0
package/dist/pipeline/config.js +46 -0
package/dist/pipeline/config.js.map +1 -0
package/dist/pipeline/index.d.ts +34 -0
package/dist/pipeline/index.d.ts.map +1 -0
package/dist/pipeline/index.js +377 -0
package/dist/pipeline/index.js.map +1 -0
package/dist/pipeline/modes/incremental.d.ts +66 -0
package/dist/pipeline/modes/incremental.d.ts.map +1 -0
package/dist/pipeline/modes/incremental.js +200 -0
package/dist/pipeline/modes/incremental.js.map +1 -0
package/dist/postprocess/aggregation.d.ts +14 -0
package/dist/postprocess/aggregation.d.ts.map +1 -0
package/dist/postprocess/aggregation.js +63 -0
package/dist/postprocess/aggregation.js.map +1 -0
package/dist/postprocess/contradictions.d.ts +18 -0
package/dist/postprocess/contradictions.d.ts.map +1 -0
package/dist/postprocess/contradictions.js +99 -0
package/dist/postprocess/contradictions.js.map +1 -0
package/dist/postprocess/dedup.d.ts +13 -0
package/dist/postprocess/dedup.d.ts.map +1 -0
package/dist/postprocess/dedup.js +58 -0
package/dist/postprocess/dedup.js.map +1 -0
package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
package/dist/postprocess/filtering/context-adjustments.js +100 -0
package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
package/dist/postprocess/filtering/index.d.ts +3 -0
package/dist/postprocess/filtering/index.d.ts.map +1 -0
package/dist/postprocess/filtering/index.js +8 -0
package/dist/postprocess/filtering/index.js.map +1 -0
package/dist/postprocess/filtering/pipeline.d.ts +48 -0
package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
package/dist/postprocess/filtering/pipeline.js +76 -0
package/dist/postprocess/filtering/pipeline.js.map +1 -0
package/dist/postprocess/index.d.ts +41 -0
package/dist/postprocess/index.d.ts.map +1 -0
package/dist/postprocess/index.js +85 -0
package/dist/postprocess/index.js.map +1 -0
package/dist/postprocess/suppression/config-loader.d.ts +74 -0
package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
package/dist/postprocess/suppression/config-loader.js +424 -0
package/dist/postprocess/suppression/config-loader.js.map +1 -0
package/dist/postprocess/suppression/hash.d.ts +48 -0
package/dist/postprocess/suppression/hash.d.ts.map +1 -0
package/dist/postprocess/suppression/hash.js +88 -0
package/dist/postprocess/suppression/hash.js.map +1 -0
package/dist/postprocess/suppression/index.d.ts +11 -0
package/dist/postprocess/suppression/index.d.ts.map +1 -0
package/dist/postprocess/suppression/index.js +39 -0
package/dist/postprocess/suppression/index.js.map +1 -0
package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
package/dist/postprocess/suppression/inline-parser.js +218 -0
package/dist/postprocess/suppression/inline-parser.js.map +1 -0
package/dist/postprocess/suppression/manager.d.ts +94 -0
package/dist/postprocess/suppression/manager.d.ts.map +1 -0
package/dist/postprocess/suppression/manager.js +292 -0
package/dist/postprocess/suppression/manager.js.map +1 -0
package/dist/postprocess/suppression/types.d.ts +151 -0
package/dist/postprocess/suppression/types.d.ts.map +1 -0
package/dist/postprocess/suppression/types.js +28 -0
package/dist/postprocess/suppression/types.js.map +1 -0
package/dist/postprocess/validation-cap.d.ts +17 -0
package/dist/postprocess/validation-cap.d.ts.map +1 -0
package/dist/postprocess/validation-cap.js +64 -0
package/dist/postprocess/validation-cap.js.map +1 -0
package/dist/report/build-result.d.ts +33 -0
package/dist/report/build-result.d.ts.map +1 -0
package/dist/report/build-result.js +59 -0
package/dist/report/build-result.js.map +1 -0
package/dist/report/enrichment.d.ts +19 -0
package/dist/report/enrichment.d.ts.map +1 -0
package/dist/report/enrichment.js +44 -0
package/dist/report/enrichment.js.map +1 -0
package/dist/report/formatters/ai-context.d.ts +23 -0
package/dist/report/formatters/ai-context.d.ts.map +1 -0
package/dist/report/formatters/ai-context.js +238 -0
package/dist/report/formatters/ai-context.js.map +1 -0
package/dist/report/formatters/cli-terminal.d.ts +65 -0
package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
package/dist/report/formatters/cli-terminal.js +735 -0
package/dist/report/formatters/cli-terminal.js.map +1 -0
package/dist/report/formatters/github-comment.d.ts +41 -0
package/dist/report/formatters/github-comment.d.ts.map +1 -0
package/dist/report/formatters/github-comment.js +370 -0
package/dist/report/formatters/github-comment.js.map +1 -0
package/dist/report/formatters/grouping.d.ts +52 -0
package/dist/report/formatters/grouping.d.ts.map +1 -0
package/dist/report/formatters/grouping.js +152 -0
package/dist/report/formatters/grouping.js.map +1 -0
package/dist/report/formatters/ide/claude-code.d.ts +17 -0
package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
package/dist/report/formatters/ide/claude-code.js +94 -0
package/dist/report/formatters/ide/claude-code.js.map +1 -0
package/dist/report/formatters/ide/cursor.d.ts +13 -0
package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
package/dist/report/formatters/ide/cursor.js +125 -0
package/dist/report/formatters/ide/cursor.js.map +1 -0
package/dist/report/formatters/ide/index.d.ts +62 -0
package/dist/report/formatters/ide/index.d.ts.map +1 -0
package/dist/report/formatters/ide/index.js +184 -0
package/dist/report/formatters/ide/index.js.map +1 -0
package/dist/report/formatters/ide/windsurf.d.ts +13 -0
package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
package/dist/report/formatters/ide/windsurf.js +117 -0
package/dist/report/formatters/ide/windsurf.js.map +1 -0
package/dist/report/formatters/index.d.ts +11 -0
package/dist/report/formatters/index.d.ts.map +1 -0
package/dist/report/formatters/index.js +54 -0
package/dist/report/formatters/index.js.map +1 -0
package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
package/dist/report/formatters/vscode-diagnostic.js +151 -0
package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
package/dist/report/summary.d.ts +27 -0
package/dist/report/summary.d.ts.map +1 -0
package/dist/report/summary.js +57 -0
package/dist/report/summary.js.map +1 -0
package/dist/rules/metadata.d.ts.map +1 -1
package/dist/rules/metadata.js +66 -0
package/dist/rules/metadata.js.map +1 -1
package/dist/score/adjustments.d.ts +22 -0
package/dist/score/adjustments.d.ts.map +1 -0
package/dist/score/adjustments.js +373 -0
package/dist/score/adjustments.js.map +1 -0
package/dist/score/auto-dismiss.d.ts +28 -0
package/dist/score/auto-dismiss.d.ts.map +1 -0
package/dist/score/auto-dismiss.js +200 -0
package/dist/score/auto-dismiss.js.map +1 -0
package/dist/score/confidence.d.ts +19 -0
package/dist/score/confidence.d.ts.map +1 -0
package/dist/score/confidence.js +52 -0
package/dist/score/confidence.js.map +1 -0
package/dist/score/index.d.ts +61 -0
package/dist/score/index.d.ts.map +1 -0
package/dist/score/index.js +250 -0
package/dist/score/index.js.map +1 -0
package/dist/score/types.d.ts +160 -0
package/dist/score/types.d.ts.map +1 -0
package/dist/score/types.js +14 -0
package/dist/score/types.js.map +1 -0
package/dist/shared/ai-context/index.d.ts +6 -0
package/dist/shared/ai-context/index.d.ts.map +1 -0
package/dist/shared/ai-context/index.js +13 -0
package/dist/shared/ai-context/index.js.map +1 -0
package/dist/shared/ai-context/manager.d.ts +67 -0
package/dist/shared/ai-context/manager.d.ts.map +1 -0
package/dist/shared/ai-context/manager.js +104 -0
package/dist/shared/ai-context/manager.js.map +1 -0
package/dist/shared/baseline/diff.d.ts +32 -0
package/dist/shared/baseline/diff.d.ts.map +1 -0
package/dist/shared/baseline/diff.js +119 -0
package/dist/shared/baseline/diff.js.map +1 -0
package/dist/shared/baseline/index.d.ts +9 -0
package/dist/shared/baseline/index.d.ts.map +1 -0
package/dist/shared/baseline/index.js +19 -0
package/dist/shared/baseline/index.js.map +1 -0
package/dist/shared/baseline/manager.d.ts +67 -0
package/dist/shared/baseline/manager.d.ts.map +1 -0
package/dist/shared/baseline/manager.js +180 -0
package/dist/shared/baseline/manager.js.map +1 -0
package/dist/shared/baseline/types.d.ts +91 -0
package/dist/shared/baseline/types.d.ts.map +1 -0
package/dist/shared/baseline/types.js +12 -0
package/dist/shared/baseline/types.js.map +1 -0
package/dist/shared/category-filter.d.ts +125 -0
package/dist/shared/category-filter.d.ts.map +1 -0
package/dist/shared/category-filter.js +360 -0
package/dist/shared/category-filter.js.map +1 -0
package/dist/shared/code-analysis.d.ts +39 -0
package/dist/shared/code-analysis.d.ts.map +1 -0
package/dist/shared/code-analysis.js +159 -0
package/dist/shared/code-analysis.js.map +1 -0
package/dist/shared/comment-analyzer.d.ts +38 -0
package/dist/shared/comment-analyzer.d.ts.map +1 -0
package/dist/shared/comment-analyzer.js +218 -0
package/dist/shared/comment-analyzer.js.map +1 -0
package/dist/shared/diff-detector.d.ts +53 -0
package/dist/shared/diff-detector.d.ts.map +1 -0
package/dist/shared/diff-detector.js +104 -0
package/dist/shared/diff-detector.js.map +1 -0
package/dist/shared/diff-parser.d.ts +80 -0
package/dist/shared/diff-parser.d.ts.map +1 -0
package/dist/shared/diff-parser.js +202 -0
package/dist/shared/diff-parser.js.map +1 -0
package/dist/shared/environment-context.d.ts +76 -0
package/dist/shared/environment-context.d.ts.map +1 -0
package/dist/shared/environment-context.js +271 -0
package/dist/shared/environment-context.js.map +1 -0
package/dist/shared/intent-detector.d.ts +66 -0
package/dist/shared/intent-detector.d.ts.map +1 -0
package/dist/shared/intent-detector.js +282 -0
package/dist/shared/intent-detector.js.map +1 -0
package/dist/shared/parsed-file.d.ts +51 -0
package/dist/shared/parsed-file.d.ts.map +1 -0
package/dist/shared/parsed-file.js +95 -0
package/dist/shared/parsed-file.js.map +1 -0
package/dist/shared/registry-clients.d.ts +93 -0
package/dist/shared/registry-clients.d.ts.map +1 -0
package/dist/shared/registry-clients.js +273 -0
package/dist/shared/registry-clients.js.map +1 -0
package/dist/shared/rules/framework-fixes.d.ts +48 -0
package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
package/dist/shared/rules/framework-fixes.js +439 -0
package/dist/shared/rules/framework-fixes.js.map +1 -0
package/dist/shared/rules/index.d.ts +8 -0
package/dist/shared/rules/index.d.ts.map +1 -0
package/dist/shared/rules/index.js +18 -0
package/dist/shared/rules/index.js.map +1 -0
package/dist/shared/rules/metadata.d.ts +43 -0
package/dist/shared/rules/metadata.d.ts.map +1 -0
package/dist/shared/rules/metadata.js +819 -0
package/dist/shared/rules/metadata.js.map +1 -0
package/dist/shared/schema-semantics.d.ts +45 -0
package/dist/shared/schema-semantics.d.ts.map +1 -0
package/dist/shared/schema-semantics.js +193 -0
package/dist/shared/schema-semantics.js.map +1 -0
package/dist/shared/types.d.ts +337 -0
package/dist/shared/types.d.ts.map +1 -0
package/dist/shared/types.js +126 -0
package/dist/shared/types.js.map +1 -0
package/dist/tiers.d.ts +4 -4
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +17 -7
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +79 -9
package/dist/types.d.ts.map +1 -1
package/dist/types.js +34 -0
package/dist/types.js.map +1 -1
package/dist/utils/code-analysis.d.ts +39 -0
package/dist/utils/code-analysis.d.ts.map +1 -0
package/dist/utils/code-analysis.js +159 -0
package/dist/utils/code-analysis.js.map +1 -0
package/dist/utils/comment-analyzer.d.ts +38 -0
package/dist/utils/comment-analyzer.d.ts.map +1 -0
package/dist/utils/comment-analyzer.js +218 -0
package/dist/utils/comment-analyzer.js.map +1 -0
package/dist/utils/context-helpers.d.ts +108 -1
package/dist/utils/context-helpers.d.ts.map +1 -1
package/dist/utils/context-helpers.js +351 -2
package/dist/utils/context-helpers.js.map +1 -1
package/dist/utils/environment-context.d.ts +76 -0
package/dist/utils/environment-context.d.ts.map +1 -0
package/dist/utils/environment-context.js +271 -0
package/dist/utils/environment-context.js.map +1 -0
package/dist/utils/intent-detector.d.ts +66 -0
package/dist/utils/intent-detector.d.ts.map +1 -0
package/dist/utils/intent-detector.js +282 -0
package/dist/utils/intent-detector.js.map +1 -0
package/dist/utils/parsed-file.d.ts +51 -0
package/dist/utils/parsed-file.d.ts.map +1 -0
package/dist/utils/parsed-file.js +95 -0
package/dist/utils/parsed-file.js.map +1 -0
package/dist/utils/route-hierarchy.d.ts +50 -0
package/dist/utils/route-hierarchy.d.ts.map +1 -0
package/dist/utils/route-hierarchy.js +226 -0
package/dist/utils/route-hierarchy.js.map +1 -0
package/dist/utils/schema-semantics.d.ts +45 -0
package/dist/utils/schema-semantics.d.ts.map +1 -0
package/dist/utils/schema-semantics.js +193 -0
package/dist/utils/schema-semantics.js.map +1 -0
package/dist/validate/clients.d.ts +44 -0
package/dist/validate/clients.d.ts.map +1 -0
package/dist/validate/clients.js +81 -0
package/dist/validate/clients.js.map +1 -0
package/dist/validate/index.d.ts +41 -0
package/dist/validate/index.d.ts.map +1 -0
package/dist/validate/index.js +141 -0
package/dist/validate/index.js.map +1 -0
package/dist/validate/prompts/index.d.ts +8 -0
package/dist/validate/prompts/index.d.ts.map +1 -0
package/dist/validate/prompts/index.js +16 -0
package/dist/validate/prompts/index.js.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
package/dist/validate/prompts/modules/ai-patterns.js +156 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
package/dist/validate/prompts/modules/auth-access.js +25 -0
package/dist/validate/prompts/modules/auth-access.js.map +1 -0
package/dist/validate/prompts/modules/common.d.ts +11 -0
package/dist/validate/prompts/modules/common.d.ts.map +1 -0
package/dist/validate/prompts/modules/common.js +186 -0
package/dist/validate/prompts/modules/common.js.map +1 -0
package/dist/validate/prompts/modules/index.d.ts +54 -0
package/dist/validate/prompts/modules/index.d.ts.map +1 -0
package/dist/validate/prompts/modules/index.js +186 -0
package/dist/validate/prompts/modules/index.js.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
package/dist/validate/prompts/modules/owasp-classic.js +84 -0
package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
package/dist/validate/prompts/modules/xss-prompt.js +22 -0
package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/validate/prompts/semantic-analysis.js +169 -0
package/dist/validate/prompts/semantic-analysis.js.map +1 -0
package/dist/validate/prompts/validation.d.ts +18 -0
package/dist/validate/prompts/validation.d.ts.map +1 -0
package/dist/validate/prompts/validation.js +25 -0
package/dist/validate/prompts/validation.js.map +1 -0
package/dist/validate/providers/anthropic.d.ts +17 -0
package/dist/validate/providers/anthropic.d.ts.map +1 -0
package/dist/validate/providers/anthropic.js +260 -0
package/dist/validate/providers/anthropic.js.map +1 -0
package/dist/validate/providers/index.d.ts +8 -0
package/dist/validate/providers/index.d.ts.map +1 -0
package/dist/validate/providers/index.js +13 -0
package/dist/validate/providers/index.js.map +1 -0
package/dist/validate/providers/openai.d.ts +14 -0
package/dist/validate/providers/openai.d.ts.map +1 -0
package/dist/validate/providers/openai.js +336 -0
package/dist/validate/providers/openai.js.map +1 -0
package/dist/validate/request-builder.d.ts +61 -0
package/dist/validate/request-builder.d.ts.map +1 -0
package/dist/validate/request-builder.js +346 -0
package/dist/validate/request-builder.js.map +1 -0
package/dist/validate/types.d.ts +88 -0
package/dist/validate/types.d.ts.map +1 -0
package/dist/validate/types.js +38 -0
package/dist/validate/types.js.map +1 -0
package/dist/validate/utils/context-extractor.d.ts +55 -0
package/dist/validate/utils/context-extractor.d.ts.map +1 -0
package/dist/validate/utils/context-extractor.js +161 -0
package/dist/validate/utils/context-extractor.js.map +1 -0
package/dist/validate/utils/index.d.ts +11 -0
package/dist/validate/utils/index.d.ts.map +1 -0
package/dist/validate/utils/index.js +27 -0
package/dist/validate/utils/index.js.map +1 -0
package/dist/validate/utils/path-helpers.d.ts +21 -0
package/dist/validate/utils/path-helpers.d.ts.map +1 -0
package/dist/validate/utils/path-helpers.js +69 -0
package/dist/validate/utils/path-helpers.js.map +1 -0
package/dist/validate/utils/response-parser.d.ts +40 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -0
package/dist/validate/utils/response-parser.js +286 -0
package/dist/validate/utils/response-parser.js.map +1 -0
package/dist/validate/utils/retry.d.ts +15 -0
package/dist/validate/utils/retry.d.ts.map +1 -0
package/dist/validate/utils/retry.js +62 -0
package/dist/validate/utils/retry.js.map +1 -0
package/package.json +8 -7
package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +27 -0
package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
package/src/__tests__/benchmark/fixtures/layer2/phase5-excessive-agency.ts +580 -0
package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
package/src/__tests__/benchmark/fixtures/layer2/sprint6-ai-enhancements.ts +515 -0
package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
package/src/__tests__/benchmark/run-depth-validation.ts +12 -12
package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
package/src/__tests__/benchmark/types.ts +1 -1
package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
package/src/__tests__/category-filter.test.ts +478 -0
package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
package/src/__tests__/context-engine/framework-models.test.ts +457 -0
package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
package/src/__tests__/context-engine/integration.test.ts +320 -0
package/src/__tests__/context-engine/module-graph.test.ts +159 -0
package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
package/src/__tests__/regression/known-false-positives.test.ts +801 -3
package/src/__tests__/score/adjustments.test.ts +385 -0
package/src/__tests__/score/confidence.test.ts +283 -0
package/src/__tests__/score/framework-scoring.test.ts +275 -0
package/src/__tests__/score/route-scoring.test.ts +156 -0
package/src/__tests__/score/scoring-integration.test.ts +165 -0
package/src/__tests__/score/taint-adjustments.test.ts +244 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +50 -58
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -12
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +3 -3
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
package/src/__tests__/validate/route-annotations.test.ts +138 -0
package/src/__tests__/validation/analyze-results.ts +1 -1
package/src/__tests__/validation/extract-for-triage.ts +1 -1
package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
package/src/__tests__/validation/run-validation.ts +7 -7
package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +729 -4
package/src/{layer2 → detect/ai-code}/byok-patterns.ts +20 -6
package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +10 -4
package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +272 -46
package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +46 -34
package/src/detect/ai-code/index.ts +11 -0
package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +212 -5
package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +85 -6
package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +170 -6
package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +393 -28
package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +91 -4
package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +10 -4
package/src/detect/config/agent-skill-injection.ts +551 -0
package/src/{layer1 → detect/config}/comments.ts +8 -2
package/src/{layer1 → detect/config}/file-flags.ts +23 -6
package/src/detect/config/index.ts +6 -0
package/src/{layer3 → detect/config}/osv-check.ts +3 -2
package/src/{layer3 → detect/config}/package-check.ts +3 -2
package/src/{layer1 → detect/config}/urls.ts +196 -15
package/src/detect/index.ts +131 -0
package/src/{layer1 → detect/secrets}/config-audit.ts +56 -12
package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +11 -4
package/src/{layer1 → detect/secrets}/entropy.ts +256 -11
package/src/{layer1 → detect/secrets}/index.ts +43 -46
package/src/{layer1 → detect/secrets}/patterns.ts +51 -6
package/src/{layer1 → detect/secrets}/weak-crypto.ts +174 -17
package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +249 -27
package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +94 -22
package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +672 -65
package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +269 -17
package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +4 -2
package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
package/src/detect/structural/dangerous-functions/utils/control-flow.ts +35 -0
package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +16 -1
package/src/{layer2 → detect/structural}/data-exposure.ts +23 -40
package/src/{layer2 → detect/structural}/framework-checks.ts +13 -12
package/src/{layer2 → detect/structural}/index.ts +144 -122
package/src/detect/structural/log-injection.ts +254 -0
package/src/{layer2 → detect/structural}/logic-gates.ts +69 -24
package/src/{layer2 → detect/structural}/risky-imports.ts +10 -4
package/src/detect/structural/security-headers.ts +231 -0
package/src/detect/structural/ssrf-detection.ts +300 -0
package/src/{layer2 → detect/structural}/variables.ts +10 -4
package/src/detect/structural/xxe-detection.ts +295 -0
package/src/index.ts +64 -1038
package/src/{utils → model}/auth-helper-detector.ts +1 -1
package/src/model/cross-file-taint.ts +374 -0
package/src/model/framework-models/django.ts +82 -0
package/src/model/framework-models/express.ts +54 -0
package/src/model/framework-models/index.ts +116 -0
package/src/model/framework-models/nextjs.ts +69 -0
package/src/model/framework-models/prisma.ts +57 -0
package/src/model/framework-models/react.ts +63 -0
package/src/model/framework-models/sequelize.ts +63 -0
package/src/model/framework-models/types.ts +46 -0
package/src/model/function-classifier.ts +184 -0
package/src/model/import-resolver.ts +453 -0
package/src/{utils → model}/imported-auth-detector.ts +21 -85
package/src/model/index.ts +353 -0
package/src/{utils → model}/middleware-detector.ts +156 -17
package/src/model/module-graph.ts +254 -0
package/src/{utils → model}/oauth-flow-detector.ts +1 -1
package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
package/src/model/route-auth-resolver.ts +216 -0
package/src/model/route-discovery/express.ts +251 -0
package/src/model/route-discovery/index.ts +83 -0
package/src/model/route-discovery/nextjs.ts +216 -0
package/src/model/route-discovery/python.ts +214 -0
package/src/model/route-discovery/types.ts +48 -0
package/src/model/route-discovery/utils.ts +54 -0
package/src/model/route-hierarchy.ts +250 -0
package/src/model/sanitiser-detection.ts +268 -0
package/src/model/sink-matcher.ts +178 -0
package/src/model/sink-patterns.ts +109 -0
package/src/model/source-discovery.ts +209 -0
package/src/model/taint-tracker.ts +333 -0
package/src/model/taint-types.ts +149 -0
package/src/{utils → model}/trpc-analyzer.ts +1 -1
package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +462 -2
package/src/{utils → parse}/path-exclusions.ts +1 -1
package/src/pipeline/config.ts +81 -0
package/src/pipeline/index.ts +437 -0
package/src/{modes → pipeline/modes}/incremental.ts +6 -6
package/src/postprocess/aggregation.ts +74 -0
package/src/postprocess/contradictions.ts +128 -0
package/src/postprocess/dedup.ts +62 -0
package/src/postprocess/filtering/__tests__/pipeline.test.ts +134 -0
package/src/postprocess/filtering/context-adjustments.ts +111 -0
package/src/postprocess/filtering/index.ts +10 -0
package/src/postprocess/filtering/pipeline.ts +130 -0
package/src/postprocess/index.ts +118 -0
package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
package/src/{suppression → postprocess/suppression}/types.ts +2 -2
package/src/postprocess/validation-cap.ts +66 -0
package/src/report/build-result.ts +94 -0
package/src/report/enrichment.ts +52 -0
package/src/report/formatters/__tests__/ai-context.test.ts +254 -0
package/src/report/formatters/ai-context.ts +302 -0
package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
package/src/{formatters → report/formatters}/github-comment.ts +4 -4
package/src/{formatters → report/formatters}/grouping.ts +8 -8
package/src/report/formatters/ide/__tests__/ide.test.ts +319 -0
package/src/report/formatters/ide/claude-code.ts +110 -0
package/src/report/formatters/ide/cursor.ts +147 -0
package/src/report/formatters/ide/index.ts +216 -0
package/src/report/formatters/ide/windsurf.ts +135 -0
package/src/{formatters → report/formatters}/index.ts +24 -0
package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
package/src/report/summary.ts +70 -0
package/src/score/adjustments.ts +387 -0
package/src/{layer3/anthropic → score}/auto-dismiss.ts +26 -14
package/src/score/confidence.ts +66 -0
package/src/score/index.ts +316 -0
package/src/score/types.ts +187 -0
package/src/shared/__tests__/code-analysis.test.ts +165 -0
package/src/shared/__tests__/parsed-file.test.ts +124 -0
package/src/shared/ai-context/__tests__/manager.test.ts +193 -0
package/src/shared/ai-context/index.ts +15 -0
package/src/shared/ai-context/manager.ts +145 -0
package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +2 -2
package/src/{baseline → shared/baseline}/diff.ts +1 -1
package/src/{baseline → shared/baseline}/manager.ts +1 -1
package/src/shared/category-filter.ts +400 -0
package/src/{layer2/dangerous-functions/utils/control-flow.ts → shared/code-analysis.ts} +56 -39
package/src/shared/comment-analyzer.ts +249 -0
package/src/shared/environment-context.ts +304 -0
package/src/shared/intent-detector.ts +318 -0
package/src/shared/parsed-file.ts +103 -0
package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
package/src/{rules → shared/rules}/metadata.ts +94 -0
package/src/shared/schema-semantics.ts +233 -0
package/src/{types.ts → shared/types.ts} +142 -11
package/src/tiers.ts +27 -10
package/src/validate/__tests__/context-extractor.test.ts +191 -0
package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
package/src/validate/__tests__/request-builder.test.ts +347 -0
package/src/{layer3/anthropic → validate}/index.ts +8 -7
package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
package/src/validate/prompts/modules/ai-patterns.ts +153 -0
package/src/validate/prompts/modules/auth-access.ts +22 -0
package/src/validate/prompts/modules/common.ts +183 -0
package/src/validate/prompts/modules/index.ts +204 -0
package/src/validate/prompts/modules/owasp-classic.ts +81 -0
package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
package/src/validate/prompts/modules/xss-prompt.ts +19 -0
package/src/validate/prompts/validation.ts +20 -0
package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
package/src/validate/providers/index.ts +8 -0
package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
package/src/validate/request-builder.ts +448 -0
package/src/{layer3/anthropic → validate}/types.ts +1 -1
package/src/validate/utils/context-extractor.ts +220 -0
package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
package/src/layer3/anthropic/prompts/validation.ts +0 -419
package/src/layer3/anthropic/providers/index.ts +0 -8
package/src/layer3/anthropic/request-builder.ts +0 -150
package/src/layer3/index.ts +0 -168
/package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
/package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
/package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
/package/src/{suppression → postprocess/suppression}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/index.ts +0 -0
/package/src/{baseline → shared/baseline}/types.ts +0 -0
/package/src/{utils → shared}/diff-detector.ts +0 -0
/package/src/{utils → shared}/diff-parser.ts +0 -0
/package/src/{utils → shared}/registry-clients.ts +0 -0
/package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
/package/src/{rules → shared/rules}/index.ts +0 -0
/package/src/{layer3/anthropic → validate}/clients.ts +0 -0
/package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
/package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0

package/dist/detect/structural/framework-checks.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"framework-checks.d.ts","sourceRoot":"","sources":["../../../src/detect/structural/framework-checks.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,oBAAoB,CAAA;AAC9E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAA;AA6Q1D,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,UAAU,CAAA;CAAE,GAChC,aAAa,EAAE,CA+JjB"}

package/dist/detect/structural/framework-checks.js ADDED Viewed

@@ -0,0 +1,389 @@
+"use strict";
+/**
+ * Layer 2: Framework-Specific Security Checks
+ * Detects security issues specific to popular frameworks (Next.js, Express, React, etc.)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectFrameworkIssues = detectFrameworkIssues;
+const file_classifier_1 = require("../../parse/file-classifier");
+const BASE_CONFIDENCE = 0.20;
+const FRAMEWORK_PATTERNS = [
+    // ==================== Next.js ====================
+    {
+        name: 'Next.js API route without auth',
+        pattern: /export\s+(default\s+)?(async\s+)?function\s+handler\s*\(/gi,
+        severity: 'medium',
+        description: 'Next.js API route handler - ensure authentication is implemented',
+        suggestedFix: 'Add authentication check at the start of the handler',
+        framework: 'nextjs',
+    },
+    {
+        name: 'Next.js getServerSideProps without auth',
+        pattern: /export\s+(async\s+)?function\s+getServerSideProps/gi,
+        severity: 'low',
+        description: 'Server-side props function - verify auth for protected pages',
+        suggestedFix: 'Check authentication and redirect if needed',
+        framework: 'nextjs',
+    },
+    {
+        name: 'Next.js exposed server action',
+        pattern: /['"]use server['"]\s*;?\s*\n\s*export\s+(async\s+)?function/gi,
+        severity: 'medium',
+        description: 'Server action is publicly accessible - ensure proper validation',
+        suggestedFix: 'Add authentication and input validation to server actions',
+        framework: 'nextjs',
+    },
+    {
+        name: 'Next.js revalidate with user input',
+        pattern: /revalidatePath\s*\(\s*(req|request|params|searchParams)/gi,
+        severity: 'high',
+        description: 'revalidatePath with user input could allow cache poisoning',
+        suggestedFix: 'Validate and sanitize paths before revalidation',
+        framework: 'nextjs',
+    },
+    {
+        name: 'Next.js redirect with user input',
+        pattern: /redirect\s*\(\s*(req|request|params|searchParams|url)/gi,
+        severity: 'high',
+        description: 'Redirect with user input can lead to open redirect vulnerability',
+        suggestedFix: 'Validate redirect URLs against an allowlist',
+        framework: 'nextjs',
+    },
+    {
+        name: 'Next.js unstable_cache without tags',
+        pattern: /unstable_cache\s*\([^)]*\)(?!.*tags)/gi,
+        severity: 'low',
+        description: 'unstable_cache without tags makes invalidation difficult',
+        suggestedFix: 'Add cache tags for proper cache invalidation',
+        framework: 'nextjs',
+    },
+    // ==================== Express ====================
+    // NOTE: "Express without helmet" moved to security-headers.ts (OWASP Workstream 1)
+    {
+        name: 'Express CORS allow all',
+        pattern: /cors\s*\(\s*\{[^}]*origin\s*:\s*['"]\*['"]/gi,
+        severity: 'high',
+        description: 'CORS configured to allow all origins',
+        suggestedFix: 'Restrict CORS to specific trusted origins',
+        framework: 'express',
+    },
+    {
+        name: 'Express body parser limit',
+        pattern: /bodyParser\.(json|urlencoded)\s*\(\s*\)(?!.*limit)/gi,
+        severity: 'low',
+        description: 'Body parser without size limit can lead to DoS',
+        suggestedFix: 'Add limit option: bodyParser.json({ limit: "100kb" })',
+        framework: 'express',
+    },
+    {
+        name: 'Express trust proxy',
+        pattern: /app\.set\s*\(\s*['"]trust proxy['"]\s*,\s*true\s*\)/gi,
+        severity: 'medium',
+        description: 'Trust proxy enabled - ensure this is intentional',
+        suggestedFix: 'Only enable trust proxy behind a known reverse proxy',
+        framework: 'express',
+    },
+    {
+        name: 'Express error handler exposes stack',
+        pattern: /res\.(json|send)\s*\(\s*\{[^}]*stack|err\.stack/gi,
+        severity: 'high',
+        description: 'Error stack trace may be exposed to clients',
+        suggestedFix: 'Only expose stack traces in development mode',
+        framework: 'express',
+    },
+    // ==================== React ====================
+    {
+        name: 'React useEffect with async',
+        pattern: /useEffect\s*\(\s*async\s*\(/gi,
+        severity: 'low',
+        description: 'useEffect with async function can cause memory leaks',
+        suggestedFix: 'Define async function inside useEffect and call it',
+        framework: 'react',
+    },
+    {
+        name: 'React state with sensitive data',
+        pattern: /useState\s*\(\s*['"]?(password|secret|token|apiKey|api_key)/gi,
+        severity: 'medium',
+        description: 'Sensitive data in React state may be exposed in dev tools',
+        suggestedFix: 'Avoid storing sensitive data in client-side state',
+        framework: 'react',
+    },
+    {
+        name: 'React href javascript:',
+        pattern: /href\s*=\s*[{'"]*javascript:/gi,
+        severity: 'high',
+        description: 'javascript: URLs can lead to XSS vulnerabilities',
+        suggestedFix: 'Use onClick handlers instead of javascript: URLs',
+        framework: 'react',
+    },
+    {
+        name: 'React uncontrolled input with defaultValue',
+        pattern: /defaultValue\s*=\s*\{[^}]*(password|secret|token)/gi,
+        severity: 'medium',
+        description: 'Sensitive data in defaultValue may persist in DOM',
+        suggestedFix: 'Use controlled inputs for sensitive data',
+        framework: 'react',
+    },
+    // ==================== Vue ====================
+    {
+        name: 'Vue v-html directive',
+        pattern: /v-html\s*=\s*['"]/gi,
+        severity: 'high',
+        description: 'v-html can lead to XSS if content is not sanitized',
+        suggestedFix: 'Sanitize HTML content or use v-text for plain text',
+        framework: 'vue',
+    },
+    {
+        name: 'Vue computed with side effects',
+        pattern: /computed\s*:\s*\{[^}]*\b(fetch|axios|http|api)\b/gi,
+        severity: 'low',
+        description: 'Computed properties with side effects can cause issues',
+        suggestedFix: 'Move API calls to methods or lifecycle hooks',
+        framework: 'vue',
+    },
+    // ==================== Django ====================
+    {
+        name: 'Django DEBUG in production',
+        pattern: /DEBUG\s*=\s*True/gi,
+        severity: 'critical',
+        description: 'Django DEBUG mode should be disabled in production',
+        suggestedFix: 'Set DEBUG = False in production settings',
+        framework: 'django',
+    },
+    {
+        name: 'Django ALLOWED_HOSTS wildcard',
+        pattern: /ALLOWED_HOSTS\s*=\s*\[\s*['"]\*['"]/gi,
+        severity: 'high',
+        description: 'ALLOWED_HOSTS with wildcard allows any host',
+        suggestedFix: 'Specify exact allowed hostnames',
+        framework: 'django',
+    },
+    {
+        name: 'Django SECRET_KEY hardcoded',
+        pattern: /SECRET_KEY\s*=\s*['"][^'"]+['"]/gi,
+        severity: 'critical',
+        description: 'Django SECRET_KEY should not be hardcoded',
+        suggestedFix: 'Load SECRET_KEY from environment variable',
+        framework: 'django',
+    },
+    // ==================== Flask ====================
+    {
+        name: 'Flask debug mode',
+        pattern: /app\.run\s*\([^)]*debug\s*=\s*True/gi,
+        severity: 'critical',
+        description: 'Flask debug mode should be disabled in production',
+        suggestedFix: 'Set debug=False in production',
+        framework: 'flask',
+    },
+    {
+        name: 'Flask secret key hardcoded',
+        pattern: /app\.secret_key\s*=\s*['"][^'"]+['"]/gi,
+        severity: 'critical',
+        description: 'Flask secret_key should not be hardcoded',
+        suggestedFix: 'Load secret_key from environment variable',
+        framework: 'flask',
+    },
+    // ==================== Supabase ====================
+    {
+        name: 'Supabase service role key exposed',
+        pattern: /supabaseServiceRole|service_role|SUPABASE_SERVICE_ROLE/gi,
+        severity: 'critical',
+        description: 'Supabase service role key should never be exposed to client',
+        suggestedFix: 'Only use service role key in server-side code',
+        framework: 'supabase',
+    },
+    {
+        name: 'Supabase RLS bypass',
+        pattern: /\.rpc\s*\(\s*['"][^'"]+['"]\s*,\s*\{[^}]*\}\s*,\s*\{[^}]*count/gi,
+        severity: 'medium',
+        description: 'RPC call may bypass Row Level Security',
+        suggestedFix: 'Ensure RPC functions have proper security checks',
+        framework: 'supabase',
+    },
+];
+// Detect framework from file content and path
+function detectFramework(content, filePath) {
+    const frameworks = [];
+    // Next.js
+    if (content.includes('next/') || content.includes('from "next"') ||
+        filePath.includes('/app/') || filePath.includes('/pages/')) {
+        frameworks.push('nextjs');
+    }
+    // Express
+    if (content.includes('express()') || content.includes('from "express"') ||
+        content.includes("require('express')")) {
+        frameworks.push('express');
+    }
+    // React
+    if (content.includes('from "react"') || content.includes("from 'react'") ||
+        content.includes('useState') || content.includes('useEffect')) {
+        frameworks.push('react');
+    }
+    // Vue
+    if (content.includes('from "vue"') || content.includes('Vue.component') ||
+        filePath.endsWith('.vue')) {
+        frameworks.push('vue');
+    }
+    // Django
+    if (content.includes('from django') || content.includes('import django') ||
+        filePath.includes('settings.py')) {
+        frameworks.push('django');
+    }
+    // Flask
+    if (content.includes('from flask') || content.includes('Flask(__name__)')) {
+        frameworks.push('flask');
+    }
+    // Supabase
+    if (content.includes('supabase') || content.includes('@supabase/')) {
+        frameworks.push('supabase');
+    }
+    return frameworks;
+}
+function detectFrameworkIssues(content, filePath, options) {
+    const vulnerabilities = [];
+    // Skip scanner/fixture files to avoid self-detection
+    if ((0, file_classifier_1.isScannerOrFixtureFile)(filePath))
+        return vulnerabilities;
+    const lines = options?.parsed?.lines ?? content.split('\n');
+    const detectedFrameworks = detectFramework(content, filePath);
+    const isTestFile = (0, file_classifier_1.isTestOrMockFile)(filePath);
+    lines.forEach((line, index) => {
+        // Skip comment lines
+        if ((0, file_classifier_1.isComment)(line))
+            return;
+        for (const pattern of FRAMEWORK_PATTERNS) {
+            // Only check patterns for detected frameworks (or check all if none detected)
+            if (detectedFrameworks.length > 0 && !detectedFrameworks.includes(pattern.framework)) {
+                continue;
+            }
+            const regex = new RegExp(pattern.pattern.source, pattern.pattern.flags);
+            if (regex.test(line)) {
+                // Special handling for Supabase service role key
+                if (pattern.name === 'Supabase service role key exposed') {
+                    // Check if this is a proper Supabase client setup pattern
+                    // Expected safe pattern:
+                    // - Variable named supabaseServiceRoleKey (or similar)
+                    // - Loaded from process.env.SUPABASE_SERVICE_ROLE_KEY
+                    // - Used in server-only file (lib/supabase/server.ts, /api/, etc.)
+                    const isServerFile = (0, file_classifier_1.isServerOnlyFile)(filePath);
+                    const usesEnvVar = (0, file_classifier_1.isEnvVarReference)(line);
+                    // Check if this line is just a variable declaration from env var
+                    // e.g., const supabaseServiceRoleKey = process.env.SUPABASE_SERVICE_ROLE_KEY!
+                    const isEnvVarDeclaration = /(?:const|let|var)\s+\w*(?:service.*role|supabase.*key)\w*\s*=\s*process\.env\./i.test(line);
+                    // Check if this is a createClient call with variable reference (not hardcoded)
+                    // e.g., createClient(supabaseUrl, supabaseServiceRoleKey, {...})
+                    const isCreateClientWithVar = /createClient\s*\(\s*\w+\s*,\s*\w*(?:service.*role|key)\w*\s*[,)]/i.test(line);
+                    // If server file + env var pattern OR server file + createClient with variable reference, it's safe
+                    if (isServerFile) {
+                        if (isEnvVarDeclaration || usesEnvVar) {
+                            // Safe: declaring/loading from env var in server file
+                            continue;
+                        }
+                        if (isCreateClientWithVar && !/"[a-zA-Z0-9._-]{20,}"/.test(line)) {
+                            // Safe: using variable (not hardcoded string) in createClient
+                            // Check surrounding content for env var loading
+                            const fileHasEnvVarLoading = content.includes('process.env.SUPABASE_SERVICE_ROLE_KEY');
+                            if (fileHasEnvVarLoading) {
+                                continue;
+                            }
+                        }
+                    }
+                    const serviceRoleContext = (0, file_classifier_1.getServiceRoleKeyContext)(line, filePath);
+                    // Double-check: Server-only file using env var = safe, skip entirely
+                    if (serviceRoleContext === 'safe_server') {
+                        continue;
+                    }
+                    // Determine severity and whether AI validation is needed
+                    let adjustedSeverity = pattern.severity;
+                    let adjustedDescription = pattern.description;
+                    let requiresAIValidation = false;
+                    let adjustedConfidence = 'medium';
+                    if (serviceRoleContext === 'client_exposure') {
+                        // Client exposure = critical
+                        adjustedSeverity = 'critical';
+                        adjustedDescription = 'Supabase service role key may be exposed to client - this bypasses RLS';
+                        requiresAIValidation = true;
+                        adjustedConfidence = 'high';
+                    }
+                    else {
+                        // needs_review
+                        if ((0, file_classifier_1.isEnvVarReference)(line)) {
+                            // Using env var in non-server file - needs review
+                            adjustedSeverity = 'medium';
+                            adjustedDescription = 'Supabase service role key usage - verify this is server-only code';
+                            requiresAIValidation = true;
+                        }
+                        else if ((0, file_classifier_1.isServerOnlyFile)(filePath)) {
+                            // Hardcoded in server file - bad practice but not critical
+                            adjustedSeverity = 'high';
+                            adjustedDescription = 'Supabase service role key should use environment variable';
+                            requiresAIValidation = true;
+                        }
+                        else {
+                            // Unknown context - flag for review
+                            adjustedSeverity = 'high';
+                            requiresAIValidation = true;
+                        }
+                    }
+                    // Downgrade test file severity
+                    if (isTestFile) {
+                        adjustedSeverity = 'low';
+                        adjustedConfidence = 'low';
+                        adjustedDescription = `${adjustedDescription} (in test file)`;
+                    }
+                    vulnerabilities.push({
+                        id: `framework-${filePath}-${index + 1}-${pattern.name}`,
+                        filePath,
+                        lineNumber: index + 1,
+                        lineContent: line.trim(),
+                        severity: adjustedSeverity,
+                        category: 'insecure_config',
+                        title: `[${pattern.framework}] ${pattern.name}`,
+                        description: adjustedDescription,
+                        suggestedFix: pattern.suggestedFix,
+                        confidence: adjustedConfidence,
+                        baseConfidence: BASE_CONFIDENCE,
+                        layer: 2,
+                        source: 'structural',
+                        requiresAIValidation,
+                    });
+                    break;
+                }
+                // Standard handling for other patterns
+                let severity = pattern.severity;
+                let confidence = 'medium';
+                // Downgrade test file severity
+                if (isTestFile) {
+                    if (severity === 'critical') {
+                        severity = 'medium';
+                    }
+                    else if (severity === 'high') {
+                        severity = 'low';
+                    }
+                    else {
+                        severity = 'info';
+                    }
+                    confidence = 'low';
+                }
+                vulnerabilities.push({
+                    id: `framework-${filePath}-${index + 1}-${pattern.name}`,
+                    filePath,
+                    lineNumber: index + 1,
+                    lineContent: line.trim(),
+                    severity,
+                    category: 'insecure_config',
+                    title: `[${pattern.framework}] ${pattern.name}`,
+                    description: isTestFile ? `${pattern.description} (in test file)` : pattern.description,
+                    suggestedFix: pattern.suggestedFix,
+                    confidence,
+                    baseConfidence: BASE_CONFIDENCE,
+                    layer: 2,
+                    source: 'structural',
+                });
+                break; // Only report once per line
+            }
+        }
+    });
+    return vulnerabilities;
+}
+//# sourceMappingURL=framework-checks.js.map

package/dist/detect/structural/framework-checks.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"framework-checks.js","sourceRoot":"","sources":["../../../src/detect/structural/framework-checks.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAgRH,sDAmKC;AA/aD,iEAOoC;AAEpC,MAAM,eAAe,GAAG,IAAI,CAAA;AAW5B,MAAM,kBAAkB,GAAuB;IAC7C,oDAAoD;IACpD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kEAAkE;QAC/E,YAAY,EAAE,sDAAsD;QACpE,SAAS,EAAE,QAAQ;KACpB;IACD;QACE,IAAI,EAAE,yCAAyC;QAC/C,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,6CAA6C;QAC3D,SAAS,EAAE,QAAQ;KACpB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,iEAAiE;QAC9E,YAAY,EAAE,2DAA2D;QACzE,SAAS,EAAE,QAAQ;KACpB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,2DAA2D;QACpE,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4DAA4D;QACzE,YAAY,EAAE,iDAAiD;QAC/D,SAAS,EAAE,QAAQ;KACpB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,yDAAyD;QAClE,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kEAAkE;QAC/E,YAAY,EAAE,6CAA6C;QAC3D,SAAS,EAAE,QAAQ;KACpB;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,0DAA0D;QACvE,YAAY,EAAE,8CAA8C;QAC5D,SAAS,EAAE,QAAQ;KACpB;IAED,oDAAoD;IACpD,mFAAmF;IACnF;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,8CAA8C;QACvD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE,2CAA2C;QACzD,SAAS,EAAE,SAAS;KACrB;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,gDAAgD;QAC7D,YAAY,EAAE,uDAAuD;QACrE,SAAS,EAAE,SAAS;KACrB;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,sDAAsD;QACpE,SAAS,EAAE,SAAS;KACrB;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6CAA6C;QAC1D,YAAY,EAAE,8CAA8C;QAC5D,SAAS,EAAE,SAAS;KACrB;IAED,kDAAkD;IAClD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,+BAA+B;QACxC,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,sDAAsD;QACnE,YAAY,EAAE,oDAAoD;QAClE,SAAS,EAAE,OAAO;KACnB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,+DAA+D;QACxE,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,2DAA2D;QACxE,YAAY,EAAE,mDAAmD;QACjE,SAAS,EAAE,OAAO;KACnB;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,kDAAkD;QAChE,SAAS,EAAE,OAAO;KACnB;IACD;QACE,IAAI,EAAE,4CAA4C;QAClD,OAAO,EAAE,qDAAqD;QAC9D,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mDAAmD;QAChE,YAAY,EAAE,0CAA0C;QACxD,SAAS,EAAE,OAAO;KACnB;IAED,gDAAgD;IAChD;QACE,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,qBAAqB;QAC9B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,oDAAoD;QAClE,SAAS,EAAE,KAAK;KACjB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,oDAAoD;QAC7D,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,wDAAwD;QACrE,YAAY,EAAE,8CAA8C;QAC5D,SAAS,EAAE,KAAK;KACjB;IAED,mDAAmD;IACnD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,oDAAoD;QACjE,YAAY,EAAE,0CAA0C;QACxD,SAAS,EAAE,QAAQ;KACpB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,6CAA6C;QAC1D,YAAY,EAAE,iCAAiC;QAC/C,SAAS,EAAE,QAAQ;KACpB;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,2CAA2C;QACxD,YAAY,EAAE,2CAA2C;QACzD,SAAS,EAAE,QAAQ;KACpB;IAED,kDAAkD;IAClD;QACE,IAAI,EAAE,kBAAkB;QACxB,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mDAAmD;QAChE,YAAY,EAAE,+BAA+B;QAC7C,SAAS,EAAE,OAAO;KACnB;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0CAA0C;QACvD,YAAY,EAAE,2CAA2C;QACzD,SAAS,EAAE,OAAO;KACnB;IAED,qDAAqD;IACrD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,0DAA0D;QACnE,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,6DAA6D;QAC1E,YAAY,EAAE,+CAA+C;QAC7D,SAAS,EAAE,UAAU;KACtB;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,wCAAwC;QACrD,YAAY,EAAE,kDAAkD;QAChE,SAAS,EAAE,UAAU;KACtB;CACF,CAAA;AAED,8CAA8C;AAC9C,SAAS,eAAe,CAAC,OAAe,EAAE,QAAgB;IACxD,MAAM,UAAU,GAAa,EAAE,CAAA;IAE/B,UAAU;IACV,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC5D,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC/D,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IAC3B,CAAC;IAED,UAAU;IACV,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACnE,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC3C,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAC5B,CAAC;IAED,QAAQ;IACR,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;QACpE,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAClE,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC1B,CAAC;IAED,MAAM;IACN,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;QACnE,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACxB,CAAC;IAED,SAAS;IACT,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC;QACpE,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACrC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IAC3B,CAAC;IAED,QAAQ;IACR,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC1E,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC1B,CAAC;IAED,WAAW;IACX,IAAI,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QACnE,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAC7B,CAAC;IAED,OAAO,UAAU,CAAA;AACnB,CAAC;AAED,SAAgB,qBAAqB,CACnC,OAAe,EACf,QAAgB,EAChB,OAAiC;IAEjC,MAAM,eAAe,GAAoB,EAAE,CAAA;IAE3C,qDAAqD;IACrD,IAAI,IAAA,wCAAsB,EAAC,QAAQ,CAAC;QAAE,OAAO,eAAe,CAAA;IAE5D,MAAM,KAAK,GAAG,OAAO,EAAE,MAAM,EAAE,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAC3D,MAAM,kBAAkB,GAAG,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;IAC7D,MAAM,UAAU,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;IAE7C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAC5B,qBAAqB;QACrB,IAAI,IAAA,2BAAS,EAAC,IAAI,CAAC;YAAE,OAAM;QAE3B,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,8EAA8E;YAC9E,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrF,SAAQ;YACV,CAAC;YAED,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YAEvE,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrB,iDAAiD;gBACjD,IAAI,OAAO,CAAC,IAAI,KAAK,mCAAmC,EAAE,CAAC;oBACzD,0DAA0D;oBAC1D,yBAAyB;oBACzB,uDAAuD;oBACvD,sDAAsD;oBACtD,mEAAmE;oBAEnE,MAAM,YAAY,GAAG,IAAA,kCAAgB,EAAC,QAAQ,CAAC,CAAA;oBAC/C,MAAM,UAAU,GAAG,IAAA,mCAAiB,EAAC,IAAI,CAAC,CAAA;oBAE1C,iEAAiE;oBACjE,8EAA8E;oBAC9E,MAAM,mBAAmB,GAAG,iFAAiF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;oBAExH,+EAA+E;oBAC/E,iEAAiE;oBACjE,MAAM,qBAAqB,GAAG,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;oBAE5G,oGAAoG;oBACpG,IAAI,YAAY,EAAE,CAAC;wBACjB,IAAI,mBAAmB,IAAI,UAAU,EAAE,CAAC;4BACtC,sDAAsD;4BACtD,SAAQ;wBACV,CAAC;wBACD,IAAI,qBAAqB,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;4BACjE,8DAA8D;4BAC9D,gDAAgD;4BAChD,MAAM,oBAAoB,GAAG,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,CAAA;4BACtF,IAAI,oBAAoB,EAAE,CAAC;gCACzB,SAAQ;4BACV,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,MAAM,kBAAkB,GAAG,IAAA,0CAAwB,EAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;oBAEnE,qEAAqE;oBACrE,IAAI,kBAAkB,KAAK,aAAa,EAAE,CAAC;wBACzC,SAAQ;oBACV,CAAC;oBAED,yDAAyD;oBACzD,IAAI,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAA;oBACvC,IAAI,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAA;oBAC7C,IAAI,oBAAoB,GAAG,KAAK,CAAA;oBAChC,IAAI,kBAAkB,GAA8B,QAAQ,CAAA;oBAE5D,IAAI,kBAAkB,KAAK,iBAAiB,EAAE,CAAC;wBAC7C,6BAA6B;wBAC7B,gBAAgB,GAAG,UAAU,CAAA;wBAC7B,mBAAmB,GAAG,wEAAwE,CAAA;wBAC9F,oBAAoB,GAAG,IAAI,CAAA;wBAC3B,kBAAkB,GAAG,MAAM,CAAA;oBAC7B,CAAC;yBAAM,CAAC;wBACN,eAAe;wBACf,IAAI,IAAA,mCAAiB,EAAC,IAAI,CAAC,EAAE,CAAC;4BAC5B,kDAAkD;4BAClD,gBAAgB,GAAG,QAAQ,CAAA;4BAC3B,mBAAmB,GAAG,mEAAmE,CAAA;4BACzF,oBAAoB,GAAG,IAAI,CAAA;wBAC7B,CAAC;6BAAM,IAAI,IAAA,kCAAgB,EAAC,QAAQ,CAAC,EAAE,CAAC;4BACtC,2DAA2D;4BAC3D,gBAAgB,GAAG,MAAM,CAAA;4BACzB,mBAAmB,GAAG,2DAA2D,CAAA;4BACjF,oBAAoB,GAAG,IAAI,CAAA;wBAC7B,CAAC;6BAAM,CAAC;4BACN,oCAAoC;4BACpC,gBAAgB,GAAG,MAAM,CAAA;4BACzB,oBAAoB,GAAG,IAAI,CAAA;wBAC7B,CAAC;oBACH,CAAC;oBAED,+BAA+B;oBAC/B,IAAI,UAAU,EAAE,CAAC;wBACf,gBAAgB,GAAG,KAAK,CAAA;wBACxB,kBAAkB,GAAG,KAAK,CAAA;wBAC1B,mBAAmB,GAAG,GAAG,mBAAmB,iBAAiB,CAAA;oBAC/D,CAAC;oBAED,eAAe,CAAC,IAAI,CAAC;wBACnB,EAAE,EAAE,aAAa,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE;wBACxD,QAAQ;wBACR,UAAU,EAAE,KAAK,GAAG,CAAC;wBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;wBACxB,QAAQ,EAAE,gBAAgB;wBAC1B,QAAQ,EAAE,iBAAiB;wBAC3B,KAAK,EAAE,IAAI,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,IAAI,EAAE;wBAC/C,WAAW,EAAE,mBAAmB;wBAChC,YAAY,EAAE,OAAO,CAAC,YAAY;wBAClC,UAAU,EAAE,kBAAkB;wBAC9B,cAAc,EAAE,eAAe;wBAC/B,KAAK,EAAE,CAAC;wBACZ,MAAM,EAAE,YAAqB;wBACzB,oBAAoB;qBACrB,CAAC,CAAA;oBACF,MAAK;gBACP,CAAC;gBAED,uCAAuC;gBACvC,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAA;gBAC/B,IAAI,UAAU,GAA8B,QAAQ,CAAA;gBAEpD,+BAA+B;gBAC/B,IAAI,UAAU,EAAE,CAAC;oBACf,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;wBAC5B,QAAQ,GAAG,QAAQ,CAAA;oBACrB,CAAC;yBAAM,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;wBAC/B,QAAQ,GAAG,KAAK,CAAA;oBAClB,CAAC;yBAAM,CAAC;wBACN,QAAQ,GAAG,MAAM,CAAA;oBACnB,CAAC;oBACD,UAAU,GAAG,KAAK,CAAA;gBACpB,CAAC;gBAED,eAAe,CAAC,IAAI,CAAC;oBACnB,EAAE,EAAE,aAAa,QAAQ,IAAI,KAAK,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE;oBACxD,QAAQ;oBACR,UAAU,EAAE,KAAK,GAAG,CAAC;oBACrB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE;oBACxB,QAAQ;oBACR,QAAQ,EAAE,iBAAiB;oBAC3B,KAAK,EAAE,IAAI,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,IAAI,EAAE;oBAC/C,WAAW,EAAE,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,WAAW,iBAAiB,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW;oBACvF,YAAY,EAAE,OAAO,CAAC,YAAY;oBAClC,UAAU;oBACV,cAAc,EAAE,eAAe;oBAC/B,KAAK,EAAE,CAAC;oBACV,MAAM,EAAE,YAAqB;iBAC5B,CAAC,CAAA;gBACF,MAAK,CAAC,4BAA4B;YACpC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,eAAe,CAAA;AACxB,CAAC"}

package/dist/detect/structural/index.d.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Layer 2: Structural Scan
+ * Contextual analysis using variable heuristics, logic gate detection,
+ * dangerous functions, risky imports, auth anti-patterns, framework checks,
+ * and AI code fingerprinting
+ */
+import type { Vulnerability, ScanFile, CancellationToken, DetectorContext } from '../../shared/types';
+import type { ProgressCallback } from '../../shared/types';
+import type { MiddlewareAuthConfig } from '../../model/middleware-detector';
+import { type AuthHelperContext } from '../../model/auth-helper-detector';
+import type { FileAuthImports } from '../../model/imported-auth-detector';
+export interface Layer2Options {
+    middlewareConfig?: MiddlewareAuthConfig;
+    authHelperContext?: AuthHelperContext;
+    fileAuthImports?: Map<string, FileAuthImports>;
+    /** Whether to exclude test files from scanning (default: true) */
+    excludeTestFiles?: boolean;
+    /** Whether to exclude seed files from scanning (default: true) */
+    excludeSeedFiles?: boolean;
+    /** Custom exclusion patterns (glob format) */
+    customExclusions?: string[];
+    /**
+     * Detector context for context-aware detection (Phase 2b)
+     * When provided, detectors can make smarter decisions based on:
+     * - Project-level auth configuration
+     * - Framework detection
+     * - Per-file context (server vs client, test vs production)
+     */
+    detectorContext?: DetectorContext;
+}
+export interface Layer2Stats {
+    /** Raw finding counts per detector (before dedupe) */
+    raw: Record<string, number>;
+    /** Deduped finding counts per category */
+    deduped: Record<string, number>;
+    /** Severity distribution of deduped findings */
+    bySeverity: Record<string, number>;
+    /** Findings suppressed by path exclusions */
+    suppressedByPath: number;
+}
+export interface Layer2Result {
+    vulnerabilities: Vulnerability[];
+    filesScanned: number;
+    duration: number;
+    /** Heuristic breakdown stats for noise analysis */
+    stats: Layer2Stats;
+}
+export declare function runLayer2Scan(files: ScanFile[], options?: Layer2Options, onProgress?: ProgressCallback, cancellationToken?: CancellationToken): Promise<Layer2Result>;
+export { detectSensitiveVariables } from './variables';
+export { detectLogicGates } from './logic-gates';
+export { detectDangerousFunctions } from './dangerous-functions';
+export { detectRiskyImports } from './risky-imports';
+export { detectAuthAntipatterns } from './auth-patterns';
+export { detectFrameworkIssues } from './framework-checks';
+export { detectAIFingerprints } from '../ai-code/fingerprinting';
+export { detectDataExposure } from './data-exposure';
+export { detectBYOKPatterns } from '../ai-code/byok-patterns';
+export { detectAIPromptHygiene } from '../ai-code/prompt-hygiene';
+export { detectAIExecutionSinks } from '../ai-code/execution-sinks';
+export { detectAIAgentTools } from '../ai-code/agent-tools';
+export { detectRAGSafetyIssues } from '../ai-code/rag-safety';
+export { detectAIEndpointProtection } from '../ai-code/endpoint-protection';
+export { detectAISchemaValidation } from '../ai-code/schema-validation';
+export { detectAIPackageHallucination } from '../ai-code/package-hallucination';
+export { detectMCPSecurity } from '../ai-code/mcp-security';
+export { detectModelSupplyChain } from '../ai-code/model-supply-chain';
+export { detectSecurityHeaders } from './security-headers';
+export { detectSSRFPatterns } from './ssrf-detection';
+export { detectLogInjection } from './log-injection';
+export { detectXXEPatterns } from './xxe-detection';
+//# sourceMappingURL=index.d.ts.map

package/dist/detect/structural/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/detect/structural/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AACrG,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAC1D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAA;AAC3E,OAAO,EAAqB,KAAK,iBAAiB,EAAE,MAAM,kCAAkC,CAAA;AAC5F,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oCAAoC,CAAA;AAsCzE,MAAM,WAAW,aAAa;IAC5B,gBAAgB,CAAC,EAAE,oBAAoB,CAAA;IACvC,iBAAiB,CAAC,EAAE,iBAAiB,CAAA;IACrC,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAC9C,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,OAAO,CAAA;IAC1B,8CAA8C;IAC9C,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;IAC3B;;;;;;OAMG;IACH,eAAe,CAAC,EAAE,eAAe,CAAA;CAClC;AAED,MAAM,WAAW,WAAW;IAC1B,sDAAsD;IACtD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC3B,0CAA0C;IAC1C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAC/B,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAClC,6CAA6C;IAC7C,gBAAgB,EAAE,MAAM,CAAA;CACzB;AAED,MAAM,WAAW,YAAY;IAC3B,eAAe,EAAE,aAAa,EAAE,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAA;IAChB,mDAAmD;IACnD,KAAK,EAAE,WAAW,CAAA;CACnB;AAmMD,wBAAsB,aAAa,CACjC,KAAK,EAAE,QAAQ,EAAE,EACjB,OAAO,GAAE,aAAkB,EAC3B,UAAU,CAAC,EAAE,gBAAgB,EAC7B,iBAAiB,CAAC,EAAE,iBAAiB,GACpC,OAAO,CAAC,YAAY,CAAC,CA4JvB;AA2JD,OAAO,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAA;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAA;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAA;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAA;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAE7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAA;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAA;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAE3D,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAA;AAC3E,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAA;AAEvE,OAAO,EAAE,4BAA4B,EAAE,MAAM,kCAAkC,CAAA;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAE3D,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAA;AAEtE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAA;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAA"}