@oculum/scanner 1.0.12 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/detect/ai-code/agent-tools.d.ts +22 -0
- package/dist/detect/ai-code/agent-tools.d.ts.map +1 -0
- package/dist/detect/ai-code/agent-tools.js +1509 -0
- package/dist/detect/ai-code/agent-tools.js.map +1 -0
- package/dist/detect/ai-code/byok-patterns.d.ts +15 -0
- package/dist/detect/ai-code/byok-patterns.d.ts.map +1 -0
- package/dist/detect/ai-code/byok-patterns.js +313 -0
- package/dist/detect/ai-code/byok-patterns.js.map +1 -0
- package/dist/detect/ai-code/endpoint-protection.d.ts +38 -0
- package/dist/detect/ai-code/endpoint-protection.d.ts.map +1 -0
- package/dist/detect/ai-code/endpoint-protection.js +349 -0
- package/dist/detect/ai-code/endpoint-protection.js.map +1 -0
- package/dist/detect/ai-code/execution-sinks.d.ts +21 -0
- package/dist/detect/ai-code/execution-sinks.d.ts.map +1 -0
- package/dist/detect/ai-code/execution-sinks.js +1158 -0
- package/dist/detect/ai-code/execution-sinks.js.map +1 -0
- package/dist/detect/ai-code/fingerprinting.d.ts +10 -0
- package/dist/detect/ai-code/fingerprinting.d.ts.map +1 -0
- package/dist/detect/ai-code/fingerprinting.js +665 -0
- package/dist/detect/ai-code/fingerprinting.js.map +1 -0
- package/dist/detect/ai-code/index.d.ts +12 -0
- package/dist/detect/ai-code/index.d.ts.map +1 -0
- package/dist/detect/ai-code/index.js +26 -0
- package/dist/detect/ai-code/index.js.map +1 -0
- package/dist/detect/ai-code/mcp-security.d.ts +20 -0
- package/dist/detect/ai-code/mcp-security.d.ts.map +1 -0
- package/dist/detect/ai-code/mcp-security.js +880 -0
- package/dist/detect/ai-code/mcp-security.js.map +1 -0
- package/dist/detect/ai-code/model-supply-chain.d.ts +23 -0
- package/dist/detect/ai-code/model-supply-chain.d.ts.map +1 -0
- package/dist/detect/ai-code/model-supply-chain.js +447 -0
- package/dist/detect/ai-code/model-supply-chain.js.map +1 -0
- package/dist/detect/ai-code/package-hallucination.d.ts +22 -0
- package/dist/detect/ai-code/package-hallucination.d.ts.map +1 -0
- package/dist/detect/ai-code/package-hallucination.js +841 -0
- package/dist/detect/ai-code/package-hallucination.js.map +1 -0
- package/dist/detect/ai-code/prompt-hygiene.d.ts +22 -0
- package/dist/detect/ai-code/prompt-hygiene.d.ts.map +1 -0
- package/dist/detect/ai-code/prompt-hygiene.js +1177 -0
- package/dist/detect/ai-code/prompt-hygiene.js.map +1 -0
- package/dist/detect/ai-code/rag-safety.d.ts +24 -0
- package/dist/detect/ai-code/rag-safety.d.ts.map +1 -0
- package/dist/detect/ai-code/rag-safety.js +913 -0
- package/dist/detect/ai-code/rag-safety.js.map +1 -0
- package/dist/detect/ai-code/schema-validation.d.ts +28 -0
- package/dist/detect/ai-code/schema-validation.d.ts.map +1 -0
- package/dist/detect/ai-code/schema-validation.js +378 -0
- package/dist/detect/ai-code/schema-validation.js.map +1 -0
- package/dist/detect/config/agent-skill-injection.d.ts +27 -0
- package/dist/detect/config/agent-skill-injection.d.ts.map +1 -0
- package/dist/detect/config/agent-skill-injection.js +472 -0
- package/dist/detect/config/agent-skill-injection.js.map +1 -0
- package/dist/detect/config/comments.d.ts +11 -0
- package/dist/detect/config/comments.d.ts.map +1 -0
- package/dist/detect/config/comments.js +206 -0
- package/dist/detect/config/comments.js.map +1 -0
- package/dist/detect/config/file-flags.d.ts +10 -0
- package/dist/detect/config/file-flags.d.ts.map +1 -0
- package/dist/detect/config/file-flags.js +124 -0
- package/dist/detect/config/file-flags.js.map +1 -0
- package/dist/detect/config/index.d.ts +7 -0
- package/dist/detect/config/index.d.ts.map +1 -0
- package/dist/detect/config/index.js +17 -0
- package/dist/detect/config/index.js.map +1 -0
- package/dist/detect/config/osv-check.d.ts +75 -0
- package/dist/detect/config/osv-check.d.ts.map +1 -0
- package/dist/detect/config/osv-check.js +309 -0
- package/dist/detect/config/osv-check.js.map +1 -0
- package/dist/detect/config/package-check.d.ts +63 -0
- package/dist/detect/config/package-check.d.ts.map +1 -0
- package/dist/detect/config/package-check.js +509 -0
- package/dist/detect/config/package-check.js.map +1 -0
- package/dist/detect/config/urls.d.ts +11 -0
- package/dist/detect/config/urls.d.ts.map +1 -0
- package/dist/detect/config/urls.js +450 -0
- package/dist/detect/config/urls.js.map +1 -0
- package/dist/detect/index.d.ts +37 -0
- package/dist/detect/index.d.ts.map +1 -0
- package/dist/detect/index.js +77 -0
- package/dist/detect/index.js.map +1 -0
- package/dist/detect/secrets/config-audit.d.ts +11 -0
- package/dist/detect/secrets/config-audit.d.ts.map +1 -0
- package/dist/detect/secrets/config-audit.js +315 -0
- package/dist/detect/secrets/config-audit.js.map +1 -0
- package/dist/detect/secrets/config-mcp-audit.d.ts +23 -0
- package/dist/detect/secrets/config-mcp-audit.d.ts.map +1 -0
- package/dist/detect/secrets/config-mcp-audit.js +243 -0
- package/dist/detect/secrets/config-mcp-audit.js.map +1 -0
- package/dist/detect/secrets/entropy.d.ts +11 -0
- package/dist/detect/secrets/entropy.d.ts.map +1 -0
- package/dist/detect/secrets/entropy.js +751 -0
- package/dist/detect/secrets/entropy.js.map +1 -0
- package/dist/detect/secrets/index.d.ts +36 -0
- package/dist/detect/secrets/index.d.ts.map +1 -0
- package/dist/detect/secrets/index.js +174 -0
- package/dist/detect/secrets/index.js.map +1 -0
- package/dist/detect/secrets/patterns.d.ts +11 -0
- package/dist/detect/secrets/patterns.d.ts.map +1 -0
- package/dist/detect/secrets/patterns.js +518 -0
- package/dist/detect/secrets/patterns.js.map +1 -0
- package/dist/detect/secrets/weak-crypto.d.ts +10 -0
- package/dist/detect/secrets/weak-crypto.d.ts.map +1 -0
- package/dist/detect/secrets/weak-crypto.js +432 -0
- package/dist/detect/secrets/weak-crypto.js.map +1 -0
- package/dist/detect/structural/auth-patterns.d.ts +22 -0
- package/dist/detect/structural/auth-patterns.d.ts.map +1 -0
- package/dist/detect/structural/auth-patterns.js +533 -0
- package/dist/detect/structural/auth-patterns.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/child-process.d.ts +16 -0
- package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/child-process.js +74 -0
- package/dist/detect/structural/dangerous-functions/child-process.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +34 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.js +230 -0
- package/dist/detect/structural/dangerous-functions/dom-xss.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/index.d.ts +16 -0
- package/dist/detect/structural/dangerous-functions/index.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/index.js +1193 -0
- package/dist/detect/structural/dangerous-functions/index.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts +31 -0
- package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/json-parse.js +326 -0
- package/dist/detect/structural/dangerous-functions/json-parse.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/math-random.d.ts +111 -0
- package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/math-random.js +684 -0
- package/dist/detect/structural/dangerous-functions/math-random.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/patterns.d.ts +21 -0
- package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/patterns.js +163 -0
- package/dist/detect/structural/dangerous-functions/patterns.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts +13 -0
- package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/request-validation.js +126 -0
- package/dist/detect/structural/dangerous-functions/request-validation.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +24 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js +70 -0
- package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +31 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.js +147 -0
- package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts +9 -0
- package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/index.js +23 -0
- package/dist/detect/structural/dangerous-functions/utils/index.js.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +22 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +102 -0
- package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +1 -0
- package/dist/detect/structural/data-exposure.d.ts +19 -0
- package/dist/detect/structural/data-exposure.d.ts.map +1 -0
- package/dist/detect/structural/data-exposure.js +262 -0
- package/dist/detect/structural/data-exposure.js.map +1 -0
- package/dist/detect/structural/framework-checks.d.ts +10 -0
- package/dist/detect/structural/framework-checks.d.ts.map +1 -0
- package/dist/detect/structural/framework-checks.js +389 -0
- package/dist/detect/structural/framework-checks.js.map +1 -0
- package/dist/detect/structural/index.d.ts +71 -0
- package/dist/detect/structural/index.d.ts.map +1 -0
- package/dist/detect/structural/index.js +510 -0
- package/dist/detect/structural/index.js.map +1 -0
- package/dist/detect/structural/log-injection.d.ts +18 -0
- package/dist/detect/structural/log-injection.d.ts.map +1 -0
- package/dist/detect/structural/log-injection.js +217 -0
- package/dist/detect/structural/log-injection.js.map +1 -0
- package/dist/detect/structural/logic-gates.d.ts +10 -0
- package/dist/detect/structural/logic-gates.d.ts.map +1 -0
- package/dist/detect/structural/logic-gates.js +227 -0
- package/dist/detect/structural/logic-gates.js.map +1 -0
- package/dist/detect/structural/risky-imports.d.ts +10 -0
- package/dist/detect/structural/risky-imports.d.ts.map +1 -0
- package/dist/detect/structural/risky-imports.js +168 -0
- package/dist/detect/structural/risky-imports.js.map +1 -0
- package/dist/detect/structural/security-headers.d.ts +18 -0
- package/dist/detect/structural/security-headers.d.ts.map +1 -0
- package/dist/detect/structural/security-headers.js +196 -0
- package/dist/detect/structural/security-headers.js.map +1 -0
- package/dist/detect/structural/ssrf-detection.d.ts +18 -0
- package/dist/detect/structural/ssrf-detection.d.ts.map +1 -0
- package/dist/detect/structural/ssrf-detection.js +263 -0
- package/dist/detect/structural/ssrf-detection.js.map +1 -0
- package/dist/detect/structural/variables.d.ts +11 -0
- package/dist/detect/structural/variables.d.ts.map +1 -0
- package/dist/detect/structural/variables.js +159 -0
- package/dist/detect/structural/variables.js.map +1 -0
- package/dist/detect/structural/xxe-detection.d.ts +18 -0
- package/dist/detect/structural/xxe-detection.d.ts.map +1 -0
- package/dist/detect/structural/xxe-detection.js +245 -0
- package/dist/detect/structural/xxe-detection.js.map +1 -0
- package/dist/index.d.ts +17 -64
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +49 -1034
- package/dist/index.js.map +1 -1
- package/dist/layer2/framework-checks.d.ts.map +1 -1
- package/dist/layer2/framework-checks.js +1 -8
- package/dist/layer2/framework-checks.js.map +1 -1
- package/dist/layer2/index.d.ts +4 -0
- package/dist/layer2/index.d.ts.map +1 -1
- package/dist/layer2/index.js +50 -1
- package/dist/layer2/index.js.map +1 -1
- package/dist/layer2/log-injection.d.ts +18 -0
- package/dist/layer2/log-injection.d.ts.map +1 -0
- package/dist/layer2/log-injection.js +214 -0
- package/dist/layer2/log-injection.js.map +1 -0
- package/dist/layer2/security-headers.d.ts +18 -0
- package/dist/layer2/security-headers.d.ts.map +1 -0
- package/dist/layer2/security-headers.js +187 -0
- package/dist/layer2/security-headers.js.map +1 -0
- package/dist/layer2/ssrf-detection.d.ts +18 -0
- package/dist/layer2/ssrf-detection.d.ts.map +1 -0
- package/dist/layer2/ssrf-detection.js +252 -0
- package/dist/layer2/ssrf-detection.js.map +1 -0
- package/dist/layer2/xxe-detection.d.ts +18 -0
- package/dist/layer2/xxe-detection.d.ts.map +1 -0
- package/dist/layer2/xxe-detection.js +242 -0
- package/dist/layer2/xxe-detection.js.map +1 -0
- package/dist/layer3/anthropic/prompts/index.d.ts +1 -1
- package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -1
- package/dist/layer3/anthropic/prompts/index.js +3 -1
- package/dist/layer3/anthropic/prompts/index.js.map +1 -1
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +19 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +156 -0
- package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +9 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.js +25 -0
- package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/common.d.ts +11 -0
- package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/common.js +152 -0
- package/dist/layer3/anthropic/prompts/modules/common.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/index.d.ts +54 -0
- package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/index.js +185 -0
- package/dist/layer3/anthropic/prompts/modules/index.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +84 -0
- package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +68 -0
- package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +8 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +1 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +22 -0
- package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +1 -0
- package/dist/layer3/anthropic/prompts/validation.d.ts +9 -3
- package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -1
- package/dist/layer3/anthropic/prompts/validation.js +14 -410
- package/dist/layer3/anthropic/prompts/validation.js.map +1 -1
- package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -1
- package/dist/layer3/anthropic/providers/anthropic.js +6 -3
- package/dist/layer3/anthropic/providers/anthropic.js.map +1 -1
- package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -1
- package/dist/layer3/anthropic/providers/openai.js +6 -3
- package/dist/layer3/anthropic/providers/openai.js.map +1 -1
- package/dist/layer3/anthropic/request-builder.d.ts +11 -4
- package/dist/layer3/anthropic/request-builder.d.ts.map +1 -1
- package/dist/layer3/anthropic/request-builder.js +32 -16
- package/dist/layer3/anthropic/request-builder.js.map +1 -1
- package/dist/layer3/anthropic/utils/context-extractor.d.ts +55 -0
- package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +1 -0
- package/dist/layer3/anthropic/utils/context-extractor.js +161 -0
- package/dist/layer3/anthropic/utils/context-extractor.js.map +1 -0
- package/dist/layer3/anthropic/utils/index.d.ts +2 -0
- package/dist/layer3/anthropic/utils/index.d.ts.map +1 -1
- package/dist/layer3/anthropic/utils/index.js +4 -1
- package/dist/layer3/anthropic/utils/index.js.map +1 -1
- package/dist/model/auth-helper-detector.d.ts +56 -0
- package/dist/model/auth-helper-detector.d.ts.map +1 -0
- package/dist/model/auth-helper-detector.js +360 -0
- package/dist/model/auth-helper-detector.js.map +1 -0
- package/dist/model/cross-file-taint.d.ts +40 -0
- package/dist/model/cross-file-taint.d.ts.map +1 -0
- package/dist/model/cross-file-taint.js +290 -0
- package/dist/model/cross-file-taint.js.map +1 -0
- package/dist/model/framework-models/django.d.ts +9 -0
- package/dist/model/framework-models/django.d.ts.map +1 -0
- package/dist/model/framework-models/django.js +82 -0
- package/dist/model/framework-models/django.js.map +1 -0
- package/dist/model/framework-models/express.d.ts +9 -0
- package/dist/model/framework-models/express.d.ts.map +1 -0
- package/dist/model/framework-models/express.js +52 -0
- package/dist/model/framework-models/express.js.map +1 -0
- package/dist/model/framework-models/index.d.ts +20 -0
- package/dist/model/framework-models/index.d.ts.map +1 -0
- package/dist/model/framework-models/index.js +102 -0
- package/dist/model/framework-models/index.js.map +1 -0
- package/dist/model/framework-models/nextjs.d.ts +9 -0
- package/dist/model/framework-models/nextjs.d.ts.map +1 -0
- package/dist/model/framework-models/nextjs.js +71 -0
- package/dist/model/framework-models/nextjs.js.map +1 -0
- package/dist/model/framework-models/prisma.d.ts +10 -0
- package/dist/model/framework-models/prisma.d.ts.map +1 -0
- package/dist/model/framework-models/prisma.js +54 -0
- package/dist/model/framework-models/prisma.js.map +1 -0
- package/dist/model/framework-models/react.d.ts +9 -0
- package/dist/model/framework-models/react.d.ts.map +1 -0
- package/dist/model/framework-models/react.js +67 -0
- package/dist/model/framework-models/react.js.map +1 -0
- package/dist/model/framework-models/sequelize.d.ts +9 -0
- package/dist/model/framework-models/sequelize.d.ts.map +1 -0
- package/dist/model/framework-models/sequelize.js +62 -0
- package/dist/model/framework-models/sequelize.js.map +1 -0
- package/dist/model/framework-models/types.d.ts +43 -0
- package/dist/model/framework-models/types.d.ts.map +1 -0
- package/dist/model/framework-models/types.js +10 -0
- package/dist/model/framework-models/types.js.map +1 -0
- package/dist/model/function-classifier.d.ts +32 -0
- package/dist/model/function-classifier.d.ts.map +1 -0
- package/dist/model/function-classifier.js +143 -0
- package/dist/model/function-classifier.js.map +1 -0
- package/dist/model/import-resolver.d.ts +45 -0
- package/dist/model/import-resolver.d.ts.map +1 -0
- package/dist/model/import-resolver.js +410 -0
- package/dist/model/import-resolver.js.map +1 -0
- package/dist/model/imported-auth-detector.d.ts +38 -0
- package/dist/model/imported-auth-detector.d.ts.map +1 -0
- package/dist/model/imported-auth-detector.js +199 -0
- package/dist/model/imported-auth-detector.js.map +1 -0
- package/dist/model/index.d.ts +63 -0
- package/dist/model/index.d.ts.map +1 -0
- package/dist/model/index.js +272 -0
- package/dist/model/index.js.map +1 -0
- package/dist/model/middleware-detector.d.ts +55 -0
- package/dist/model/middleware-detector.d.ts.map +1 -0
- package/dist/model/middleware-detector.js +382 -0
- package/dist/model/middleware-detector.js.map +1 -0
- package/dist/model/module-graph.d.ts +46 -0
- package/dist/model/module-graph.d.ts.map +1 -0
- package/dist/model/module-graph.js +187 -0
- package/dist/model/module-graph.js.map +1 -0
- package/dist/model/oauth-flow-detector.d.ts +41 -0
- package/dist/model/oauth-flow-detector.d.ts.map +1 -0
- package/dist/model/oauth-flow-detector.js +202 -0
- package/dist/model/oauth-flow-detector.js.map +1 -0
- package/dist/model/project-context.d.ts +119 -0
- package/dist/model/project-context.d.ts.map +1 -0
- package/dist/model/project-context.js +534 -0
- package/dist/model/project-context.js.map +1 -0
- package/dist/model/route-auth-resolver.d.ts +27 -0
- package/dist/model/route-auth-resolver.d.ts.map +1 -0
- package/dist/model/route-auth-resolver.js +182 -0
- package/dist/model/route-auth-resolver.js.map +1 -0
- package/dist/model/route-discovery/express.d.ts +25 -0
- package/dist/model/route-discovery/express.d.ts.map +1 -0
- package/dist/model/route-discovery/express.js +225 -0
- package/dist/model/route-discovery/express.js.map +1 -0
- package/dist/model/route-discovery/index.d.ts +21 -0
- package/dist/model/route-discovery/index.d.ts.map +1 -0
- package/dist/model/route-discovery/index.js +67 -0
- package/dist/model/route-discovery/index.js.map +1 -0
- package/dist/model/route-discovery/nextjs.d.ts +16 -0
- package/dist/model/route-discovery/nextjs.d.ts.map +1 -0
- package/dist/model/route-discovery/nextjs.js +179 -0
- package/dist/model/route-discovery/nextjs.js.map +1 -0
- package/dist/model/route-discovery/python.d.ts +16 -0
- package/dist/model/route-discovery/python.d.ts.map +1 -0
- package/dist/model/route-discovery/python.js +181 -0
- package/dist/model/route-discovery/python.js.map +1 -0
- package/dist/model/route-discovery/types.d.ts +36 -0
- package/dist/model/route-discovery/types.d.ts.map +1 -0
- package/dist/model/route-discovery/types.js +16 -0
- package/dist/model/route-discovery/types.js.map +1 -0
- package/dist/model/route-discovery/utils.d.ts +18 -0
- package/dist/model/route-discovery/utils.d.ts.map +1 -0
- package/dist/model/route-discovery/utils.js +55 -0
- package/dist/model/route-discovery/utils.js.map +1 -0
- package/dist/model/route-hierarchy.d.ts +50 -0
- package/dist/model/route-hierarchy.d.ts.map +1 -0
- package/dist/model/route-hierarchy.js +226 -0
- package/dist/model/route-hierarchy.js.map +1 -0
- package/dist/model/sanitiser-detection.d.ts +27 -0
- package/dist/model/sanitiser-detection.d.ts.map +1 -0
- package/dist/model/sanitiser-detection.js +224 -0
- package/dist/model/sanitiser-detection.js.map +1 -0
- package/dist/model/sink-matcher.d.ts +17 -0
- package/dist/model/sink-matcher.d.ts.map +1 -0
- package/dist/model/sink-matcher.js +141 -0
- package/dist/model/sink-matcher.js.map +1 -0
- package/dist/model/sink-patterns.d.ts +19 -0
- package/dist/model/sink-patterns.d.ts.map +1 -0
- package/dist/model/sink-patterns.js +88 -0
- package/dist/model/sink-patterns.js.map +1 -0
- package/dist/model/source-discovery.d.ts +15 -0
- package/dist/model/source-discovery.d.ts.map +1 -0
- package/dist/model/source-discovery.js +170 -0
- package/dist/model/source-discovery.js.map +1 -0
- package/dist/model/taint-tracker.d.ts +21 -0
- package/dist/model/taint-tracker.d.ts.map +1 -0
- package/dist/model/taint-tracker.js +281 -0
- package/dist/model/taint-tracker.js.map +1 -0
- package/dist/model/taint-types.d.ts +74 -0
- package/dist/model/taint-types.d.ts.map +1 -0
- package/dist/model/taint-types.js +9 -0
- package/dist/model/taint-types.js.map +1 -0
- package/dist/model/trpc-analyzer.d.ts +78 -0
- package/dist/model/trpc-analyzer.d.ts.map +1 -0
- package/dist/model/trpc-analyzer.js +297 -0
- package/dist/model/trpc-analyzer.js.map +1 -0
- package/dist/parse/file-classifier.d.ts +228 -0
- package/dist/parse/file-classifier.d.ts.map +1 -0
- package/dist/parse/file-classifier.js +933 -0
- package/dist/parse/file-classifier.js.map +1 -0
- package/dist/parse/path-exclusions.d.ts +55 -0
- package/dist/parse/path-exclusions.d.ts.map +1 -0
- package/dist/parse/path-exclusions.js +224 -0
- package/dist/parse/path-exclusions.js.map +1 -0
- package/dist/pipeline/config.d.ts +39 -0
- package/dist/pipeline/config.d.ts.map +1 -0
- package/dist/pipeline/config.js +46 -0
- package/dist/pipeline/config.js.map +1 -0
- package/dist/pipeline/index.d.ts +34 -0
- package/dist/pipeline/index.d.ts.map +1 -0
- package/dist/pipeline/index.js +377 -0
- package/dist/pipeline/index.js.map +1 -0
- package/dist/pipeline/modes/incremental.d.ts +66 -0
- package/dist/pipeline/modes/incremental.d.ts.map +1 -0
- package/dist/pipeline/modes/incremental.js +200 -0
- package/dist/pipeline/modes/incremental.js.map +1 -0
- package/dist/postprocess/aggregation.d.ts +14 -0
- package/dist/postprocess/aggregation.d.ts.map +1 -0
- package/dist/postprocess/aggregation.js +63 -0
- package/dist/postprocess/aggregation.js.map +1 -0
- package/dist/postprocess/contradictions.d.ts +18 -0
- package/dist/postprocess/contradictions.d.ts.map +1 -0
- package/dist/postprocess/contradictions.js +99 -0
- package/dist/postprocess/contradictions.js.map +1 -0
- package/dist/postprocess/dedup.d.ts +13 -0
- package/dist/postprocess/dedup.d.ts.map +1 -0
- package/dist/postprocess/dedup.js +58 -0
- package/dist/postprocess/dedup.js.map +1 -0
- package/dist/postprocess/filtering/context-adjustments.d.ts +23 -0
- package/dist/postprocess/filtering/context-adjustments.d.ts.map +1 -0
- package/dist/postprocess/filtering/context-adjustments.js +100 -0
- package/dist/postprocess/filtering/context-adjustments.js.map +1 -0
- package/dist/postprocess/filtering/index.d.ts +3 -0
- package/dist/postprocess/filtering/index.d.ts.map +1 -0
- package/dist/postprocess/filtering/index.js +8 -0
- package/dist/postprocess/filtering/index.js.map +1 -0
- package/dist/postprocess/filtering/pipeline.d.ts +48 -0
- package/dist/postprocess/filtering/pipeline.d.ts.map +1 -0
- package/dist/postprocess/filtering/pipeline.js +76 -0
- package/dist/postprocess/filtering/pipeline.js.map +1 -0
- package/dist/postprocess/index.d.ts +41 -0
- package/dist/postprocess/index.d.ts.map +1 -0
- package/dist/postprocess/index.js +85 -0
- package/dist/postprocess/index.js.map +1 -0
- package/dist/postprocess/suppression/config-loader.d.ts +74 -0
- package/dist/postprocess/suppression/config-loader.d.ts.map +1 -0
- package/dist/postprocess/suppression/config-loader.js +424 -0
- package/dist/postprocess/suppression/config-loader.js.map +1 -0
- package/dist/postprocess/suppression/hash.d.ts +48 -0
- package/dist/postprocess/suppression/hash.d.ts.map +1 -0
- package/dist/postprocess/suppression/hash.js +88 -0
- package/dist/postprocess/suppression/hash.js.map +1 -0
- package/dist/postprocess/suppression/index.d.ts +11 -0
- package/dist/postprocess/suppression/index.d.ts.map +1 -0
- package/dist/postprocess/suppression/index.js +39 -0
- package/dist/postprocess/suppression/index.js.map +1 -0
- package/dist/postprocess/suppression/inline-parser.d.ts +39 -0
- package/dist/postprocess/suppression/inline-parser.d.ts.map +1 -0
- package/dist/postprocess/suppression/inline-parser.js +218 -0
- package/dist/postprocess/suppression/inline-parser.js.map +1 -0
- package/dist/postprocess/suppression/manager.d.ts +94 -0
- package/dist/postprocess/suppression/manager.d.ts.map +1 -0
- package/dist/postprocess/suppression/manager.js +292 -0
- package/dist/postprocess/suppression/manager.js.map +1 -0
- package/dist/postprocess/suppression/types.d.ts +151 -0
- package/dist/postprocess/suppression/types.d.ts.map +1 -0
- package/dist/postprocess/suppression/types.js +28 -0
- package/dist/postprocess/suppression/types.js.map +1 -0
- package/dist/postprocess/validation-cap.d.ts +17 -0
- package/dist/postprocess/validation-cap.d.ts.map +1 -0
- package/dist/postprocess/validation-cap.js +64 -0
- package/dist/postprocess/validation-cap.js.map +1 -0
- package/dist/report/build-result.d.ts +33 -0
- package/dist/report/build-result.d.ts.map +1 -0
- package/dist/report/build-result.js +59 -0
- package/dist/report/build-result.js.map +1 -0
- package/dist/report/enrichment.d.ts +19 -0
- package/dist/report/enrichment.d.ts.map +1 -0
- package/dist/report/enrichment.js +44 -0
- package/dist/report/enrichment.js.map +1 -0
- package/dist/report/formatters/ai-context.d.ts +23 -0
- package/dist/report/formatters/ai-context.d.ts.map +1 -0
- package/dist/report/formatters/ai-context.js +238 -0
- package/dist/report/formatters/ai-context.js.map +1 -0
- package/dist/report/formatters/cli-terminal.d.ts +65 -0
- package/dist/report/formatters/cli-terminal.d.ts.map +1 -0
- package/dist/report/formatters/cli-terminal.js +735 -0
- package/dist/report/formatters/cli-terminal.js.map +1 -0
- package/dist/report/formatters/github-comment.d.ts +41 -0
- package/dist/report/formatters/github-comment.d.ts.map +1 -0
- package/dist/report/formatters/github-comment.js +370 -0
- package/dist/report/formatters/github-comment.js.map +1 -0
- package/dist/report/formatters/grouping.d.ts +52 -0
- package/dist/report/formatters/grouping.d.ts.map +1 -0
- package/dist/report/formatters/grouping.js +152 -0
- package/dist/report/formatters/grouping.js.map +1 -0
- package/dist/report/formatters/ide/claude-code.d.ts +17 -0
- package/dist/report/formatters/ide/claude-code.d.ts.map +1 -0
- package/dist/report/formatters/ide/claude-code.js +94 -0
- package/dist/report/formatters/ide/claude-code.js.map +1 -0
- package/dist/report/formatters/ide/cursor.d.ts +13 -0
- package/dist/report/formatters/ide/cursor.d.ts.map +1 -0
- package/dist/report/formatters/ide/cursor.js +125 -0
- package/dist/report/formatters/ide/cursor.js.map +1 -0
- package/dist/report/formatters/ide/index.d.ts +62 -0
- package/dist/report/formatters/ide/index.d.ts.map +1 -0
- package/dist/report/formatters/ide/index.js +184 -0
- package/dist/report/formatters/ide/index.js.map +1 -0
- package/dist/report/formatters/ide/windsurf.d.ts +13 -0
- package/dist/report/formatters/ide/windsurf.d.ts.map +1 -0
- package/dist/report/formatters/ide/windsurf.js +117 -0
- package/dist/report/formatters/ide/windsurf.js.map +1 -0
- package/dist/report/formatters/index.d.ts +11 -0
- package/dist/report/formatters/index.d.ts.map +1 -0
- package/dist/report/formatters/index.js +54 -0
- package/dist/report/formatters/index.js.map +1 -0
- package/dist/report/formatters/vscode-diagnostic.d.ts +103 -0
- package/dist/report/formatters/vscode-diagnostic.d.ts.map +1 -0
- package/dist/report/formatters/vscode-diagnostic.js +151 -0
- package/dist/report/formatters/vscode-diagnostic.js.map +1 -0
- package/dist/report/summary.d.ts +27 -0
- package/dist/report/summary.d.ts.map +1 -0
- package/dist/report/summary.js +57 -0
- package/dist/report/summary.js.map +1 -0
- package/dist/rules/metadata.d.ts.map +1 -1
- package/dist/rules/metadata.js +66 -0
- package/dist/rules/metadata.js.map +1 -1
- package/dist/score/adjustments.d.ts +22 -0
- package/dist/score/adjustments.d.ts.map +1 -0
- package/dist/score/adjustments.js +373 -0
- package/dist/score/adjustments.js.map +1 -0
- package/dist/score/auto-dismiss.d.ts +28 -0
- package/dist/score/auto-dismiss.d.ts.map +1 -0
- package/dist/score/auto-dismiss.js +200 -0
- package/dist/score/auto-dismiss.js.map +1 -0
- package/dist/score/confidence.d.ts +19 -0
- package/dist/score/confidence.d.ts.map +1 -0
- package/dist/score/confidence.js +52 -0
- package/dist/score/confidence.js.map +1 -0
- package/dist/score/index.d.ts +61 -0
- package/dist/score/index.d.ts.map +1 -0
- package/dist/score/index.js +250 -0
- package/dist/score/index.js.map +1 -0
- package/dist/score/types.d.ts +160 -0
- package/dist/score/types.d.ts.map +1 -0
- package/dist/score/types.js +14 -0
- package/dist/score/types.js.map +1 -0
- package/dist/shared/ai-context/index.d.ts +6 -0
- package/dist/shared/ai-context/index.d.ts.map +1 -0
- package/dist/shared/ai-context/index.js +13 -0
- package/dist/shared/ai-context/index.js.map +1 -0
- package/dist/shared/ai-context/manager.d.ts +67 -0
- package/dist/shared/ai-context/manager.d.ts.map +1 -0
- package/dist/shared/ai-context/manager.js +104 -0
- package/dist/shared/ai-context/manager.js.map +1 -0
- package/dist/shared/baseline/diff.d.ts +32 -0
- package/dist/shared/baseline/diff.d.ts.map +1 -0
- package/dist/shared/baseline/diff.js +119 -0
- package/dist/shared/baseline/diff.js.map +1 -0
- package/dist/shared/baseline/index.d.ts +9 -0
- package/dist/shared/baseline/index.d.ts.map +1 -0
- package/dist/shared/baseline/index.js +19 -0
- package/dist/shared/baseline/index.js.map +1 -0
- package/dist/shared/baseline/manager.d.ts +67 -0
- package/dist/shared/baseline/manager.d.ts.map +1 -0
- package/dist/shared/baseline/manager.js +180 -0
- package/dist/shared/baseline/manager.js.map +1 -0
- package/dist/shared/baseline/types.d.ts +91 -0
- package/dist/shared/baseline/types.d.ts.map +1 -0
- package/dist/shared/baseline/types.js +12 -0
- package/dist/shared/baseline/types.js.map +1 -0
- package/dist/shared/category-filter.d.ts +125 -0
- package/dist/shared/category-filter.d.ts.map +1 -0
- package/dist/shared/category-filter.js +360 -0
- package/dist/shared/category-filter.js.map +1 -0
- package/dist/shared/code-analysis.d.ts +39 -0
- package/dist/shared/code-analysis.d.ts.map +1 -0
- package/dist/shared/code-analysis.js +159 -0
- package/dist/shared/code-analysis.js.map +1 -0
- package/dist/shared/comment-analyzer.d.ts +38 -0
- package/dist/shared/comment-analyzer.d.ts.map +1 -0
- package/dist/shared/comment-analyzer.js +218 -0
- package/dist/shared/comment-analyzer.js.map +1 -0
- package/dist/shared/diff-detector.d.ts +53 -0
- package/dist/shared/diff-detector.d.ts.map +1 -0
- package/dist/shared/diff-detector.js +104 -0
- package/dist/shared/diff-detector.js.map +1 -0
- package/dist/shared/diff-parser.d.ts +80 -0
- package/dist/shared/diff-parser.d.ts.map +1 -0
- package/dist/shared/diff-parser.js +202 -0
- package/dist/shared/diff-parser.js.map +1 -0
- package/dist/shared/environment-context.d.ts +76 -0
- package/dist/shared/environment-context.d.ts.map +1 -0
- package/dist/shared/environment-context.js +271 -0
- package/dist/shared/environment-context.js.map +1 -0
- package/dist/shared/intent-detector.d.ts +66 -0
- package/dist/shared/intent-detector.d.ts.map +1 -0
- package/dist/shared/intent-detector.js +282 -0
- package/dist/shared/intent-detector.js.map +1 -0
- package/dist/shared/parsed-file.d.ts +51 -0
- package/dist/shared/parsed-file.d.ts.map +1 -0
- package/dist/shared/parsed-file.js +95 -0
- package/dist/shared/parsed-file.js.map +1 -0
- package/dist/shared/registry-clients.d.ts +93 -0
- package/dist/shared/registry-clients.d.ts.map +1 -0
- package/dist/shared/registry-clients.js +273 -0
- package/dist/shared/registry-clients.js.map +1 -0
- package/dist/shared/rules/framework-fixes.d.ts +48 -0
- package/dist/shared/rules/framework-fixes.d.ts.map +1 -0
- package/dist/shared/rules/framework-fixes.js +439 -0
- package/dist/shared/rules/framework-fixes.js.map +1 -0
- package/dist/shared/rules/index.d.ts +8 -0
- package/dist/shared/rules/index.d.ts.map +1 -0
- package/dist/shared/rules/index.js +18 -0
- package/dist/shared/rules/index.js.map +1 -0
- package/dist/shared/rules/metadata.d.ts +43 -0
- package/dist/shared/rules/metadata.d.ts.map +1 -0
- package/dist/shared/rules/metadata.js +819 -0
- package/dist/shared/rules/metadata.js.map +1 -0
- package/dist/shared/schema-semantics.d.ts +45 -0
- package/dist/shared/schema-semantics.d.ts.map +1 -0
- package/dist/shared/schema-semantics.js +193 -0
- package/dist/shared/schema-semantics.js.map +1 -0
- package/dist/shared/types.d.ts +337 -0
- package/dist/shared/types.d.ts.map +1 -0
- package/dist/shared/types.js +126 -0
- package/dist/shared/types.js.map +1 -0
- package/dist/tiers.d.ts +2 -2
- package/dist/tiers.d.ts.map +1 -1
- package/dist/tiers.js +10 -0
- package/dist/tiers.js.map +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/dist/validate/clients.d.ts +44 -0
- package/dist/validate/clients.d.ts.map +1 -0
- package/dist/validate/clients.js +81 -0
- package/dist/validate/clients.js.map +1 -0
- package/dist/validate/index.d.ts +41 -0
- package/dist/validate/index.d.ts.map +1 -0
- package/dist/validate/index.js +141 -0
- package/dist/validate/index.js.map +1 -0
- package/dist/validate/prompts/index.d.ts +8 -0
- package/dist/validate/prompts/index.d.ts.map +1 -0
- package/dist/validate/prompts/index.js +16 -0
- package/dist/validate/prompts/index.js.map +1 -0
- package/dist/validate/prompts/modules/ai-patterns.d.ts +19 -0
- package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -0
- package/dist/validate/prompts/modules/ai-patterns.js +156 -0
- package/dist/validate/prompts/modules/ai-patterns.js.map +1 -0
- package/dist/validate/prompts/modules/auth-access.d.ts +9 -0
- package/dist/validate/prompts/modules/auth-access.d.ts.map +1 -0
- package/dist/validate/prompts/modules/auth-access.js +25 -0
- package/dist/validate/prompts/modules/auth-access.js.map +1 -0
- package/dist/validate/prompts/modules/common.d.ts +11 -0
- package/dist/validate/prompts/modules/common.d.ts.map +1 -0
- package/dist/validate/prompts/modules/common.js +186 -0
- package/dist/validate/prompts/modules/common.js.map +1 -0
- package/dist/validate/prompts/modules/index.d.ts +54 -0
- package/dist/validate/prompts/modules/index.d.ts.map +1 -0
- package/dist/validate/prompts/modules/index.js +186 -0
- package/dist/validate/prompts/modules/index.js.map +1 -0
- package/dist/validate/prompts/modules/owasp-classic.d.ts +8 -0
- package/dist/validate/prompts/modules/owasp-classic.d.ts.map +1 -0
- package/dist/validate/prompts/modules/owasp-classic.js +84 -0
- package/dist/validate/prompts/modules/owasp-classic.js.map +1 -0
- package/dist/validate/prompts/modules/secrets-crypto.d.ts +8 -0
- package/dist/validate/prompts/modules/secrets-crypto.d.ts.map +1 -0
- package/dist/validate/prompts/modules/secrets-crypto.js +68 -0
- package/dist/validate/prompts/modules/secrets-crypto.js.map +1 -0
- package/dist/validate/prompts/modules/xss-prompt.d.ts +8 -0
- package/dist/validate/prompts/modules/xss-prompt.d.ts.map +1 -0
- package/dist/validate/prompts/modules/xss-prompt.js +22 -0
- package/dist/validate/prompts/modules/xss-prompt.js.map +1 -0
- package/dist/validate/prompts/semantic-analysis.d.ts +15 -0
- package/dist/validate/prompts/semantic-analysis.d.ts.map +1 -0
- package/dist/validate/prompts/semantic-analysis.js +169 -0
- package/dist/validate/prompts/semantic-analysis.js.map +1 -0
- package/dist/validate/prompts/validation.d.ts +18 -0
- package/dist/validate/prompts/validation.d.ts.map +1 -0
- package/dist/validate/prompts/validation.js +25 -0
- package/dist/validate/prompts/validation.js.map +1 -0
- package/dist/validate/providers/anthropic.d.ts +17 -0
- package/dist/validate/providers/anthropic.d.ts.map +1 -0
- package/dist/validate/providers/anthropic.js +260 -0
- package/dist/validate/providers/anthropic.js.map +1 -0
- package/dist/validate/providers/index.d.ts +8 -0
- package/dist/validate/providers/index.d.ts.map +1 -0
- package/dist/validate/providers/index.js +13 -0
- package/dist/validate/providers/index.js.map +1 -0
- package/dist/validate/providers/openai.d.ts +14 -0
- package/dist/validate/providers/openai.d.ts.map +1 -0
- package/dist/validate/providers/openai.js +336 -0
- package/dist/validate/providers/openai.js.map +1 -0
- package/dist/validate/request-builder.d.ts +61 -0
- package/dist/validate/request-builder.d.ts.map +1 -0
- package/dist/validate/request-builder.js +346 -0
- package/dist/validate/request-builder.js.map +1 -0
- package/dist/validate/types.d.ts +88 -0
- package/dist/validate/types.d.ts.map +1 -0
- package/dist/validate/types.js +38 -0
- package/dist/validate/types.js.map +1 -0
- package/dist/validate/utils/context-extractor.d.ts +55 -0
- package/dist/validate/utils/context-extractor.d.ts.map +1 -0
- package/dist/validate/utils/context-extractor.js +161 -0
- package/dist/validate/utils/context-extractor.js.map +1 -0
- package/dist/validate/utils/index.d.ts +11 -0
- package/dist/validate/utils/index.d.ts.map +1 -0
- package/dist/validate/utils/index.js +27 -0
- package/dist/validate/utils/index.js.map +1 -0
- package/dist/validate/utils/path-helpers.d.ts +21 -0
- package/dist/validate/utils/path-helpers.d.ts.map +1 -0
- package/dist/validate/utils/path-helpers.js +69 -0
- package/dist/validate/utils/path-helpers.js.map +1 -0
- package/dist/validate/utils/response-parser.d.ts +40 -0
- package/dist/validate/utils/response-parser.d.ts.map +1 -0
- package/dist/validate/utils/response-parser.js +286 -0
- package/dist/validate/utils/response-parser.js.map +1 -0
- package/dist/validate/utils/retry.d.ts +15 -0
- package/dist/validate/utils/retry.d.ts.map +1 -0
- package/dist/validate/utils/retry.js +62 -0
- package/dist/validate/utils/retry.js.map +1 -0
- package/package.json +8 -7
- package/src/__tests__/benchmark/fixtures/layer1/agent-skill-injection.ts +204 -0
- package/src/__tests__/benchmark/fixtures/layer1/index.ts +3 -0
- package/src/__tests__/benchmark/fixtures/layer2/index.ts +15 -0
- package/src/__tests__/benchmark/fixtures/layer2/log-injection.ts +147 -0
- package/src/__tests__/benchmark/fixtures/layer2/security-headers.ts +197 -0
- package/src/__tests__/benchmark/fixtures/layer2/ssrf-detection.ts +210 -0
- package/src/__tests__/benchmark/fixtures/layer2/xxe-detection.ts +195 -0
- package/src/__tests__/benchmark/run-depth-validation.ts +3 -3
- package/src/__tests__/benchmark/run-real-world-test.ts +4 -4
- package/src/__tests__/benchmark/types.ts +1 -1
- package/src/__tests__/benchmark/utils/test-runner.ts +3 -3
- package/src/__tests__/category-filter.test.ts +2 -2
- package/src/__tests__/context-engine/cross-file-taint.test.ts +284 -0
- package/src/__tests__/context-engine/framework-models.test.ts +457 -0
- package/src/__tests__/context-engine/function-classifier.test.ts +146 -0
- package/src/__tests__/context-engine/import-resolver.test.ts +328 -0
- package/src/__tests__/context-engine/integration.test.ts +320 -0
- package/src/__tests__/context-engine/module-graph.test.ts +159 -0
- package/src/__tests__/context-engine/route-discovery/auth-resolver.test.ts +353 -0
- package/src/__tests__/context-engine/route-discovery/express.test.ts +150 -0
- package/src/__tests__/context-engine/route-discovery/nextjs.test.ts +138 -0
- package/src/__tests__/context-engine/route-discovery/python.test.ts +95 -0
- package/src/__tests__/context-engine/sanitiser-detection.test.ts +187 -0
- package/src/__tests__/context-engine/sink-matcher.test.ts +251 -0
- package/src/__tests__/context-engine/source-discovery.test.ts +186 -0
- package/src/__tests__/context-engine/taint-tracker.test.ts +182 -0
- package/src/__tests__/regression/agent-skill-benign.test.ts +174 -0
- package/src/__tests__/regression/known-false-positives.test.ts +312 -4
- package/src/__tests__/score/adjustments.test.ts +385 -0
- package/src/__tests__/score/confidence.test.ts +283 -0
- package/src/__tests__/score/framework-scoring.test.ts +275 -0
- package/src/__tests__/score/route-scoring.test.ts +156 -0
- package/src/__tests__/score/scoring-integration.test.ts +165 -0
- package/src/__tests__/score/taint-adjustments.test.ts +244 -0
- package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +37 -49
- package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +52 -0
- package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +3 -3
- package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +2 -2
- package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +1 -1
- package/src/__tests__/snapshots/scan-depth.test.ts +3 -3
- package/src/__tests__/validate/route-annotations.test.ts +138 -0
- package/src/__tests__/validation/analyze-results.ts +1 -1
- package/src/__tests__/validation/extract-for-triage.ts +1 -1
- package/src/__tests__/validation/fp-deep-analysis.ts +1 -1
- package/src/{layer2/ai-agent-tools.ts → detect/ai-code/agent-tools.ts} +23 -3
- package/src/{layer2 → detect/ai-code}/byok-patterns.ts +17 -5
- package/src/{layer2/ai-endpoint-protection.ts → detect/ai-code/endpoint-protection.ts} +8 -4
- package/src/{layer2/ai-execution-sinks.ts → detect/ai-code/execution-sinks.ts} +8 -4
- package/src/{layer2/ai-fingerprinting.ts → detect/ai-code/fingerprinting.ts} +20 -4
- package/src/detect/ai-code/index.ts +11 -0
- package/src/{layer2/ai-mcp-security.ts → detect/ai-code/mcp-security.ts} +7 -3
- package/src/{layer2 → detect/ai-code}/model-supply-chain.ts +7 -3
- package/src/{layer2/ai-package-hallucination.ts → detect/ai-code/package-hallucination.ts} +18 -3
- package/src/{layer2/ai-prompt-hygiene.ts → detect/ai-code/prompt-hygiene.ts} +25 -3
- package/src/{layer2/ai-rag-safety.ts → detect/ai-code/rag-safety.ts} +7 -3
- package/src/{layer2/ai-schema-validation.ts → detect/ai-code/schema-validation.ts} +7 -3
- package/src/detect/config/agent-skill-injection.ts +551 -0
- package/src/{layer1 → detect/config}/comments.ts +6 -2
- package/src/{layer1 → detect/config}/file-flags.ts +9 -3
- package/src/detect/config/index.ts +6 -0
- package/src/{layer3 → detect/config}/osv-check.ts +3 -2
- package/src/{layer3 → detect/config}/package-check.ts +3 -2
- package/src/{layer1 → detect/config}/urls.ts +12 -5
- package/src/detect/index.ts +131 -0
- package/src/{layer1 → detect/secrets}/config-audit.ts +7 -2
- package/src/{layer1 → detect/secrets}/config-mcp-audit.ts +8 -3
- package/src/{layer1 → detect/secrets}/entropy.ts +23 -11
- package/src/{layer1 → detect/secrets}/index.ts +31 -30
- package/src/{layer1 → detect/secrets}/patterns.ts +10 -3
- package/src/{layer1 → detect/secrets}/weak-crypto.ts +7 -2
- package/src/{layer2/auth-antipatterns.ts → detect/structural/auth-patterns.ts} +23 -11
- package/src/{layer2 → detect/structural}/dangerous-functions/dom-xss.ts +1 -1
- package/src/{layer2 → detect/structural}/dangerous-functions/index.ts +47 -24
- package/src/{layer2 → detect/structural}/dangerous-functions/json-parse.ts +10 -2
- package/src/{layer2 → detect/structural}/dangerous-functions/math-random.ts +2 -2
- package/src/{layer2 → detect/structural}/dangerous-functions/patterns.ts +1 -1
- package/src/{layer2 → detect/structural}/dangerous-functions/request-validation.ts +10 -2
- package/src/{layer2 → detect/structural}/dangerous-functions/utils/control-flow.ts +2 -2
- package/src/{layer2 → detect/structural}/data-exposure.ts +11 -3
- package/src/{layer2 → detect/structural}/framework-checks.ts +10 -11
- package/src/{layer2 → detect/structural}/index.ts +80 -77
- package/src/detect/structural/log-injection.ts +254 -0
- package/src/{layer2 → detect/structural}/logic-gates.ts +13 -5
- package/src/{layer2 → detect/structural}/risky-imports.ts +7 -3
- package/src/detect/structural/security-headers.ts +231 -0
- package/src/detect/structural/ssrf-detection.ts +300 -0
- package/src/{layer2 → detect/structural}/variables.ts +7 -3
- package/src/detect/structural/xxe-detection.ts +295 -0
- package/src/index.ts +39 -1291
- package/src/{utils → model}/auth-helper-detector.ts +1 -1
- package/src/model/cross-file-taint.ts +374 -0
- package/src/model/framework-models/django.ts +82 -0
- package/src/model/framework-models/express.ts +54 -0
- package/src/model/framework-models/index.ts +116 -0
- package/src/model/framework-models/nextjs.ts +69 -0
- package/src/model/framework-models/prisma.ts +57 -0
- package/src/model/framework-models/react.ts +63 -0
- package/src/model/framework-models/sequelize.ts +63 -0
- package/src/model/framework-models/types.ts +46 -0
- package/src/model/function-classifier.ts +184 -0
- package/src/model/import-resolver.ts +453 -0
- package/src/{utils → model}/imported-auth-detector.ts +21 -85
- package/src/model/index.ts +353 -0
- package/src/{utils → model}/middleware-detector.ts +156 -17
- package/src/model/module-graph.ts +254 -0
- package/src/{utils → model}/oauth-flow-detector.ts +1 -1
- package/src/{utils/project-context-builder.ts → model/project-context.ts} +1 -1
- package/src/model/route-auth-resolver.ts +216 -0
- package/src/model/route-discovery/express.ts +251 -0
- package/src/model/route-discovery/index.ts +83 -0
- package/src/model/route-discovery/nextjs.ts +216 -0
- package/src/model/route-discovery/python.ts +214 -0
- package/src/model/route-discovery/types.ts +48 -0
- package/src/model/route-discovery/utils.ts +54 -0
- package/src/model/sanitiser-detection.ts +268 -0
- package/src/model/sink-matcher.ts +178 -0
- package/src/model/sink-patterns.ts +109 -0
- package/src/model/source-discovery.ts +209 -0
- package/src/model/taint-tracker.ts +333 -0
- package/src/model/taint-types.ts +149 -0
- package/src/{utils → model}/trpc-analyzer.ts +1 -1
- package/src/{utils/context-helpers.ts → parse/file-classifier.ts} +54 -0
- package/src/{utils → parse}/path-exclusions.ts +1 -1
- package/src/pipeline/config.ts +81 -0
- package/src/pipeline/index.ts +437 -0
- package/src/{modes → pipeline/modes}/incremental.ts +5 -5
- package/src/postprocess/aggregation.ts +74 -0
- package/src/postprocess/contradictions.ts +128 -0
- package/src/postprocess/dedup.ts +62 -0
- package/src/{filtering → postprocess/filtering}/__tests__/pipeline.test.ts +1 -1
- package/src/{filtering → postprocess/filtering}/context-adjustments.ts +2 -2
- package/src/{filtering → postprocess/filtering}/pipeline.ts +2 -2
- package/src/postprocess/index.ts +118 -0
- package/src/{suppression → postprocess/suppression}/config-loader.ts +1 -1
- package/src/{suppression → postprocess/suppression}/hash.ts +1 -1
- package/src/{suppression → postprocess/suppression}/inline-parser.ts +1 -1
- package/src/{suppression → postprocess/suppression}/manager.ts +1 -1
- package/src/{suppression → postprocess/suppression}/types.ts +2 -2
- package/src/postprocess/validation-cap.ts +66 -0
- package/src/report/build-result.ts +94 -0
- package/src/report/enrichment.ts +52 -0
- package/src/{formatters → report/formatters}/ai-context.ts +1 -1
- package/src/{formatters → report/formatters}/cli-terminal.ts +11 -11
- package/src/{formatters → report/formatters}/github-comment.ts +1 -1
- package/src/{formatters → report/formatters}/grouping.ts +8 -8
- package/src/{formatters → report/formatters}/ide/claude-code.ts +1 -1
- package/src/{formatters → report/formatters}/ide/cursor.ts +1 -1
- package/src/{formatters → report/formatters}/ide/windsurf.ts +1 -1
- package/src/{formatters → report/formatters}/vscode-diagnostic.ts +1 -1
- package/src/report/summary.ts +70 -0
- package/src/score/adjustments.ts +387 -0
- package/src/{layer3/anthropic → score}/auto-dismiss.ts +15 -14
- package/src/score/confidence.ts +66 -0
- package/src/score/index.ts +316 -0
- package/src/score/types.ts +187 -0
- package/src/{baseline → shared/baseline}/__tests__/diff.test.ts +2 -2
- package/src/{baseline → shared/baseline}/diff.ts +1 -1
- package/src/{baseline → shared/baseline}/manager.ts +1 -1
- package/src/{category-filter.ts → shared/category-filter.ts} +1 -1
- package/src/{utils → shared}/code-analysis.ts +1 -1
- package/src/{rules → shared/rules}/__tests__/metadata.test.ts +7 -0
- package/src/{rules → shared/rules}/framework-fixes.ts +1 -1
- package/src/{rules → shared/rules}/metadata.ts +94 -0
- package/src/{types.ts → shared/types.ts} +22 -5
- package/src/tiers.ts +18 -1
- package/src/validate/__tests__/context-extractor.test.ts +191 -0
- package/src/validate/__tests__/prompt-assembly.test.ts +233 -0
- package/src/validate/__tests__/request-builder.test.ts +347 -0
- package/src/{layer3/anthropic → validate}/index.ts +8 -7
- package/src/{layer3/anthropic → validate}/prompts/index.ts +2 -0
- package/src/validate/prompts/modules/ai-patterns.ts +153 -0
- package/src/validate/prompts/modules/auth-access.ts +22 -0
- package/src/validate/prompts/modules/common.ts +183 -0
- package/src/validate/prompts/modules/index.ts +204 -0
- package/src/validate/prompts/modules/owasp-classic.ts +81 -0
- package/src/validate/prompts/modules/secrets-crypto.ts +65 -0
- package/src/validate/prompts/modules/xss-prompt.ts +19 -0
- package/src/validate/prompts/validation.ts +20 -0
- package/src/{layer3/anthropic → validate}/providers/anthropic.ts +28 -27
- package/src/validate/providers/index.ts +8 -0
- package/src/{layer3/anthropic → validate}/providers/openai.ts +30 -25
- package/src/validate/request-builder.ts +448 -0
- package/src/{layer3/anthropic → validate}/types.ts +1 -1
- package/src/validate/utils/context-extractor.ts +220 -0
- package/src/{layer3/anthropic → validate}/utils/index.ts +10 -0
- package/src/{layer3/anthropic → validate}/utils/response-parser.ts +2 -1
- package/src/layer3/anthropic/prompts/validation.ts +0 -419
- package/src/layer3/anthropic/providers/index.ts +0 -8
- package/src/layer3/anthropic/request-builder.ts +0 -150
- package/src/layer3/index.ts +0 -168
- /package/src/{layer3 → detect/config}/__tests__/osv-check.test.ts +0 -0
- /package/src/{layer2 → detect/structural}/__tests__/math-random-enhanced.test.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/child-process.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/utils/helpers.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/utils/index.ts +0 -0
- /package/src/{layer2 → detect/structural}/dangerous-functions/utils/schema-validation.ts +0 -0
- /package/src/{utils → model}/route-hierarchy.ts +0 -0
- /package/src/{filtering → postprocess/filtering}/index.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/config-loader.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/hash.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/inline-parser.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/__tests__/manager.test.ts +0 -0
- /package/src/{suppression → postprocess/suppression}/index.ts +0 -0
- /package/src/{formatters → report/formatters}/__tests__/ai-context.test.ts +0 -0
- /package/src/{formatters → report/formatters}/ide/__tests__/ide.test.ts +0 -0
- /package/src/{formatters → report/formatters}/ide/index.ts +0 -0
- /package/src/{formatters → report/formatters}/index.ts +0 -0
- /package/src/{utils → shared}/__tests__/code-analysis.test.ts +0 -0
- /package/src/{utils → shared}/__tests__/parsed-file.test.ts +0 -0
- /package/src/{ai-context → shared/ai-context}/__tests__/manager.test.ts +0 -0
- /package/src/{ai-context → shared/ai-context}/index.ts +0 -0
- /package/src/{ai-context → shared/ai-context}/manager.ts +0 -0
- /package/src/{baseline → shared/baseline}/__tests__/manager.test.ts +0 -0
- /package/src/{baseline → shared/baseline}/index.ts +0 -0
- /package/src/{baseline → shared/baseline}/types.ts +0 -0
- /package/src/{utils → shared}/comment-analyzer.ts +0 -0
- /package/src/{utils → shared}/diff-detector.ts +0 -0
- /package/src/{utils → shared}/diff-parser.ts +0 -0
- /package/src/{utils → shared}/environment-context.ts +0 -0
- /package/src/{utils → shared}/intent-detector.ts +0 -0
- /package/src/{utils → shared}/parsed-file.ts +0 -0
- /package/src/{utils → shared}/registry-clients.ts +0 -0
- /package/src/{rules → shared/rules}/__tests__/framework-fixes.test.ts +0 -0
- /package/src/{rules → shared/rules}/index.ts +0 -0
- /package/src/{utils → shared}/schema-semantics.ts +0 -0
- /package/src/{layer3/anthropic → validate}/clients.ts +0 -0
- /package/src/{layer3/anthropic → validate}/prompts/semantic-analysis.ts +0 -0
- /package/src/{layer3/anthropic → validate}/utils/path-helpers.ts +0 -0
- /package/src/{layer3/anthropic → validate}/utils/retry.ts +0 -0
|
@@ -0,0 +1,534 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Project Context Builder
|
|
4
|
+
*
|
|
5
|
+
* Builds a generic project context summary for AI validation by analyzing
|
|
6
|
+
* common patterns across the codebase. This context helps the AI validator
|
|
7
|
+
* understand the project's security architecture without hardcoding any
|
|
8
|
+
* specific framework or vendor.
|
|
9
|
+
*
|
|
10
|
+
* Key areas analyzed:
|
|
11
|
+
* - Authentication & access control patterns
|
|
12
|
+
* - Data access patterns (ORMs, query builders, raw queries)
|
|
13
|
+
* - Secrets & configuration handling
|
|
14
|
+
* - Framework detection
|
|
15
|
+
*/
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
exports.buildProjectContext = buildProjectContext;
|
|
18
|
+
exports.getFileValidationContext = getFileValidationContext;
|
|
19
|
+
const middleware_detector_1 = require("./middleware-detector");
|
|
20
|
+
const auth_helper_detector_1 = require("./auth-helper-detector");
|
|
21
|
+
const oauth_flow_detector_1 = require("./oauth-flow-detector");
|
|
22
|
+
const trpc_analyzer_1 = require("./trpc-analyzer");
|
|
23
|
+
// ============================================================================
|
|
24
|
+
// Pattern Definitions
|
|
25
|
+
// ============================================================================
|
|
26
|
+
const AUTH_HELPER_PATTERNS = [
|
|
27
|
+
{ pattern: /getCurrentUser|getUser|fetchUser/i, name: 'getCurrentUser' },
|
|
28
|
+
{ pattern: /getCurrentUserId|getUserId/i, name: 'getCurrentUserId' },
|
|
29
|
+
{ pattern: /getSession|getServerSession/i, name: 'getSession' },
|
|
30
|
+
{ pattern: /requireAuth|ensureAuth|checkAuth/i, name: 'requireAuth' },
|
|
31
|
+
{ pattern: /verifyToken|validateToken/i, name: 'verifyToken' },
|
|
32
|
+
{ pattern: /isAuthenticated|isLoggedIn/i, name: 'isAuthenticated' },
|
|
33
|
+
{ pattern: /withAuth|authGuard/i, name: 'withAuth' },
|
|
34
|
+
{ pattern: /useAuth|useSession/i, name: 'useAuth (hook)' },
|
|
35
|
+
{ pattern: /auth\(\)|getAuth\(\)/i, name: 'auth()' },
|
|
36
|
+
];
|
|
37
|
+
const ORM_PATTERNS = [
|
|
38
|
+
{ pattern: /from\s+['"]@prisma\/client['"]|PrismaClient/i, orm: 'prisma' },
|
|
39
|
+
{ pattern: /from\s+['"]drizzle-orm['"]|drizzle\(/i, orm: 'drizzle' },
|
|
40
|
+
{ pattern: /from\s+['"]@supabase\/supabase-js['"]|createClient.*supabase/i, orm: 'supabase' },
|
|
41
|
+
{ pattern: /from\s+['"]mongoose['"]|mongoose\.connect/i, orm: 'mongoose' },
|
|
42
|
+
{ pattern: /from\s+['"]sequelize['"]|Sequelize/i, orm: 'sequelize' },
|
|
43
|
+
{ pattern: /from\s+['"]typeorm['"]|DataSource/i, orm: 'typeorm' },
|
|
44
|
+
{ pattern: /from\s+['"]knex['"]|knex\(/i, orm: 'knex' },
|
|
45
|
+
];
|
|
46
|
+
const VALIDATION_LIBRARY_PATTERNS = [
|
|
47
|
+
{ pattern: /from\s+['"]zod['"]|z\.object/i, lib: 'zod' },
|
|
48
|
+
{ pattern: /from\s+['"]yup['"]|yup\.object/i, lib: 'yup' },
|
|
49
|
+
{ pattern: /from\s+['"]joi['"]|Joi\.object/i, lib: 'joi' },
|
|
50
|
+
{ pattern: /from\s+['"]valibot['"]|v\.object/i, lib: 'valibot' },
|
|
51
|
+
{ pattern: /from\s+['"]class-validator['"]|@IsString|@IsEmail/i, lib: 'class-validator' },
|
|
52
|
+
];
|
|
53
|
+
const SECRET_MANAGER_PATTERNS = [
|
|
54
|
+
{ pattern: /aws-sdk.*secretsmanager|SecretsManager/i, type: 'AWS Secrets Manager' },
|
|
55
|
+
{ pattern: /google-cloud.*secret-manager|SecretManagerServiceClient/i, type: 'Google Secret Manager' },
|
|
56
|
+
{ pattern: /@azure\/keyvault|KeyVaultSecret/i, type: 'Azure Key Vault' },
|
|
57
|
+
{ pattern: /hashicorp.*vault|vault\.read/i, type: 'HashiCorp Vault' },
|
|
58
|
+
{ pattern: /doppler|infisical/i, type: 'Doppler/Infisical' },
|
|
59
|
+
];
|
|
60
|
+
// ============================================================================
|
|
61
|
+
// Main Builder Function
|
|
62
|
+
// ============================================================================
|
|
63
|
+
/**
|
|
64
|
+
* Build a comprehensive project context from scanned files
|
|
65
|
+
* This context is used to inform AI validation decisions
|
|
66
|
+
*/
|
|
67
|
+
function buildProjectContext(files) {
|
|
68
|
+
// Detect middleware configuration
|
|
69
|
+
const middlewareConfig = (0, middleware_detector_1.detectGlobalAuthMiddleware)(files);
|
|
70
|
+
// Build individual context sections
|
|
71
|
+
const auth = buildAuthContext(files, middlewareConfig);
|
|
72
|
+
const dataAccess = buildDataAccessContext(files);
|
|
73
|
+
const secrets = buildSecretsContext(files);
|
|
74
|
+
const frameworks = buildFrameworkContext(files);
|
|
75
|
+
const structure = buildStructureContext(files);
|
|
76
|
+
const oauth = (0, oauth_flow_detector_1.detectOAuthFlow)(files);
|
|
77
|
+
const trpc = (0, trpc_analyzer_1.analyzeTRPCRouters)(files);
|
|
78
|
+
// Generate summary string for AI prompt
|
|
79
|
+
const summary = generateContextSummary({
|
|
80
|
+
auth,
|
|
81
|
+
dataAccess,
|
|
82
|
+
secrets,
|
|
83
|
+
frameworks,
|
|
84
|
+
structure,
|
|
85
|
+
oauth,
|
|
86
|
+
trpc,
|
|
87
|
+
});
|
|
88
|
+
return {
|
|
89
|
+
summary,
|
|
90
|
+
auth,
|
|
91
|
+
dataAccess,
|
|
92
|
+
secrets,
|
|
93
|
+
frameworks,
|
|
94
|
+
structure,
|
|
95
|
+
oauth,
|
|
96
|
+
trpc,
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
// ============================================================================
|
|
100
|
+
// Context Builders
|
|
101
|
+
// ============================================================================
|
|
102
|
+
function buildAuthContext(files, middlewareConfig) {
|
|
103
|
+
const authHelperNames = [];
|
|
104
|
+
let hasUserScoping = false;
|
|
105
|
+
const userScopingPatterns = [];
|
|
106
|
+
// Detect auth helpers using the dedicated detector (includes throwing detection)
|
|
107
|
+
const authHelperContext = (0, auth_helper_detector_1.detectAuthHelpers)(files);
|
|
108
|
+
const throwingAuthHelpers = authHelperContext.helpers.filter(h => h.throwsOnMissing);
|
|
109
|
+
// Scan all files for additional auth patterns and user scoping
|
|
110
|
+
for (const file of files) {
|
|
111
|
+
// Skip non-code files
|
|
112
|
+
if (!isCodeFile(file.path))
|
|
113
|
+
continue;
|
|
114
|
+
// Detect auth helper functions by name patterns
|
|
115
|
+
for (const { pattern, name } of AUTH_HELPER_PATTERNS) {
|
|
116
|
+
if (pattern.test(file.content) && !authHelperNames.includes(name)) {
|
|
117
|
+
authHelperNames.push(name);
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
// Detect user scoping patterns
|
|
121
|
+
const scoping = (0, middleware_detector_1.detectUserScopingPatterns)(file.content);
|
|
122
|
+
if (scoping.hasUserScoping) {
|
|
123
|
+
hasUserScoping = true;
|
|
124
|
+
for (const p of scoping.patterns) {
|
|
125
|
+
if (!userScopingPatterns.includes(p)) {
|
|
126
|
+
userScopingPatterns.push(p);
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
// Merge detected helper names from both sources
|
|
132
|
+
for (const helper of authHelperContext.helpers) {
|
|
133
|
+
if (!authHelperNames.includes(helper.name)) {
|
|
134
|
+
authHelperNames.push(helper.name);
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
return {
|
|
138
|
+
hasGlobalMiddleware: middlewareConfig.hasAuthMiddleware,
|
|
139
|
+
authProvider: middlewareConfig.authType,
|
|
140
|
+
middlewareFile: middlewareConfig.middlewareFile,
|
|
141
|
+
protectedPaths: middlewareConfig.protectedPaths,
|
|
142
|
+
publicPaths: middlewareConfig.publicPaths,
|
|
143
|
+
authHelpers: authHelperNames,
|
|
144
|
+
authHelperContext,
|
|
145
|
+
throwingAuthHelpers,
|
|
146
|
+
hasUserScoping,
|
|
147
|
+
userScopingPatterns,
|
|
148
|
+
};
|
|
149
|
+
}
|
|
150
|
+
function buildDataAccessContext(files) {
|
|
151
|
+
let orm = undefined;
|
|
152
|
+
let usesParameterizedQueries = false;
|
|
153
|
+
let databaseType = undefined;
|
|
154
|
+
let hasRLS = false;
|
|
155
|
+
let validationLibrary = undefined;
|
|
156
|
+
for (const file of files) {
|
|
157
|
+
if (!isCodeFile(file.path))
|
|
158
|
+
continue;
|
|
159
|
+
const content = file.content;
|
|
160
|
+
// Detect ORM
|
|
161
|
+
if (!orm) {
|
|
162
|
+
for (const { pattern, orm: ormType } of ORM_PATTERNS) {
|
|
163
|
+
if (pattern.test(content)) {
|
|
164
|
+
orm = ormType;
|
|
165
|
+
break;
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
}
|
|
169
|
+
// Detect parameterized queries
|
|
170
|
+
if (!usesParameterizedQueries) {
|
|
171
|
+
// Prisma, Drizzle, Supabase all use parameterized by default
|
|
172
|
+
if (orm === 'prisma' || orm === 'drizzle' || orm === 'supabase') {
|
|
173
|
+
usesParameterizedQueries = true;
|
|
174
|
+
}
|
|
175
|
+
// Check for explicit parameterized patterns
|
|
176
|
+
if (/\$\d+|\?\s*,|\?(?=\s*\))|:[\w]+/i.test(content) && /query|execute|sql/i.test(content)) {
|
|
177
|
+
usesParameterizedQueries = true;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
// Detect database type
|
|
181
|
+
if (!databaseType) {
|
|
182
|
+
if (/postgres|pg\.|@vercel\/postgres/i.test(content)) {
|
|
183
|
+
databaseType = 'postgres';
|
|
184
|
+
}
|
|
185
|
+
else if (/mysql|mysql2/i.test(content)) {
|
|
186
|
+
databaseType = 'mysql';
|
|
187
|
+
}
|
|
188
|
+
else if (/mongodb|mongoose/i.test(content)) {
|
|
189
|
+
databaseType = 'mongodb';
|
|
190
|
+
}
|
|
191
|
+
else if (/sqlite|better-sqlite/i.test(content)) {
|
|
192
|
+
databaseType = 'sqlite';
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
// Detect RLS
|
|
196
|
+
if (!hasRLS && /row.?level.?security|RLS|\.rls\(|enable_rls/i.test(content)) {
|
|
197
|
+
hasRLS = true;
|
|
198
|
+
}
|
|
199
|
+
// Detect validation library
|
|
200
|
+
if (!validationLibrary) {
|
|
201
|
+
for (const { pattern, lib } of VALIDATION_LIBRARY_PATTERNS) {
|
|
202
|
+
if (pattern.test(content)) {
|
|
203
|
+
validationLibrary = lib;
|
|
204
|
+
break;
|
|
205
|
+
}
|
|
206
|
+
}
|
|
207
|
+
}
|
|
208
|
+
}
|
|
209
|
+
// If no ORM detected but SQL patterns found, mark as raw_sql
|
|
210
|
+
if (!orm) {
|
|
211
|
+
const hasRawSql = files.some(f => /SELECT\s+.*FROM|INSERT\s+INTO|UPDATE\s+.*SET|DELETE\s+FROM/i.test(f.content));
|
|
212
|
+
if (hasRawSql) {
|
|
213
|
+
orm = 'raw_sql';
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
return {
|
|
217
|
+
orm,
|
|
218
|
+
usesParameterizedQueries,
|
|
219
|
+
databaseType,
|
|
220
|
+
hasRLS,
|
|
221
|
+
validationLibrary,
|
|
222
|
+
};
|
|
223
|
+
}
|
|
224
|
+
function buildSecretsContext(files) {
|
|
225
|
+
let usesEnvVars = false;
|
|
226
|
+
let usesSecretManager = false;
|
|
227
|
+
let secretManagerType = undefined;
|
|
228
|
+
let hasEnvFiles = false;
|
|
229
|
+
let hasClientExposedEnvVars = false;
|
|
230
|
+
for (const file of files) {
|
|
231
|
+
// Check for .env files
|
|
232
|
+
if (file.path.includes('.env')) {
|
|
233
|
+
hasEnvFiles = true;
|
|
234
|
+
}
|
|
235
|
+
// Check for env var usage
|
|
236
|
+
if (/process\.env\.|import\.meta\.env\.|Deno\.env/i.test(file.content)) {
|
|
237
|
+
usesEnvVars = true;
|
|
238
|
+
}
|
|
239
|
+
// Check for NEXT_PUBLIC_ pattern
|
|
240
|
+
if (/NEXT_PUBLIC_/i.test(file.content)) {
|
|
241
|
+
hasClientExposedEnvVars = true;
|
|
242
|
+
}
|
|
243
|
+
// Check for secret managers
|
|
244
|
+
if (!usesSecretManager) {
|
|
245
|
+
for (const { pattern, type } of SECRET_MANAGER_PATTERNS) {
|
|
246
|
+
if (pattern.test(file.content)) {
|
|
247
|
+
usesSecretManager = true;
|
|
248
|
+
secretManagerType = type;
|
|
249
|
+
break;
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
return {
|
|
255
|
+
usesEnvVars,
|
|
256
|
+
usesSecretManager,
|
|
257
|
+
secretManagerType,
|
|
258
|
+
hasEnvFiles,
|
|
259
|
+
hasClientExposedEnvVars,
|
|
260
|
+
};
|
|
261
|
+
}
|
|
262
|
+
function buildFrameworkContext(files) {
|
|
263
|
+
let primary = undefined;
|
|
264
|
+
let frontend = undefined;
|
|
265
|
+
let isMonorepo = false;
|
|
266
|
+
let usesTypeScript = false;
|
|
267
|
+
let usesServerComponents = false;
|
|
268
|
+
let usesServerActions = false;
|
|
269
|
+
// Check for package.json to detect frameworks
|
|
270
|
+
const packageJson = files.find(f => f.path === 'package.json' || f.path.endsWith('/package.json'));
|
|
271
|
+
if (packageJson) {
|
|
272
|
+
const content = packageJson.content;
|
|
273
|
+
// Primary framework detection
|
|
274
|
+
if (/["']next["']/i.test(content)) {
|
|
275
|
+
primary = 'nextjs';
|
|
276
|
+
}
|
|
277
|
+
else if (/["']express["']/i.test(content)) {
|
|
278
|
+
primary = 'express';
|
|
279
|
+
}
|
|
280
|
+
else if (/["']fastify["']/i.test(content)) {
|
|
281
|
+
primary = 'fastify';
|
|
282
|
+
}
|
|
283
|
+
else if (/["']@nestjs\/core["']/i.test(content)) {
|
|
284
|
+
primary = 'nestjs';
|
|
285
|
+
}
|
|
286
|
+
// Frontend framework detection
|
|
287
|
+
if (/["']react["']/i.test(content)) {
|
|
288
|
+
frontend = 'react';
|
|
289
|
+
}
|
|
290
|
+
else if (/["']vue["']/i.test(content)) {
|
|
291
|
+
frontend = 'vue';
|
|
292
|
+
}
|
|
293
|
+
else if (/["']svelte["']/i.test(content)) {
|
|
294
|
+
frontend = 'svelte';
|
|
295
|
+
}
|
|
296
|
+
else if (/["']@angular\/core["']/i.test(content)) {
|
|
297
|
+
frontend = 'angular';
|
|
298
|
+
}
|
|
299
|
+
// Monorepo detection
|
|
300
|
+
if (/["']workspaces["']|turbo\.json|lerna\.json|pnpm-workspace/i.test(content)) {
|
|
301
|
+
isMonorepo = true;
|
|
302
|
+
}
|
|
303
|
+
}
|
|
304
|
+
// Check for TypeScript
|
|
305
|
+
usesTypeScript = files.some(f => f.path.endsWith('.ts') || f.path.endsWith('.tsx'));
|
|
306
|
+
// Check for Next.js 13+ patterns
|
|
307
|
+
for (const file of files) {
|
|
308
|
+
if (/['"]use server['"]/.test(file.content)) {
|
|
309
|
+
usesServerActions = true;
|
|
310
|
+
}
|
|
311
|
+
if (/['"]use client['"]/.test(file.content) || file.path.includes('/app/')) {
|
|
312
|
+
usesServerComponents = true; // App Router implies server components
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
return {
|
|
316
|
+
primary,
|
|
317
|
+
frontend,
|
|
318
|
+
isMonorepo,
|
|
319
|
+
usesTypeScript,
|
|
320
|
+
usesServerComponents,
|
|
321
|
+
usesServerActions,
|
|
322
|
+
};
|
|
323
|
+
}
|
|
324
|
+
function buildStructureContext(files) {
|
|
325
|
+
const fileTypes = {};
|
|
326
|
+
let hasApiRoutes = false;
|
|
327
|
+
let hasMiddleware = false;
|
|
328
|
+
let hasServerActions = false;
|
|
329
|
+
for (const file of files) {
|
|
330
|
+
// Count file types
|
|
331
|
+
const ext = getFileExtension(file.path);
|
|
332
|
+
fileTypes[ext] = (fileTypes[ext] || 0) + 1;
|
|
333
|
+
// Check for API routes
|
|
334
|
+
if (/\/api\/|route\.(ts|js)$|\/routes\//i.test(file.path)) {
|
|
335
|
+
hasApiRoutes = true;
|
|
336
|
+
}
|
|
337
|
+
// Check for middleware
|
|
338
|
+
if (/middleware\.(ts|js)$/i.test(file.path)) {
|
|
339
|
+
hasMiddleware = true;
|
|
340
|
+
}
|
|
341
|
+
// Check for server actions
|
|
342
|
+
if (/\/actions\/|\.action\.(ts|js)$/i.test(file.path) || /['"]use server['"]/.test(file.content)) {
|
|
343
|
+
hasServerActions = true;
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
return {
|
|
347
|
+
hasApiRoutes,
|
|
348
|
+
hasMiddleware,
|
|
349
|
+
hasServerActions,
|
|
350
|
+
totalFiles: files.length,
|
|
351
|
+
fileTypes,
|
|
352
|
+
};
|
|
353
|
+
}
|
|
354
|
+
// ============================================================================
|
|
355
|
+
// Summary Generator
|
|
356
|
+
// ============================================================================
|
|
357
|
+
function generateContextSummary(ctx) {
|
|
358
|
+
const lines = [];
|
|
359
|
+
lines.push('## Project Security Context');
|
|
360
|
+
lines.push('');
|
|
361
|
+
// Framework info
|
|
362
|
+
if (ctx.frameworks.primary) {
|
|
363
|
+
lines.push(`**Framework:** ${ctx.frameworks.primary}${ctx.frameworks.frontend ? ` + ${ctx.frameworks.frontend}` : ''}`);
|
|
364
|
+
}
|
|
365
|
+
if (ctx.frameworks.usesTypeScript) {
|
|
366
|
+
lines.push('**Language:** TypeScript');
|
|
367
|
+
}
|
|
368
|
+
if (ctx.frameworks.usesServerComponents || ctx.frameworks.usesServerActions) {
|
|
369
|
+
lines.push(`**Patterns:** ${[
|
|
370
|
+
ctx.frameworks.usesServerComponents && 'Server Components',
|
|
371
|
+
ctx.frameworks.usesServerActions && 'Server Actions',
|
|
372
|
+
].filter(Boolean).join(', ')}`);
|
|
373
|
+
}
|
|
374
|
+
lines.push('');
|
|
375
|
+
// Auth info
|
|
376
|
+
lines.push('### Authentication & Access Control');
|
|
377
|
+
if (ctx.auth.hasGlobalMiddleware) {
|
|
378
|
+
lines.push(`- **Global auth middleware detected** (${ctx.auth.authProvider || 'custom'})`);
|
|
379
|
+
if (ctx.auth.middlewareFile) {
|
|
380
|
+
lines.push(` - Middleware file: \`${ctx.auth.middlewareFile}\``);
|
|
381
|
+
}
|
|
382
|
+
if (ctx.auth.protectedPaths.length > 0) {
|
|
383
|
+
lines.push(` - Protected paths: ${ctx.auth.protectedPaths.join(', ')}`);
|
|
384
|
+
}
|
|
385
|
+
if (ctx.auth.publicPaths.length > 0) {
|
|
386
|
+
lines.push(` - Public paths: ${ctx.auth.publicPaths.join(', ')}`);
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
else {
|
|
390
|
+
lines.push('- No global auth middleware detected');
|
|
391
|
+
}
|
|
392
|
+
if (ctx.auth.authHelpers.length > 0) {
|
|
393
|
+
lines.push(`- **Auth helpers found:** ${ctx.auth.authHelpers.join(', ')}`);
|
|
394
|
+
}
|
|
395
|
+
// Throwing auth helpers - CRITICAL for AI validation
|
|
396
|
+
if (ctx.auth.throwingAuthHelpers && ctx.auth.throwingAuthHelpers.length > 0) {
|
|
397
|
+
lines.push('- **Throwing auth helpers detected** (these GUARANTEE authenticated context):');
|
|
398
|
+
for (const helper of ctx.auth.throwingAuthHelpers) {
|
|
399
|
+
const location = helper.definedIn ? ` (in ${helper.definedIn})` : '';
|
|
400
|
+
lines.push(` - \`${helper.name}()\`${location} - throws/redirects on missing auth`);
|
|
401
|
+
}
|
|
402
|
+
lines.push(' - Code AFTER these calls is guaranteed to have an authenticated user');
|
|
403
|
+
lines.push(' - Do NOT flag "missing auth" or suggest `if (!userId)` checks after these calls');
|
|
404
|
+
}
|
|
405
|
+
if (ctx.auth.hasUserScoping) {
|
|
406
|
+
lines.push('- **User scoping detected** in database queries (data is filtered by user/tenant ID)');
|
|
407
|
+
}
|
|
408
|
+
lines.push('');
|
|
409
|
+
// Data access info
|
|
410
|
+
lines.push('### Data Access');
|
|
411
|
+
if (ctx.dataAccess.orm) {
|
|
412
|
+
lines.push(`- **ORM/Query Builder:** ${ctx.dataAccess.orm}`);
|
|
413
|
+
if (ctx.dataAccess.usesParameterizedQueries) {
|
|
414
|
+
lines.push(' - Uses parameterized queries by default (SQL injection protection)');
|
|
415
|
+
}
|
|
416
|
+
}
|
|
417
|
+
if (ctx.dataAccess.databaseType) {
|
|
418
|
+
lines.push(`- **Database:** ${ctx.dataAccess.databaseType}`);
|
|
419
|
+
}
|
|
420
|
+
if (ctx.dataAccess.hasRLS) {
|
|
421
|
+
lines.push('- **Row Level Security (RLS)** is enabled');
|
|
422
|
+
}
|
|
423
|
+
if (ctx.dataAccess.validationLibrary) {
|
|
424
|
+
lines.push(`- **Input validation:** ${ctx.dataAccess.validationLibrary}`);
|
|
425
|
+
}
|
|
426
|
+
lines.push('');
|
|
427
|
+
// Secrets info
|
|
428
|
+
lines.push('### Secrets & Configuration');
|
|
429
|
+
if (ctx.secrets.usesEnvVars) {
|
|
430
|
+
lines.push('- Uses environment variables for configuration');
|
|
431
|
+
}
|
|
432
|
+
if (ctx.secrets.usesSecretManager) {
|
|
433
|
+
lines.push(`- Uses secret manager: ${ctx.secrets.secretManagerType}`);
|
|
434
|
+
}
|
|
435
|
+
if (ctx.secrets.hasClientExposedEnvVars) {
|
|
436
|
+
lines.push('- Has NEXT_PUBLIC_ env vars (intentionally client-exposed)');
|
|
437
|
+
}
|
|
438
|
+
lines.push('');
|
|
439
|
+
// Validation guidance
|
|
440
|
+
lines.push('### Validation Guidance');
|
|
441
|
+
lines.push('Based on this context:');
|
|
442
|
+
if (ctx.auth.hasGlobalMiddleware) {
|
|
443
|
+
lines.push(`- Routes under protected paths are guarded by ${ctx.auth.authProvider || 'auth'} middleware`);
|
|
444
|
+
lines.push('- Downgrade "missing auth" findings for routes covered by middleware');
|
|
445
|
+
}
|
|
446
|
+
if (ctx.auth.throwingAuthHelpers && ctx.auth.throwingAuthHelpers.length > 0) {
|
|
447
|
+
lines.push('- Throwing auth helpers provide guaranteed auth context - do NOT suggest redundant null checks');
|
|
448
|
+
}
|
|
449
|
+
if (ctx.auth.hasUserScoping) {
|
|
450
|
+
lines.push('- Database queries are scoped by user ID - cross-tenant access is mitigated');
|
|
451
|
+
}
|
|
452
|
+
if (ctx.dataAccess.usesParameterizedQueries) {
|
|
453
|
+
lines.push('- SQL injection risk is low due to parameterized queries');
|
|
454
|
+
}
|
|
455
|
+
if (ctx.dataAccess.hasRLS) {
|
|
456
|
+
lines.push('- RLS provides database-level access control');
|
|
457
|
+
}
|
|
458
|
+
// OAuth flow context
|
|
459
|
+
if (ctx.oauth && (ctx.oauth.hasStateGeneration || ctx.oauth.hasStateValidation || ctx.oauth.hasCodeVerifier)) {
|
|
460
|
+
lines.push('');
|
|
461
|
+
lines.push('### OAuth Flow');
|
|
462
|
+
if ((0, oauth_flow_detector_1.isOAuthStateImplemented)(ctx.oauth)) {
|
|
463
|
+
lines.push('- **OAuth state is properly implemented** across files');
|
|
464
|
+
if (ctx.oauth.stateGenerationFile) {
|
|
465
|
+
lines.push(` - State generated in: \`${ctx.oauth.stateGenerationFile}\``);
|
|
466
|
+
}
|
|
467
|
+
if (ctx.oauth.stateValidationFile) {
|
|
468
|
+
lines.push(` - State validated in: \`${ctx.oauth.stateValidationFile}\``);
|
|
469
|
+
}
|
|
470
|
+
lines.push('- Do NOT flag "OAuth state missing" - it is implemented correctly');
|
|
471
|
+
}
|
|
472
|
+
else if (ctx.oauth.flowType === 'client_credentials') {
|
|
473
|
+
lines.push('- **Client credentials flow detected** - no state parameter needed');
|
|
474
|
+
}
|
|
475
|
+
else if (ctx.oauth.hasCodeVerifier) {
|
|
476
|
+
lines.push('- **PKCE flow detected** - code_verifier provides CSRF protection');
|
|
477
|
+
}
|
|
478
|
+
if (ctx.oauth.providers.length > 0) {
|
|
479
|
+
lines.push(`- OAuth providers: ${ctx.oauth.providers.join(', ')}`);
|
|
480
|
+
}
|
|
481
|
+
}
|
|
482
|
+
// tRPC context
|
|
483
|
+
if (ctx.trpc && ctx.trpc.hasTRPC) {
|
|
484
|
+
lines.push('');
|
|
485
|
+
lines.push('### tRPC');
|
|
486
|
+
lines.push(`- ${(0, trpc_analyzer_1.getTRPCSummary)(ctx.trpc)}`);
|
|
487
|
+
const protectedRouters = Array.from(ctx.trpc.routers.values()).filter(r => r.isProtected);
|
|
488
|
+
if (protectedRouters.length > 0) {
|
|
489
|
+
lines.push('- **Protected tRPC routers detected:**');
|
|
490
|
+
for (const router of protectedRouters) {
|
|
491
|
+
lines.push(` - \`${router.name}\` router is protected by auth middleware`);
|
|
492
|
+
}
|
|
493
|
+
lines.push('- Frontend calls to protected tRPC procedures are SAFE - backend handles auth');
|
|
494
|
+
lines.push('- Do NOT flag "missing role check" on frontend components calling protected tRPC procedures');
|
|
495
|
+
}
|
|
496
|
+
}
|
|
497
|
+
return lines.join('\n');
|
|
498
|
+
}
|
|
499
|
+
// ============================================================================
|
|
500
|
+
// Helpers
|
|
501
|
+
// ============================================================================
|
|
502
|
+
function isCodeFile(path) {
|
|
503
|
+
return /\.(ts|tsx|js|jsx|mjs|cjs|py|rb|php|go|java|cs)$/i.test(path);
|
|
504
|
+
}
|
|
505
|
+
function getFileExtension(path) {
|
|
506
|
+
const match = path.match(/\.([^.]+)$/);
|
|
507
|
+
return match ? `.${match[1]}` : 'unknown';
|
|
508
|
+
}
|
|
509
|
+
/**
|
|
510
|
+
* Generate a compact context string for a single file validation
|
|
511
|
+
* Used when validating findings in a specific file
|
|
512
|
+
*/
|
|
513
|
+
function getFileValidationContext(file, projectContext) {
|
|
514
|
+
const lines = [];
|
|
515
|
+
// Include relevant project context
|
|
516
|
+
lines.push(projectContext.summary);
|
|
517
|
+
lines.push('');
|
|
518
|
+
// Add file-specific context
|
|
519
|
+
lines.push(`### Current File: \`${file.path}\``);
|
|
520
|
+
// Determine if this file is server-only
|
|
521
|
+
const isServerFile = /\/api\/|\/server\/|\.server\.|\/actions\/|route\.(ts|js)$|middleware\.(ts|js)$/i.test(file.path);
|
|
522
|
+
if (isServerFile) {
|
|
523
|
+
lines.push('- This is a **server-only** file (not bundled to client)');
|
|
524
|
+
}
|
|
525
|
+
// Check if file is under protected routes
|
|
526
|
+
if (projectContext.auth.hasGlobalMiddleware) {
|
|
527
|
+
const isProtected = projectContext.auth.protectedPaths.some(p => file.path.includes(p.replace(/\*\*/g, '').replace(/\*/g, '')));
|
|
528
|
+
if (isProtected) {
|
|
529
|
+
lines.push(`- This route is **protected by ${projectContext.auth.authProvider || 'auth'} middleware**`);
|
|
530
|
+
}
|
|
531
|
+
}
|
|
532
|
+
return lines.join('\n');
|
|
533
|
+
}
|
|
534
|
+
//# sourceMappingURL=project-context.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"project-context.js","sourceRoot":"","sources":["../../src/model/project-context.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;AAqKH,kDAkCC;AAgdD,4DA8BC;AAlrBD,+DAAwH;AACxH,iEAAmG;AACnG,+DAA4H;AAC5H,mDAA4F;AA6G5F,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,MAAM,oBAAoB,GAAG;IAC3B,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACxE,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACpE,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,YAAY,EAAE;IAC/D,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,aAAa,EAAE;IACrE,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,aAAa,EAAE;IAC9D,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACnE,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,UAAU,EAAE;IACpD,EAAE,OAAO,EAAE,qBAAqB,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC1D,EAAE,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,QAAQ,EAAE;CACrD,CAAA;AAED,MAAM,YAAY,GAAG;IACnB,EAAE,OAAO,EAAE,8CAA8C,EAAE,GAAG,EAAE,QAAiB,EAAE;IACnF,EAAE,OAAO,EAAE,uCAAuC,EAAE,GAAG,EAAE,SAAkB,EAAE;IAC7E,EAAE,OAAO,EAAE,+DAA+D,EAAE,GAAG,EAAE,UAAmB,EAAE;IACtG,EAAE,OAAO,EAAE,4CAA4C,EAAE,GAAG,EAAE,UAAmB,EAAE;IACnF,EAAE,OAAO,EAAE,qCAAqC,EAAE,GAAG,EAAE,WAAoB,EAAE;IAC7E,EAAE,OAAO,EAAE,oCAAoC,EAAE,GAAG,EAAE,SAAkB,EAAE;IAC1E,EAAE,OAAO,EAAE,6BAA6B,EAAE,GAAG,EAAE,MAAe,EAAE;CACjE,CAAA;AAED,MAAM,2BAA2B,GAAG;IAClC,EAAE,OAAO,EAAE,+BAA+B,EAAE,GAAG,EAAE,KAAK,EAAE;IACxD,EAAE,OAAO,EAAE,iCAAiC,EAAE,GAAG,EAAE,KAAK,EAAE;IAC1D,EAAE,OAAO,EAAE,iCAAiC,EAAE,GAAG,EAAE,KAAK,EAAE;IAC1D,EAAE,OAAO,EAAE,mCAAmC,EAAE,GAAG,EAAE,SAAS,EAAE;IAChE,EAAE,OAAO,EAAE,oDAAoD,EAAE,GAAG,EAAE,iBAAiB,EAAE;CAC1F,CAAA;AAED,MAAM,uBAAuB,GAAG;IAC9B,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,qBAAqB,EAAE;IACnF,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,uBAAuB,EAAE;IACtG,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACxE,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,iBAAiB,EAAE;IACrE,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,mBAAmB,EAAE;CAC7D,CAAA;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,KAAiB;IACnD,kCAAkC;IAClC,MAAM,gBAAgB,GAAG,IAAA,gDAA0B,EAAC,KAAK,CAAC,CAAA;IAE1D,oCAAoC;IACpC,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAA;IACtD,MAAM,UAAU,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAA;IAChD,MAAM,OAAO,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAA;IAC1C,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAA;IAC/C,MAAM,SAAS,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAA;IAC9C,MAAM,KAAK,GAAG,IAAA,qCAAe,EAAC,KAAK,CAAC,CAAA;IACpC,MAAM,IAAI,GAAG,IAAA,kCAAkB,EAAC,KAAK,CAAC,CAAA;IAEtC,wCAAwC;IACxC,MAAM,OAAO,GAAG,sBAAsB,CAAC;QACrC,IAAI;QACJ,UAAU;QACV,OAAO;QACP,UAAU;QACV,SAAS;QACT,KAAK;QACL,IAAI;KACL,CAAC,CAAA;IAEF,OAAO;QACL,OAAO;QACP,IAAI;QACJ,UAAU;QACV,OAAO;QACP,UAAU;QACV,SAAS;QACT,KAAK;QACL,IAAI;KACL,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,gBAAgB,CAAC,KAAiB,EAAE,gBAAsC;IACjF,MAAM,eAAe,GAAa,EAAE,CAAA;IACpC,IAAI,cAAc,GAAG,KAAK,CAAA;IAC1B,MAAM,mBAAmB,GAAa,EAAE,CAAA;IAExC,iFAAiF;IACjF,MAAM,iBAAiB,GAAG,IAAA,wCAAiB,EAAC,KAAK,CAAC,CAAA;IAClD,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,CAAA;IAEpF,+DAA+D;IAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,sBAAsB;QACtB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAQ;QAEpC,gDAAgD;QAChD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,oBAAoB,EAAE,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClE,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAC5B,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,OAAO,GAAG,IAAA,+CAAyB,EAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACvD,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC3B,cAAc,GAAG,IAAI,CAAA;YACrB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACjC,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,MAAM,IAAI,iBAAiB,CAAC,OAAO,EAAE,CAAC;QAC/C,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QACnC,CAAC;IACH,CAAC;IAED,OAAO;QACL,mBAAmB,EAAE,gBAAgB,CAAC,iBAAiB;QACvD,YAAY,EAAE,gBAAgB,CAAC,QAAQ;QACvC,cAAc,EAAE,gBAAgB,CAAC,cAAc;QAC/C,cAAc,EAAE,gBAAgB,CAAC,cAAc;QAC/C,WAAW,EAAE,gBAAgB,CAAC,WAAW;QACzC,WAAW,EAAE,eAAe;QAC5B,iBAAiB;QACjB,mBAAmB;QACnB,cAAc;QACd,mBAAmB;KACpB,CAAA;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAiB;IAC/C,IAAI,GAAG,GAA6B,SAAS,CAAA;IAC7C,IAAI,wBAAwB,GAAG,KAAK,CAAA;IACpC,IAAI,YAAY,GAAsC,SAAS,CAAA;IAC/D,IAAI,MAAM,GAAG,KAAK,CAAA;IAClB,IAAI,iBAAiB,GAAuB,SAAS,CAAA;IAErD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,SAAQ;QACpC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAE5B,aAAa;QACb,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,KAAK,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,YAAY,EAAE,CAAC;gBACrD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1B,GAAG,GAAG,OAAO,CAAA;oBACb,MAAK;gBACP,CAAC;YACH,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,wBAAwB,EAAE,CAAC;YAC9B,6DAA6D;YAC7D,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBAChE,wBAAwB,GAAG,IAAI,CAAA;YACjC,CAAC;YACD,4CAA4C;YAC5C,IAAI,kCAAkC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3F,wBAAwB,GAAG,IAAI,CAAA;YACjC,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,IAAI,kCAAkC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrD,YAAY,GAAG,UAAU,CAAA;YAC3B,CAAC;iBAAM,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzC,YAAY,GAAG,OAAO,CAAA;YACxB,CAAC;iBAAM,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7C,YAAY,GAAG,SAAS,CAAA;YAC1B,CAAC;iBAAM,IAAI,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,YAAY,GAAG,QAAQ,CAAA;YACzB,CAAC;QACH,CAAC;QAED,aAAa;QACb,IAAI,CAAC,MAAM,IAAI,8CAA8C,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,MAAM,GAAG,IAAI,CAAA;QACf,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,KAAK,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,2BAA2B,EAAE,CAAC;gBAC3D,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1B,iBAAiB,GAAG,GAAG,CAAA;oBACvB,MAAK;gBACP,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC/B,6DAA6D,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAC9E,CAAA;QACD,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,GAAG,SAAS,CAAA;QACjB,CAAC;IACH,CAAC;IAED,OAAO;QACL,GAAG;QACH,wBAAwB;QACxB,YAAY;QACZ,MAAM;QACN,iBAAiB;KAClB,CAAA;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAiB;IAC5C,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAC7B,IAAI,iBAAiB,GAAuB,SAAS,CAAA;IACrD,IAAI,WAAW,GAAG,KAAK,CAAA;IACvB,IAAI,uBAAuB,GAAG,KAAK,CAAA;IAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,uBAAuB;QACvB,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,WAAW,GAAG,IAAI,CAAA;QACpB,CAAC;QAED,0BAA0B;QAC1B,IAAI,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACvE,WAAW,GAAG,IAAI,CAAA;QACpB,CAAC;QAED,iCAAiC;QACjC,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,uBAAuB,GAAG,IAAI,CAAA;QAChC,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;gBACxD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,iBAAiB,GAAG,IAAI,CAAA;oBACxB,iBAAiB,GAAG,IAAI,CAAA;oBACxB,MAAK;gBACP,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW;QACX,iBAAiB;QACjB,iBAAiB;QACjB,WAAW;QACX,uBAAuB;KACxB,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,IAAI,OAAO,GAAgC,SAAS,CAAA;IACpD,IAAI,QAAQ,GAAiC,SAAS,CAAA;IACtD,IAAI,UAAU,GAAG,KAAK,CAAA;IACtB,IAAI,cAAc,GAAG,KAAK,CAAA;IAC1B,IAAI,oBAAoB,GAAG,KAAK,CAAA;IAChC,IAAI,iBAAiB,GAAG,KAAK,CAAA;IAE7B,8CAA8C;IAC9C,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAA;IAClG,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAA;QAEnC,8BAA8B;QAC9B,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,OAAO,GAAG,QAAQ,CAAA;QACpB,CAAC;aAAM,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO,GAAG,SAAS,CAAA;QACrB,CAAC;aAAM,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO,GAAG,SAAS,CAAA;QACrB,CAAC;aAAM,IAAI,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAClD,OAAO,GAAG,QAAQ,CAAA;QACpB,CAAC;QAED,+BAA+B;QAC/B,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,QAAQ,GAAG,OAAO,CAAA;QACpB,CAAC;aAAM,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,QAAQ,GAAG,KAAK,CAAA;QAClB,CAAC;aAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,QAAQ,GAAG,QAAQ,CAAA;QACrB,CAAC;aAAM,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACnD,QAAQ,GAAG,SAAS,CAAA;QACtB,CAAC;QAED,qBAAqB;QACrB,IAAI,4DAA4D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/E,UAAU,GAAG,IAAI,CAAA;QACnB,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAA;IAEnF,iCAAiC;IACjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,iBAAiB,GAAG,IAAI,CAAA;QAC1B,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3E,oBAAoB,GAAG,IAAI,CAAA,CAAC,uCAAuC;QACrE,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO;QACP,QAAQ;QACR,UAAU;QACV,cAAc;QACd,oBAAoB;QACpB,iBAAiB;KAClB,CAAA;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,MAAM,SAAS,GAA2B,EAAE,CAAA;IAC5C,IAAI,YAAY,GAAG,KAAK,CAAA;IACxB,IAAI,aAAa,GAAG,KAAK,CAAA;IACzB,IAAI,gBAAgB,GAAG,KAAK,CAAA;IAE5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,mBAAmB;QACnB,MAAM,GAAG,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACvC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QAE1C,uBAAuB;QACvB,IAAI,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,YAAY,GAAG,IAAI,CAAA;QACrB,CAAC;QAED,uBAAuB;QACvB,IAAI,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,aAAa,GAAG,IAAI,CAAA;QACtB,CAAC;QAED,2BAA2B;QAC3B,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACjG,gBAAgB,GAAG,IAAI,CAAA;QACzB,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY;QACZ,aAAa;QACb,gBAAgB;QAChB,UAAU,EAAE,KAAK,CAAC,MAAM;QACxB,SAAS;KACV,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,SAAS,sBAAsB,CAAC,GAAoC;IAClE,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;IACzC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,iBAAiB;IACjB,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACzH,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAA;IACxC,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,IAAI,GAAG,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,iBAAiB;YAC1B,GAAG,CAAC,UAAU,CAAC,oBAAoB,IAAI,mBAAmB;YAC1D,GAAG,CAAC,UAAU,CAAC,iBAAiB,IAAI,gBAAgB;SACrD,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACjC,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,YAAY;IACZ,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAA;IACjD,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,0CAA0C,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,QAAQ,GAAG,CAAC,CAAA;QAC1F,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,0BAA0B,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,CAAA;QACnE,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,wBAAwB,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC1E,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,qBAAqB,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAA;IACpD,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC5E,CAAC;IAED,qDAAqD;IACrD,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;QAC3F,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;YACpE,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,OAAO,QAAQ,qCAAqC,CAAC,CAAA;QACtF,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,wEAAwE,CAAC,CAAA;QACpF,KAAK,CAAC,IAAI,CAAC,mFAAmF,CAAC,CAAA;IACjG,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,sFAAsF,CAAC,CAAA;IACpG,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,mBAAmB;IACnB,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAA;IAC7B,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,4BAA4B,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAA;QAC5D,IAAI,GAAG,CAAC,UAAU,CAAC,wBAAwB,EAAE,CAAC;YAC5C,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,mBAAmB,GAAG,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAA;IAC9D,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,2BAA2B,GAAG,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAA;IAC3E,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,eAAe;IACf,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAA;IACzC,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAA;IAC9D,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,0BAA0B,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACvE,CAAC;IACD,IAAI,GAAG,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAA;IAC1E,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,sBAAsB;IACtB,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAA;IACrC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAA;IAEpC,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,iDAAiD,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,MAAM,aAAa,CAAC,CAAA;QACzG,KAAK,CAAC,IAAI,CAAC,sEAAsE,CAAC,CAAA;IACpF,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5E,KAAK,CAAC,IAAI,CAAC,gGAAgG,CAAC,CAAA;IAC9G,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CAAC,6EAA6E,CAAC,CAAA;IAC3F,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,CAAC,wBAAwB,EAAE,CAAC;QAC5C,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAA;IACxE,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;IAC5D,CAAC;IAED,qBAAqB;IACrB,IAAI,GAAG,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,GAAG,CAAC,KAAK,CAAC,kBAAkB,IAAI,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC;QAC7G,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;QAC5B,IAAI,IAAA,6CAAuB,EAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAA;YACpE,IAAI,GAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,KAAK,CAAC,mBAAmB,IAAI,CAAC,CAAA;YAC5E,CAAC;YACD,IAAI,GAAG,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;gBAClC,KAAK,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,KAAK,CAAC,mBAAmB,IAAI,CAAC,CAAA;YAC5E,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAA;QACjF,CAAC;aAAM,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,KAAK,oBAAoB,EAAE,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAA;QAClF,CAAC;aAAM,IAAI,GAAG,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAA;QACjF,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,sBAAsB,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACpE,CAAC;IACH,CAAC;IAED,eAAe;IACf,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACjC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACd,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACtB,KAAK,CAAC,IAAI,CAAC,KAAK,IAAA,8BAAc,EAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAE3C,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;QACzF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAA;YACpD,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,IAAI,2CAA2C,CAAC,CAAA;YAC7E,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAC3F,KAAK,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAA;QAC3G,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACtE,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAA;IACtC,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;AAC3C,CAAC;AAED;;;GAGG;AACH,SAAgB,wBAAwB,CACtC,IAAc,EACd,cAA8B;IAE9B,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,mCAAmC;IACnC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAA;IAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEd,4BAA4B;IAC5B,KAAK,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,IAAI,IAAI,CAAC,CAAA;IAEhD,wCAAwC;IACxC,MAAM,YAAY,GAAG,iFAAiF,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACtH,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAA;IACxE,CAAC;IAED,0CAA0C;IAC1C,IAAI,cAAc,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC5C,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAC9D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAC9D,CAAA;QACD,IAAI,WAAW,EAAE,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,kCAAkC,cAAc,CAAC,IAAI,CAAC,YAAY,IAAI,MAAM,eAAe,CAAC,CAAA;QACzG,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Route Auth Resolver
|
|
3
|
+
*
|
|
4
|
+
* Resolves authentication chains for discovered routes by combining
|
|
5
|
+
* multiple auth signals: direct middleware, mount-level, global,
|
|
6
|
+
* filesystem middleware, route hierarchy, and throwing auth helpers.
|
|
7
|
+
*/
|
|
8
|
+
import type { ScanFile } from '../shared/types';
|
|
9
|
+
import type { RouteMap, MountPoint } from './route-discovery';
|
|
10
|
+
import type { MiddlewareAuthConfig } from './middleware-detector';
|
|
11
|
+
import type { ModuleGraph } from './module-graph';
|
|
12
|
+
/**
|
|
13
|
+
* Resolve auth middleware for all routes in the route map.
|
|
14
|
+
*
|
|
15
|
+
* Resolution sources (priority order):
|
|
16
|
+
* 1. Direct middleware on route definition (already populated by extractors)
|
|
17
|
+
* 2. Mount-level middleware (app.use('/api', authMw))
|
|
18
|
+
* 2.5. Cross-file mount auth (file B imported by A which has mount-level auth)
|
|
19
|
+
* 3. Global middleware (app.use(authMw))
|
|
20
|
+
* 4. Next.js filesystem middleware (via isRouteProtectedByMiddleware)
|
|
21
|
+
* 5. Route hierarchy (via getRouteProtectionContext)
|
|
22
|
+
* 6. Throwing auth helpers in handler body
|
|
23
|
+
*
|
|
24
|
+
* Returns a new RouteMap with authMiddleware populated.
|
|
25
|
+
*/
|
|
26
|
+
export declare function resolveRouteAuth(routeMap: RouteMap, mountPoints: MountPoint[], files: ScanFile[], middlewareConfig: MiddlewareAuthConfig, moduleGraph?: ModuleGraph): RouteMap;
|
|
27
|
+
//# sourceMappingURL=route-auth-resolver.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"route-auth-resolver.d.ts","sourceRoot":"","sources":["../../src/model/route-auth-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,KAAK,EAAE,QAAQ,EAAmB,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9E,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAIjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AA+BjD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,QAAQ,EAClB,WAAW,EAAE,UAAU,EAAE,EACzB,KAAK,EAAE,QAAQ,EAAE,EACjB,gBAAgB,EAAE,oBAAoB,EACtC,WAAW,CAAC,EAAE,WAAW,GACxB,QAAQ,CA0EV"}
|