@oculum/scanner 1.0.12 → 1.0.13

package/dist/model/route-auth-resolver.js

@@ -0,0 +1,182 @@
+"use strict";
+/**
+ * Route Auth Resolver
+ *
+ * Resolves authentication chains for discovered routes by combining
+ * multiple auth signals: direct middleware, mount-level, global,
+ * filesystem middleware, route hierarchy, and throwing auth helpers.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveRouteAuth = resolveRouteAuth;
+const middleware_detector_1 = require("./middleware-detector");
+const route_hierarchy_1 = require("./route-hierarchy");
+const utils_1 = require("./route-discovery/utils");
+// ============================================================================
+// Constants
+// ============================================================================
+/**
+ * Pattern to identify auth-enforcing middleware.
+ * Must be specific to avoid false positives on generic middleware names like
+ * "verify" (could be challenge verification), "session" (could be session tracking).
+ *
+ * Strategy: Match "auth" as a prefix/component in any position (handles camelCase
+ * like authMiddleware, passportAuth, isAuthenticated). Also match specific
+ * non-auth-prefixed terms (verifyToken, jwtVerify, clerk, etc.).
+ * Does NOT match generic "verify", "guard", "require", "session", "protect" alone.
+ */
+const AUTH_MIDDLEWARE_PATTERN = /auth|isAuthorized|isAuthenticated|passport|verifyToken|verifyJwt|jwtAuth|jwtVerify|bearerAuth|clerk/i;
+const THROWING_AUTH_PATTERNS = [
+    /getCurrentUser(?:Id)?\s*\(/,
+    /auth\(\)\.protect/,
+    /requireAuth\s*\(/,
+    /getSession\s*\(/,
+    /assertAuthenticated\s*\(/,
+    /ensureAuth\s*\(/,
+];
+// ============================================================================
+// Public API
+// ============================================================================
+/**
+ * Resolve auth middleware for all routes in the route map.
+ *
+ * Resolution sources (priority order):
+ * 1. Direct middleware on route definition (already populated by extractors)
+ * 2. Mount-level middleware (app.use('/api', authMw))
+ * 2.5. Cross-file mount auth (file B imported by A which has mount-level auth)
+ * 3. Global middleware (app.use(authMw))
+ * 4. Next.js filesystem middleware (via isRouteProtectedByMiddleware)
+ * 5. Route hierarchy (via getRouteProtectionContext)
+ * 6. Throwing auth helpers in handler body
+ *
+ * Returns a new RouteMap with authMiddleware populated.
+ */
+function resolveRouteAuth(routeMap, mountPoints, files, middlewareConfig, moduleGraph) {
+    const fileContentMap = new Map(files.map(f => [f.path, f.content]));
+    const resolvedRoutes = routeMap.routes.map(route => {
+        const resolved = { ...route, authMiddleware: [...route.authMiddleware] };
+        // 2. Mount-level middleware
+        const mountAuth = findMountLevelAuth(route.path, mountPoints);
+        for (const mw of mountAuth) {
+            if (!resolved.authMiddleware.includes(mw)) {
+                resolved.authMiddleware.push(mw);
+            }
+        }
+        // 2.5. Cross-file mount auth (if module graph available)
+        if (moduleGraph && resolved.authMiddleware.length === 0) {
+            const crossFileAuth = findCrossFileMountAuth(route, moduleGraph, mountPoints);
+            for (const mw of crossFileAuth) {
+                if (!resolved.authMiddleware.includes(mw)) {
+                    resolved.authMiddleware.push(mw);
+                }
+            }
+        }
+        // 3. Global middleware
+        const globalAuth = findGlobalAuth(mountPoints);
+        for (const mw of globalAuth) {
+            if (!resolved.authMiddleware.includes(mw)) {
+                resolved.authMiddleware.push(mw);
+            }
+        }
+        // 4. Next.js middleware.ts protection (uses the full path matching from middleware-detector)
+        if (middlewareConfig.hasAuthMiddleware) {
+            const mwResult = (0, middleware_detector_1.isRouteProtectedByMiddleware)(route.path, middlewareConfig);
+            if (mwResult.isProtected) {
+                const mwLabel = `middleware.ts:${middlewareConfig.authType || 'unknown'}`;
+                if (!resolved.authMiddleware.includes(mwLabel)) {
+                    resolved.authMiddleware.push(mwLabel);
+                }
+            }
+        }
+        // 5. Route hierarchy (filesystem-based protection groups)
+        const hierarchy = (0, route_hierarchy_1.getRouteProtectionContext)(route.filePath);
+        if (hierarchy.isInProtectedHierarchy) {
+            for (const source of hierarchy.protectionSource) {
+                if (!resolved.authMiddleware.includes(source)) {
+                    resolved.authMiddleware.push(source);
+                }
+            }
+        }
+        // 6. Throwing auth helpers in handler body
+        const content = fileContentMap.get(route.filePath);
+        if (content && resolved.authMiddleware.length === 0) {
+            const handlerContent = extractHandlerContent(content, route.handlerLine);
+            if (hasThrowingAuthHelper(handlerContent)) {
+                resolved.authMiddleware.push('throwing_auth_helper');
+            }
+        }
+        return resolved;
+    });
+    // Rebuild fileToRoutes
+    const fileToRoutes = new Map();
+    for (const route of resolvedRoutes) {
+        const existing = fileToRoutes.get(route.filePath) || [];
+        existing.push(route);
+        fileToRoutes.set(route.filePath, existing);
+    }
+    return { routes: resolvedRoutes, fileToRoutes };
+}
+// ============================================================================
+// Internal Helpers
+// ============================================================================
+/**
+ * Find auth middleware from files that import the route's file.
+ * If server.ts has app.use('/api', authMw, require('./routes/api')) and
+ * routes/api.ts defines routes, those routes inherit the mount-level auth.
+ */
+function findCrossFileMountAuth(route, graph, mountPoints) {
+    const authMiddleware = [];
+    const node = graph.nodes.get(route.filePath);
+    if (!node)
+        return authMiddleware;
+    // Check files that import this route's file
+    for (const importerPath of node.importedBy) {
+        // Find mount points in the importing file that have auth middleware
+        const importerMounts = mountPoints.filter(mp => mp.filePath === importerPath);
+        for (const mount of importerMounts) {
+            if (mount.isGlobal)
+                continue;
+            // Check if the route path matches the mount path (with boundary check)
+            if (route.path === mount.path || route.path.startsWith(mount.path + '/')) {
+                const authMw = mount.middleware.filter(m => AUTH_MIDDLEWARE_PATTERN.test(m));
+                for (const mw of authMw) {
+                    if (!authMiddleware.includes(mw)) {
+                        authMiddleware.push(`cross-file:${mw}`);
+                    }
+                }
+            }
+        }
+    }
+    return authMiddleware;
+}
+function findMountLevelAuth(routePath, mountPoints) {
+    const authMiddleware = [];
+    for (const mount of mountPoints) {
+        if (mount.isGlobal)
+            continue;
+        // Check if the route path matches the mount path (with boundary check)
+        if (routePath === mount.path || routePath.startsWith(mount.path + '/')) {
+            const authMw = mount.middleware.filter(m => AUTH_MIDDLEWARE_PATTERN.test(m));
+            authMiddleware.push(...authMw);
+        }
+    }
+    return authMiddleware;
+}
+function findGlobalAuth(mountPoints) {
+    const authMiddleware = [];
+    for (const mount of mountPoints) {
+        if (!mount.isGlobal)
+            continue;
+        const authMw = mount.middleware.filter(m => AUTH_MIDDLEWARE_PATTERN.test(m));
+        authMiddleware.push(...authMw);
+    }
+    return authMiddleware;
+}
+function extractHandlerContent(content, handlerLine) {
+    const lines = content.split('\n');
+    const start = Math.max(0, handlerLine - 1);
+    return (0, utils_1.extractBlock)(lines, start);
+}
+function hasThrowingAuthHelper(content) {
+    return THROWING_AUTH_PATTERNS.some(p => p.test(content));
+}
+//# sourceMappingURL=route-auth-resolver.js.map

package/dist/model/route-auth-resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"route-auth-resolver.js","sourceRoot":"","sources":["../../src/model/route-auth-resolver.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAqDH,4CAgFC;AAhID,+DAAoE;AACpE,uDAA6D;AAC7D,mDAAsD;AAGtD,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,uBAAuB,GAAG,sGAAsG,CAAA;AAEtI,MAAM,sBAAsB,GAAG;IAC7B,4BAA4B;IAC5B,mBAAmB;IACnB,kBAAkB;IAClB,iBAAiB;IACjB,0BAA0B;IAC1B,iBAAiB;CAClB,CAAA;AAED,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E;;;;;;;;;;;;;GAaG;AACH,SAAgB,gBAAgB,CAC9B,QAAkB,EAClB,WAAyB,EACzB,KAAiB,EACjB,gBAAsC,EACtC,WAAyB;IAEzB,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;IAEnE,MAAM,cAAc,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;QACjD,MAAM,QAAQ,GAAG,EAAE,GAAG,KAAK,EAAE,cAAc,EAAE,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,EAAE,CAAA;QAExE,4BAA4B;QAC5B,MAAM,SAAS,GAAG,kBAAkB,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QAC7D,KAAK,MAAM,EAAE,IAAI,SAAS,EAAE,CAAC;YAC3B,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC1C,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAClC,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,IAAI,WAAW,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxD,MAAM,aAAa,GAAG,sBAAsB,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAA;YAC7E,KAAK,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;gBAC/B,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC1C,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAClC,CAAC;YACH,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,MAAM,UAAU,GAAG,cAAc,CAAC,WAAW,CAAC,CAAA;QAC9C,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;YAC5B,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC1C,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;YAClC,CAAC;QACH,CAAC;QAED,6FAA6F;QAC7F,IAAI,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,IAAA,kDAA4B,EAAC,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAA;YAC3E,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,iBAAiB,gBAAgB,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAA;gBACzE,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACvC,CAAC;YACH,CAAC;QACH,CAAC;QAED,0DAA0D;QAC1D,MAAM,SAAS,GAAG,IAAA,2CAAyB,EAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAC3D,IAAI,SAAS,CAAC,sBAAsB,EAAE,CAAC;YACrC,KAAK,MAAM,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;gBAChD,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC9C,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;gBACtC,CAAC;YACH,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,MAAM,OAAO,GAAG,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAClD,IAAI,OAAO,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,cAAc,GAAG,qBAAqB,CAAC,OAAO,EAAE,KAAK,CAAC,WAAW,CAAC,CAAA;YACxE,IAAI,qBAAqB,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC1C,QAAQ,CAAC,cAAc,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAA;IACjB,CAAC,CAAC,CAAA;IAEF,uBAAuB;IACvB,MAAM,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAA;IACzD,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QACvD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC5C,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,CAAA;AACjD,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;GAIG;AACH,SAAS,sBAAsB,CAC7B,KAAsB,EACtB,KAAkB,EAClB,WAAyB;IAEzB,MAAM,cAAc,GAAa,EAAE,CAAA;IACnC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;IAC5C,IAAI,CAAC,IAAI;QAAE,OAAO,cAAc,CAAA;IAEhC,4CAA4C;IAC5C,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QAC3C,oEAAoE;QACpE,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAA;QAC7E,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACnC,IAAI,KAAK,CAAC,QAAQ;gBAAE,SAAQ;YAC5B,uEAAuE;YACvE,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;gBACzE,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC5E,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;oBACxB,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;wBACjC,cAAc,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC,CAAA;oBACzC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAiB,EAAE,WAAyB;IACtE,MAAM,cAAc,GAAa,EAAE,CAAA;IAEnC,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,KAAK,CAAC,QAAQ;YAAE,SAAQ;QAC5B,uEAAuE;QACvE,IAAI,SAAS,KAAK,KAAK,CAAC,IAAI,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;YACvE,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;YAC5E,cAAc,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED,SAAS,cAAc,CAAC,WAAyB;IAC/C,MAAM,cAAc,GAAa,EAAE,CAAA;IAEnC,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,CAAC,QAAQ;YAAE,SAAQ;QAC7B,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;QAC5E,cAAc,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAA;IAChC,CAAC;IAED,OAAO,cAAc,CAAA;AACvB,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe,EAAE,WAAmB;IACjE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,GAAG,CAAC,CAAC,CAAA;IAC1C,OAAO,IAAA,oBAAY,EAAC,KAAK,EAAE,KAAK,CAAC,CAAA;AACnC,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAA;AAC1D,CAAC"}

package/dist/model/route-discovery/express.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Express/Fastify/Hono/Koa Route Extractor
+ *
+ * Detects route definitions and mount points from Express-style frameworks.
+ * Also handles Fastify (preHandler), Hono, and Koa route patterns.
+ */
+import type { RouteDefinition, MountPoint } from './types';
+/**
+ * Extract Express/Fastify/Hono/Koa routes from file content.
+ *
+ * Patterns detected:
+ * - app.get('/path', handler) / router.post(...) / server.put(...)
+ * - Fastify route({ method, url, preHandler, handler })
+ * - Hono app.get('/path', handler)
+ */
+export declare function extractExpressRoutes(content: string, filePath: string): RouteDefinition[];
+/**
+ * Extract mount points (app.use) from file content.
+ *
+ * Patterns:
+ * - app.use('/api', authMiddleware) — path-scoped mount
+ * - app.use(helmet()) — global mount (no path)
+ */
+export declare function extractMountPoints(content: string, filePath: string): MountPoint[];
+//# sourceMappingURL=express.d.ts.map

package/dist/model/route-discovery/express.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../../../src/model/route-discovery/express.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAc,UAAU,EAAkB,MAAM,SAAS,CAAA;AAiCtF;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,eAAe,EAAE,CAqEzF;AAMD;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,EAAE,CAkDlF"}

package/dist/model/route-discovery/express.js

@@ -0,0 +1,225 @@
+"use strict";
+/**
+ * Express/Fastify/Hono/Koa Route Extractor
+ *
+ * Detects route definitions and mount points from Express-style frameworks.
+ * Also handles Fastify (preHandler), Hono, and Koa route patterns.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractExpressRoutes = extractExpressRoutes;
+exports.extractMountPoints = extractMountPoints;
+const utils_1 = require("./utils");
+// ============================================================================
+// Constants
+// ============================================================================
+const HTTP_METHODS = ['get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'all'];
+const RATE_LIMIT_PATTERN = /rateLimit|rateLimiter|throttle|slowDown/i;
+const PUBLIC_ENDPOINT_PATTERN = /^\/(health|healthz|ready|readyz|ping|status|favicon\.ico|robots\.txt|sitemap\.xml|\.well-known)\/?$/i;
+/**
+ * Pattern to identify auth-enforcing middleware on routes.
+ * Must be specific — "verify" alone matches too broadly (e.g., verify.challengeChecks).
+ */
+const AUTH_MIDDLEWARE_PATTERN = /auth|isAuthorized|isAuthenticated|isAccounting|isAdmin|isDeluxe|passport|verifyToken|verifyJwt|jwtAuth|jwtVerify|bearerAuth|clerk|denyAll/i;
+// Input source patterns to scan for in handler bodies
+const INPUT_PATTERNS = [
+    { pattern: /req\.body|request\.body|ctx\.request\.body|c\.req\.json|c\.req\.parseBody/i, source: 'body' },
+    { pattern: /req\.query|request\.query|ctx\.query|c\.req\.query|searchParams/i, source: 'query' },
+    { pattern: /req\.params|request\.params|ctx\.params|c\.req\.param/i, source: 'params' },
+    { pattern: /req\.headers|request\.headers|ctx\.headers|c\.req\.header/i, source: 'headers' },
+    { pattern: /req\.cookies|request\.cookies|ctx\.cookies/i, source: 'cookies' },
+    { pattern: /req\.files?|request\.files?|multer|upload\./i, source: 'files' },
+];
+// ============================================================================
+// Route Extraction
+// ============================================================================
+/**
+ * Extract Express/Fastify/Hono/Koa routes from file content.
+ *
+ * Patterns detected:
+ * - app.get('/path', handler) / router.post(...) / server.put(...)
+ * - Fastify route({ method, url, preHandler, handler })
+ * - Hono app.get('/path', handler)
+ */
+function extractExpressRoutes(content, filePath) {
+    const routes = [];
+    const lines = content.split('\n');
+    const framework = detectExpressFamily(content);
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const lineNum = i + 1;
+        // Pattern: <identifier>.get('/path', ...middleware, handler)
+        // Matches any receiver (app, router, server, custom names) calling an HTTP method
+        // with a path argument starting with '/'
+        const routeMatch = line.match(/\b\w+\s*\.\s*(get|post|put|patch|delete|head|options|all)\s*\(\s*['"`]([^'"`]+)['"`]/i);
+        if (routeMatch && routeMatch[2].startsWith('/')) {
+            const method = routeMatch[1].toUpperCase();
+            const path = routeMatch[2];
+            const middleware = extractMiddlewareFromLine(line);
+            const handlerBody = extractHandlerBody(lines, i);
+            const inputs = detectInputSources(handlerBody);
+            routes.push({
+                filePath,
+                methods: [method],
+                path,
+                handler: extractHandlerName(line) || 'anonymous',
+                handlerLine: lineNum,
+                framework,
+                authMiddleware: middleware.filter(m => AUTH_MIDDLEWARE_PATTERN.test(m)),
+                rateLimiting: middleware.some(m => RATE_LIMIT_PATTERN.test(m)) ||
+                    RATE_LIMIT_PATTERN.test(handlerBody),
+                isPublic: PUBLIC_ENDPOINT_PATTERN.test(path),
+                inputs,
+            });
+            continue;
+        }
+        // Fastify route object pattern: server.route({ method: 'GET', url: '/path', ... })
+        const fastifyMatch = line.match(/\.route\s*\(\s*\{/);
+        if (fastifyMatch) {
+            const blockText = (0, utils_1.extractBlock)(lines, i);
+            const methodMatch = blockText.match(/method\s*:\s*['"`](\w+)['"`]/);
+            const urlMatch = blockText.match(/url\s*:\s*['"`]([^'"`]+)['"`]/);
+            if (methodMatch && urlMatch) {
+                const preHandlerMatch = blockText.match(/preHandler\s*:\s*\[([^\]]*)\]/);
+                const preHandlerMiddleware = preHandlerMatch
+                    ? preHandlerMatch[1].split(',').map(m => m.trim()).filter(Boolean)
+                    : [];
+                const inputs = detectInputSources(blockText);
+                routes.push({
+                    filePath,
+                    methods: [methodMatch[1].toUpperCase()],
+                    path: urlMatch[1],
+                    handler: 'route_handler',
+                    handlerLine: lineNum,
+                    framework: 'fastify',
+                    authMiddleware: preHandlerMiddleware.filter(m => AUTH_MIDDLEWARE_PATTERN.test(m)),
+                    rateLimiting: preHandlerMiddleware.some(m => RATE_LIMIT_PATTERN.test(m)),
+                    isPublic: PUBLIC_ENDPOINT_PATTERN.test(urlMatch[1]),
+                    inputs,
+                });
+            }
+        }
+    }
+    return routes;
+}
+// ============================================================================
+// Mount Point Extraction
+// ============================================================================
+/**
+ * Extract mount points (app.use) from file content.
+ *
+ * Patterns:
+ * - app.use('/api', authMiddleware) — path-scoped mount
+ * - app.use(helmet()) — global mount (no path)
+ */
+function extractMountPoints(content, filePath) {
+    const mounts = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const lineNum = i + 1;
+        // app.use('/path', middleware) — path-scoped
+        const scopedMatch = line.match(/(?:app|router|server)\s*\.use\s*\(\s*['"`]([^'"`]+)['"`]\s*,\s*(.+)\)/);
+        if (scopedMatch) {
+            const middleware = extractMiddlewareNames(scopedMatch[2]);
+            if (middleware.length > 0) {
+                mounts.push({
+                    path: scopedMatch[1],
+                    middleware,
+                    line: lineNum,
+                    isGlobal: false,
+                    filePath,
+                });
+            }
+            continue;
+        }
+        // app.use(middleware) — global (no path argument)
+        // Check that line has .use( but no string as first argument
+        const globalUseMatch = line.match(/(?:app|router|server)\s*\.use\s*\(/);
+        if (globalUseMatch && !scopedMatch) {
+            // Verify no string path (already handled above)
+            const afterUse = line.slice(line.indexOf('.use(') + 5);
+            if (!/^\s*['"`]/.test(afterUse)) {
+                // Extract middleware names from the arguments
+                const argsStr = extractParenContent(line, line.indexOf('.use(') + 4);
+                const middleware = extractMiddlewareNames(argsStr);
+                if (middleware.length > 0) {
+                    mounts.push({
+                        path: '/',
+                        middleware,
+                        line: lineNum,
+                        isGlobal: true,
+                        filePath,
+                    });
+                }
+            }
+        }
+    }
+    return mounts;
+}
+// ============================================================================
+// Internal Helpers
+// ============================================================================
+function detectExpressFamily(content) {
+    if (/require\s*\(\s*['"]fastify['"]\)|from\s+['"]fastify['"]/.test(content))
+        return 'fastify';
+    if (/require\s*\(\s*['"]hono['"]\)|from\s+['"]hono['"]/.test(content))
+        return 'hono';
+    if (/require\s*\(\s*['"]koa['"]\)|from\s+['"]koa['"]/.test(content))
+        return 'koa';
+    return 'express';
+}
+function extractMiddlewareFromLine(line) {
+    // Extract arguments between the path string and the last argument (handler)
+    // e.g., app.post('/path', auth, validate, handler) → ['auth', 'validate']
+    const afterPath = line.replace(/^[^(]*\(\s*['"`][^'"`]*['"`]\s*,\s*/, '');
+    const args = afterPath.replace(/\)\s*;?\s*$/, '').split(',').map(a => a.trim()).filter(Boolean);
+    // Remove the last argument (the handler function) if there are multiple
+    if (args.length > 1) {
+        return args.slice(0, -1).map(a => a.replace(/\(.*\)/, '').trim());
+    }
+    return [];
+}
+function extractHandlerName(line) {
+    // Look for named function reference as last argument
+    const match = line.match(/,\s*(\w+)\s*\)\s*;?\s*$/);
+    if (match && !match[1].match(/^(async|function|req|res|next|ctx|c)$/)) {
+        return match[1];
+    }
+    return null;
+}
+function extractParenContent(line, openParenIndex) {
+    let depth = 0;
+    let start = openParenIndex + 1;
+    for (let i = openParenIndex; i < line.length; i++) {
+        if (line[i] === '(')
+            depth++;
+        if (line[i] === ')') {
+            depth--;
+            if (depth === 0) {
+                return line.slice(start, i);
+            }
+        }
+    }
+    return line.slice(start);
+}
+function extractMiddlewareNames(text) {
+    return text
+        .split(',')
+        .map(m => m.trim().replace(/\(.*\)/, '').trim())
+        .filter(m => m.length > 0 && /^[a-zA-Z_$]/.test(m));
+}
+function extractHandlerBody(lines, startLine) {
+    return (0, utils_1.extractBlock)(lines, startLine);
+}
+function detectInputSources(body) {
+    const inputs = [];
+    const seen = new Set();
+    for (const { pattern, source } of INPUT_PATTERNS) {
+        if (pattern.test(body) && !seen.has(source)) {
+            seen.add(source);
+            inputs.push({ source });
+        }
+    }
+    return inputs;
+}
+//# sourceMappingURL=express.js.map

package/dist/model/route-discovery/express.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../../../src/model/route-discovery/express.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AA2CH,oDAqEC;AAaD,gDAkDC;AA5KD,mCAAsC;AAEtC,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;AAExF,MAAM,kBAAkB,GAAG,0CAA0C,CAAA;AAErE,MAAM,uBAAuB,GAAG,sGAAsG,CAAA;AAEtI;;;GAGG;AACH,MAAM,uBAAuB,GAAG,4IAA4I,CAAA;AAE5K,sDAAsD;AACtD,MAAM,cAAc,GAA6D;IAC/E,EAAE,OAAO,EAAE,4EAA4E,EAAE,MAAM,EAAE,MAAM,EAAE;IACzG,EAAE,OAAO,EAAE,kEAAkE,EAAE,MAAM,EAAE,OAAO,EAAE;IAChG,EAAE,OAAO,EAAE,wDAAwD,EAAE,MAAM,EAAE,QAAQ,EAAE;IACvF,EAAE,OAAO,EAAE,4DAA4D,EAAE,MAAM,EAAE,SAAS,EAAE;IAC5F,EAAE,OAAO,EAAE,6CAA6C,EAAE,MAAM,EAAE,SAAS,EAAE;IAC7E,EAAE,OAAO,EAAE,8CAA8C,EAAE,MAAM,EAAE,OAAO,EAAE;CAC7E,CAAA;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;;;;GAOG;AACH,SAAgB,oBAAoB,CAAC,OAAe,EAAE,QAAgB;IACpE,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IACjC,MAAM,SAAS,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAA;IAE9C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAA;QAErB,6DAA6D;QAC7D,kFAAkF;QAClF,yCAAyC;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAC3B,uFAAuF,CACxF,CAAA;QAED,IAAI,UAAU,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;YAC1C,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;YAC1B,MAAM,UAAU,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAA;YAClD,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YAChD,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAA;YAE9C,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ;gBACR,OAAO,EAAE,CAAC,MAAM,CAAC;gBACjB,IAAI;gBACJ,OAAO,EAAE,kBAAkB,CAAC,IAAI,CAAC,IAAI,WAAW;gBAChD,WAAW,EAAE,OAAO;gBACpB,SAAS;gBACT,cAAc,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBACvE,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBAChD,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC;gBAClD,QAAQ,EAAE,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC5C,MAAM;aACP,CAAC,CAAA;YACF,SAAQ;QACV,CAAC;QAED,mFAAmF;QACnF,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QACpD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,IAAA,oBAAY,EAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YACxC,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAA;YACnE,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAA;YACjE,IAAI,WAAW,IAAI,QAAQ,EAAE,CAAC;gBAC5B,MAAM,eAAe,GAAG,SAAS,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAA;gBACxE,MAAM,oBAAoB,GAAG,eAAe;oBAC1C,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;oBAClE,CAAC,CAAC,EAAE,CAAA;gBACN,MAAM,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAA;gBAE5C,MAAM,CAAC,IAAI,CAAC;oBACV,QAAQ;oBACR,OAAO,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;oBACvC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;oBACjB,OAAO,EAAE,eAAe;oBACxB,WAAW,EAAE,OAAO;oBACpB,SAAS,EAAE,SAAS;oBACpB,cAAc,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACjF,YAAY,EAAE,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;oBACxE,QAAQ,EAAE,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;oBACnD,MAAM;iBACP,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;;;GAMG;AACH,SAAgB,kBAAkB,CAAC,OAAe,EAAE,QAAgB;IAClE,MAAM,MAAM,GAAiB,EAAE,CAAA;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,CAAA;QAErB,6CAA6C;QAC7C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAC5B,uEAAuE,CACxE,CAAA;QACD,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,UAAU,GAAG,sBAAsB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAA;YACzD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC;oBACpB,UAAU;oBACV,IAAI,EAAE,OAAO;oBACb,QAAQ,EAAE,KAAK;oBACf,QAAQ;iBACT,CAAC,CAAA;YACJ,CAAC;YACD,SAAQ;QACV,CAAC;QAED,kDAAkD;QAClD,4DAA4D;QAC5D,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAA;QACvE,IAAI,cAAc,IAAI,CAAC,WAAW,EAAE,CAAC;YACnC,gDAAgD;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;YACtD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChC,8CAA8C;gBAC9C,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;gBACpE,MAAM,UAAU,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAA;gBAClD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC1B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,GAAG;wBACT,UAAU;wBACV,IAAI,EAAE,OAAO;wBACb,QAAQ,EAAE,IAAI;wBACd,QAAQ;qBACT,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,OAAe;IAC1C,IAAI,yDAAyD,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,SAAS,CAAA;IAC7F,IAAI,mDAAmD,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAA;IACpF,IAAI,iDAAiD,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAA;IACjF,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,yBAAyB,CAAC,IAAY;IAC7C,4EAA4E;IAC5E,0EAA0E;IAC1E,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC,CAAA;IACzE,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;IAC/F,wEAAwE;IACxE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,qDAAqD;IACrD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAA;IACnD,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,uCAAuC,CAAC,EAAE,CAAC;QACtE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY,EAAE,cAAsB;IAC/D,IAAI,KAAK,GAAG,CAAC,CAAA;IACb,IAAI,KAAK,GAAG,cAAc,GAAG,CAAC,CAAA;IAC9B,KAAK,IAAI,CAAC,GAAG,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,KAAK,EAAE,CAAA;QAC5B,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACpB,KAAK,EAAE,CAAA;YACP,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBAChB,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,OAAO,IAAI;SACR,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;SAC/C,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;AACvD,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAe,EAAE,SAAiB;IAC5D,OAAO,IAAA,oBAAY,EAAC,KAAK,EAAE,SAAS,CAAC,CAAA;AACvC,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,MAAM,MAAM,GAAiB,EAAE,CAAA;IAC/B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;IAC9B,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QACjD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YAChB,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/model/route-discovery/index.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Route Discovery Orchestrator
+ *
+ * Runs all framework-specific route extractors, deduplicates routes,
+ * and builds the unified RouteMap.
+ */
+import type { ScanFile } from '../../shared/types';
+import type { RouteMap, MountPoint } from './types';
+export type { RouteMap, RouteDefinition, RouteInput, MountPoint, RouteFramework } from './types';
+export { createEmptyRouteMap } from './types';
+/**
+ * Discover all routes across all supported frameworks.
+ *
+ * Runs Express, Next.js, and Python extractors, deduplicates,
+ * and builds the fileToRoutes index.
+ */
+export declare function discoverRoutes(files: ScanFile[], frameworkPrimary: string | undefined): {
+    routeMap: RouteMap;
+    mountPoints: MountPoint[];
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/model/route-discovery/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/model/route-discovery/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,KAAK,EAAE,QAAQ,EAAmB,UAAU,EAAE,MAAM,SAAS,CAAA;AAOpE,YAAY,EAAE,QAAQ,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,SAAS,CAAA;AAChG,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAA;AAE7C;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,KAAK,EAAE,QAAQ,EAAE,EACjB,gBAAgB,EAAE,MAAM,GAAG,SAAS,GACnC;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,WAAW,EAAE,UAAU,EAAE,CAAA;CAAE,CAoCnD"}

package/dist/model/route-discovery/index.js

@@ -0,0 +1,67 @@
+"use strict";
+/**
+ * Route Discovery Orchestrator
+ *
+ * Runs all framework-specific route extractors, deduplicates routes,
+ * and builds the unified RouteMap.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createEmptyRouteMap = void 0;
+exports.discoverRoutes = discoverRoutes;
+const express_1 = require("./express");
+const nextjs_1 = require("./nextjs");
+const python_1 = require("./python");
+var types_1 = require("./types");
+Object.defineProperty(exports, "createEmptyRouteMap", { enumerable: true, get: function () { return types_1.createEmptyRouteMap; } });
+/**
+ * Discover all routes across all supported frameworks.
+ *
+ * Runs Express, Next.js, and Python extractors, deduplicates,
+ * and builds the fileToRoutes index.
+ */
+function discoverRoutes(files, frameworkPrimary) {
+    const allRoutes = [];
+    const allMountPoints = [];
+    for (const file of files) {
+        // Express/Fastify/Hono/Koa
+        const expressRoutes = (0, express_1.extractExpressRoutes)(file.content, file.path);
+        allRoutes.push(...expressRoutes);
+        const mounts = (0, express_1.extractMountPoints)(file.content, file.path);
+        allMountPoints.push(...mounts);
+        // Python (Flask/Django)
+        const pythonRoutes = (0, python_1.extractPythonRoutes)(file.content, file.path);
+        allRoutes.push(...pythonRoutes);
+    }
+    // Next.js (needs all files at once for filesystem-based routing)
+    const nextjsRoutes = (0, nextjs_1.extractNextJSRoutes)(files, frameworkPrimary);
+    allRoutes.push(...nextjsRoutes);
+    // Deduplicate: same file + path + method combo
+    const deduped = deduplicateRoutes(allRoutes);
+    // Build fileToRoutes index
+    const fileToRoutes = new Map();
+    for (const route of deduped) {
+        const existing = fileToRoutes.get(route.filePath) || [];
+        existing.push(route);
+        fileToRoutes.set(route.filePath, existing);
+    }
+    return {
+        routeMap: { routes: deduped, fileToRoutes },
+        mountPoints: allMountPoints,
+    };
+}
+// ============================================================================
+// Internal Helpers
+// ============================================================================
+function deduplicateRoutes(routes) {
+    const seen = new Set();
+    const result = [];
+    for (const route of routes) {
+        const key = `${route.filePath}:${route.path}:${[...route.methods].sort().join(',')}`;
+        if (!seen.has(key)) {
+            seen.add(key);
+            result.push(route);
+        }
+    }
+    return result;
+}
+//# sourceMappingURL=index.js.map

package/dist/model/route-discovery/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/model/route-discovery/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAmBH,wCAuCC;AArDD,uCAAoE;AACpE,qCAA8C;AAC9C,qCAA8C;AAI9C,iCAA6C;AAApC,4GAAA,mBAAmB,OAAA;AAE5B;;;;;GAKG;AACH,SAAgB,cAAc,CAC5B,KAAiB,EACjB,gBAAoC;IAEpC,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,MAAM,cAAc,GAAiB,EAAE,CAAA;IAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,2BAA2B;QAC3B,MAAM,aAAa,GAAG,IAAA,8BAAoB,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QACnE,SAAS,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAA;QAEhC,MAAM,MAAM,GAAG,IAAA,4BAAkB,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QAC1D,cAAc,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAA;QAE9B,wBAAwB;QACxB,MAAM,YAAY,GAAG,IAAA,4BAAmB,EAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA;QACjE,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;IACjC,CAAC;IAED,iEAAiE;IACjE,MAAM,YAAY,GAAG,IAAA,4BAAmB,EAAC,KAAK,EAAE,gBAAgB,CAAC,CAAA;IACjE,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;IAE/B,+CAA+C;IAC/C,MAAM,OAAO,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAA;IAE5C,2BAA2B;IAC3B,MAAM,YAAY,GAAG,IAAI,GAAG,EAA6B,CAAA;IACzD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QACvD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAC5C,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE;QAC3C,WAAW,EAAE,cAAc;KAC5B,CAAA;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,iBAAiB,CAAC,MAAyB;IAClD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;IAC9B,MAAM,MAAM,GAAsB,EAAE,CAAA;IAEpC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;QACpF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACb,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/model/route-discovery/nextjs.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Next.js Route Extractor
+ *
+ * Detects routes from Next.js App Router and Pages Router conventions.
+ * Derives route paths from the filesystem structure.
+ */
+import type { ScanFile } from '../../shared/types';
+import type { RouteDefinition } from './types';
+/**
+ * Extract Next.js routes from scanned files.
+ *
+ * Detects App Router (export function GET/POST in route files)
+ * and Pages Router (export default in pages/api files).
+ */
+export declare function extractNextJSRoutes(files: ScanFile[], frameworkPrimary: string | undefined): RouteDefinition[];
+//# sourceMappingURL=nextjs.d.ts.map

package/dist/model/route-discovery/nextjs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../../src/model/route-discovery/nextjs.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,KAAK,EAAE,eAAe,EAA8B,MAAM,SAAS,CAAA;AA4B1E;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,QAAQ,EAAE,EACjB,gBAAgB,EAAE,MAAM,GAAG,SAAS,GACnC,eAAe,EAAE,CA0DnB"}