@oculum/scanner 1.0.12 → 1.0.13

package/dist/model/middleware-detector.js

@@ -0,0 +1,382 @@
+"use strict";
+/**
+ * Middleware Auth Detection
+ * Detects global authentication middleware (Next.js, Express, etc.)
+ * and determines which routes are protected
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.detectGlobalAuthMiddleware = detectGlobalAuthMiddleware;
+exports.isRouteProtectedByMiddleware = isRouteProtectedByMiddleware;
+exports.getRoutePathFromFile = getRoutePathFromFile;
+exports.detectUserScopingPatterns = detectUserScopingPatterns;
+const import_resolver_1 = require("./import-resolver");
+/**
+ * Detect global auth middleware from scanned files
+ * Looks for Next.js middleware.ts, Express auth patterns, etc.
+ */
+function detectGlobalAuthMiddleware(files) {
+    const result = {
+        hasAuthMiddleware: false,
+        protectedPaths: [],
+        publicPaths: [],
+        matchers: [],
+        context: {
+            usesAuthProtect: false,
+            usesGetToken: false,
+            usesSession: false,
+            hasPublicRoutes: false,
+        },
+    };
+    // Find middleware files
+    const middlewareFile = files.find(f => /^(src\/)?middleware\.(ts|js)$/.test(f.path) ||
+        f.path.endsWith('/middleware.ts') ||
+        f.path.endsWith('/middleware.js'));
+    if (!middlewareFile) {
+        return result;
+    }
+    result.middlewareFile = middlewareFile.path;
+    const content = middlewareFile.content;
+    // Resolve imported middleware helpers (single-hop follow)
+    const resolvedContent = resolveMiddlewareImports(content, middlewareFile.path, files);
+    const combinedContent = content + '\n' + resolvedContent;
+    // Detect auth provider type (check both root middleware and imported helpers)
+    result.authType = detectAuthType(combinedContent);
+    if (result.authType) {
+        result.hasAuthMiddleware = true;
+    }
+    // Extract protected path matchers from root middleware
+    const { protectedPaths, publicPaths, matchers } = extractPathMatchers(content);
+    result.protectedPaths = protectedPaths;
+    result.publicPaths = publicPaths;
+    result.matchers = matchers;
+    // Extract route protection patterns from imported helper files
+    if (resolvedContent) {
+        const helperPaths = extractRouteProtectionPaths(resolvedContent);
+        for (const p of helperPaths.protectedPaths) {
+            if (!result.protectedPaths.includes(p))
+                result.protectedPaths.push(p);
+        }
+        for (const p of helperPaths.publicPaths) {
+            if (!result.publicPaths.includes(p))
+                result.publicPaths.push(p);
+        }
+    }
+    // Detect specific auth patterns (check both root and helpers)
+    result.context.usesAuthProtect = /auth\.protect\(\)|auth\(\)\.protect\(\)|requireAuth\(\)/i.test(combinedContent);
+    result.context.usesGetToken = /getToken\(|getAuth\(/i.test(combinedContent);
+    result.context.usesSession = /getSession\(|getServerSession\(|getUser\(/i.test(combinedContent);
+    result.context.hasPublicRoutes = /isPublicRoute|publicRoutes|ignoredRoutes|excludedPaths|isAuthRoute/i.test(combinedContent);
+    // If we found auth imports but no explicit matchers, assume /api/** is protected
+    if (result.hasAuthMiddleware && result.protectedPaths.length === 0) {
+        // Check if middleware runs on all routes or has default API protection
+        if (!result.context.hasPublicRoutes || /\/api/i.test(combinedContent)) {
+            result.protectedPaths.push('/api/**');
+        }
+    }
+    return result;
+}
+/**
+ * Resolve local imports from middleware.ts to find helper files.
+ * Single-hop follow: reads the content of imported modules so we can
+ * detect auth patterns and route protection logic defined there.
+ */
+function resolveMiddlewareImports(middlewareContent, middlewarePath, files) {
+    const fileIndex = (0, import_resolver_1.buildFileIndex)(files);
+    const imports = (0, import_resolver_1.extractAllImports)(middlewareContent, middlewarePath);
+    const importedContent = [];
+    for (const imp of imports) {
+        if (!imp.isLocal)
+            continue;
+        const resolved = (0, import_resolver_1.resolveImportPath)(imp.importPath, middlewarePath, fileIndex);
+        if (resolved) {
+            importedContent.push(resolved.content);
+        }
+    }
+    return importedContent.join('\n');
+}
+/**
+ * Extract route protection paths from middleware helper content.
+ * Detects patterns like:
+ *   pathname.startsWith('/dashboard')
+ *   isProtectedRoute = pathname.startsWith('/scan')
+ *   isPublicRoute / isAuthRoute patterns
+ */
+function extractRouteProtectionPaths(content) {
+    const protectedPaths = [];
+    const publicPaths = [];
+    // Detect: const isProtectedRoute = pathname.startsWith('/dashboard') || pathname.startsWith('/scan')
+    // We look for variables named isProtected* and extract their startsWith paths
+    const protectedVarPattern = /is(?:Protected|Authed|Private)(?:Route|Path)?\s*=\s*([^\n]+)/gi;
+    let match;
+    while ((match = protectedVarPattern.exec(content)) !== null) {
+        const expr = match[1];
+        const startsWithMatches = expr.matchAll(/startsWith\s*\(\s*['"]([^'"]+)['"]\s*\)/g);
+        for (const sw of startsWithMatches) {
+            const path = sw[1];
+            if (!protectedPaths.includes(path)) {
+                protectedPaths.push(path);
+            }
+        }
+    }
+    // Detect: const isPublicRoute = ... / const isAuthRoute = ...
+    const publicVarPattern = /is(?:Public|Auth|Open|Unauthenticated)(?:Route|Path)?\s*=\s*([^\n]+)/gi;
+    while ((match = publicVarPattern.exec(content)) !== null) {
+        const expr = match[1];
+        const startsWithMatches = expr.matchAll(/startsWith\s*\(\s*['"]([^'"]+)['"]\s*\)/g);
+        for (const sw of startsWithMatches) {
+            const path = sw[1];
+            if (!publicPaths.includes(path)) {
+                publicPaths.push(path);
+            }
+        }
+        // Also match: pathname === '/login'
+        const equalsMatches = expr.matchAll(/===?\s*['"]([^'"]+)['"]/g);
+        for (const eq of equalsMatches) {
+            const path = eq[1];
+            if (path.startsWith('/') && !publicPaths.includes(path)) {
+                publicPaths.push(path);
+            }
+        }
+    }
+    // Detect redirect for unauthenticated users: if (!user && isProtectedRoute) { redirect }
+    // This confirms the middleware actually enforces auth, but the paths are already extracted above
+    // Detect standalone pathname.startsWith in conditional blocks (e.g., if statements)
+    // Only if not already captured above
+    const standalonePattern = /!user\s*&&\s*.*?pathname\.startsWith\s*\(\s*['"]([^'"]+)['"]/g;
+    while ((match = standalonePattern.exec(content)) !== null) {
+        const path = match[1];
+        if (!protectedPaths.includes(path)) {
+            protectedPaths.push(path);
+        }
+    }
+    return { protectedPaths, publicPaths };
+}
+/**
+ * Detect which auth provider/library is being used
+ */
+function detectAuthType(content) {
+    // Clerk patterns
+    if (/clerkMiddleware|@clerk\/nextjs|clerkClient|auth\(\)\.protect/i.test(content)) {
+        return 'clerk';
+    }
+    // NextAuth patterns
+    if (/next-auth|NextAuth|getServerSession|withAuth\(/i.test(content)) {
+        return 'nextauth';
+    }
+    // Auth0 patterns
+    if (/@auth0\/nextjs|withPageAuthRequired|withApiAuthRequired/i.test(content)) {
+        return 'auth0';
+    }
+    // Supabase Auth patterns
+    if (/@supabase\/ssr|supabase\/middleware|createServerClient.*supabase|updateSession/i.test(content)) {
+        return 'supabase';
+    }
+    // Generic auth middleware patterns
+    if (/authMiddleware|requireAuth|verifyToken|checkAuth|isAuthenticated/i.test(content)) {
+        return 'custom';
+    }
+    // Check for common auth imports/usage that suggest middleware is doing auth
+    if (/authorization|bearer|jwt|session\.user|getToken/i.test(content)) {
+        return 'unknown';
+    }
+    return undefined;
+}
+/**
+ * Extract path matchers from middleware config
+ */
+function extractPathMatchers(content) {
+    const protectedPaths = [];
+    const publicPaths = [];
+    const matchers = [];
+    // Next.js config.matcher pattern
+    // export const config = { matcher: [...] }
+    const matcherArrayMatch = content.match(/config\s*=\s*\{[^}]*matcher\s*:\s*\[([\s\S]*?)\]/m);
+    if (matcherArrayMatch) {
+        const matcherContent = matcherArrayMatch[1];
+        // Extract string patterns from the array
+        const patterns = matcherContent.match(/['"`]([^'"`]+)['"`]/g) || [];
+        for (const p of patterns) {
+            const path = p.replace(/['"`]/g, '');
+            matchers.push(path);
+            // Classify as protected or public based on common patterns
+            if (path.includes('/api') || path.includes('/(protected)') || path.includes('/dashboard')) {
+                protectedPaths.push(path);
+            }
+        }
+    }
+    // Single matcher pattern
+    // export const config = { matcher: '/api/:path*' }
+    const singleMatcherMatch = content.match(/config\s*=\s*\{[^}]*matcher\s*:\s*['"`]([^'"`]+)['"`]/m);
+    if (singleMatcherMatch) {
+        const path = singleMatcherMatch[1];
+        matchers.push(path);
+        if (path.includes('/api')) {
+            protectedPaths.push(path);
+        }
+    }
+    // Clerk-specific: createRouteMatcher for public routes
+    // const isPublicRoute = createRouteMatcher(['/sign-in', '/sign-up', ...])
+    const publicRouteMatch = content.match(/createRouteMatcher\s*\(\s*\[([\s\S]*?)\]/m);
+    if (publicRouteMatch) {
+        const routeContent = publicRouteMatch[1];
+        const patterns = routeContent.match(/['"`]([^'"`]+)['"`]/g) || [];
+        for (const p of patterns) {
+            const path = p.replace(/['"`]/g, '');
+            publicPaths.push(path);
+        }
+    }
+    // Look for publicRoutes/ignoredRoutes arrays
+    const publicRoutesMatch = content.match(/(publicRoutes|ignoredRoutes|excludedPaths)\s*[=:]\s*\[([\s\S]*?)\]/m);
+    if (publicRoutesMatch) {
+        const routeContent = publicRoutesMatch[2];
+        const patterns = routeContent.match(/['"`]([^'"`]+)['"`]/g) || [];
+        for (const p of patterns) {
+            const path = p.replace(/['"`]/g, '');
+            publicPaths.push(path);
+        }
+    }
+    // If we found public paths but no explicit protected paths,
+    // assume everything else under /api is protected
+    if (publicPaths.length > 0 && protectedPaths.length === 0) {
+        protectedPaths.push('/api/**');
+    }
+    return { protectedPaths, publicPaths, matchers };
+}
+/**
+ * Check if a given route path is protected by the middleware
+ */
+function isRouteProtectedByMiddleware(routePath, config) {
+    if (!config.hasAuthMiddleware) {
+        return { isProtected: false, reason: 'No auth middleware detected' };
+    }
+    // Normalize path
+    const normalizedPath = routePath.startsWith('/') ? routePath : `/${routePath}`;
+    // Check if explicitly public
+    for (const publicPath of config.publicPaths) {
+        if (matchPath(normalizedPath, publicPath)) {
+            return { isProtected: false, reason: `Matches public route pattern: ${publicPath}` };
+        }
+    }
+    // Check if explicitly protected
+    for (const protectedPath of config.protectedPaths) {
+        if (matchPath(normalizedPath, protectedPath)) {
+            return {
+                isProtected: true,
+                reason: `Protected by ${config.authType || 'auth'} middleware (matches: ${protectedPath})`,
+            };
+        }
+    }
+    // Check matchers — only use as a protection signal when we have NO explicit
+    // protectedPaths from helper analysis.  config.matchers defines which routes
+    // the middleware *runs on*, not which routes are *protected*.  When explicit
+    // protectedPaths exist the middleware decides protection internally, and the
+    // matcher is merely a run-scope (e.g. Next.js "match everything except static").
+    if (config.protectedPaths.length === 0) {
+        for (const matcher of config.matchers) {
+            if (matchPath(normalizedPath, matcher)) {
+                return {
+                    isProtected: true,
+                    reason: `Protected by middleware matcher: ${matcher}`,
+                };
+            }
+        }
+    }
+    // Default: if we have auth middleware and no explicit public match,
+    // consider API routes as protected
+    if (normalizedPath.startsWith('/api/')) {
+        return {
+            isProtected: true,
+            reason: `API route likely protected by ${config.authType || 'auth'} middleware`,
+        };
+    }
+    return { isProtected: false, reason: 'Route not covered by middleware matchers' };
+}
+/**
+ * Extract route path from a file path (e.g., app/api/users/route.ts -> /api/users)
+ */
+function getRoutePathFromFile(filePath) {
+    // Next.js App Router: app/api/users/route.ts -> /api/users
+    const appRouterMatch = filePath.match(/app(\/.*?)\/route\.(ts|js)$/i);
+    if (appRouterMatch) {
+        return appRouterMatch[1];
+    }
+    // Next.js Pages Router: pages/api/users.ts -> /api/users
+    const pagesRouterMatch = filePath.match(/pages(\/api\/.*?)\.(ts|js)$/i);
+    if (pagesRouterMatch) {
+        return pagesRouterMatch[1];
+    }
+    // Express-style routes: routes/users.ts (harder to determine path)
+    // Return null for now - would need more context
+    return null;
+}
+/**
+ * Simple glob-like path matching
+ * Supports: ** (any path), * (single segment), :param (path params)
+ */
+function matchPath(actualPath, pattern) {
+    // Normalize
+    const normActual = actualPath.replace(/\/+/g, '/');
+    let normPattern = pattern.replace(/\/+/g, '/');
+    // Negative lookahead matchers (e.g., Next.js /((?!_next/static|...).*)) are
+    // catch-all patterns excluding static assets — treat as "match all routes"
+    if (normPattern.includes('(?!')) {
+        return true;
+    }
+    // Other regex constructs ((?:), (?=)) — attempt to evaluate as actual regex
+    if (normPattern.includes('(?:') || normPattern.includes('(?=')) {
+        try {
+            return new RegExp(normPattern).test(actualPath);
+        }
+        catch {
+            return false; // Unparseable pattern — don't assume match
+        }
+    }
+    // Clerk-style regex patterns: /sign-in(.*), /api/webhook(.*)
+    // Convert (.*) → **, (.+) → **, and strip other regex groups
+    normPattern = normPattern
+        .replace(/\(\.\*\)/g, '**')
+        .replace(/\(\.\+\)/g, '**')
+        .replace(/\(([^)]+)\)/g, '$1'); // unwrap remaining groups
+    // Handle Next.js :path* patterns
+    normPattern = normPattern
+        .replace(/:path\*/g, '**')
+        .replace(/:\w+/g, '[^/]+');
+    // Convert glob to regex
+    const regexPattern = normPattern
+        .replace(/\*\*/g, '<<<DOUBLESTAR>>>')
+        .replace(/\*/g, '[^/]*')
+        .replace(/<<<DOUBLESTAR>>>/g, '.*')
+        .replace(/\//g, '\\/');
+    const regex = new RegExp(`^${regexPattern}$`);
+    return regex.test(normActual);
+}
+/**
+ * Get user-scoping patterns from file content
+ * Detects patterns like: user_id, userId, session.user.id
+ */
+function detectUserScopingPatterns(content) {
+    const patterns = [];
+    // Common user ID patterns in queries/operations
+    const userIdPatterns = [
+        /\.eq\s*\(\s*['"`]user_id['"`]/i, // Supabase .eq('user_id', ...)
+        /\.filter\s*\(\s*user_id\s*=/i, // Django-style
+        /where\s*\(\s*['"`]?user_id['"`]?\s*=/i, // SQL-like
+        /userId\s*[=:]/i, // Generic userId
+        /user\.id\s*[=:]/i, // user.id
+        /session\.user\.id/i, // Next.js session
+        /req\.user\.id/i, // Express req.user
+        /getCurrentUserId\s*\(/i, // Custom helper
+        /getAuthUser\s*\(/i, // Auth helper
+        /auth\(\).*\.userId/i, // Clerk auth().userId
+    ];
+    for (const pattern of userIdPatterns) {
+        if (pattern.test(content)) {
+            patterns.push(pattern.source);
+        }
+    }
+    return {
+        hasUserScoping: patterns.length > 0,
+        patterns,
+    };
+}
+//# sourceMappingURL=middleware-detector.js.map

package/dist/model/middleware-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware-detector.js","sourceRoot":"","sources":["../../src/model/middleware-detector.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAkCH,gEAuEC;AA6MD,oEAsDC;AAKD,oDAgBC;AAoDD,8DA8BC;AAhdD,uDAAwF;AA2BxF;;;GAGG;AACH,SAAgB,0BAA0B,CAAC,KAAiB;IAC1D,MAAM,MAAM,GAAyB;QACnC,iBAAiB,EAAE,KAAK;QACxB,cAAc,EAAE,EAAE;QAClB,WAAW,EAAE,EAAE;QACf,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE;YACP,eAAe,EAAE,KAAK;YACtB,YAAY,EAAE,KAAK;YACnB,WAAW,EAAE,KAAK;YAClB,eAAe,EAAE,KAAK;SACvB;KACF,CAAA;IAED,wBAAwB;IACxB,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CACpC,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5C,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAClC,CAAA;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,MAAM,CAAA;IACf,CAAC;IAED,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC,IAAI,CAAA;IAC3C,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAA;IAEtC,0DAA0D;IAC1D,MAAM,eAAe,GAAG,wBAAwB,CAAC,OAAO,EAAE,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;IACrF,MAAM,eAAe,GAAG,OAAO,GAAG,IAAI,GAAG,eAAe,CAAA;IAExD,8EAA8E;IAC9E,MAAM,CAAC,QAAQ,GAAG,cAAc,CAAC,eAAe,CAAC,CAAA;IAEjD,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAA;IACjC,CAAC;IAED,uDAAuD;IACvD,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAA;IAC9E,MAAM,CAAC,cAAc,GAAG,cAAc,CAAA;IACtC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAA;IAChC,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAA;IAE1B,+DAA+D;IAC/D,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,WAAW,GAAG,2BAA2B,CAAC,eAAe,CAAC,CAAA;QAChE,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACvE,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjE,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,MAAM,CAAC,OAAO,CAAC,eAAe,GAAG,0DAA0D,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IACjH,MAAM,CAAC,OAAO,CAAC,YAAY,GAAG,uBAAuB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAC3E,MAAM,CAAC,OAAO,CAAC,WAAW,GAAG,4CAA4C,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAC/F,MAAM,CAAC,OAAO,CAAC,eAAe,GAAG,qEAAqE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAA;IAE5H,iFAAiF;IACjF,IAAI,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnE,uEAAuE;QACvE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,IAAI,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YACtE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACvC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAC/B,iBAAyB,EACzB,cAAsB,EACtB,KAAiB;IAEjB,MAAM,SAAS,GAAG,IAAA,gCAAc,EAAC,KAAK,CAAC,CAAA;IACvC,MAAM,OAAO,GAAG,IAAA,mCAAiB,EAAC,iBAAiB,EAAE,cAAc,CAAC,CAAA;IACpE,MAAM,eAAe,GAAa,EAAE,CAAA;IAEpC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,IAAI,CAAC,GAAG,CAAC,OAAO;YAAE,SAAQ;QAC1B,MAAM,QAAQ,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,UAAU,EAAE,cAAc,EAAE,SAAS,CAAC,CAAA;QAC7E,IAAI,QAAQ,EAAE,CAAC;YACb,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;QACxC,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACnC,CAAC;AAED;;;;;;GAMG;AACH,SAAS,2BAA2B,CAAC,OAAe;IAIlD,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,MAAM,WAAW,GAAa,EAAE,CAAA;IAEhC,qGAAqG;IACrG,8EAA8E;IAC9E,MAAM,mBAAmB,GAAG,gEAAgE,CAAA;IAC5F,IAAI,KAAK,CAAA;IACT,OAAO,CAAC,KAAK,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5D,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,0CAA0C,CAAC,CAAA;QACnF,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YAClB,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,MAAM,gBAAgB,GAAG,wEAAwE,CAAA;IACjG,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,0CAA0C,CAAC,CAAA;QACnF,KAAK,MAAM,EAAE,IAAI,iBAAiB,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YAClB,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACxB,CAAC;QACH,CAAC;QACD,oCAAoC;QACpC,MAAM,aAAa,GAAG,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAA;QAC/D,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,CAAA;YAClB,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxD,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACxB,CAAC;QACH,CAAC;IACH,CAAC;IAED,yFAAyF;IACzF,iGAAiG;IAEjG,oFAAoF;IACpF,qCAAqC;IACrC,MAAM,iBAAiB,GAAG,+DAA+D,CAAA;IACzF,OAAO,CAAC,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,CAAA;AACxC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAe;IACrC,iBAAiB;IACjB,IAAI,+DAA+D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClF,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,oBAAoB;IACpB,IAAI,iDAAiD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,iBAAiB;IACjB,IAAI,0DAA0D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7E,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,yBAAyB;IACzB,IAAI,iFAAiF,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpG,OAAO,UAAU,CAAA;IACnB,CAAC;IAED,mCAAmC;IACnC,IAAI,mEAAmE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACtF,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED,4EAA4E;IAC5E,IAAI,kDAAkD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACrE,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,OAAe;IAK1C,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,MAAM,WAAW,GAAa,EAAE,CAAA;IAChC,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,iCAAiC;IACjC,2CAA2C;IAC3C,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAA;IAC5F,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,cAAc,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;QAC3C,yCAAyC;QACzC,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAA;QACnE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACnB,2DAA2D;YAC3D,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1F,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC3B,CAAC;QACH,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,mDAAmD;IACnD,MAAM,kBAAkB,GAAG,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAA;IAClG,IAAI,kBAAkB,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAA;QAClC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACnB,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,uDAAuD;IACvD,0EAA0E;IAC1E,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAA;IACnF,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,YAAY,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAA;QACxC,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAA;QACjE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAA;IAC9G,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,YAAY,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAA;QACzC,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAA;QACjE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;YACpC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACxB,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,iDAAiD;IACjD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAChC,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,4BAA4B,CAC1C,SAAiB,EACjB,MAA4B;IAE5B,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAC9B,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAA;IACtE,CAAC;IAED,iBAAiB;IACjB,MAAM,cAAc,GAAG,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,EAAE,CAAA;IAE9E,6BAA6B;IAC7B,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,iCAAiC,UAAU,EAAE,EAAE,CAAA;QACtF,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAClD,IAAI,SAAS,CAAC,cAAc,EAAE,aAAa,CAAC,EAAE,CAAC;YAC7C,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,MAAM,EAAE,gBAAgB,MAAM,CAAC,QAAQ,IAAI,MAAM,yBAAyB,aAAa,GAAG;aAC3F,CAAA;QACH,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,6EAA6E;IAC7E,6EAA6E;IAC7E,6EAA6E;IAC7E,iFAAiF;IACjF,IAAI,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,SAAS,CAAC,cAAc,EAAE,OAAO,CAAC,EAAE,CAAC;gBACvC,OAAO;oBACL,WAAW,EAAE,IAAI;oBACjB,MAAM,EAAE,oCAAoC,OAAO,EAAE;iBACtD,CAAA;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,oEAAoE;IACpE,mCAAmC;IACnC,IAAI,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO;YACL,WAAW,EAAE,IAAI;YACjB,MAAM,EAAE,iCAAiC,MAAM,CAAC,QAAQ,IAAI,MAAM,aAAa;SAChF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAA;AACnF,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,QAAgB;IACnD,2DAA2D;IAC3D,MAAM,cAAc,GAAG,QAAQ,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAA;IACrE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,cAAc,CAAC,CAAC,CAAC,CAAA;IAC1B,CAAC;IAED,yDAAyD;IACzD,MAAM,gBAAgB,GAAG,QAAQ,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAA;IACvE,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,gBAAgB,CAAC,CAAC,CAAC,CAAA;IAC5B,CAAC;IAED,mEAAmE;IACnE,gDAAgD;IAChD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS,CAAC,UAAkB,EAAE,OAAe;IACpD,YAAY;IACZ,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAClD,IAAI,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAE9C,4EAA4E;IAC5E,2EAA2E;IAC3E,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,IAAI,CAAA;IACb,CAAC;IACD,4EAA4E;IAC5E,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC;YACH,OAAO,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAA,CAAE,2CAA2C;QAC3D,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,6DAA6D;IAC7D,WAAW,GAAG,WAAW;SACtB,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC;SAC1B,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC;SAC1B,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,CAAA,CAAG,0BAA0B;IAE7D,iCAAiC;IACjC,WAAW,GAAG,WAAW;SACtB,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC;SACzB,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IAE5B,wBAAwB;IACxB,MAAM,YAAY,GAAG,WAAW;SAC7B,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;SACpC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;SACvB,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC;SAClC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;IAExB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAA;IAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,OAAe;IAIvD,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,gDAAgD;IAChD,MAAM,cAAc,GAAG;QACrB,gCAAgC,EAAS,+BAA+B;QACxE,8BAA8B,EAAY,eAAe;QACzD,uCAAuC,EAAG,WAAW;QACrD,gBAAgB,EAA2B,iBAAiB;QAC5D,kBAAkB,EAAyB,UAAU;QACrD,oBAAoB,EAAuB,kBAAkB;QAC7D,gBAAgB,EAA2B,mBAAmB;QAC9D,wBAAwB,EAAmB,gBAAgB;QAC3D,mBAAmB,EAAwB,cAAc;QACzD,qBAAqB,EAAsB,sBAAsB;KAClE,CAAA;IAED,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;QAC/B,CAAC;IACH,CAAC;IAED,OAAO;QACL,cAAc,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;QACnC,QAAQ;KACT,CAAA;AACH,CAAC"}

package/dist/model/module-graph.d.ts

@@ -0,0 +1,46 @@
+/**
+ * Module Graph — Build a project-wide dependency graph from import/export statements.
+ *
+ * Provides forward edges (depends-on) and reverse edges (imported-by) for
+ * cross-file analysis. Detects circular imports via DFS.
+ */
+import type { ScanFile } from '../shared/types';
+import type { ParsedImport, ParsedExport } from './import-resolver';
+export interface ResolvedImport extends ParsedImport {
+    resolvedPath: string | null;
+}
+export interface ModuleNode {
+    filePath: string;
+    imports: ResolvedImport[];
+    exports: ParsedExport[];
+    dependsOn: Set<string>;
+    importedBy: Set<string>;
+}
+export interface ModuleGraphStats {
+    totalFiles: number;
+    totalEdges: number;
+    circularImportCount: number;
+    duration: number;
+}
+export interface ModuleGraph {
+    nodes: Map<string, ModuleNode>;
+    circularImports: Set<string>;
+    stats: ModuleGraphStats;
+}
+/**
+ * Build a project-wide module graph from scanned files.
+ *
+ * For each code file: extract imports, resolve paths, extract exports.
+ * Build forward (dependsOn) and reverse (importedBy) edges.
+ * Detect circular imports via DFS.
+ */
+export declare function buildModuleGraph(files: ScanFile[]): ModuleGraph;
+/**
+ * Resolve what file and export an imported symbol refers to.
+ * Follows one-hop re-exports through barrel files.
+ */
+export declare function resolveImportedName(graph: ModuleGraph, fromFile: string, importedName: string): {
+    filePath: string;
+    exportName: string;
+} | null;
+//# sourceMappingURL=module-graph.d.ts.map

package/dist/model/module-graph.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"module-graph.d.ts","sourceRoot":"","sources":["../../src/model/module-graph.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAO/C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAMnE,MAAM,WAAW,cAAe,SAAQ,YAAY;IAClD,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,cAAc,EAAE,CAAA;IACzB,OAAO,EAAE,YAAY,EAAE,CAAA;IACvB,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;IACtB,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,mBAAmB,EAAE,MAAM,CAAA;IAC3B,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAA;IAC9B,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;IAC5B,KAAK,EAAE,gBAAgB,CAAA;CACxB;AAaD;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,WAAW,CA+D/D;AAMD;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,WAAW,EAClB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CA6CjD"}

package/dist/model/module-graph.js

@@ -0,0 +1,187 @@
+"use strict";
+/**
+ * Module Graph — Build a project-wide dependency graph from import/export statements.
+ *
+ * Provides forward edges (depends-on) and reverse edges (imported-by) for
+ * cross-file analysis. Detects circular imports via DFS.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildModuleGraph = buildModuleGraph;
+exports.resolveImportedName = resolveImportedName;
+const import_resolver_1 = require("./import-resolver");
+// ============================================================================
+// Graph Construction
+// ============================================================================
+const CODE_EXTENSIONS = new Set(['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs', '.py']);
+function isCodeFile(filePath) {
+    const ext = filePath.substring(filePath.lastIndexOf('.'));
+    return CODE_EXTENSIONS.has(ext.toLowerCase());
+}
+/**
+ * Build a project-wide module graph from scanned files.
+ *
+ * For each code file: extract imports, resolve paths, extract exports.
+ * Build forward (dependsOn) and reverse (importedBy) edges.
+ * Detect circular imports via DFS.
+ */
+function buildModuleGraph(files) {
+    const startTime = Date.now();
+    const fileIndex = (0, import_resolver_1.buildFileIndex)(files);
+    const nodes = new Map();
+    let totalEdges = 0;
+    // Phase 1: Build nodes with imports and exports
+    for (const file of files) {
+        if (!isCodeFile(file.path))
+            continue;
+        const imports = (0, import_resolver_1.extractAllImports)(file.content, file.path);
+        const fileExports = (0, import_resolver_1.extractExports)(file.content, file.path);
+        const resolvedImports = imports
+            .filter(imp => imp.isLocal)
+            .map(imp => {
+            const resolved = (0, import_resolver_1.resolveImportPath)(imp.importPath, file.path, fileIndex);
+            return {
+                ...imp,
+                resolvedPath: resolved?.path ?? null,
+            };
+        });
+        const dependsOn = new Set();
+        for (const ri of resolvedImports) {
+            if (ri.resolvedPath) {
+                dependsOn.add(ri.resolvedPath);
+                totalEdges++;
+            }
+        }
+        nodes.set(file.path, {
+            filePath: file.path,
+            imports: resolvedImports,
+            exports: fileExports,
+            dependsOn,
+            importedBy: new Set(),
+        });
+    }
+    // Phase 2: Build reverse edges
+    for (const [filePath, node] of nodes) {
+        for (const dep of node.dependsOn) {
+            const depNode = nodes.get(dep);
+            if (depNode) {
+                depNode.importedBy.add(filePath);
+            }
+        }
+    }
+    // Phase 3: Detect circular imports via DFS
+    const circularImports = detectCircularImports(nodes);
+    return {
+        nodes,
+        circularImports,
+        stats: {
+            totalFiles: nodes.size,
+            totalEdges,
+            circularImportCount: circularImports.size,
+            duration: Date.now() - startTime,
+        },
+    };
+}
+// ============================================================================
+// Symbol Resolution
+// ============================================================================
+/**
+ * Resolve what file and export an imported symbol refers to.
+ * Follows one-hop re-exports through barrel files.
+ */
+function resolveImportedName(graph, fromFile, importedName) {
+    const node = graph.nodes.get(fromFile);
+    if (!node)
+        return null;
+    // Find the import that provides this name
+    for (const imp of node.imports) {
+        if (!imp.resolvedPath)
+            continue;
+        // Check if this import provides the requested name
+        const providesName = imp.importedNames.includes(importedName) ||
+            (imp.isNamespace && imp.importedNames[0] === importedName) ||
+            (importedName === 'default' && imp.importedNames.includes('default'));
+        if (!providesName)
+            continue;
+        const targetNode = graph.nodes.get(imp.resolvedPath);
+        if (!targetNode)
+            return { filePath: imp.resolvedPath, exportName: importedName };
+        // Check if target directly exports this name
+        const directExport = targetNode.exports.find(e => e.name === importedName || (importedName === 'default' && e.isDefault));
+        if (directExport) {
+            // If it's a re-export, follow one hop
+            if (directExport.kind === 'reexport' && directExport.sourceModule) {
+                const reExportTarget = findReExportTarget(graph, imp.resolvedPath, directExport);
+                if (reExportTarget)
+                    return reExportTarget;
+            }
+            return { filePath: imp.resolvedPath, exportName: directExport.name };
+        }
+        // Target might be a barrel file — check re-exports
+        for (const exp of targetNode.exports) {
+            if (exp.kind === 'reexport' && exp.name === importedName && exp.sourceModule) {
+                const reExportTarget = findReExportTarget(graph, imp.resolvedPath, exp);
+                if (reExportTarget)
+                    return reExportTarget;
+            }
+        }
+        // Name not found in exports but import resolved — return best guess
+        return { filePath: imp.resolvedPath, exportName: importedName };
+    }
+    return null;
+}
+function findReExportTarget(graph, fromFile, exp) {
+    if (!exp.sourceModule)
+        return null;
+    const fromNode = graph.nodes.get(fromFile);
+    if (!fromNode)
+        return null;
+    // Find the resolved import matching the re-export source
+    for (const imp of fromNode.imports) {
+        if (imp.importPath === exp.sourceModule && imp.resolvedPath) {
+            return { filePath: imp.resolvedPath, exportName: exp.name };
+        }
+    }
+    // If we have a re-export import in the node's import list
+    for (const imp of fromNode.imports) {
+        if (imp.isReExport && imp.importPath === exp.sourceModule && imp.resolvedPath) {
+            return { filePath: imp.resolvedPath, exportName: exp.name };
+        }
+    }
+    return null;
+}
+// ============================================================================
+// Circular Import Detection
+// ============================================================================
+function detectCircularImports(nodes) {
+    const circular = new Set();
+    const visited = new Set();
+    const inStack = new Set();
+    function dfs(filePath) {
+        if (inStack.has(filePath)) {
+            circular.add(filePath);
+            return;
+        }
+        if (visited.has(filePath))
+            return;
+        visited.add(filePath);
+        inStack.add(filePath);
+        const node = nodes.get(filePath);
+        if (node) {
+            for (const dep of node.dependsOn) {
+                if (inStack.has(dep)) {
+                    circular.add(filePath);
+                    circular.add(dep);
+                }
+                else {
+                    dfs(dep);
+                }
+            }
+        }
+        inStack.delete(filePath);
+    }
+    for (const filePath of nodes.keys()) {
+        dfs(filePath);
+    }
+    return circular;
+}
+//# sourceMappingURL=module-graph.js.map

package/dist/model/module-graph.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"module-graph.js","sourceRoot":"","sources":["../../src/model/module-graph.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA0DH,4CA+DC;AAUD,kDAiDC;AAjLD,uDAK0B;AAgC1B,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC,CAAA;AAEtF,SAAS,UAAU,CAAC,QAAgB;IAClC,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAA;IACzD,OAAO,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAA;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,gBAAgB,CAAC,KAAiB;IAChD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC5B,MAAM,SAAS,GAAG,IAAA,gCAAc,EAAC,KAAK,CAAC,CAAA;IACvC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAA;IAC3C,IAAI,UAAU,GAAG,CAAC,CAAA;IAElB,gDAAgD;IAChD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAQ;QAEpC,MAAM,OAAO,GAAG,IAAA,mCAAiB,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1D,MAAM,WAAW,GAAG,IAAA,gCAAc,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QAE3D,MAAM,eAAe,GAAqB,OAAO;aAC9C,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC;aAC1B,GAAG,CAAC,GAAG,CAAC,EAAE;YACT,MAAM,QAAQ,GAAG,IAAA,mCAAiB,EAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAA;YACxE,OAAO;gBACL,GAAG,GAAG;gBACN,YAAY,EAAE,QAAQ,EAAE,IAAI,IAAI,IAAI;aACrC,CAAA;QACH,CAAC,CAAC,CAAA;QAEJ,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAA;QACnC,KAAK,MAAM,EAAE,IAAI,eAAe,EAAE,CAAC;YACjC,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC;gBACpB,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAA;gBAC9B,UAAU,EAAE,CAAA;YACd,CAAC;QACH,CAAC;QAED,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE;YACnB,QAAQ,EAAE,IAAI,CAAC,IAAI;YACnB,OAAO,EAAE,eAAe;YACxB,OAAO,EAAE,WAAW;YACpB,SAAS;YACT,UAAU,EAAE,IAAI,GAAG,EAAE;SACtB,CAAC,CAAA;IACJ,CAAC;IAED,+BAA+B;IAC/B,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC;QACrC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAC9B,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,MAAM,eAAe,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAA;IAEpD,OAAO;QACL,KAAK;QACL,eAAe;QACf,KAAK,EAAE;YACL,UAAU,EAAE,KAAK,CAAC,IAAI;YACtB,UAAU;YACV,mBAAmB,EAAE,eAAe,CAAC,IAAI;YACzC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACjC;KACF,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;GAGG;AACH,SAAgB,mBAAmB,CACjC,KAAkB,EAClB,QAAgB,EAChB,YAAoB;IAEpB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACtC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAA;IAEtB,0CAA0C;IAC1C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,IAAI,CAAC,GAAG,CAAC,YAAY;YAAE,SAAQ;QAE/B,mDAAmD;QACnD,MAAM,YAAY,GAAG,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,YAAY,CAAC;YAC3D,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC;YAC1D,CAAC,YAAY,KAAK,SAAS,IAAI,GAAG,CAAC,aAAa,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;QAEvE,IAAI,CAAC,YAAY;YAAE,SAAQ;QAE3B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;QACpD,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,CAAA;QAEhF,6CAA6C;QAC7C,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC/C,CAAC,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,CAAC,CAAC,SAAS,CAAC,CACvE,CAAA;QAED,IAAI,YAAY,EAAE,CAAC;YACjB,sCAAsC;YACtC,IAAI,YAAY,CAAC,IAAI,KAAK,UAAU,IAAI,YAAY,CAAC,YAAY,EAAE,CAAC;gBAClE,MAAM,cAAc,GAAG,kBAAkB,CAAC,KAAK,EAAE,GAAG,CAAC,YAAY,EAAE,YAAY,CAAC,CAAA;gBAChF,IAAI,cAAc;oBAAE,OAAO,cAAc,CAAA;YAC3C,CAAC;YACD,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,YAAY,CAAC,IAAI,EAAE,CAAA;QACtE,CAAC;QAED,mDAAmD;QACnD,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;gBAC7E,MAAM,cAAc,GAAG,kBAAkB,CAAC,KAAK,EAAE,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,CAAA;gBACvE,IAAI,cAAc;oBAAE,OAAO,cAAc,CAAA;YAC3C,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,CAAA;IACjE,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,kBAAkB,CACzB,KAAkB,EAClB,QAAgB,EAChB,GAAiB;IAEjB,IAAI,CAAC,GAAG,CAAC,YAAY;QAAE,OAAO,IAAI,CAAA;IAElC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IAC1C,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAA;IAE1B,yDAAyD;IACzD,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YAC5D,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,CAAA;QAC7D,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,YAAY,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YAC9E,OAAO,EAAE,QAAQ,EAAE,GAAG,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,CAAC,IAAI,EAAE,CAAA;QAC7D,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E,SAAS,qBAAqB,CAAC,KAA8B;IAC3D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAA;IAClC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAA;IACjC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAA;IAEjC,SAAS,GAAG,CAAC,QAAgB;QAC3B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;YACtB,OAAM;QACR,CAAC;QACD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAM;QAEjC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QACrB,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAErB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;QAChC,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrB,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;oBACtB,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;gBACnB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,GAAG,CAAC,CAAA;gBACV,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC1B,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QACpC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACf,CAAC;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC"}