npm - @oculum/scanner - Versions diffs - 1.0.14 → 1.0.15 - Mend

@oculum/scanner 1.0.14 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1323) hide show

package/dist/detect/ai-code/index.d.ts +6 -11
package/dist/detect/ai-code/index.d.ts.map +1 -1
package/dist/detect/ai-code/index.js +6 -24
package/dist/detect/ai-code/index.js.map +1 -1
package/dist/detect/ast-rules/agent-tools-ast.d.ts +14 -0
package/dist/detect/ast-rules/agent-tools-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/agent-tools-ast.js +809 -0
package/dist/detect/ast-rules/agent-tools-ast.js.map +1 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts +14 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.js +344 -0
package/dist/detect/ast-rules/ai-fingerprinting-ast.js.map +1 -0
package/dist/detect/ast-rules/auth-patterns-ast.d.ts +14 -0
package/dist/detect/ast-rules/auth-patterns-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/auth-patterns-ast.js +280 -0
package/dist/detect/ast-rules/auth-patterns-ast.js.map +1 -0
package/dist/detect/ast-rules/byok-ast.d.ts +13 -0
package/dist/detect/ast-rules/byok-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/byok-ast.js +180 -0
package/dist/detect/ast-rules/byok-ast.js.map +1 -0
package/dist/detect/ast-rules/child-process-ast.d.ts +13 -0
package/dist/detect/ast-rules/child-process-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/child-process-ast.js +252 -0
package/dist/detect/ast-rules/child-process-ast.js.map +1 -0
package/dist/detect/ast-rules/dangerous-eval-ast.d.ts +13 -0
package/dist/detect/ast-rules/dangerous-eval-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/dangerous-eval-ast.js +218 -0
package/dist/detect/ast-rules/dangerous-eval-ast.js.map +1 -0
package/dist/detect/ast-rules/data-exposure-ast.d.ts +13 -0
package/dist/detect/ast-rules/data-exposure-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/data-exposure-ast.js +158 -0
package/dist/detect/ast-rules/data-exposure-ast.js.map +1 -0
package/dist/detect/ast-rules/dom-xss-ast.d.ts +14 -0
package/dist/detect/ast-rules/dom-xss-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/dom-xss-ast.js +217 -0
package/dist/detect/ast-rules/dom-xss-ast.js.map +1 -0
package/dist/detect/ast-rules/endpoint-protection-ast.d.ts +13 -0
package/dist/detect/ast-rules/endpoint-protection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/endpoint-protection-ast.js +228 -0
package/dist/detect/ast-rules/endpoint-protection-ast.js.map +1 -0
package/dist/detect/ast-rules/entropy-ast.d.ts +17 -0
package/dist/detect/ast-rules/entropy-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/entropy-ast.js +265 -0
package/dist/detect/ast-rules/entropy-ast.js.map +1 -0
package/dist/detect/ast-rules/flask-debug-ast.d.ts +10 -0
package/dist/detect/ast-rules/flask-debug-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/flask-debug-ast.js +125 -0
package/dist/detect/ast-rules/flask-debug-ast.js.map +1 -0
package/dist/detect/ast-rules/framework-checks-ast.d.ts +13 -0
package/dist/detect/ast-rules/framework-checks-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/framework-checks-ast.js +185 -0
package/dist/detect/ast-rules/framework-checks-ast.js.map +1 -0
package/dist/detect/ast-rules/helpers/call-analysis.d.ts +62 -0
package/dist/detect/ast-rules/helpers/call-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/call-analysis.js +217 -0
package/dist/detect/ast-rules/helpers/call-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/context-detection.d.ts +33 -0
package/dist/detect/ast-rules/helpers/context-detection.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/context-detection.js +256 -0
package/dist/detect/ast-rules/helpers/context-detection.js.map +1 -0
package/dist/detect/ast-rules/helpers/control-flow.d.ts +40 -0
package/dist/detect/ast-rules/helpers/control-flow.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/control-flow.js +174 -0
package/dist/detect/ast-rules/helpers/control-flow.js.map +1 -0
package/dist/detect/ast-rules/helpers/import-analysis.d.ts +43 -0
package/dist/detect/ast-rules/helpers/import-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/import-analysis.js +149 -0
package/dist/detect/ast-rules/helpers/import-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/index.d.ts +16 -0
package/dist/detect/ast-rules/helpers/index.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/index.js +112 -0
package/dist/detect/ast-rules/helpers/index.js.map +1 -0
package/dist/detect/ast-rules/helpers/python-helpers.d.ts +215 -0
package/dist/detect/ast-rules/helpers/python-helpers.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/python-helpers.js +935 -0
package/dist/detect/ast-rules/helpers/python-helpers.js.map +1 -0
package/dist/detect/ast-rules/helpers/scope-analysis.d.ts +50 -0
package/dist/detect/ast-rules/helpers/scope-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/scope-analysis.js +194 -0
package/dist/detect/ast-rules/helpers/scope-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/string-analysis.d.ts +57 -0
package/dist/detect/ast-rules/helpers/string-analysis.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/string-analysis.js +184 -0
package/dist/detect/ast-rules/helpers/string-analysis.js.map +1 -0
package/dist/detect/ast-rules/helpers/type-extraction.d.ts +44 -0
package/dist/detect/ast-rules/helpers/type-extraction.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/type-extraction.js +125 -0
package/dist/detect/ast-rules/helpers/type-extraction.js.map +1 -0
package/dist/detect/ast-rules/helpers/user-input.d.ts +35 -0
package/dist/detect/ast-rules/helpers/user-input.d.ts.map +1 -0
package/dist/detect/ast-rules/helpers/user-input.js +243 -0
package/dist/detect/ast-rules/helpers/user-input.js.map +1 -0
package/dist/detect/ast-rules/index.d.ts +112 -0
package/dist/detect/ast-rules/index.d.ts.map +1 -0
package/dist/detect/ast-rules/index.js +232 -0
package/dist/detect/ast-rules/index.js.map +1 -0
package/dist/detect/ast-rules/json-parse-ast.d.ts +13 -0
package/dist/detect/ast-rules/json-parse-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/json-parse-ast.js +143 -0
package/dist/detect/ast-rules/json-parse-ast.js.map +1 -0
package/dist/detect/ast-rules/log-injection-ast.d.ts +14 -0
package/dist/detect/ast-rules/log-injection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/log-injection-ast.js +235 -0
package/dist/detect/ast-rules/log-injection-ast.js.map +1 -0
package/dist/detect/ast-rules/logic-gates-ast.d.ts +14 -0
package/dist/detect/ast-rules/logic-gates-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/logic-gates-ast.js +312 -0
package/dist/detect/ast-rules/logic-gates-ast.js.map +1 -0
package/dist/detect/ast-rules/mcp-security-ast.d.ts +14 -0
package/dist/detect/ast-rules/mcp-security-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/mcp-security-ast.js +755 -0
package/dist/detect/ast-rules/mcp-security-ast.js.map +1 -0
package/dist/detect/ast-rules/model-supply-chain-ast.d.ts +13 -0
package/dist/detect/ast-rules/model-supply-chain-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/model-supply-chain-ast.js +188 -0
package/dist/detect/ast-rules/model-supply-chain-ast.js.map +1 -0
package/dist/detect/ast-rules/package-hallucination-ast.d.ts +13 -0
package/dist/detect/ast-rules/package-hallucination-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/package-hallucination-ast.js +607 -0
package/dist/detect/ast-rules/package-hallucination-ast.js.map +1 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts +15 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.js +332 -0
package/dist/detect/ast-rules/prompt-hygiene-ast.js.map +1 -0
package/dist/detect/ast-rules/rag-safety-ast.d.ts +18 -0
package/dist/detect/ast-rules/rag-safety-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/rag-safety-ast.js +640 -0
package/dist/detect/ast-rules/rag-safety-ast.js.map +1 -0
package/dist/detect/ast-rules/request-validation-ast.d.ts +13 -0
package/dist/detect/ast-rules/request-validation-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/request-validation-ast.js +116 -0
package/dist/detect/ast-rules/request-validation-ast.js.map +1 -0
package/dist/detect/ast-rules/risky-imports-ast.d.ts +14 -0
package/dist/detect/ast-rules/risky-imports-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/risky-imports-ast.js +114 -0
package/dist/detect/ast-rules/risky-imports-ast.js.map +1 -0
package/dist/detect/ast-rules/schema-validation-ast.d.ts +14 -0
package/dist/detect/ast-rules/schema-validation-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/schema-validation-ast.js +233 -0
package/dist/detect/ast-rules/schema-validation-ast.js.map +1 -0
package/dist/detect/ast-rules/secret-patterns-ast.d.ts +17 -0
package/dist/detect/ast-rules/secret-patterns-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/secret-patterns-ast.js +199 -0
package/dist/detect/ast-rules/secret-patterns-ast.js.map +1 -0
package/dist/detect/ast-rules/security-headers-ast.d.ts +14 -0
package/dist/detect/ast-rules/security-headers-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/security-headers-ast.js +187 -0
package/dist/detect/ast-rules/security-headers-ast.js.map +1 -0
package/dist/detect/ast-rules/sql-injection-ast.d.ts +17 -0
package/dist/detect/ast-rules/sql-injection-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/sql-injection-ast.js +497 -0
package/dist/detect/ast-rules/sql-injection-ast.js.map +1 -0
package/dist/detect/ast-rules/ssrf-ast.d.ts +14 -0
package/dist/detect/ast-rules/ssrf-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/ssrf-ast.js +573 -0
package/dist/detect/ast-rules/ssrf-ast.js.map +1 -0
package/dist/detect/ast-rules/taint-fix-templates.d.ts +18 -0
package/dist/detect/ast-rules/taint-fix-templates.d.ts.map +1 -0
package/dist/detect/ast-rules/taint-fix-templates.js +92 -0
package/dist/detect/ast-rules/taint-fix-templates.js.map +1 -0
package/dist/detect/ast-rules/taint-flow-ast.d.ts +24 -0
package/dist/detect/ast-rules/taint-flow-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/taint-flow-ast.js +340 -0
package/dist/detect/ast-rules/taint-flow-ast.js.map +1 -0
package/dist/detect/ast-rules/variables-ast.d.ts +24 -0
package/dist/detect/ast-rules/variables-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/variables-ast.js +362 -0
package/dist/detect/ast-rules/variables-ast.js.map +1 -0
package/dist/detect/ast-rules/weak-crypto-ast.d.ts +15 -0
package/dist/detect/ast-rules/weak-crypto-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/weak-crypto-ast.js +406 -0
package/dist/detect/ast-rules/weak-crypto-ast.js.map +1 -0
package/dist/detect/ast-rules/xxe-ast.d.ts +13 -0
package/dist/detect/ast-rules/xxe-ast.d.ts.map +1 -0
package/dist/detect/ast-rules/xxe-ast.js +157 -0
package/dist/detect/ast-rules/xxe-ast.js.map +1 -0
package/dist/detect/config/agent-skill-injection.d.ts.map +1 -1
package/dist/detect/config/agent-skill-injection.js +2 -24
package/dist/detect/config/agent-skill-injection.js.map +1 -1
package/dist/detect/config/index.d.ts +1 -0
package/dist/detect/config/index.d.ts.map +1 -1
package/dist/detect/config/index.js +3 -1
package/dist/detect/config/index.js.map +1 -1
package/dist/detect/config/osv-check.d.ts.map +1 -1
package/dist/detect/config/osv-check.js +6 -1
package/dist/detect/config/osv-check.js.map +1 -1
package/dist/detect/config/package-check.d.ts.map +1 -1
package/dist/detect/config/package-check.js +6 -1
package/dist/detect/config/package-check.js.map +1 -1
package/dist/detect/config/rules-file-backdoor.d.ts +36 -0
package/dist/detect/config/rules-file-backdoor.d.ts.map +1 -0
package/dist/detect/config/rules-file-backdoor.js +379 -0
package/dist/detect/config/rules-file-backdoor.js.map +1 -0
package/dist/detect/index.d.ts +43 -6
package/dist/detect/index.d.ts.map +1 -1
package/dist/detect/index.js +70 -7
package/dist/detect/index.js.map +1 -1
package/dist/detect/secrets/config-audit.d.ts.map +1 -1
package/dist/detect/secrets/config-audit.js +36 -3
package/dist/detect/secrets/config-audit.js.map +1 -1
package/dist/detect/secrets/entropy.d.ts.map +1 -1
package/dist/detect/secrets/entropy.js +180 -0
package/dist/detect/secrets/entropy.js.map +1 -1
package/dist/detect/secrets/index.d.ts +0 -2
package/dist/detect/secrets/index.d.ts.map +1 -1
package/dist/detect/secrets/index.js +7 -17
package/dist/detect/secrets/index.js.map +1 -1
package/dist/detect/structural/index.d.ts +15 -28
package/dist/detect/structural/index.d.ts.map +1 -1
package/dist/detect/structural/index.js +20 -497
package/dist/detect/structural/index.js.map +1 -1
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +9 -1
package/dist/index.js.map +1 -1
package/dist/model/auth-helper-detector.d.ts.map +1 -1
package/dist/model/auth-helper-detector.js +2 -7
package/dist/model/auth-helper-detector.js.map +1 -1
package/dist/model/import-resolver.d.ts.map +1 -1
package/dist/model/import-resolver.js +94 -0
package/dist/model/import-resolver.js.map +1 -1
package/dist/model/imported-auth-detector.js +8 -8
package/dist/model/imported-auth-detector.js.map +1 -1
package/dist/model/index.d.ts +8 -0
package/dist/model/index.d.ts.map +1 -1
package/dist/model/index.js +198 -73
package/dist/model/index.js.map +1 -1
package/dist/model/module-graph.d.ts.map +1 -1
package/dist/model/module-graph.js +22 -9
package/dist/model/module-graph.js.map +1 -1
package/dist/model/project-context.d.ts +1 -1
package/dist/model/project-context.d.ts.map +1 -1
package/dist/model/project-context.js +34 -0
package/dist/model/project-context.js.map +1 -1
package/dist/model/route-auth-resolver.d.ts.map +1 -1
package/dist/model/route-auth-resolver.js +17 -2
package/dist/model/route-auth-resolver.js.map +1 -1
package/dist/model/route-discovery/index.js +1 -1
package/dist/model/route-discovery/index.js.map +1 -1
package/dist/model/route-discovery/nextjs.js +1 -1
package/dist/model/route-discovery/nextjs.js.map +1 -1
package/dist/model/route-discovery/python.d.ts +6 -3
package/dist/model/route-discovery/python.d.ts.map +1 -1
package/dist/model/route-discovery/python.js +132 -9
package/dist/model/route-discovery/python.js.map +1 -1
package/dist/model/route-discovery/types.d.ts +1 -1
package/dist/model/route-discovery/types.d.ts.map +1 -1
package/dist/model/route-discovery/utils.d.ts +8 -0
package/dist/model/route-discovery/utils.d.ts.map +1 -1
package/dist/model/route-discovery/utils.js +70 -0
package/dist/model/route-discovery/utils.js.map +1 -1
package/dist/model/taint-types.d.ts +0 -4
package/dist/model/taint-types.d.ts.map +1 -1
package/dist/parse/ast.d.ts +58 -0
package/dist/parse/ast.d.ts.map +1 -0
package/dist/parse/ast.js +230 -0
package/dist/parse/ast.js.map +1 -0
package/dist/parse/call-graph.d.ts +41 -0
package/dist/parse/call-graph.d.ts.map +1 -0
package/dist/parse/call-graph.js +386 -0
package/dist/parse/call-graph.js.map +1 -0
package/dist/parse/file-classifier.d.ts +11 -0
package/dist/parse/file-classifier.d.ts.map +1 -1
package/dist/parse/file-classifier.js +63 -15
package/dist/parse/file-classifier.js.map +1 -1
package/dist/parse/node-index.d.ts +32 -0
package/dist/parse/node-index.d.ts.map +1 -0
package/dist/parse/node-index.js +103 -0
package/dist/parse/node-index.js.map +1 -0
package/dist/parse/type-extractor.d.ts +50 -0
package/dist/parse/type-extractor.d.ts.map +1 -0
package/dist/parse/type-extractor.js +243 -0
package/dist/parse/type-extractor.js.map +1 -0
package/dist/pipeline/config.d.ts +7 -1
package/dist/pipeline/config.d.ts.map +1 -1
package/dist/pipeline/config.js.map +1 -1
package/dist/pipeline/index.d.ts +3 -3
package/dist/pipeline/index.d.ts.map +1 -1
package/dist/pipeline/index.js +192 -64
package/dist/pipeline/index.js.map +1 -1
package/dist/pipeline/modes/incremental.d.ts.map +1 -1
package/dist/pipeline/modes/incremental.js +2 -7
package/dist/pipeline/modes/incremental.js.map +1 -1
package/dist/postprocess/dedup.d.ts +5 -2
package/dist/postprocess/dedup.d.ts.map +1 -1
package/dist/postprocess/dedup.js +47 -16
package/dist/postprocess/dedup.js.map +1 -1
package/dist/report/build-result.d.ts +9 -4
package/dist/report/build-result.d.ts.map +1 -1
package/dist/report/build-result.js +15 -4
package/dist/report/build-result.js.map +1 -1
package/dist/report/formatters/cli-terminal.d.ts +1 -1
package/dist/report/formatters/cli-terminal.d.ts.map +1 -1
package/dist/report/formatters/cli-terminal.js +434 -231
package/dist/report/formatters/cli-terminal.js.map +1 -1
package/dist/report/sanitize.d.ts +10 -0
package/dist/report/sanitize.d.ts.map +1 -0
package/dist/report/sanitize.js +19 -0
package/dist/report/sanitize.js.map +1 -0
package/dist/score/adjustments.d.ts +20 -2
package/dist/score/adjustments.d.ts.map +1 -1
package/dist/score/adjustments.js +108 -37
package/dist/score/adjustments.js.map +1 -1
package/dist/score/confidence.d.ts +6 -0
package/dist/score/confidence.d.ts.map +1 -1
package/dist/score/confidence.js +10 -4
package/dist/score/confidence.js.map +1 -1
package/dist/score/evidence.d.ts +25 -0
package/dist/score/evidence.d.ts.map +1 -0
package/dist/score/evidence.js +51 -0
package/dist/score/evidence.js.map +1 -0
package/dist/score/index.d.ts +3 -1
package/dist/score/index.d.ts.map +1 -1
package/dist/score/index.js +25 -50
package/dist/score/index.js.map +1 -1
package/dist/score/types.d.ts +5 -1
package/dist/score/types.d.ts.map +1 -1
package/dist/shared/category-filter.d.ts.map +1 -1
package/dist/shared/category-filter.js +12 -0
package/dist/shared/category-filter.js.map +1 -1
package/dist/shared/regex-utils.d.ts +3 -0
package/dist/shared/regex-utils.d.ts.map +1 -0
package/dist/shared/regex-utils.js +8 -0
package/dist/shared/regex-utils.js.map +1 -0
package/dist/shared/registry-clients.d.ts +7 -0
package/dist/shared/registry-clients.d.ts.map +1 -1
package/dist/shared/registry-clients.js +94 -17
package/dist/shared/registry-clients.js.map +1 -1
package/dist/shared/rules/metadata.d.ts.map +1 -1
package/dist/shared/rules/metadata.js +17 -0
package/dist/shared/rules/metadata.js.map +1 -1
package/dist/shared/types.d.ts +59 -15
package/dist/shared/types.d.ts.map +1 -1
package/dist/shared/types.js +38 -21
package/dist/shared/types.js.map +1 -1
package/dist/taint/async-flow.d.ts +44 -0
package/dist/taint/async-flow.d.ts.map +1 -0
package/dist/taint/async-flow.js +271 -0
package/dist/taint/async-flow.js.map +1 -0
package/dist/taint/cfg-builder.d.ts +35 -0
package/dist/taint/cfg-builder.d.ts.map +1 -0
package/dist/taint/cfg-builder.js +980 -0
package/dist/taint/cfg-builder.js.map +1 -0
package/dist/taint/cfg-types.d.ts +76 -0
package/dist/taint/cfg-types.d.ts.map +1 -0
package/dist/taint/cfg-types.js +13 -0
package/dist/taint/cfg-types.js.map +1 -0
package/dist/taint/constant-propagation.d.ts +34 -0
package/dist/taint/constant-propagation.d.ts.map +1 -0
package/dist/taint/constant-propagation.js +164 -0
package/dist/taint/constant-propagation.js.map +1 -0
package/dist/taint/cross-file-analyzer.d.ts +27 -0
package/dist/taint/cross-file-analyzer.d.ts.map +1 -0
package/dist/taint/cross-file-analyzer.js +99 -0
package/dist/taint/cross-file-analyzer.js.map +1 -0
package/dist/taint/cross-file-index.d.ts +59 -0
package/dist/taint/cross-file-index.d.ts.map +1 -0
package/dist/taint/cross-file-index.js +183 -0
package/dist/taint/cross-file-index.js.map +1 -0
package/dist/taint/def-use.d.ts +27 -0
package/dist/taint/def-use.d.ts.map +1 -0
package/dist/taint/def-use.js +519 -0
package/dist/taint/def-use.js.map +1 -0
package/dist/taint/file-analysis-cache.d.ts +47 -0
package/dist/taint/file-analysis-cache.d.ts.map +1 -0
package/dist/taint/file-analysis-cache.js +107 -0
package/dist/taint/file-analysis-cache.js.map +1 -0
package/dist/taint/framework-models.d.ts +77 -0
package/dist/taint/framework-models.d.ts.map +1 -0
package/dist/taint/framework-models.js +258 -0
package/dist/taint/framework-models.js.map +1 -0
package/dist/taint/helpers.d.ts +31 -0
package/dist/taint/helpers.d.ts.map +1 -0
package/dist/taint/helpers.js +130 -0
package/dist/taint/helpers.js.map +1 -0
package/dist/taint/index.d.ts +28 -0
package/dist/taint/index.d.ts.map +1 -0
package/dist/taint/index.js +77 -0
package/dist/taint/index.js.map +1 -0
package/dist/taint/llm-registry.d.ts +47 -0
package/dist/taint/llm-registry.d.ts.map +1 -0
package/dist/taint/llm-registry.js +152 -0
package/dist/taint/llm-registry.js.map +1 -0
package/dist/taint/llm-risk-scoring.d.ts +54 -0
package/dist/taint/llm-risk-scoring.d.ts.map +1 -0
package/dist/taint/llm-risk-scoring.js +376 -0
package/dist/taint/llm-risk-scoring.js.map +1 -0
package/dist/taint/propagation-types.d.ts +104 -0
package/dist/taint/propagation-types.d.ts.map +1 -0
package/dist/taint/propagation-types.js +98 -0
package/dist/taint/propagation-types.js.map +1 -0
package/dist/taint/propagation.d.ts +111 -0
package/dist/taint/propagation.d.ts.map +1 -0
package/dist/taint/propagation.js +1576 -0
package/dist/taint/propagation.js.map +1 -0
package/dist/taint/sanitizer-registry.d.ts +26 -0
package/dist/taint/sanitizer-registry.d.ts.map +1 -0
package/dist/taint/sanitizer-registry.js +422 -0
package/dist/taint/sanitizer-registry.js.map +1 -0
package/dist/taint/sink-classifier.d.ts +27 -0
package/dist/taint/sink-classifier.d.ts.map +1 -0
package/dist/taint/sink-classifier.js +1166 -0
package/dist/taint/sink-classifier.js.map +1 -0
package/dist/taint/source-classifier.d.ts +29 -0
package/dist/taint/source-classifier.d.ts.map +1 -0
package/dist/taint/source-classifier.js +814 -0
package/dist/taint/source-classifier.js.map +1 -0
package/dist/taint/taint-analyzer.d.ts +33 -0
package/dist/taint/taint-analyzer.d.ts.map +1 -0
package/dist/taint/taint-analyzer.js +88 -0
package/dist/taint/taint-analyzer.js.map +1 -0
package/dist/taint/taint-summary.d.ts +37 -0
package/dist/taint/taint-summary.d.ts.map +1 -0
package/dist/taint/taint-summary.js +293 -0
package/dist/taint/taint-summary.js.map +1 -0
package/dist/taint/types.d.ts +47 -0
package/dist/taint/types.d.ts.map +1 -0
package/dist/taint/types.js +19 -0
package/dist/taint/types.js.map +1 -0
package/dist/validate/clients.d.ts +2 -1
package/dist/validate/clients.d.ts.map +1 -1
package/dist/validate/clients.js +3 -2
package/dist/validate/clients.js.map +1 -1
package/dist/validate/index.d.ts +5 -6
package/dist/validate/index.d.ts.map +1 -1
package/dist/validate/index.js +22 -21
package/dist/validate/index.js.map +1 -1
package/dist/validate/prompts/modules/ai-patterns.d.ts +1 -1
package/dist/validate/prompts/modules/ai-patterns.d.ts.map +1 -1
package/dist/validate/prompts/modules/ai-patterns.js +16 -0
package/dist/validate/prompts/modules/ai-patterns.js.map +1 -1
package/dist/validate/prompts/modules/common.d.ts +1 -1
package/dist/validate/prompts/modules/common.d.ts.map +1 -1
package/dist/validate/prompts/modules/common.js +12 -3
package/dist/validate/prompts/modules/common.js.map +1 -1
package/dist/validate/providers/anthropic.d.ts +4 -4
package/dist/validate/providers/anthropic.d.ts.map +1 -1
package/dist/validate/providers/anthropic.js +85 -58
package/dist/validate/providers/anthropic.js.map +1 -1
package/dist/validate/providers/openai.d.ts +4 -4
package/dist/validate/providers/openai.d.ts.map +1 -1
package/dist/validate/providers/openai.js +149 -99
package/dist/validate/providers/openai.js.map +1 -1
package/dist/validate/request-builder.d.ts +2 -8
package/dist/validate/request-builder.d.ts.map +1 -1
package/dist/validate/request-builder.js +4 -34
package/dist/validate/request-builder.js.map +1 -1
package/dist/validate/types.d.ts +9 -0
package/dist/validate/types.d.ts.map +1 -1
package/dist/validate/types.js.map +1 -1
package/dist/validate/utils/path-helpers.js +2 -2
package/dist/validate/utils/path-helpers.js.map +1 -1
package/dist/validate/utils/response-parser.d.ts +10 -0
package/dist/validate/utils/response-parser.d.ts.map +1 -1
package/dist/validate/utils/response-parser.js +21 -2
package/dist/validate/utils/response-parser.js.map +1 -1
package/dist/validate/utils/retry.d.ts.map +1 -1
package/dist/validate/utils/retry.js +19 -4
package/dist/validate/utils/retry.js.map +1 -1
package/package.json +7 -4
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1 -1
package/src/__tests__/benchmark/planted-benchmark.test.ts +337 -0
package/src/__tests__/benchmark/utils/test-runner.ts +38 -4
package/src/__tests__/category-filter.test.ts +5 -1
package/src/__tests__/context-engine/route-discovery/python.test.ts +726 -0
package/src/__tests__/detect/ast-rules.test.ts +1043 -0
package/src/__tests__/detect/offline-mode.test.ts +147 -0
package/src/__tests__/detect/python-ast-rules.test.ts +569 -0
package/src/__tests__/detect/python-helpers.test.ts +536 -0
package/src/__tests__/detect/python-sast-rules.test.ts +453 -0
package/src/__tests__/detect/rules-file-backdoor-decoders.test.ts +151 -0
package/src/__tests__/detect/rules-file-backdoor.test.ts +284 -0
package/src/__tests__/detect/taint-fix-templates.test.ts +150 -0
package/src/__tests__/detect/taint-path-serialization.test.ts +170 -0
package/src/__tests__/parse/call-graph.test.ts +300 -0
package/src/__tests__/parse/python-parser.test.ts +274 -0
package/src/__tests__/regression/known-false-positives.test.ts +491 -9
package/src/__tests__/regression/rules-file-backdoor.test.ts +137 -0
package/src/__tests__/score/adjustments.test.ts +34 -16
package/src/__tests__/score/confidence.test.ts +84 -57
package/src/__tests__/score/evidence-scoring.test.ts +249 -0
package/src/__tests__/score/evidence.test.ts +144 -0
package/src/__tests__/score/scoring-integration.test.ts +56 -34
package/src/__tests__/score/taint-adjustments.test.ts +14 -228
package/src/__tests__/snapshots/__snapshots__/scan-depth.test.ts.snap +65 -59
package/src/__tests__/snapshots/scan-depth.test.ts +39 -7
package/src/__tests__/taint/async-flow.test.ts +247 -0
package/src/__tests__/taint/cfg-builder.test.ts +835 -0
package/src/__tests__/taint/constant-propagation.test.ts +302 -0
package/src/__tests__/taint/cross-file-index.test.ts +683 -0
package/src/__tests__/taint/cross-file-integration.test.ts +275 -0
package/src/__tests__/taint/cross-file-propagation.test.ts +910 -0
package/src/__tests__/taint/def-use.test.ts +132 -0
package/src/__tests__/taint/field-sensitive-sinks.test.ts +179 -0
package/src/__tests__/taint/field-sensitivity.test.ts +342 -0
package/src/__tests__/taint/file-analysis-cache.test.ts +290 -0
package/src/__tests__/taint/framework-models.test.ts +227 -0
package/src/__tests__/taint/llm-flow-graph.test.ts +850 -0
package/src/__tests__/taint/llm-risk-scoring.test.ts +439 -0
package/src/__tests__/taint/performance-parity.test.ts +315 -0
package/src/__tests__/taint/propagation.test.ts +621 -0
package/src/__tests__/taint/python-cross-file.test.ts +494 -0
package/src/__tests__/taint/python-taint.test.ts +1344 -0
package/src/__tests__/taint/sanitizer-registry.test.ts +304 -0
package/src/__tests__/taint/sanitizer-regression.test.ts +111 -0
package/src/__tests__/taint/sink-classifier.test.ts +537 -0
package/src/__tests__/taint/source-classifier.test.ts +367 -0
package/src/__tests__/taint/taint-pipeline.test.ts +418 -0
package/src/__tests__/taint/taint-smoke.test.ts +400 -0
package/src/__tests__/taint/taint-summary.test.ts +472 -0
package/src/detect/ai-code/index.ts +6 -11
package/src/detect/ast-rules/agent-tools-ast.ts +861 -0
package/src/detect/ast-rules/ai-fingerprinting-ast.ts +451 -0
package/src/detect/ast-rules/auth-patterns-ast.ts +304 -0
package/src/detect/ast-rules/byok-ast.ts +195 -0
package/src/detect/ast-rules/child-process-ast.ts +276 -0
package/src/detect/ast-rules/dangerous-eval-ast.ts +227 -0
package/src/detect/ast-rules/data-exposure-ast.ts +162 -0
package/src/detect/ast-rules/dom-xss-ast.ts +260 -0
package/src/detect/ast-rules/endpoint-protection-ast.ts +231 -0
package/src/detect/ast-rules/entropy-ast.ts +268 -0
package/src/detect/ast-rules/flask-debug-ast.ts +148 -0
package/src/detect/ast-rules/framework-checks-ast.ts +200 -0
package/src/detect/ast-rules/helpers/call-analysis.ts +256 -0
package/src/detect/ast-rules/helpers/context-detection.ts +277 -0
package/src/detect/ast-rules/helpers/control-flow.ts +179 -0
package/src/detect/ast-rules/helpers/import-analysis.ts +185 -0
package/src/detect/ast-rules/helpers/index.ts +133 -0
package/src/detect/ast-rules/helpers/python-helpers.ts +1054 -0
package/src/detect/ast-rules/helpers/scope-analysis.ts +224 -0
package/src/detect/ast-rules/helpers/string-analysis.ts +215 -0
package/src/detect/ast-rules/helpers/type-extraction.ts +138 -0
package/src/detect/ast-rules/helpers/user-input.ts +256 -0
package/src/detect/ast-rules/index.ts +311 -0
package/src/detect/ast-rules/json-parse-ast.ts +162 -0
package/src/detect/ast-rules/log-injection-ast.ts +243 -0
package/src/detect/ast-rules/logic-gates-ast.ts +343 -0
package/src/detect/ast-rules/mcp-security-ast.ts +808 -0
package/src/detect/ast-rules/model-supply-chain-ast.ts +202 -0
package/src/detect/ast-rules/package-hallucination-ast.ts +664 -0
package/src/detect/ast-rules/prompt-hygiene-ast.ts +329 -0
package/src/detect/ast-rules/rag-safety-ast.ts +689 -0
package/src/detect/ast-rules/request-validation-ast.ts +122 -0
package/src/detect/ast-rules/risky-imports-ast.ts +133 -0
package/src/detect/ast-rules/schema-validation-ast.ts +244 -0
package/src/detect/ast-rules/secret-patterns-ast.ts +223 -0
package/src/detect/ast-rules/security-headers-ast.ts +206 -0
package/src/detect/ast-rules/sql-injection-ast.ts +614 -0
package/src/detect/ast-rules/ssrf-ast.ts +601 -0
package/src/detect/ast-rules/taint-fix-templates.ts +108 -0
package/src/detect/ast-rules/taint-flow-ast.ts +416 -0
package/src/detect/ast-rules/variables-ast.ts +446 -0
package/src/detect/ast-rules/weak-crypto-ast.ts +441 -0
package/src/detect/ast-rules/xxe-ast.ts +184 -0
package/src/detect/config/agent-skill-injection.ts +2 -24
package/src/detect/config/index.ts +1 -0
package/src/detect/config/osv-check.ts +6 -1
package/src/detect/config/package-check.ts +6 -1
package/src/detect/config/rules-file-backdoor.ts +438 -0
package/src/detect/index.ts +146 -52
package/src/detect/secrets/config-audit.ts +37 -3
package/src/detect/secrets/entropy.ts +195 -0
package/src/detect/secrets/index.ts +7 -16
package/src/detect/structural/index.ts +23 -566
package/src/index.ts +7 -0
package/src/model/auth-helper-detector.ts +1 -7
package/src/model/import-resolver.ts +104 -0
package/src/model/imported-auth-detector.ts +1 -1
package/src/model/index.ts +240 -80
package/src/model/module-graph.ts +17 -5
package/src/model/project-context.ts +28 -1
package/src/model/route-auth-resolver.ts +18 -3
package/src/model/route-discovery/index.ts +1 -1
package/src/model/route-discovery/nextjs.ts +1 -1
package/src/model/route-discovery/python.ts +156 -9
package/src/model/route-discovery/types.ts +1 -1
package/src/model/route-discovery/utils.ts +73 -0
package/src/model/taint-types.ts +1 -6
package/src/parse/ast.ts +271 -0
package/src/parse/call-graph.ts +419 -0
package/src/parse/file-classifier.ts +69 -15
package/src/parse/node-index.ts +118 -0
package/src/parse/type-extractor.ts +293 -0
package/src/pipeline/config.ts +7 -0
package/src/pipeline/index.ts +464 -199
package/src/pipeline/modes/incremental.ts +1 -7
package/src/postprocess/dedup.ts +48 -17
package/src/report/build-result.ts +57 -29
package/src/report/formatters/cli-terminal.ts +731 -415
package/src/report/sanitize.ts +27 -0
package/src/score/adjustments.ts +113 -40
package/src/score/confidence.ts +10 -5
package/src/score/evidence.ts +55 -0
package/src/score/index.ts +27 -55
package/src/score/types.ts +4 -0
package/src/shared/category-filter.ts +12 -0
package/src/shared/regex-utils.ts +4 -0
package/src/shared/registry-clients.ts +106 -18
package/src/shared/rules/__tests__/metadata.test.ts +5 -1
package/src/shared/rules/metadata.ts +19 -0
package/src/shared/types.ts +372 -253
package/src/taint/async-flow.ts +301 -0
package/src/taint/cfg-builder.ts +1127 -0
package/src/taint/cfg-types.ts +110 -0
package/src/taint/constant-propagation.ts +170 -0
package/src/taint/cross-file-analyzer.ts +118 -0
package/src/taint/cross-file-index.ts +275 -0
package/src/taint/def-use.ts +556 -0
package/src/taint/file-analysis-cache.ts +145 -0
package/src/taint/framework-models.ts +313 -0
package/src/taint/helpers.ts +138 -0
package/src/taint/index.ts +71 -0
package/src/taint/llm-registry.ts +174 -0
package/src/taint/llm-risk-scoring.ts +412 -0
package/src/taint/propagation-types.ts +188 -0
package/src/taint/propagation.ts +1750 -0
package/src/taint/sanitizer-registry.ts +490 -0
package/src/taint/sink-classifier.ts +1402 -0
package/src/taint/source-classifier.ts +859 -0
package/src/taint/taint-analyzer.ts +112 -0
package/src/taint/taint-summary.ts +341 -0
package/src/taint/types.ts +86 -0
package/src/validate/clients.ts +3 -2
package/src/validate/index.ts +89 -53
package/src/validate/prompts/modules/ai-patterns.ts +16 -0
package/src/validate/prompts/modules/common.ts +12 -3
package/src/validate/providers/anthropic.ts +254 -148
package/src/validate/providers/openai.ts +363 -218
package/src/validate/request-builder.ts +2 -45
package/src/validate/types.ts +9 -0
package/src/validate/utils/path-helpers.ts +2 -2
package/src/validate/utils/response-parser.ts +32 -3
package/src/validate/utils/retry.ts +19 -4
package/dist/ai-context/index.d.ts +0 -6
package/dist/ai-context/index.d.ts.map +0 -1
package/dist/ai-context/index.js +0 -13
package/dist/ai-context/index.js.map +0 -1
package/dist/ai-context/manager.d.ts +0 -67
package/dist/ai-context/manager.d.ts.map +0 -1
package/dist/ai-context/manager.js +0 -104
package/dist/ai-context/manager.js.map +0 -1
package/dist/baseline/diff.d.ts +0 -32
package/dist/baseline/diff.d.ts.map +0 -1
package/dist/baseline/diff.js +0 -119
package/dist/baseline/diff.js.map +0 -1
package/dist/baseline/index.d.ts +0 -9
package/dist/baseline/index.d.ts.map +0 -1
package/dist/baseline/index.js +0 -19
package/dist/baseline/index.js.map +0 -1
package/dist/baseline/manager.d.ts +0 -67
package/dist/baseline/manager.d.ts.map +0 -1
package/dist/baseline/manager.js +0 -180
package/dist/baseline/manager.js.map +0 -1
package/dist/baseline/types.d.ts +0 -91
package/dist/baseline/types.d.ts.map +0 -1
package/dist/baseline/types.js +0 -12
package/dist/baseline/types.js.map +0 -1
package/dist/category-filter.d.ts +0 -125
package/dist/category-filter.d.ts.map +0 -1
package/dist/category-filter.js +0 -360
package/dist/category-filter.js.map +0 -1
package/dist/detect/ai-code/agent-tools.d.ts +0 -22
package/dist/detect/ai-code/agent-tools.d.ts.map +0 -1
package/dist/detect/ai-code/agent-tools.js +0 -1509
package/dist/detect/ai-code/agent-tools.js.map +0 -1
package/dist/detect/ai-code/byok-patterns.d.ts +0 -15
package/dist/detect/ai-code/byok-patterns.d.ts.map +0 -1
package/dist/detect/ai-code/byok-patterns.js +0 -313
package/dist/detect/ai-code/byok-patterns.js.map +0 -1
package/dist/detect/ai-code/endpoint-protection.d.ts +0 -38
package/dist/detect/ai-code/endpoint-protection.d.ts.map +0 -1
package/dist/detect/ai-code/endpoint-protection.js +0 -349
package/dist/detect/ai-code/endpoint-protection.js.map +0 -1
package/dist/detect/ai-code/execution-sinks.d.ts +0 -21
package/dist/detect/ai-code/execution-sinks.d.ts.map +0 -1
package/dist/detect/ai-code/execution-sinks.js +0 -1158
package/dist/detect/ai-code/execution-sinks.js.map +0 -1
package/dist/detect/ai-code/fingerprinting.d.ts +0 -10
package/dist/detect/ai-code/fingerprinting.d.ts.map +0 -1
package/dist/detect/ai-code/fingerprinting.js +0 -665
package/dist/detect/ai-code/fingerprinting.js.map +0 -1
package/dist/detect/ai-code/mcp-security.d.ts +0 -20
package/dist/detect/ai-code/mcp-security.d.ts.map +0 -1
package/dist/detect/ai-code/mcp-security.js +0 -880
package/dist/detect/ai-code/mcp-security.js.map +0 -1
package/dist/detect/ai-code/model-supply-chain.d.ts +0 -23
package/dist/detect/ai-code/model-supply-chain.d.ts.map +0 -1
package/dist/detect/ai-code/model-supply-chain.js +0 -447
package/dist/detect/ai-code/model-supply-chain.js.map +0 -1
package/dist/detect/ai-code/package-hallucination.d.ts +0 -22
package/dist/detect/ai-code/package-hallucination.d.ts.map +0 -1
package/dist/detect/ai-code/package-hallucination.js +0 -841
package/dist/detect/ai-code/package-hallucination.js.map +0 -1
package/dist/detect/ai-code/prompt-hygiene.d.ts +0 -22
package/dist/detect/ai-code/prompt-hygiene.d.ts.map +0 -1
package/dist/detect/ai-code/prompt-hygiene.js +0 -1177
package/dist/detect/ai-code/prompt-hygiene.js.map +0 -1
package/dist/detect/ai-code/rag-safety.d.ts +0 -24
package/dist/detect/ai-code/rag-safety.d.ts.map +0 -1
package/dist/detect/ai-code/rag-safety.js +0 -913
package/dist/detect/ai-code/rag-safety.js.map +0 -1
package/dist/detect/ai-code/schema-validation.d.ts +0 -28
package/dist/detect/ai-code/schema-validation.d.ts.map +0 -1
package/dist/detect/ai-code/schema-validation.js +0 -378
package/dist/detect/ai-code/schema-validation.js.map +0 -1
package/dist/detect/secrets/patterns.d.ts +0 -11
package/dist/detect/secrets/patterns.d.ts.map +0 -1
package/dist/detect/secrets/patterns.js +0 -518
package/dist/detect/secrets/patterns.js.map +0 -1
package/dist/detect/secrets/weak-crypto.d.ts +0 -10
package/dist/detect/secrets/weak-crypto.d.ts.map +0 -1
package/dist/detect/secrets/weak-crypto.js +0 -432
package/dist/detect/secrets/weak-crypto.js.map +0 -1
package/dist/detect/structural/auth-patterns.d.ts +0 -22
package/dist/detect/structural/auth-patterns.d.ts.map +0 -1
package/dist/detect/structural/auth-patterns.js +0 -533
package/dist/detect/structural/auth-patterns.js.map +0 -1
package/dist/detect/structural/dangerous-functions/child-process.d.ts +0 -16
package/dist/detect/structural/dangerous-functions/child-process.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/child-process.js +0 -74
package/dist/detect/structural/dangerous-functions/child-process.js.map +0 -1
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts +0 -34
package/dist/detect/structural/dangerous-functions/dom-xss.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/dom-xss.js +0 -230
package/dist/detect/structural/dangerous-functions/dom-xss.js.map +0 -1
package/dist/detect/structural/dangerous-functions/index.d.ts +0 -16
package/dist/detect/structural/dangerous-functions/index.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/index.js +0 -1193
package/dist/detect/structural/dangerous-functions/index.js.map +0 -1
package/dist/detect/structural/dangerous-functions/json-parse.d.ts +0 -31
package/dist/detect/structural/dangerous-functions/json-parse.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/json-parse.js +0 -326
package/dist/detect/structural/dangerous-functions/json-parse.js.map +0 -1
package/dist/detect/structural/dangerous-functions/math-random.d.ts +0 -111
package/dist/detect/structural/dangerous-functions/math-random.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/math-random.js +0 -684
package/dist/detect/structural/dangerous-functions/math-random.js.map +0 -1
package/dist/detect/structural/dangerous-functions/patterns.d.ts +0 -21
package/dist/detect/structural/dangerous-functions/patterns.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/patterns.js +0 -163
package/dist/detect/structural/dangerous-functions/patterns.js.map +0 -1
package/dist/detect/structural/dangerous-functions/request-validation.d.ts +0 -13
package/dist/detect/structural/dangerous-functions/request-validation.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/request-validation.js +0 -126
package/dist/detect/structural/dangerous-functions/request-validation.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts +0 -24
package/dist/detect/structural/dangerous-functions/utils/control-flow.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/control-flow.js +0 -70
package/dist/detect/structural/dangerous-functions/utils/control-flow.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts +0 -31
package/dist/detect/structural/dangerous-functions/utils/helpers.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/helpers.js +0 -147
package/dist/detect/structural/dangerous-functions/utils/helpers.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/index.d.ts +0 -9
package/dist/detect/structural/dangerous-functions/utils/index.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/index.js +0 -23
package/dist/detect/structural/dangerous-functions/utils/index.js.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts +0 -22
package/dist/detect/structural/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js +0 -102
package/dist/detect/structural/dangerous-functions/utils/schema-validation.js.map +0 -1
package/dist/detect/structural/data-exposure.d.ts +0 -19
package/dist/detect/structural/data-exposure.d.ts.map +0 -1
package/dist/detect/structural/data-exposure.js +0 -262
package/dist/detect/structural/data-exposure.js.map +0 -1
package/dist/detect/structural/framework-checks.d.ts +0 -10
package/dist/detect/structural/framework-checks.d.ts.map +0 -1
package/dist/detect/structural/framework-checks.js +0 -389
package/dist/detect/structural/framework-checks.js.map +0 -1
package/dist/detect/structural/log-injection.d.ts +0 -18
package/dist/detect/structural/log-injection.d.ts.map +0 -1
package/dist/detect/structural/log-injection.js +0 -217
package/dist/detect/structural/log-injection.js.map +0 -1
package/dist/detect/structural/logic-gates.d.ts +0 -10
package/dist/detect/structural/logic-gates.d.ts.map +0 -1
package/dist/detect/structural/logic-gates.js +0 -227
package/dist/detect/structural/logic-gates.js.map +0 -1
package/dist/detect/structural/risky-imports.d.ts +0 -10
package/dist/detect/structural/risky-imports.d.ts.map +0 -1
package/dist/detect/structural/risky-imports.js +0 -168
package/dist/detect/structural/risky-imports.js.map +0 -1
package/dist/detect/structural/security-headers.d.ts +0 -18
package/dist/detect/structural/security-headers.d.ts.map +0 -1
package/dist/detect/structural/security-headers.js +0 -196
package/dist/detect/structural/security-headers.js.map +0 -1
package/dist/detect/structural/ssrf-detection.d.ts +0 -18
package/dist/detect/structural/ssrf-detection.d.ts.map +0 -1
package/dist/detect/structural/ssrf-detection.js +0 -263
package/dist/detect/structural/ssrf-detection.js.map +0 -1
package/dist/detect/structural/variables.d.ts +0 -11
package/dist/detect/structural/variables.d.ts.map +0 -1
package/dist/detect/structural/variables.js +0 -159
package/dist/detect/structural/variables.js.map +0 -1
package/dist/detect/structural/xxe-detection.d.ts +0 -18
package/dist/detect/structural/xxe-detection.d.ts.map +0 -1
package/dist/detect/structural/xxe-detection.js +0 -245
package/dist/detect/structural/xxe-detection.js.map +0 -1
package/dist/filtering/context-adjustments.d.ts +0 -23
package/dist/filtering/context-adjustments.d.ts.map +0 -1
package/dist/filtering/context-adjustments.js +0 -100
package/dist/filtering/context-adjustments.js.map +0 -1
package/dist/filtering/index.d.ts +0 -3
package/dist/filtering/index.d.ts.map +0 -1
package/dist/filtering/index.js +0 -8
package/dist/filtering/index.js.map +0 -1
package/dist/filtering/pipeline.d.ts +0 -48
package/dist/filtering/pipeline.d.ts.map +0 -1
package/dist/filtering/pipeline.js +0 -76
package/dist/filtering/pipeline.js.map +0 -1
package/dist/formatters/ai-context.d.ts +0 -23
package/dist/formatters/ai-context.d.ts.map +0 -1
package/dist/formatters/ai-context.js +0 -238
package/dist/formatters/ai-context.js.map +0 -1
package/dist/formatters/cli-terminal.d.ts +0 -65
package/dist/formatters/cli-terminal.d.ts.map +0 -1
package/dist/formatters/cli-terminal.js +0 -735
package/dist/formatters/cli-terminal.js.map +0 -1
package/dist/formatters/github-comment.d.ts +0 -41
package/dist/formatters/github-comment.d.ts.map +0 -1
package/dist/formatters/github-comment.js +0 -370
package/dist/formatters/github-comment.js.map +0 -1
package/dist/formatters/grouping.d.ts +0 -52
package/dist/formatters/grouping.d.ts.map +0 -1
package/dist/formatters/grouping.js +0 -152
package/dist/formatters/grouping.js.map +0 -1
package/dist/formatters/ide/claude-code.d.ts +0 -17
package/dist/formatters/ide/claude-code.d.ts.map +0 -1
package/dist/formatters/ide/claude-code.js +0 -94
package/dist/formatters/ide/claude-code.js.map +0 -1
package/dist/formatters/ide/cursor.d.ts +0 -13
package/dist/formatters/ide/cursor.d.ts.map +0 -1
package/dist/formatters/ide/cursor.js +0 -125
package/dist/formatters/ide/cursor.js.map +0 -1
package/dist/formatters/ide/index.d.ts +0 -62
package/dist/formatters/ide/index.d.ts.map +0 -1
package/dist/formatters/ide/index.js +0 -184
package/dist/formatters/ide/index.js.map +0 -1
package/dist/formatters/ide/windsurf.d.ts +0 -13
package/dist/formatters/ide/windsurf.d.ts.map +0 -1
package/dist/formatters/ide/windsurf.js +0 -117
package/dist/formatters/ide/windsurf.js.map +0 -1
package/dist/formatters/index.d.ts +0 -11
package/dist/formatters/index.d.ts.map +0 -1
package/dist/formatters/index.js +0 -54
package/dist/formatters/index.js.map +0 -1
package/dist/formatters/vscode-diagnostic.d.ts +0 -103
package/dist/formatters/vscode-diagnostic.d.ts.map +0 -1
package/dist/formatters/vscode-diagnostic.js +0 -151
package/dist/formatters/vscode-diagnostic.js.map +0 -1
package/dist/layer1/comments.d.ts +0 -11
package/dist/layer1/comments.d.ts.map +0 -1
package/dist/layer1/comments.js +0 -203
package/dist/layer1/comments.js.map +0 -1
package/dist/layer1/config-audit.d.ts +0 -11
package/dist/layer1/config-audit.d.ts.map +0 -1
package/dist/layer1/config-audit.js +0 -311
package/dist/layer1/config-audit.js.map +0 -1
package/dist/layer1/config-mcp-audit.d.ts +0 -23
package/dist/layer1/config-mcp-audit.d.ts.map +0 -1
package/dist/layer1/config-mcp-audit.js +0 -239
package/dist/layer1/config-mcp-audit.js.map +0 -1
package/dist/layer1/entropy.d.ts +0 -11
package/dist/layer1/entropy.d.ts.map +0 -1
package/dist/layer1/entropy.js +0 -741
package/dist/layer1/entropy.js.map +0 -1
package/dist/layer1/file-flags.d.ts +0 -10
package/dist/layer1/file-flags.d.ts.map +0 -1
package/dist/layer1/file-flags.js +0 -119
package/dist/layer1/file-flags.js.map +0 -1
package/dist/layer1/index.d.ts +0 -38
package/dist/layer1/index.d.ts.map +0 -1
package/dist/layer1/index.js +0 -170
package/dist/layer1/index.js.map +0 -1
package/dist/layer1/patterns.d.ts +0 -11
package/dist/layer1/patterns.d.ts.map +0 -1
package/dist/layer1/patterns.js +0 -512
package/dist/layer1/patterns.js.map +0 -1
package/dist/layer1/urls.d.ts +0 -11
package/dist/layer1/urls.d.ts.map +0 -1
package/dist/layer1/urls.js +0 -444
package/dist/layer1/urls.js.map +0 -1
package/dist/layer1/weak-crypto.d.ts +0 -10
package/dist/layer1/weak-crypto.d.ts.map +0 -1
package/dist/layer1/weak-crypto.js +0 -428
package/dist/layer1/weak-crypto.js.map +0 -1
package/dist/layer2/ai-agent-tools.d.ts +0 -22
package/dist/layer2/ai-agent-tools.d.ts.map +0 -1
package/dist/layer2/ai-agent-tools.js +0 -1490
package/dist/layer2/ai-agent-tools.js.map +0 -1
package/dist/layer2/ai-endpoint-protection.d.ts +0 -38
package/dist/layer2/ai-endpoint-protection.d.ts.map +0 -1
package/dist/layer2/ai-endpoint-protection.js +0 -346
package/dist/layer2/ai-endpoint-protection.js.map +0 -1
package/dist/layer2/ai-execution-sinks.d.ts +0 -21
package/dist/layer2/ai-execution-sinks.d.ts.map +0 -1
package/dist/layer2/ai-execution-sinks.js +0 -1155
package/dist/layer2/ai-execution-sinks.js.map +0 -1
package/dist/layer2/ai-fingerprinting.d.ts +0 -10
package/dist/layer2/ai-fingerprinting.d.ts.map +0 -1
package/dist/layer2/ai-fingerprinting.js +0 -650
package/dist/layer2/ai-fingerprinting.js.map +0 -1
package/dist/layer2/ai-mcp-security.d.ts +0 -20
package/dist/layer2/ai-mcp-security.d.ts.map +0 -1
package/dist/layer2/ai-mcp-security.js +0 -877
package/dist/layer2/ai-mcp-security.js.map +0 -1
package/dist/layer2/ai-package-hallucination.d.ts +0 -22
package/dist/layer2/ai-package-hallucination.d.ts.map +0 -1
package/dist/layer2/ai-package-hallucination.js +0 -828
package/dist/layer2/ai-package-hallucination.js.map +0 -1
package/dist/layer2/ai-prompt-hygiene.d.ts +0 -22
package/dist/layer2/ai-prompt-hygiene.d.ts.map +0 -1
package/dist/layer2/ai-prompt-hygiene.js +0 -1156
package/dist/layer2/ai-prompt-hygiene.js.map +0 -1
package/dist/layer2/ai-rag-safety.d.ts +0 -24
package/dist/layer2/ai-rag-safety.d.ts.map +0 -1
package/dist/layer2/ai-rag-safety.js +0 -910
package/dist/layer2/ai-rag-safety.js.map +0 -1
package/dist/layer2/ai-schema-validation.d.ts +0 -28
package/dist/layer2/ai-schema-validation.d.ts.map +0 -1
package/dist/layer2/ai-schema-validation.js +0 -375
package/dist/layer2/ai-schema-validation.js.map +0 -1
package/dist/layer2/auth-antipatterns.d.ts +0 -22
package/dist/layer2/auth-antipatterns.d.ts.map +0 -1
package/dist/layer2/auth-antipatterns.js +0 -522
package/dist/layer2/auth-antipatterns.js.map +0 -1
package/dist/layer2/byok-patterns.d.ts +0 -15
package/dist/layer2/byok-patterns.d.ts.map +0 -1
package/dist/layer2/byok-patterns.js +0 -302
package/dist/layer2/byok-patterns.js.map +0 -1
package/dist/layer2/dangerous-functions/child-process.d.ts +0 -16
package/dist/layer2/dangerous-functions/child-process.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/child-process.js +0 -74
package/dist/layer2/dangerous-functions/child-process.js.map +0 -1
package/dist/layer2/dangerous-functions/dom-xss.d.ts +0 -34
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/dom-xss.js +0 -230
package/dist/layer2/dangerous-functions/dom-xss.js.map +0 -1
package/dist/layer2/dangerous-functions/index.d.ts +0 -16
package/dist/layer2/dangerous-functions/index.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/index.js +0 -1152
package/dist/layer2/dangerous-functions/index.js.map +0 -1
package/dist/layer2/dangerous-functions/json-parse.d.ts +0 -31
package/dist/layer2/dangerous-functions/json-parse.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/json-parse.js +0 -319
package/dist/layer2/dangerous-functions/json-parse.js.map +0 -1
package/dist/layer2/dangerous-functions/math-random.d.ts +0 -111
package/dist/layer2/dangerous-functions/math-random.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/math-random.js +0 -684
package/dist/layer2/dangerous-functions/math-random.js.map +0 -1
package/dist/layer2/dangerous-functions/patterns.d.ts +0 -21
package/dist/layer2/dangerous-functions/patterns.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/patterns.js +0 -163
package/dist/layer2/dangerous-functions/patterns.js.map +0 -1
package/dist/layer2/dangerous-functions/request-validation.d.ts +0 -13
package/dist/layer2/dangerous-functions/request-validation.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/request-validation.js +0 -119
package/dist/layer2/dangerous-functions/request-validation.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +0 -24
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/control-flow.js +0 -70
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/helpers.d.ts +0 -31
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/helpers.js +0 -147
package/dist/layer2/dangerous-functions/utils/helpers.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/index.d.ts +0 -9
package/dist/layer2/dangerous-functions/utils/index.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/index.js +0 -23
package/dist/layer2/dangerous-functions/utils/index.js.map +0 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +0 -22
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +0 -1
package/dist/layer2/dangerous-functions/utils/schema-validation.js +0 -102
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +0 -1
package/dist/layer2/data-exposure.d.ts +0 -19
package/dist/layer2/data-exposure.d.ts.map +0 -1
package/dist/layer2/data-exposure.js +0 -255
package/dist/layer2/data-exposure.js.map +0 -1
package/dist/layer2/framework-checks.d.ts +0 -10
package/dist/layer2/framework-checks.d.ts.map +0 -1
package/dist/layer2/framework-checks.js +0 -384
package/dist/layer2/framework-checks.js.map +0 -1
package/dist/layer2/index.d.ts +0 -74
package/dist/layer2/index.d.ts.map +0 -1
package/dist/layer2/index.js +0 -544
package/dist/layer2/index.js.map +0 -1
package/dist/layer2/log-injection.d.ts +0 -18
package/dist/layer2/log-injection.d.ts.map +0 -1
package/dist/layer2/log-injection.js +0 -214
package/dist/layer2/log-injection.js.map +0 -1
package/dist/layer2/logic-gates.d.ts +0 -10
package/dist/layer2/logic-gates.d.ts.map +0 -1
package/dist/layer2/logic-gates.js +0 -220
package/dist/layer2/logic-gates.js.map +0 -1
package/dist/layer2/model-supply-chain.d.ts +0 -23
package/dist/layer2/model-supply-chain.d.ts.map +0 -1
package/dist/layer2/model-supply-chain.js +0 -444
package/dist/layer2/model-supply-chain.js.map +0 -1
package/dist/layer2/risky-imports.d.ts +0 -10
package/dist/layer2/risky-imports.d.ts.map +0 -1
package/dist/layer2/risky-imports.js +0 -165
package/dist/layer2/risky-imports.js.map +0 -1
package/dist/layer2/security-headers.d.ts +0 -18
package/dist/layer2/security-headers.d.ts.map +0 -1
package/dist/layer2/security-headers.js +0 -187
package/dist/layer2/security-headers.js.map +0 -1
package/dist/layer2/ssrf-detection.d.ts +0 -18
package/dist/layer2/ssrf-detection.d.ts.map +0 -1
package/dist/layer2/ssrf-detection.js +0 -252
package/dist/layer2/ssrf-detection.js.map +0 -1
package/dist/layer2/variables.d.ts +0 -11
package/dist/layer2/variables.d.ts.map +0 -1
package/dist/layer2/variables.js +0 -156
package/dist/layer2/variables.js.map +0 -1
package/dist/layer2/xxe-detection.d.ts +0 -18
package/dist/layer2/xxe-detection.d.ts.map +0 -1
package/dist/layer2/xxe-detection.js +0 -242
package/dist/layer2/xxe-detection.js.map +0 -1
package/dist/layer3/anthropic/auto-dismiss.d.ts +0 -24
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +0 -1
package/dist/layer3/anthropic/auto-dismiss.js +0 -199
package/dist/layer3/anthropic/auto-dismiss.js.map +0 -1
package/dist/layer3/anthropic/clients.d.ts +0 -44
package/dist/layer3/anthropic/clients.d.ts.map +0 -1
package/dist/layer3/anthropic/clients.js +0 -81
package/dist/layer3/anthropic/clients.js.map +0 -1
package/dist/layer3/anthropic/index.d.ts +0 -41
package/dist/layer3/anthropic/index.d.ts.map +0 -1
package/dist/layer3/anthropic/index.js +0 -141
package/dist/layer3/anthropic/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/index.d.ts +0 -8
package/dist/layer3/anthropic/prompts/index.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/index.js +0 -16
package/dist/layer3/anthropic/prompts/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts +0 -19
package/dist/layer3/anthropic/prompts/modules/ai-patterns.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js +0 -156
package/dist/layer3/anthropic/prompts/modules/ai-patterns.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts +0 -9
package/dist/layer3/anthropic/prompts/modules/auth-access.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/auth-access.js +0 -25
package/dist/layer3/anthropic/prompts/modules/auth-access.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/common.d.ts +0 -11
package/dist/layer3/anthropic/prompts/modules/common.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/common.js +0 -152
package/dist/layer3/anthropic/prompts/modules/common.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/index.d.ts +0 -54
package/dist/layer3/anthropic/prompts/modules/index.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/index.js +0 -185
package/dist/layer3/anthropic/prompts/modules/index.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/owasp-classic.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js +0 -84
package/dist/layer3/anthropic/prompts/modules/owasp-classic.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js +0 -68
package/dist/layer3/anthropic/prompts/modules/secrets-crypto.js.map +0 -1
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts +0 -8
package/dist/layer3/anthropic/prompts/modules/xss-prompt.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js +0 -22
package/dist/layer3/anthropic/prompts/modules/xss-prompt.js.map +0 -1
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +0 -15
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/semantic-analysis.js +0 -169
package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +0 -1
package/dist/layer3/anthropic/prompts/validation.d.ts +0 -18
package/dist/layer3/anthropic/prompts/validation.d.ts.map +0 -1
package/dist/layer3/anthropic/prompts/validation.js +0 -25
package/dist/layer3/anthropic/prompts/validation.js.map +0 -1
package/dist/layer3/anthropic/providers/anthropic.d.ts +0 -21
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/anthropic.js +0 -269
package/dist/layer3/anthropic/providers/anthropic.js.map +0 -1
package/dist/layer3/anthropic/providers/index.d.ts +0 -8
package/dist/layer3/anthropic/providers/index.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/index.js +0 -15
package/dist/layer3/anthropic/providers/index.js.map +0 -1
package/dist/layer3/anthropic/providers/openai.d.ts +0 -18
package/dist/layer3/anthropic/providers/openai.d.ts.map +0 -1
package/dist/layer3/anthropic/providers/openai.js +0 -343
package/dist/layer3/anthropic/providers/openai.js.map +0 -1
package/dist/layer3/anthropic/request-builder.d.ts +0 -27
package/dist/layer3/anthropic/request-builder.d.ts.map +0 -1
package/dist/layer3/anthropic/request-builder.js +0 -150
package/dist/layer3/anthropic/request-builder.js.map +0 -1
package/dist/layer3/anthropic/types.d.ts +0 -88
package/dist/layer3/anthropic/types.d.ts.map +0 -1
package/dist/layer3/anthropic/types.js +0 -38
package/dist/layer3/anthropic/types.js.map +0 -1
package/dist/layer3/anthropic/utils/context-extractor.d.ts +0 -55
package/dist/layer3/anthropic/utils/context-extractor.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/context-extractor.js +0 -161
package/dist/layer3/anthropic/utils/context-extractor.js.map +0 -1
package/dist/layer3/anthropic/utils/index.d.ts +0 -11
package/dist/layer3/anthropic/utils/index.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/index.js +0 -27
package/dist/layer3/anthropic/utils/index.js.map +0 -1
package/dist/layer3/anthropic/utils/path-helpers.d.ts +0 -21
package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/path-helpers.js +0 -69
package/dist/layer3/anthropic/utils/path-helpers.js.map +0 -1
package/dist/layer3/anthropic/utils/response-parser.d.ts +0 -40
package/dist/layer3/anthropic/utils/response-parser.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/response-parser.js +0 -285
package/dist/layer3/anthropic/utils/response-parser.js.map +0 -1
package/dist/layer3/anthropic/utils/retry.d.ts +0 -15
package/dist/layer3/anthropic/utils/retry.d.ts.map +0 -1
package/dist/layer3/anthropic/utils/retry.js +0 -62
package/dist/layer3/anthropic/utils/retry.js.map +0 -1
package/dist/layer3/index.d.ts +0 -27
package/dist/layer3/index.d.ts.map +0 -1
package/dist/layer3/index.js +0 -150
package/dist/layer3/index.js.map +0 -1
package/dist/layer3/osv-check.d.ts +0 -75
package/dist/layer3/osv-check.d.ts.map +0 -1
package/dist/layer3/osv-check.js +0 -308
package/dist/layer3/osv-check.js.map +0 -1
package/dist/layer3/package-check.d.ts +0 -63
package/dist/layer3/package-check.d.ts.map +0 -1
package/dist/layer3/package-check.js +0 -508
package/dist/layer3/package-check.js.map +0 -1
package/dist/model/cross-file-taint.d.ts +0 -40
package/dist/model/cross-file-taint.d.ts.map +0 -1
package/dist/model/cross-file-taint.js +0 -290
package/dist/model/cross-file-taint.js.map +0 -1
package/dist/model/function-classifier.d.ts +0 -32
package/dist/model/function-classifier.d.ts.map +0 -1
package/dist/model/function-classifier.js +0 -143
package/dist/model/function-classifier.js.map +0 -1
package/dist/model/sanitiser-detection.d.ts +0 -27
package/dist/model/sanitiser-detection.d.ts.map +0 -1
package/dist/model/sanitiser-detection.js +0 -224
package/dist/model/sanitiser-detection.js.map +0 -1
package/dist/model/sink-matcher.d.ts +0 -17
package/dist/model/sink-matcher.d.ts.map +0 -1
package/dist/model/sink-matcher.js +0 -141
package/dist/model/sink-matcher.js.map +0 -1
package/dist/model/sink-patterns.d.ts +0 -19
package/dist/model/sink-patterns.d.ts.map +0 -1
package/dist/model/sink-patterns.js +0 -88
package/dist/model/sink-patterns.js.map +0 -1
package/dist/model/source-discovery.d.ts +0 -15
package/dist/model/source-discovery.d.ts.map +0 -1
package/dist/model/source-discovery.js +0 -170
package/dist/model/source-discovery.js.map +0 -1
package/dist/model/taint-tracker.d.ts +0 -21
package/dist/model/taint-tracker.d.ts.map +0 -1
package/dist/model/taint-tracker.js +0 -281
package/dist/model/taint-tracker.js.map +0 -1
package/dist/modes/incremental.d.ts +0 -66
package/dist/modes/incremental.d.ts.map +0 -1
package/dist/modes/incremental.js +0 -200
package/dist/modes/incremental.js.map +0 -1
package/dist/rules/framework-fixes.d.ts +0 -48
package/dist/rules/framework-fixes.d.ts.map +0 -1
package/dist/rules/framework-fixes.js +0 -439
package/dist/rules/framework-fixes.js.map +0 -1
package/dist/rules/index.d.ts +0 -8
package/dist/rules/index.d.ts.map +0 -1
package/dist/rules/index.js +0 -18
package/dist/rules/index.js.map +0 -1
package/dist/rules/metadata.d.ts +0 -43
package/dist/rules/metadata.d.ts.map +0 -1
package/dist/rules/metadata.js +0 -800
package/dist/rules/metadata.js.map +0 -1
package/dist/score/auto-dismiss.d.ts +0 -28
package/dist/score/auto-dismiss.d.ts.map +0 -1
package/dist/score/auto-dismiss.js +0 -200
package/dist/score/auto-dismiss.js.map +0 -1
package/dist/suppression/config-loader.d.ts +0 -74
package/dist/suppression/config-loader.d.ts.map +0 -1
package/dist/suppression/config-loader.js +0 -424
package/dist/suppression/config-loader.js.map +0 -1
package/dist/suppression/hash.d.ts +0 -48
package/dist/suppression/hash.d.ts.map +0 -1
package/dist/suppression/hash.js +0 -88
package/dist/suppression/hash.js.map +0 -1
package/dist/suppression/index.d.ts +0 -11
package/dist/suppression/index.d.ts.map +0 -1
package/dist/suppression/index.js +0 -39
package/dist/suppression/index.js.map +0 -1
package/dist/suppression/inline-parser.d.ts +0 -39
package/dist/suppression/inline-parser.d.ts.map +0 -1
package/dist/suppression/inline-parser.js +0 -218
package/dist/suppression/inline-parser.js.map +0 -1
package/dist/suppression/manager.d.ts +0 -94
package/dist/suppression/manager.d.ts.map +0 -1
package/dist/suppression/manager.js +0 -292
package/dist/suppression/manager.js.map +0 -1
package/dist/suppression/types.d.ts +0 -151
package/dist/suppression/types.d.ts.map +0 -1
package/dist/suppression/types.js +0 -28
package/dist/suppression/types.js.map +0 -1
package/dist/types.d.ts +0 -331
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -124
package/dist/types.js.map +0 -1
package/dist/utils/auth-helper-detector.d.ts +0 -56
package/dist/utils/auth-helper-detector.d.ts.map +0 -1
package/dist/utils/auth-helper-detector.js +0 -360
package/dist/utils/auth-helper-detector.js.map +0 -1
package/dist/utils/code-analysis.d.ts +0 -39
package/dist/utils/code-analysis.d.ts.map +0 -1
package/dist/utils/code-analysis.js +0 -159
package/dist/utils/code-analysis.js.map +0 -1
package/dist/utils/comment-analyzer.d.ts +0 -38
package/dist/utils/comment-analyzer.d.ts.map +0 -1
package/dist/utils/comment-analyzer.js +0 -218
package/dist/utils/comment-analyzer.js.map +0 -1
package/dist/utils/context-helpers.d.ts +0 -219
package/dist/utils/context-helpers.d.ts.map +0 -1
package/dist/utils/context-helpers.js +0 -886
package/dist/utils/context-helpers.js.map +0 -1
package/dist/utils/diff-detector.d.ts +0 -53
package/dist/utils/diff-detector.d.ts.map +0 -1
package/dist/utils/diff-detector.js +0 -104
package/dist/utils/diff-detector.js.map +0 -1
package/dist/utils/diff-parser.d.ts +0 -80
package/dist/utils/diff-parser.d.ts.map +0 -1
package/dist/utils/diff-parser.js +0 -202
package/dist/utils/diff-parser.js.map +0 -1
package/dist/utils/environment-context.d.ts +0 -76
package/dist/utils/environment-context.d.ts.map +0 -1
package/dist/utils/environment-context.js +0 -271
package/dist/utils/environment-context.js.map +0 -1
package/dist/utils/imported-auth-detector.d.ts +0 -37
package/dist/utils/imported-auth-detector.d.ts.map +0 -1
package/dist/utils/imported-auth-detector.js +0 -251
package/dist/utils/imported-auth-detector.js.map +0 -1
package/dist/utils/intent-detector.d.ts +0 -66
package/dist/utils/intent-detector.d.ts.map +0 -1
package/dist/utils/intent-detector.js +0 -282
package/dist/utils/intent-detector.js.map +0 -1
package/dist/utils/middleware-detector.d.ts +0 -55
package/dist/utils/middleware-detector.d.ts.map +0 -1
package/dist/utils/middleware-detector.js +0 -260
package/dist/utils/middleware-detector.js.map +0 -1
package/dist/utils/oauth-flow-detector.d.ts +0 -41
package/dist/utils/oauth-flow-detector.d.ts.map +0 -1
package/dist/utils/oauth-flow-detector.js +0 -202
package/dist/utils/oauth-flow-detector.js.map +0 -1
package/dist/utils/parsed-file.d.ts +0 -51
package/dist/utils/parsed-file.d.ts.map +0 -1
package/dist/utils/parsed-file.js +0 -95
package/dist/utils/parsed-file.js.map +0 -1
package/dist/utils/path-exclusions.d.ts +0 -55
package/dist/utils/path-exclusions.d.ts.map +0 -1
package/dist/utils/path-exclusions.js +0 -224
package/dist/utils/path-exclusions.js.map +0 -1
package/dist/utils/project-context-builder.d.ts +0 -119
package/dist/utils/project-context-builder.d.ts.map +0 -1
package/dist/utils/project-context-builder.js +0 -534
package/dist/utils/project-context-builder.js.map +0 -1
package/dist/utils/registry-clients.d.ts +0 -93
package/dist/utils/registry-clients.d.ts.map +0 -1
package/dist/utils/registry-clients.js +0 -273
package/dist/utils/registry-clients.js.map +0 -1
package/dist/utils/route-hierarchy.d.ts +0 -50
package/dist/utils/route-hierarchy.d.ts.map +0 -1
package/dist/utils/route-hierarchy.js +0 -226
package/dist/utils/route-hierarchy.js.map +0 -1
package/dist/utils/schema-semantics.d.ts +0 -45
package/dist/utils/schema-semantics.d.ts.map +0 -1
package/dist/utils/schema-semantics.js +0 -193
package/dist/utils/schema-semantics.js.map +0 -1
package/dist/utils/trpc-analyzer.d.ts +0 -78
package/dist/utils/trpc-analyzer.d.ts.map +0 -1
package/dist/utils/trpc-analyzer.js +0 -297
package/dist/utils/trpc-analyzer.js.map +0 -1
package/src/__tests__/context-engine/cross-file-taint.test.ts +0 -284
package/src/__tests__/context-engine/function-classifier.test.ts +0 -146
package/src/__tests__/context-engine/integration.test.ts +0 -320
package/src/__tests__/context-engine/sanitiser-detection.test.ts +0 -187
package/src/__tests__/context-engine/sink-matcher.test.ts +0 -251
package/src/__tests__/context-engine/source-discovery.test.ts +0 -186
package/src/__tests__/context-engine/taint-tracker.test.ts +0 -182
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +0 -750
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +0 -555
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +0 -321
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +0 -439
package/src/detect/ai-code/agent-tools.ts +0 -1662
package/src/detect/ai-code/byok-patterns.ts +0 -354
package/src/detect/ai-code/endpoint-protection.ts +0 -406
package/src/detect/ai-code/execution-sinks.ts +0 -1310
package/src/detect/ai-code/fingerprinting.ts +0 -774
package/src/detect/ai-code/mcp-security.ts +0 -937
package/src/detect/ai-code/model-supply-chain.ts +0 -535
package/src/detect/ai-code/package-hallucination.ts +0 -955
package/src/detect/ai-code/prompt-hygiene.ts +0 -1314
package/src/detect/ai-code/rag-safety.ts +0 -977
package/src/detect/ai-code/schema-validation.ts +0 -427
package/src/detect/secrets/patterns.ts +0 -561
package/src/detect/secrets/weak-crypto.ts +0 -485
package/src/detect/structural/__tests__/math-random-enhanced.test.ts +0 -405
package/src/detect/structural/auth-patterns.ts +0 -621
package/src/detect/structural/dangerous-functions/child-process.ts +0 -98
package/src/detect/structural/dangerous-functions/dom-xss.ts +0 -292
package/src/detect/structural/dangerous-functions/index.ts +0 -1556
package/src/detect/structural/dangerous-functions/json-parse.ts +0 -393
package/src/detect/structural/dangerous-functions/math-random.ts +0 -789
package/src/detect/structural/dangerous-functions/patterns.ts +0 -176
package/src/detect/structural/dangerous-functions/request-validation.ts +0 -153
package/src/detect/structural/dangerous-functions/utils/control-flow.ts +0 -35
package/src/detect/structural/dangerous-functions/utils/helpers.ts +0 -170
package/src/detect/structural/dangerous-functions/utils/index.ts +0 -25
package/src/detect/structural/dangerous-functions/utils/schema-validation.ts +0 -106
package/src/detect/structural/data-exposure.ts +0 -302
package/src/detect/structural/framework-checks.ts +0 -439
package/src/detect/structural/log-injection.ts +0 -254
package/src/detect/structural/logic-gates.ts +0 -256
package/src/detect/structural/risky-imports.ts +0 -197
package/src/detect/structural/security-headers.ts +0 -231
package/src/detect/structural/ssrf-detection.ts +0 -300
package/src/detect/structural/variables.ts +0 -177
package/src/detect/structural/xxe-detection.ts +0 -295
package/src/model/cross-file-taint.ts +0 -374
package/src/model/function-classifier.ts +0 -184
package/src/model/sanitiser-detection.ts +0 -268
package/src/model/sink-matcher.ts +0 -178
package/src/model/sink-patterns.ts +0 -109
package/src/model/source-discovery.ts +0 -209
package/src/model/taint-tracker.ts +0 -333
package/src/score/auto-dismiss.ts +0 -224

package/src/detect/secrets/patterns.ts DELETED Viewed

@@ -1,561 +0,0 @@
-/**
- * Layer 1: Known Pattern Matching
- * Curated library of high-fidelity regex patterns for detecting secrets
- */
-import type { SecretPattern, Vulnerability } from '../../shared/types'
-import type { ParsedFile } from '../../shared/parsed-file'
-import {
-  isServerOnlyFile,
-  isExampleFile,
-  isEnvVarReference,
-  isNextPublicEnvVar,
-  isComment,
-  isPlaceholderValue,
-  isTestOrMockFile,
-  isScannerOrFixtureFile,
-  isBYOKContext,
-  getServiceRoleKeyContext,
-  isPythonFile,
-  isInsidePythonDocstring,
-} from '../../parse/file-classifier'
-// Base confidence for known API key format patterns (AWS, GitHub, Stripe, etc.)
-const BASE_CONFIDENCE_KNOWN = 0.70
-// Base confidence for generic secret patterns (api_key=, secret_key=, etc.)
-const BASE_CONFIDENCE_GENERIC = 0.50
-// Check if file is documentation/README
-function isDocumentationFile(filePath: string): boolean {
-  const docPatterns = [
-    /README/i,
-    /CHANGELOG/i,
-    /CONTRIBUTING/i,
-    /LICENSE/i,
-    /CODE_OF_CONDUCT/i,
-    /SECURITY/i,
-    /AUTHORS/i,
-    /HISTORY/i,
-    /\.md$/i,
-    /\.mdx$/i,
-    /\.rst$/i,        // reStructuredText
-    /\.adoc$/i,       // AsciiDoc
-    /\.txt$/i,        // Plain text docs
-    /\/docs\//i,
-    /\/documentation\//i,
-    /\/wiki\//i,
-    /\/guides?\//i,
-    /\/tutorials?\//i,
-    /\/examples?\//i,  // Example directories often have sample configs
-  ]
-  return docPatterns.some(p => p.test(filePath))
-}
-// Check if value is a masked/redacted string (for safe logging)
-function isMaskedOrRedactedString(value: string): boolean {
-  const maskedPatterns = [
-    /\*{3,}/,                      // Three or more asterisks: ***
-    /^\w+:\/\/\*+$/,               // Protocol with just asterisks: redis://***
-    /^\w+:\/\/\*{3,}$/,            // Same pattern
-    /\[REDACTED\]/i,               // [REDACTED]
-    /\[MASKED\]/i,                 // [MASKED]
-    /\[HIDDEN\]/i,                 // [HIDDEN]
-    /\[REMOVED\]/i,                // [REMOVED]
-    /\[SECRET\]/i,                 // [SECRET]
-    /<REDACTED>/i,                 // <REDACTED>
-    /<MASKED>/i,                   // <MASKED>
-    /x{4,}/i,                      // xxxx (4+ x's)
-    /^\*+:/,                       // ***: at start (masked user)
-  ]
-  return maskedPatterns.some(p => p.test(value))
-}
-// Check if line contains example/sample placeholder values (not real secrets)
-function isExamplePlaceholder(line: string, value: string): boolean {
-  // First check if this is a masked/redacted string for safe logging
-  if (isMaskedOrRedactedString(value)) {
-    return true
-  }
-  const placeholderPatterns = [
-    // Common placeholder indicators in the line context
-    /example/i,
-    /sample/i,
-    /demo/i,
-    /placeholder/i,
-    /your[_-]?api[_-]?key/i,
-    /your[_-]?secret/i,
-    /replace[_-]?with/i,
-    /insert[_-]?here/i,
-    /xxx+/i,
-    /yyy+/i,
-    /todo/i,
-    /fixme/i,
-  ]
-  // Check if the value itself looks like a placeholder
-  const valuePlaceholderPatterns = [
-    /^your[_-]/i,
-    /^my[_-]/i,
-    /^test[_-]/i,
-    /^sample[_-]/i,
-    /^example[_-]/i,
-    /^demo[_-]/i,
-    /^placeholder/i,
-    /^xxx+$/i,
-    /^yyy+$/i,
-    /^\*+$/,           // Just asterisks
-    /^\.{3,}$/,        // Just dots
-    /^<.*>$/,          // Angle bracket placeholders like <YOUR_KEY>
-    /^\[.*\]$/,        // Square bracket placeholders like [YOUR_KEY]
-    /^\{.*\}$/,        // Curly bracket placeholders like {YOUR_KEY}
-  ]
-  return placeholderPatterns.some(p => p.test(line)) ||
-         valuePlaceholderPatterns.some(p => p.test(value))
-}
-// Check if the variable name indicates test/mock data
-function hasTestVariableName(line: string): boolean {
-  const varNamePatterns = [
-    // JS/TS variable declarations: const TEST_API_KEY = "..."
-    /(?:const|let|var|export\s+const|export\s+let)\s+([A-Z_][A-Z0-9_]*)\s*=/i,
-    // Object property shorthand or assignment: TEST_KEY: "..." or "testKey": "..."
-    /([A-Z_][A-Z0-9_]*)\s*:\s*['"`]/,
-    // JSON-style keys: "test_key": or 'testKey':
-    /['"]([a-zA-Z_][a-zA-Z0-9_]*)['"]\s*:/,
-  ]
-  // Keywords that indicate test/mock data when in variable names
-  const testKeywords = /^(TEST|MOCK|EXAMPLE|DUMMY|FAKE|SAMPLE|PLACEHOLDER|DEMO)[_A-Z0-9]*$/i
-  const testSuffixes = /_?(TEST|MOCK|EXAMPLE|DUMMY|FAKE|SAMPLE)$/i
-  for (const pattern of varNamePatterns) {
-    const match = line.match(pattern)
-    if (match && match[1]) {
-      const varName = match[1]
-      if (testKeywords.test(varName) || testSuffixes.test(varName)) {
-        return true
-      }
-    }
-  }
-  return false
-}
-// Comprehensive list of secret patterns with specific prefixes
-export const SECRET_PATTERNS: SecretPattern[] = [
-  // API Keys with known prefixes
-  {
-    name: 'OpenAI API Key',
-    pattern: /sk-[a-zA-Z0-9]{20,}/g,
-    severity: 'critical',
-    description: 'OpenAI API key detected',
-  },
-  {
-    name: 'OpenAI Project API Key',
-    pattern: /sk-proj-[a-zA-Z0-9]{48,}/g,
-    severity: 'critical',
-    description: 'OpenAI project API key detected (new format)',
-  },
-  {
-    name: 'Anthropic API Key',
-    pattern: /sk-ant-[a-zA-Z0-9-]{20,}/g,
-    severity: 'critical',
-    description: 'Anthropic API key detected',
-  },
-  {
-    name: 'Anthropic API Key (Full)',
-    pattern: /sk-ant-api03-[a-zA-Z0-9_-]{90,}/g,
-    severity: 'critical',
-    description: 'Anthropic API key detected (full format)',
-  },
-  {
-    name: 'GitHub Token',
-    pattern: /ghp_[a-zA-Z0-9]{36,}/g,
-    severity: 'critical',
-    description: 'GitHub personal access token detected',
-  },
-  {
-    name: 'GitHub OAuth Token',
-    pattern: /gho_[a-zA-Z0-9]{36,}/g,
-    severity: 'critical',
-    description: 'GitHub OAuth token detected',
-  },
-  {
-    name: 'GitHub App Token',
-    pattern: /ghu_[a-zA-Z0-9]{36,}/g,
-    severity: 'critical',
-    description: 'GitHub App user token detected',
-  },
-  {
-    name: 'GitHub Refresh Token',
-    pattern: /ghr_[a-zA-Z0-9]{36,}/g,
-    severity: 'critical',
-    description: 'GitHub refresh token detected',
-  },
-  {
-    name: 'Stripe Secret Key',
-    pattern: /sk_live_[a-zA-Z0-9]{24,}/g,
-    severity: 'critical',
-    description: 'Stripe live secret key detected',
-  },
-  {
-    name: 'Stripe Test Key',
-    pattern: /sk_test_[a-zA-Z0-9]{24,}/g,
-    severity: 'medium',
-    description: 'Stripe test secret key detected',
-  },
-  {
-    name: 'Stripe Publishable Key',
-    pattern: /pk_(live|test)_[a-zA-Z0-9]{24,}/g,
-    severity: 'low',
-    description: 'Stripe publishable key detected (usually safe but verify)',
-  },
-  {
-    name: 'Square Access Token',
-    pattern: /sq0csp-[a-zA-Z0-9-_]{43}/g,
-    severity: 'critical',
-    description: 'Square access token detected',
-  },
-  {
-    name: 'AWS Access Key ID',
-    pattern: /AKIA[0-9A-Z]{16}/g,
-    severity: 'critical',
-    description: 'AWS Access Key ID detected',
-  },
-  {
-    name: 'AWS Secret Access Key',
-    // AWS secret keys are exactly 40 chars, base64-like, and typically appear near AWS context
-    // The pattern requires it to be in an AWS-related context (variable name, nearby AKIA, etc.)
-    pattern: /(?:aws[_-]?secret[_-]?(?:access[_-]?)?key|secret[_-]?access[_-]?key|AWS_SECRET)\s*[:=]\s*['"`]?([a-zA-Z0-9/+=]{40})['"`]?/gi,
-    severity: 'critical',
-    description: 'AWS Secret Access Key detected',
-  },
-  {
-    name: 'Google API Key',
-    pattern: /AIza[0-9A-Za-z-_]{35}/g,
-    severity: 'high',
-    description: 'Google API key detected',
-  },
-  {
-    name: 'Slack Token',
-    pattern: /xox[baprs]-[0-9a-zA-Z]{10,}/g,
-    severity: 'critical',
-    description: 'Slack token detected',
-  },
-  {
-    name: 'Slack Webhook',
-    pattern: /https:\/\/hooks\.slack\.com\/services\/T[a-zA-Z0-9_]+\/B[a-zA-Z0-9_]+\/[a-zA-Z0-9_]+/g,
-    severity: 'high',
-    description: 'Slack webhook URL detected',
-  },
-  {
-    name: 'Discord Webhook',
-    pattern: /https:\/\/discord(?:app)?\.com\/api\/webhooks\/[0-9]+\/[a-zA-Z0-9_-]+/g,
-    severity: 'high',
-    description: 'Discord webhook URL detected',
-  },
-  {
-    name: 'Twilio API Key',
-    pattern: /SK[a-f0-9]{32}/g,
-    severity: 'critical',
-    description: 'Twilio API key detected',
-  },
-  {
-    name: 'SendGrid API Key',
-    pattern: /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/g,
-    severity: 'critical',
-    description: 'SendGrid API key detected',
-  },
-  {
-    name: 'Mailgun API Key',
-    pattern: /key-[a-zA-Z0-9]{32}/g,
-    severity: 'critical',
-    description: 'Mailgun API key detected',
-  },
-  {
-    name: 'Firebase API Key',
-    pattern: /AIza[0-9A-Za-z-_]{35}/g,
-    severity: 'high',
-    description: 'Firebase API key detected',
-  },
-  {
-    name: 'Supabase Anon Key',
-    pattern: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g,
-    severity: 'low',
-    description: 'Supabase anon key detected (usually safe for client-side)',
-  },
-  {
-    name: 'Supabase Service Role Key',
-    pattern: /eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g,
-    severity: 'critical',
-    description: 'JWT token detected - verify if this is a service role key',
-  },
-  {
-    name: 'Heroku API Key',
-    pattern: /[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}/gi,
-    severity: 'critical',
-    description: 'Heroku API key detected',
-  },
-  {
-    name: 'NPM Token',
-    pattern: /npm_[a-zA-Z0-9]{36}/g,
-    severity: 'critical',
-    description: 'NPM access token detected',
-  },
-  {
-    name: 'PyPI Token',
-    pattern: /pypi-[a-zA-Z0-9]{32,}/g,
-    severity: 'critical',
-    description: 'PyPI API token detected',
-  },
-  {
-    name: 'Private Key',
-    pattern: /-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/g,
-    severity: 'critical',
-    description: 'Private key detected',
-  },
-  {
-    name: 'Generic Password in URL',
-    pattern: /[a-zA-Z]{3,10}:\/\/[^:]+:[^@]+@/g,
-    severity: 'high',
-    description: 'Password in URL detected',
-  },
-  {
-    name: 'Database Connection String',
-    // Only match connection strings WITH credentials (user:pass@ pattern)
-    // Skip credential-less URLs like redis://redis:6379 (Docker internal)
-    pattern: /(mongodb|postgres|mysql|redis|amqp)(\+srv)?:\/\/[^:@\s"']+:[^@\s"']+@[^\s"']+/gi,
-    severity: 'high',
-    description: 'Database connection string with credentials detected',
-  },
-  // Additional patterns from checklist
-  {
-    name: 'Hardcoded JWT Token',
-    pattern: /eyJ[a-zA-Z0-9_-]{10,}\.eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]{10,}/g,
-    severity: 'high',
-    description: 'Hardcoded JWT token detected',
-  },
-  {
-    name: 'PostgreSQL Connection String',
-    pattern: /postgres:\/\/[^:]+:[^@]+@[^\s"']+/gi,
-    severity: 'critical',
-    description: 'PostgreSQL connection string with credentials detected',
-  },
-  {
-    name: 'MongoDB Connection String',
-    pattern: /mongodb(\+srv)?:\/\/[^:]+:[^@]+@[^\s"']+/gi,
-    severity: 'critical',
-    description: 'MongoDB connection string with credentials detected',
-  },
-  {
-    name: 'MySQL Connection String',
-    pattern: /mysql:\/\/[^:]+:[^@]+@[^\s"']+/gi,
-    severity: 'critical',
-    description: 'MySQL connection string with credentials detected',
-  },
-  {
-    name: 'Generic API Key Assignment',
-    pattern: /['"']?api[_-]?key['"']?\s*[:=]\s*['"][a-zA-Z0-9_-]{20,}['"]/gi,
-    severity: 'medium',
-    description: 'Possible API key assignment detected - requires validation',
-  },
-  {
-    name: 'Generic Secret Key Assignment',
-    pattern: /['"']?secret[_-]?key['"']?\s*[:=]\s*['"][a-zA-Z0-9_-]{20,}['"]/gi,
-    severity: 'medium',
-    description: 'Possible secret key assignment detected - requires validation',
-  },
-  {
-    name: 'Vercel Token',
-    pattern: /vercel_[a-zA-Z0-9]{24,}/gi,
-    severity: 'critical',
-    description: 'Vercel API token detected',
-  },
-  {
-    name: 'Netlify Token',
-    pattern: /nfp_[a-zA-Z0-9]{40,}/gi,
-    severity: 'critical',
-    description: 'Netlify personal access token detected',
-  },
-  {
-    name: 'Cloudflare API Token',
-    pattern: /[a-zA-Z0-9_-]{40}(?=.*cloudflare)/gi,
-    severity: 'high',
-    description: 'Potential Cloudflare API token detected',
-  },
-]
-export function detectKnownPatterns(
-  content: string,
-  filePath: string,
-  options?: { parsed?: ParsedFile }
-): Vulnerability[] {
-  const vulnerabilities: Vulnerability[] = []
-  const lines = options?.parsed?.lines ?? content.split('\n')
-  // Skip example files entirely
-  if (isExampleFile(filePath)) {
-    return vulnerabilities
-  }
-  // Skip scanner/fixture files to avoid self-detection
-  if (isScannerOrFixtureFile(filePath)) {
-    return vulnerabilities
-  }
-  // Skip documentation/README files
-  if (isDocumentationFile(filePath)) {
-    return vulnerabilities
-  }
-  // Check context for file-level decisions
-  const isServerFile = isServerOnlyFile(filePath)
-  const isTestFile = isTestOrMockFile(filePath)
-  const isPython = isPythonFile(filePath)
-  for (const secretPattern of SECRET_PATTERNS) {
-    lines.forEach((line, index) => {
-      // Skip comments
-      if (isComment(line)) return
-      // Skip Python docstrings - they often contain example connection strings
-      // and other documentation that shouldn't be flagged
-      if (isPython && isInsidePythonDocstring(lines, index)) {
-        return
-      }
-      // Reset regex state
-      const regex = new RegExp(secretPattern.pattern.source, secretPattern.pattern.flags)
-      let match
-      while ((match = regex.exec(line)) !== null) {
-        const value = match[0]
-        // Skip placeholder values
-        if (isPlaceholderValue(value, line)) {
-          continue
-        }
-        // Skip obvious example/sample values
-        if (/example|sample|demo|test|dummy|fake|mock/i.test(value)) {
-          continue
-        }
-        // Skip values that look like format descriptions
-        if (/^[a-z]+_[a-z]+_[a-z]+$/i.test(value) || /^your[_-]/i.test(value)) {
-          continue
-        }
-        // Skip example/placeholder values (more comprehensive check)
-        if (isExamplePlaceholder(line, value)) {
-          continue
-        }
-        // Skip secrets in variables with test/mock names (e.g., TEST_API_KEY, MOCK_SECRET)
-        if (hasTestVariableName(line)) {
-          continue
-        }
-        // Check for BYOK (Bring Your Own Key) context - this is a feature, not a vulnerability
-        if (isBYOKContext(line, filePath)) {
-          // Skip BYOK patterns entirely if they're properly handled in server context
-          if (isServerFile && isEnvVarReference(line)) {
-            continue
-          }
-          // For client-side BYOK forms, we still don't flag - it's user input
-          // Only flag if it's a hardcoded key being exposed
-          if (!isEnvVarReference(line) && line.includes('=') && /['"`][a-zA-Z0-9_-]{20,}['"`]/.test(line)) {
-            // This might be a hardcoded default key in a BYOK context - needs review
-          } else {
-            continue
-          }
-        }
-        // Determine severity based on context
-        let adjustedSeverity = secretPattern.severity
-        let requiresAIValidation = false
-        let adjustedDescription = secretPattern.description
-        let adjustedConfidence: 'high' | 'medium' | 'low' = 'high'
-        // Check if this is a Supabase service role key or JWT
-        const isSupabaseOrJWT =
-          secretPattern.name.includes('Supabase') ||
-          secretPattern.name.includes('JWT') ||
-          /eyJ[a-zA-Z0-9_-]+\.eyJ/.test(value)
-        if (isSupabaseOrJWT) {
-          // Use the comprehensive service role context checker
-          const serviceRoleContext = getServiceRoleKeyContext(line, filePath)
-          if (serviceRoleContext === 'safe_server') {
-            // Server-only + env var = expected pattern, skip entirely
-            continue
-          } else if (serviceRoleContext === 'client_exposure') {
-            // Client exposure = critical
-            adjustedSeverity = 'critical'
-            requiresAIValidation = true
-            adjustedDescription = isNextPublicEnvVar(line)
-              ? `${secretPattern.description} - EXPOSED via NEXT_PUBLIC_ prefix (client-accessible)`
-              : `${secretPattern.description} - may be exposed to client bundle`
-          } else {
-            // needs_review - check more context
-            if (isEnvVarReference(line)) {
-              // Using env var but context unclear - validate
-              adjustedSeverity = 'medium'
-              requiresAIValidation = true
-              adjustedDescription = `${secretPattern.description} - verify this is not exposed to client`
-            } else if (isServerFile) {
-              // Hardcoded in server file - bad but not critical
-              adjustedSeverity = 'high'
-              requiresAIValidation = true
-              adjustedDescription = `${secretPattern.description} - hardcoded in server file, should use env var`
-            } else {
-              // Hardcoded in unknown context - critical + needs validation
-              adjustedSeverity = 'critical'
-              requiresAIValidation = true
-              adjustedDescription = `${secretPattern.description} - hardcoded secret may be exposed`
-            }
-          }
-        }
-        // Downgrade test file severity
-        if (isTestFile) {
-          if (adjustedSeverity === 'critical') {
-            adjustedSeverity = 'medium'
-          } else if (adjustedSeverity === 'high') {
-            adjustedSeverity = 'low'
-          } else {
-            adjustedSeverity = 'info'
-          }
-          adjustedConfidence = 'low'
-          adjustedDescription = `${adjustedDescription} (in test file)`
-        }
-        // Generic patterns always require AI validation
-        const isGenericPattern = secretPattern.name.includes('Generic')
-        const finalRequiresAIValidation = requiresAIValidation || isGenericPattern
-        vulnerabilities.push({
-          id: `pattern-${filePath}-${index + 1}-${secretPattern.name}`,
-          filePath,
-          lineNumber: index + 1,
-          lineContent: line.trim(),
-          severity: adjustedSeverity,
-          category: 'hardcoded_secret',
-          title: secretPattern.name,
-          description: adjustedDescription,
-          suggestedFix: 'Move this secret to an environment variable. Never commit secrets to version control.',
-          confidence: adjustedConfidence,
-          baseConfidence: isGenericPattern ? BASE_CONFIDENCE_GENERIC : BASE_CONFIDENCE_KNOWN,
-          layer: 1,
-        source: 'secrets' as const,
-          requiresAIValidation: finalRequiresAIValidation,
-        })
-      }
-    })
-  }
-  return vulnerabilities
-}