npm - @oddessentials/odd-ai-reviewers - Versions diffs - 1.0.0 - Mend

@oddessentials/odd-ai-reviewers 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (370) hide show

package/README.md +190 -0
package/dist/__tests__/hermetic-setup.d.ts +55 -0
package/dist/__tests__/hermetic-setup.d.ts.map +1 -0
package/dist/__tests__/hermetic-setup.js +62 -0
package/dist/__tests__/hermetic-setup.js.map +1 -0
package/dist/__tests__/test-utils/hermetic.d.ts +84 -0
package/dist/__tests__/test-utils/hermetic.d.ts.map +1 -0
package/dist/__tests__/test-utils/hermetic.js +147 -0
package/dist/__tests__/test-utils/hermetic.js.map +1 -0
package/dist/agents/ai_semantic_review.d.ts +12 -0
package/dist/agents/ai_semantic_review.d.ts.map +1 -0
package/dist/agents/ai_semantic_review.js +317 -0
package/dist/agents/ai_semantic_review.js.map +1 -0
package/dist/agents/control_flow/budget.d.ts +162 -0
package/dist/agents/control_flow/budget.d.ts.map +1 -0
package/dist/agents/control_flow/budget.js +331 -0
package/dist/agents/control_flow/budget.js.map +1 -0
package/dist/agents/control_flow/cfg-builder.d.ts +26 -0
package/dist/agents/control_flow/cfg-builder.d.ts.map +1 -0
package/dist/agents/control_flow/cfg-builder.js +776 -0
package/dist/agents/control_flow/cfg-builder.js.map +1 -0
package/dist/agents/control_flow/cfg-types.d.ts +186 -0
package/dist/agents/control_flow/cfg-types.d.ts.map +1 -0
package/dist/agents/control_flow/cfg-types.js +114 -0
package/dist/agents/control_flow/cfg-types.js.map +1 -0
package/dist/agents/control_flow/finding-generator.d.ts +118 -0
package/dist/agents/control_flow/finding-generator.d.ts.map +1 -0
package/dist/agents/control_flow/finding-generator.js +354 -0
package/dist/agents/control_flow/finding-generator.js.map +1 -0
package/dist/agents/control_flow/index.d.ts +39 -0
package/dist/agents/control_flow/index.d.ts.map +1 -0
package/dist/agents/control_flow/index.js +270 -0
package/dist/agents/control_flow/index.js.map +1 -0
package/dist/agents/control_flow/logger.d.ts +333 -0
package/dist/agents/control_flow/logger.d.ts.map +1 -0
package/dist/agents/control_flow/logger.js +607 -0
package/dist/agents/control_flow/logger.js.map +1 -0
package/dist/agents/control_flow/mitigation-detector.d.ts +207 -0
package/dist/agents/control_flow/mitigation-detector.d.ts.map +1 -0
package/dist/agents/control_flow/mitigation-detector.js +625 -0
package/dist/agents/control_flow/mitigation-detector.js.map +1 -0
package/dist/agents/control_flow/mitigation-patterns.d.ts +53 -0
package/dist/agents/control_flow/mitigation-patterns.d.ts.map +1 -0
package/dist/agents/control_flow/mitigation-patterns.js +620 -0
package/dist/agents/control_flow/mitigation-patterns.js.map +1 -0
package/dist/agents/control_flow/path-analyzer.d.ts +287 -0
package/dist/agents/control_flow/path-analyzer.d.ts.map +1 -0
package/dist/agents/control_flow/path-analyzer.js +695 -0
package/dist/agents/control_flow/path-analyzer.js.map +1 -0
package/dist/agents/control_flow/pattern-validator.d.ts +132 -0
package/dist/agents/control_flow/pattern-validator.d.ts.map +1 -0
package/dist/agents/control_flow/pattern-validator.js +420 -0
package/dist/agents/control_flow/pattern-validator.js.map +1 -0
package/dist/agents/control_flow/timeout-regex.d.ts +144 -0
package/dist/agents/control_flow/timeout-regex.d.ts.map +1 -0
package/dist/agents/control_flow/timeout-regex.js +339 -0
package/dist/agents/control_flow/timeout-regex.js.map +1 -0
package/dist/agents/control_flow/types.d.ts +782 -0
package/dist/agents/control_flow/types.d.ts.map +1 -0
package/dist/agents/control_flow/types.js +428 -0
package/dist/agents/control_flow/types.js.map +1 -0
package/dist/agents/control_flow/vulnerability-detector.d.ts +85 -0
package/dist/agents/control_flow/vulnerability-detector.d.ts.map +1 -0
package/dist/agents/control_flow/vulnerability-detector.js +493 -0
package/dist/agents/control_flow/vulnerability-detector.js.map +1 -0
package/dist/agents/date-utils.d.ts +19 -0
package/dist/agents/date-utils.d.ts.map +1 -0
package/dist/agents/date-utils.js +29 -0
package/dist/agents/date-utils.js.map +1 -0
package/dist/agents/index.d.ts +25 -0
package/dist/agents/index.d.ts.map +1 -0
package/dist/agents/index.js +50 -0
package/dist/agents/index.js.map +1 -0
package/dist/agents/json-utils.d.ts +34 -0
package/dist/agents/json-utils.d.ts.map +1 -0
package/dist/agents/json-utils.js +62 -0
package/dist/agents/json-utils.js.map +1 -0
package/dist/agents/local_llm.d.ts +24 -0
package/dist/agents/local_llm.d.ts.map +1 -0
package/dist/agents/local_llm.js +566 -0
package/dist/agents/local_llm.js.map +1 -0
package/dist/agents/metadata.d.ts +57 -0
package/dist/agents/metadata.d.ts.map +1 -0
package/dist/agents/metadata.js +45 -0
package/dist/agents/metadata.js.map +1 -0
package/dist/agents/opencode.d.ts +18 -0
package/dist/agents/opencode.d.ts.map +1 -0
package/dist/agents/opencode.js +364 -0
package/dist/agents/opencode.js.map +1 -0
package/dist/agents/path-filter.d.ts +25 -0
package/dist/agents/path-filter.d.ts.map +1 -0
package/dist/agents/path-filter.js +43 -0
package/dist/agents/path-filter.js.map +1 -0
package/dist/agents/pr_agent.d.ts +3 -0
package/dist/agents/pr_agent.d.ts.map +1 -0
package/dist/agents/pr_agent.js +312 -0
package/dist/agents/pr_agent.js.map +1 -0
package/dist/agents/retry.d.ts +12 -0
package/dist/agents/retry.d.ts.map +1 -0
package/dist/agents/retry.js +65 -0
package/dist/agents/retry.js.map +1 -0
package/dist/agents/reviewdog.d.ts +24 -0
package/dist/agents/reviewdog.d.ts.map +1 -0
package/dist/agents/reviewdog.js +259 -0
package/dist/agents/reviewdog.js.map +1 -0
package/dist/agents/security.d.ts +49 -0
package/dist/agents/security.d.ts.map +1 -0
package/dist/agents/security.js +302 -0
package/dist/agents/security.js.map +1 -0
package/dist/agents/semgrep.d.ts +8 -0
package/dist/agents/semgrep.d.ts.map +1 -0
package/dist/agents/semgrep.js +157 -0
package/dist/agents/semgrep.js.map +1 -0
package/dist/agents/types.d.ts +450 -0
package/dist/agents/types.d.ts.map +1 -0
package/dist/agents/types.js +127 -0
package/dist/agents/types.js.map +1 -0
package/dist/budget.d.ts +59 -0
package/dist/budget.d.ts.map +1 -0
package/dist/budget.js +82 -0
package/dist/budget.js.map +1 -0
package/dist/cache/key.d.ts +49 -0
package/dist/cache/key.d.ts.map +1 -0
package/dist/cache/key.js +71 -0
package/dist/cache/key.js.map +1 -0
package/dist/cache/store.d.ts +47 -0
package/dist/cache/store.d.ts.map +1 -0
package/dist/cache/store.js +328 -0
package/dist/cache/store.js.map +1 -0
package/dist/cli/commands/check.d.ts +60 -0
package/dist/cli/commands/check.d.ts.map +1 -0
package/dist/cli/commands/check.js +163 -0
package/dist/cli/commands/check.js.map +1 -0
package/dist/cli/commands/index.d.ts +12 -0
package/dist/cli/commands/index.d.ts.map +1 -0
package/dist/cli/commands/index.js +12 -0
package/dist/cli/commands/index.js.map +1 -0
package/dist/cli/commands/local-review.d.ts +149 -0
package/dist/cli/commands/local-review.d.ts.map +1 -0
package/dist/cli/commands/local-review.js +755 -0
package/dist/cli/commands/local-review.js.map +1 -0
package/dist/cli/config-wizard.d.ts +87 -0
package/dist/cli/config-wizard.d.ts.map +1 -0
package/dist/cli/config-wizard.js +240 -0
package/dist/cli/config-wizard.js.map +1 -0
package/dist/cli/dependencies/catalog.d.ts +44 -0
package/dist/cli/dependencies/catalog.d.ts.map +1 -0
package/dist/cli/dependencies/catalog.js +89 -0
package/dist/cli/dependencies/catalog.js.map +1 -0
package/dist/cli/dependencies/checker.d.ts +42 -0
package/dist/cli/dependencies/checker.d.ts.map +1 -0
package/dist/cli/dependencies/checker.js +240 -0
package/dist/cli/dependencies/checker.js.map +1 -0
package/dist/cli/dependencies/index.d.ts +16 -0
package/dist/cli/dependencies/index.d.ts.map +1 -0
package/dist/cli/dependencies/index.js +16 -0
package/dist/cli/dependencies/index.js.map +1 -0
package/dist/cli/dependencies/messages.d.ts +58 -0
package/dist/cli/dependencies/messages.d.ts.map +1 -0
package/dist/cli/dependencies/messages.js +183 -0
package/dist/cli/dependencies/messages.js.map +1 -0
package/dist/cli/dependencies/platform.d.ts +25 -0
package/dist/cli/dependencies/platform.d.ts.map +1 -0
package/dist/cli/dependencies/platform.js +42 -0
package/dist/cli/dependencies/platform.js.map +1 -0
package/dist/cli/dependencies/schemas.d.ts +65 -0
package/dist/cli/dependencies/schemas.d.ts.map +1 -0
package/dist/cli/dependencies/schemas.js +42 -0
package/dist/cli/dependencies/schemas.js.map +1 -0
package/dist/cli/dependencies/types.d.ts +112 -0
package/dist/cli/dependencies/types.d.ts.map +1 -0
package/dist/cli/dependencies/types.js +6 -0
package/dist/cli/dependencies/types.js.map +1 -0
package/dist/cli/dependencies/version.d.ts +67 -0
package/dist/cli/dependencies/version.d.ts.map +1 -0
package/dist/cli/dependencies/version.js +125 -0
package/dist/cli/dependencies/version.js.map +1 -0
package/dist/cli/git-context.d.ts +105 -0
package/dist/cli/git-context.d.ts.map +1 -0
package/dist/cli/git-context.js +313 -0
package/dist/cli/git-context.js.map +1 -0
package/dist/cli/interactive-prompts.d.ts +126 -0
package/dist/cli/interactive-prompts.d.ts.map +1 -0
package/dist/cli/interactive-prompts.js +128 -0
package/dist/cli/interactive-prompts.js.map +1 -0
package/dist/cli/options/index.d.ts +7 -0
package/dist/cli/options/index.d.ts.map +1 -0
package/dist/cli/options/index.js +11 -0
package/dist/cli/options/index.js.map +1 -0
package/dist/cli/options/local-review-options.d.ts +221 -0
package/dist/cli/options/local-review-options.d.ts.map +1 -0
package/dist/cli/options/local-review-options.js +332 -0
package/dist/cli/options/local-review-options.js.map +1 -0
package/dist/cli/output/colors.d.ts +154 -0
package/dist/cli/output/colors.d.ts.map +1 -0
package/dist/cli/output/colors.js +255 -0
package/dist/cli/output/colors.js.map +1 -0
package/dist/cli/output/errors.d.ts +157 -0
package/dist/cli/output/errors.d.ts.map +1 -0
package/dist/cli/output/errors.js +266 -0
package/dist/cli/output/errors.js.map +1 -0
package/dist/cli/output/index.d.ts +12 -0
package/dist/cli/output/index.d.ts.map +1 -0
package/dist/cli/output/index.js +15 -0
package/dist/cli/output/index.js.map +1 -0
package/dist/cli/output/progress.d.ts +237 -0
package/dist/cli/output/progress.d.ts.map +1 -0
package/dist/cli/output/progress.js +405 -0
package/dist/cli/output/progress.js.map +1 -0
package/dist/cli/signals.d.ts +145 -0
package/dist/cli/signals.d.ts.map +1 -0
package/dist/cli/signals.js +223 -0
package/dist/cli/signals.js.map +1 -0
package/dist/cli/validation-report.d.ts +106 -0
package/dist/cli/validation-report.d.ts.map +1 -0
package/dist/cli/validation-report.js +108 -0
package/dist/cli/validation-report.js.map +1 -0
package/dist/config/index.d.ts +9 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +12 -0
package/dist/config/index.js.map +1 -0
package/dist/config/mitigation-config.d.ts +94 -0
package/dist/config/mitigation-config.d.ts.map +1 -0
package/dist/config/mitigation-config.js +430 -0
package/dist/config/mitigation-config.js.map +1 -0
package/dist/config/providers.d.ts +118 -0
package/dist/config/providers.d.ts.map +1 -0
package/dist/config/providers.js +229 -0
package/dist/config/providers.js.map +1 -0
package/dist/config/schemas.d.ts +278 -0
package/dist/config/schemas.d.ts.map +1 -0
package/dist/config/schemas.js +111 -0
package/dist/config/schemas.js.map +1 -0
package/dist/config/zero-config.d.ts +126 -0
package/dist/config/zero-config.d.ts.map +1 -0
package/dist/config/zero-config.js +243 -0
package/dist/config/zero-config.js.map +1 -0
package/dist/config.d.ts +110 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +302 -0
package/dist/config.js.map +1 -0
package/dist/diff.d.ts +224 -0
package/dist/diff.d.ts.map +1 -0
package/dist/diff.js +832 -0
package/dist/diff.js.map +1 -0
package/dist/git-validators.d.ts +106 -0
package/dist/git-validators.d.ts.map +1 -0
package/dist/git-validators.js +224 -0
package/dist/git-validators.js.map +1 -0
package/dist/main.d.ts +61 -0
package/dist/main.d.ts.map +1 -0
package/dist/main.js +704 -0
package/dist/main.js.map +1 -0
package/dist/phases/execute.d.ts +60 -0
package/dist/phases/execute.d.ts.map +1 -0
package/dist/phases/execute.js +168 -0
package/dist/phases/execute.js.map +1 -0
package/dist/phases/index.d.ts +9 -0
package/dist/phases/index.d.ts.map +1 -0
package/dist/phases/index.js +9 -0
package/dist/phases/index.js.map +1 -0
package/dist/phases/preflight.d.ts +40 -0
package/dist/phases/preflight.d.ts.map +1 -0
package/dist/phases/preflight.js +122 -0
package/dist/phases/preflight.js.map +1 -0
package/dist/phases/report.d.ts +51 -0
package/dist/phases/report.d.ts.map +1 -0
package/dist/phases/report.js +152 -0
package/dist/phases/report.js.map +1 -0
package/dist/policy.d.ts +33 -0
package/dist/policy.d.ts.map +1 -0
package/dist/policy.js +34 -0
package/dist/policy.js.map +1 -0
package/dist/preflight.d.ts +181 -0
package/dist/preflight.d.ts.map +1 -0
package/dist/preflight.js +627 -0
package/dist/preflight.js.map +1 -0
package/dist/report/ado.d.ts +53 -0
package/dist/report/ado.d.ts.map +1 -0
package/dist/report/ado.js +411 -0
package/dist/report/ado.js.map +1 -0
package/dist/report/agent-icons.d.ts +36 -0
package/dist/report/agent-icons.d.ts.map +1 -0
package/dist/report/agent-icons.js +46 -0
package/dist/report/agent-icons.js.map +1 -0
package/dist/report/base.d.ts +30 -0
package/dist/report/base.d.ts.map +1 -0
package/dist/report/base.js +64 -0
package/dist/report/base.js.map +1 -0
package/dist/report/formats.d.ts +206 -0
package/dist/report/formats.d.ts.map +1 -0
package/dist/report/formats.js +481 -0
package/dist/report/formats.js.map +1 -0
package/dist/report/github.d.ts +44 -0
package/dist/report/github.d.ts.map +1 -0
package/dist/report/github.js +409 -0
package/dist/report/github.js.map +1 -0
package/dist/report/line-resolver.d.ts +208 -0
package/dist/report/line-resolver.d.ts.map +1 -0
package/dist/report/line-resolver.js +578 -0
package/dist/report/line-resolver.js.map +1 -0
package/dist/report/resolution.d.ts +158 -0
package/dist/report/resolution.d.ts.map +1 -0
package/dist/report/resolution.js +272 -0
package/dist/report/resolution.js.map +1 -0
package/dist/report/sanitize.d.ts +32 -0
package/dist/report/sanitize.d.ts.map +1 -0
package/dist/report/sanitize.js +84 -0
package/dist/report/sanitize.js.map +1 -0
package/dist/report/terminal.d.ts +440 -0
package/dist/report/terminal.d.ts.map +1 -0
package/dist/report/terminal.js +840 -0
package/dist/report/terminal.js.map +1 -0
package/dist/reviewignore.d.ts +125 -0
package/dist/reviewignore.d.ts.map +1 -0
package/dist/reviewignore.js +335 -0
package/dist/reviewignore.js.map +1 -0
package/dist/security-logger.d.ts +178 -0
package/dist/security-logger.d.ts.map +1 -0
package/dist/security-logger.js +256 -0
package/dist/security-logger.js.map +1 -0
package/dist/telemetry/backends/console.d.ts +24 -0
package/dist/telemetry/backends/console.d.ts.map +1 -0
package/dist/telemetry/backends/console.js +54 -0
package/dist/telemetry/backends/console.js.map +1 -0
package/dist/telemetry/backends/jsonl.d.ts +31 -0
package/dist/telemetry/backends/jsonl.d.ts.map +1 -0
package/dist/telemetry/backends/jsonl.js +121 -0
package/dist/telemetry/backends/jsonl.js.map +1 -0
package/dist/telemetry/emitter.d.ts +43 -0
package/dist/telemetry/emitter.d.ts.map +1 -0
package/dist/telemetry/emitter.js +83 -0
package/dist/telemetry/emitter.js.map +1 -0
package/dist/telemetry/hook.d.ts +53 -0
package/dist/telemetry/hook.d.ts.map +1 -0
package/dist/telemetry/hook.js +118 -0
package/dist/telemetry/hook.js.map +1 -0
package/dist/telemetry/index.d.ts +58 -0
package/dist/telemetry/index.d.ts.map +1 -0
package/dist/telemetry/index.js +143 -0
package/dist/telemetry/index.js.map +1 -0
package/dist/telemetry/types.d.ts +139 -0
package/dist/telemetry/types.d.ts.map +1 -0
package/dist/telemetry/types.js +133 -0
package/dist/telemetry/types.js.map +1 -0
package/dist/trust.d.ts +65 -0
package/dist/trust.d.ts.map +1 -0
package/dist/trust.js +78 -0
package/dist/trust.js.map +1 -0
package/dist/types/assert-never.d.ts +30 -0
package/dist/types/assert-never.d.ts.map +1 -0
package/dist/types/assert-never.js +32 -0
package/dist/types/assert-never.js.map +1 -0
package/dist/types/branded.d.ts +172 -0
package/dist/types/branded.d.ts.map +1 -0
package/dist/types/branded.js +262 -0
package/dist/types/branded.js.map +1 -0
package/dist/types/errors.d.ts +320 -0
package/dist/types/errors.d.ts.map +1 -0
package/dist/types/errors.js +551 -0
package/dist/types/errors.js.map +1 -0
package/dist/types/index.d.ts +37 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +77 -0
package/dist/types/index.js.map +1 -0
package/dist/types/result.d.ts +323 -0
package/dist/types/result.d.ts.map +1 -0
package/dist/types/result.js +423 -0
package/dist/types/result.js.map +1 -0
package/package.json +63 -0

package/dist/agents/control_flow/mitigation-patterns.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Built-in Mitigation Patterns
+ *
+ * Defines patterns for recognizing common security mitigations.
+ * These patterns are matched against AST nodes during CFG construction.
+ *
+ * Per FR-006: Each pattern maps to specific vulnerability types it mitigates.
+ * Per FR-015: All patterns are declarative and side-effect-free.
+ */
+import type { MitigationPattern } from './types.js';
+export declare const inputValidationPatterns: MitigationPattern[];
+export declare const nullSafetyPatterns: MitigationPattern[];
+export declare const authCheckPatterns: MitigationPattern[];
+export declare const outputEncodingPatterns: MitigationPattern[];
+export declare const pathTraversalPatterns: MitigationPattern[];
+/**
+ * All built-in mitigation patterns.
+ * Organized by category for easy reference and testing.
+ */
+export declare const BUILTIN_PATTERNS: MitigationPattern[];
+/**
+ * Pattern lookup by ID for fast access.
+ */
+export declare const PATTERN_BY_ID: Map<string, {
+    id: string;
+    name: string;
+    description: string;
+    mitigates: ("injection" | "null_deref" | "auth_bypass" | "xss" | "path_traversal" | "prototype_pollution" | "ssrf")[];
+    match: {
+        type: "function_call" | "method_call" | "type_guard" | "assignment" | "typeof_check" | "instanceof_check";
+        name?: string | undefined;
+        namePattern?: string | undefined;
+        module?: string | undefined;
+        parameters?: {
+            index: number;
+            constraint: "string" | "any" | "tainted_source";
+        }[] | undefined;
+        returnConstraint?: "truthy" | "defined" | "sanitized" | undefined;
+    };
+    confidence: "high" | "medium" | "low";
+    isBuiltIn?: boolean | undefined;
+    deprecated?: boolean | undefined;
+    deprecationReason?: string | undefined;
+}>;
+/**
+ * Get patterns that mitigate a specific vulnerability type.
+ */
+export declare function getPatternsForVulnerability(vulnType: string): MitigationPattern[];
+/**
+ * Get pattern by ID.
+ */
+export declare function getPatternById(id: string): MitigationPattern | undefined;
+//# sourceMappingURL=mitigation-patterns.d.ts.map

package/dist/agents/control_flow/mitigation-patterns.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mitigation-patterns.d.ts","sourceRoot":"","sources":["../../../src/agents/control_flow/mitigation-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAOpD,eAAO,MAAM,uBAAuB,EAAE,iBAAiB,EAqItD,CAAC;AAOF,eAAO,MAAM,kBAAkB,EAAE,iBAAiB,EAwHjD,CAAC;AAOF,eAAO,MAAM,iBAAiB,EAAE,iBAAiB,EAyIhD,CAAC;AAOF,eAAO,MAAM,sBAAsB,EAAE,iBAAiB,EAoIrD,CAAC;AAOF,eAAO,MAAM,qBAAqB,EAAE,iBAAiB,EAqDpD,CAAC;AAMF;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,iBAAiB,EAM/C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;EAEzB,CAAC;AAEF;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,GAAG,iBAAiB,EAAE,CAEjF;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS,CAExE"}

package/dist/agents/control_flow/mitigation-patterns.js ADDED Viewed

@@ -0,0 +1,620 @@
+/**
+ * Built-in Mitigation Patterns
+ *
+ * Defines patterns for recognizing common security mitigations.
+ * These patterns are matched against AST nodes during CFG construction.
+ *
+ * Per FR-006: Each pattern maps to specific vulnerability types it mitigates.
+ * Per FR-015: All patterns are declarative and side-effect-free.
+ */
+// =============================================================================
+// Input Validation Patterns (T021)
+// Mitigates: injection, xss, path_traversal, ssrf
+// =============================================================================
+export const inputValidationPatterns = [
+    // Zod validation
+    {
+        id: 'zod-parse',
+        name: 'Zod Schema Parse',
+        description: 'Validates input against a Zod schema, throwing on invalid input',
+        mitigates: ['injection', 'xss', 'path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^parse$',
+            module: 'zod',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'zod-safeParse',
+        name: 'Zod Safe Parse',
+        description: 'Validates input against a Zod schema, returning result object',
+        mitigates: ['injection', 'xss', 'path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^safeParse$',
+            module: 'zod',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Joi validation
+    {
+        id: 'joi-validate',
+        name: 'Joi Schema Validate',
+        description: 'Validates input against a Joi schema',
+        mitigates: ['injection', 'xss', 'path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^validate$',
+            module: 'joi',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'joi-validateAsync',
+        name: 'Joi Async Validate',
+        description: 'Validates input asynchronously against a Joi schema',
+        mitigates: ['injection', 'xss', 'path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^validateAsync$',
+            module: 'joi',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Validator.js
+    {
+        id: 'validator-escape',
+        name: 'Validator.js Escape',
+        description: 'Escapes HTML characters to prevent XSS',
+        mitigates: ['xss'],
+        match: {
+            type: 'function_call',
+            namePattern: '^escape$',
+            module: 'validator',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'validator-isEmail',
+        name: 'Validator.js Email Check',
+        description: 'Validates email format',
+        mitigates: ['injection'],
+        match: {
+            type: 'function_call',
+            namePattern: '^isEmail$',
+            module: 'validator',
+            returnConstraint: 'truthy',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    {
+        id: 'validator-isURL',
+        name: 'Validator.js URL Check',
+        description: 'Validates URL format',
+        mitigates: ['ssrf', 'injection'],
+        match: {
+            type: 'function_call',
+            namePattern: '^isURL$',
+            module: 'validator',
+            returnConstraint: 'truthy',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    {
+        id: 'validator-isAlphanumeric',
+        name: 'Validator.js Alphanumeric Check',
+        description: 'Validates input is alphanumeric only',
+        mitigates: ['injection', 'path_traversal'],
+        match: {
+            type: 'function_call',
+            namePattern: '^isAlphanumeric$',
+            module: 'validator',
+            returnConstraint: 'truthy',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Parameterized queries (implicit mitigation)
+    {
+        id: 'sql-parameterized',
+        name: 'SQL Parameterized Query',
+        description: 'Uses parameterized query with placeholders ($1, ?, :param)',
+        mitigates: ['injection'],
+        match: {
+            type: 'method_call',
+            namePattern: '^(query|execute|run|prepare)$',
+            parameters: [{ index: 1, constraint: 'any' }], // Second param = values array
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+];
+// =============================================================================
+// Null Safety Patterns (T022)
+// Mitigates: null_deref
+// =============================================================================
+export const nullSafetyPatterns = [
+    // Optional chaining
+    {
+        id: 'optional-chaining',
+        name: 'Optional Chaining',
+        description: 'Uses ?. operator for safe property access',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'type_guard',
+            namePattern: '^\\?\\.', // Regex to match ?. operator
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Nullish coalescing
+    {
+        id: 'nullish-coalescing',
+        name: 'Nullish Coalescing',
+        description: 'Uses ?? operator to provide default value',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'assignment',
+            namePattern: '^\\?\\?', // Regex to match ?? operator
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Nullish assignment
+    {
+        id: 'nullish-assignment',
+        name: 'Nullish Assignment',
+        description: 'Uses ??= operator for conditional assignment',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'assignment',
+            namePattern: '^\\?\\?=', // Regex to match ??= operator
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Typeof check
+    {
+        id: 'typeof-check',
+        name: 'Typeof Check',
+        description: 'Uses typeof to check value type before access',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'typeof_check',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Instanceof check
+    {
+        id: 'instanceof-check',
+        name: 'Instanceof Check',
+        description: 'Uses instanceof to verify object type',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'instanceof_check',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Explicit null/undefined checks
+    {
+        id: 'null-check-strict',
+        name: 'Strict Null Check',
+        description: 'Checks value against null with strict equality',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'type_guard',
+            namePattern: '^(!==?\\s*null|===?\\s*null)', // x !== null or x === null
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'undefined-check-strict',
+        name: 'Strict Undefined Check',
+        description: 'Checks value against undefined with strict equality',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'type_guard',
+            namePattern: '^(!==?\\s*undefined|===?\\s*undefined)',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'nullish-check',
+        name: 'Nullish Check (== null)',
+        description: 'Checks value for null or undefined using loose equality',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'type_guard',
+            namePattern: '^(!=\\s*null|==\\s*null)', // x != null (catches both null and undefined)
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Assertion functions
+    {
+        id: 'assert-defined',
+        name: 'Assert Defined',
+        description: 'Assertion function that throws if value is null/undefined',
+        mitigates: ['null_deref'],
+        match: {
+            type: 'function_call',
+            namePattern: '^(assertDefined|assertNotNull|assertNotNullish|assert)$',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+];
+// =============================================================================
+// Auth Check Patterns (T023)
+// Mitigates: auth_bypass
+// =============================================================================
+export const authCheckPatterns = [
+    // JWT verification
+    {
+        id: 'jwt-verify',
+        name: 'JWT Verify',
+        description: 'Verifies JWT token signature and claims',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'method_call',
+            namePattern: '^verify$',
+            module: 'jsonwebtoken',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'jwt-decode-verify',
+        name: 'JWT Decode with Verify',
+        description: 'Decodes and verifies JWT token',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'function_call',
+            namePattern: '^(jwtVerify|verifyToken|verifyJwt)$',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    // Passport.js
+    {
+        id: 'passport-authenticate',
+        name: 'Passport Authenticate',
+        description: 'Passport.js authentication middleware',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'method_call',
+            namePattern: '^authenticate$',
+            module: 'passport',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'passport-isAuthenticated',
+        name: 'Passport isAuthenticated',
+        description: 'Checks if user is authenticated via Passport session',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'method_call',
+            namePattern: '^isAuthenticated$',
+            returnConstraint: 'truthy',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Session checks
+    {
+        id: 'session-user-check',
+        name: 'Session User Check',
+        description: 'Checks for user object in session',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'type_guard',
+            namePattern: '^(session\\.user|req\\.session\\.user|session\\?.user)',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    {
+        id: 'session-id-check',
+        name: 'Session ID Check',
+        description: 'Checks for user ID in session',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'type_guard',
+            namePattern: '^(session\\.userId|req\\.session\\.userId|session\\?.userId)',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    // Role/permission checks
+    {
+        id: 'role-check',
+        name: 'Role Check',
+        description: 'Checks user role for authorization',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'type_guard',
+            namePattern: '^(user\\.role|req\\.user\\.role|\\.role\\s*===)',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    {
+        id: 'permission-check',
+        name: 'Permission Check',
+        description: 'Checks user permissions for authorization',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'function_call',
+            namePattern: '^(hasPermission|checkPermission|can|authorize)$',
+            returnConstraint: 'truthy',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    // OAuth token verification
+    {
+        id: 'oauth-verify',
+        name: 'OAuth Token Verify',
+        description: 'Verifies OAuth access token',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'method_call',
+            namePattern: '^(verifyAccessToken|validateToken|introspect)$',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    // API key validation
+    {
+        id: 'api-key-validate',
+        name: 'API Key Validation',
+        description: 'Validates API key for authentication',
+        mitigates: ['auth_bypass'],
+        match: {
+            type: 'function_call',
+            namePattern: '^(validateApiKey|verifyApiKey|isValidApiKey)$',
+            returnConstraint: 'truthy',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+];
+// =============================================================================
+// Output Encoding Patterns (T024)
+// Mitigates: xss
+// =============================================================================
+export const outputEncodingPatterns = [
+    // DOMPurify
+    {
+        id: 'dompurify-sanitize',
+        name: 'DOMPurify Sanitize',
+        description: 'Sanitizes HTML to prevent XSS',
+        mitigates: ['xss'],
+        match: {
+            type: 'method_call',
+            namePattern: '^sanitize$',
+            module: 'dompurify',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // Built-in encoding functions
+    {
+        id: 'encodeURI',
+        name: 'encodeURI',
+        description: 'Encodes a URI',
+        mitigates: ['xss', 'injection'],
+        match: {
+            type: 'function_call',
+            name: 'encodeURI',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    {
+        id: 'encodeURIComponent',
+        name: 'encodeURIComponent',
+        description: 'Encodes a URI component',
+        mitigates: ['xss', 'injection'],
+        match: {
+            type: 'function_call',
+            name: 'encodeURIComponent',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // HTML entity encoding
+    {
+        id: 'he-encode',
+        name: 'he.encode',
+        description: 'Encodes HTML entities using he library',
+        mitigates: ['xss'],
+        match: {
+            type: 'method_call',
+            namePattern: '^encode$',
+            module: 'he',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'he-escape',
+        name: 'he.escape',
+        description: 'Escapes HTML entities using he library',
+        mitigates: ['xss'],
+        match: {
+            type: 'method_call',
+            namePattern: '^escape$',
+            module: 'he',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // lodash/underscore escape
+    {
+        id: 'lodash-escape',
+        name: 'Lodash Escape',
+        description: 'Escapes HTML using lodash/underscore',
+        mitigates: ['xss'],
+        match: {
+            type: 'method_call',
+            namePattern: '^escape$',
+            module: 'lodash',
+            returnConstraint: 'sanitized',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // React automatic escaping (JSX)
+    {
+        id: 'react-jsx-escape',
+        name: 'React JSX Escape',
+        description: 'React automatically escapes JSX content',
+        mitigates: ['xss'],
+        match: {
+            type: 'assignment',
+            namePattern: '^<[A-Z]', // JSX element assignment
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // textContent (safe DOM assignment)
+    {
+        id: 'textContent-assignment',
+        name: 'textContent Assignment',
+        description: 'Assigning to textContent is safe from XSS',
+        mitigates: ['xss'],
+        match: {
+            type: 'assignment',
+            namePattern: '\\.textContent\\s*=',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    // createTextNode (safe DOM method)
+    {
+        id: 'createTextNode',
+        name: 'createTextNode',
+        description: 'Creating text node is safe from XSS',
+        mitigates: ['xss'],
+        match: {
+            type: 'method_call',
+            name: 'createTextNode',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+];
+// =============================================================================
+// Path Traversal Patterns
+// Mitigates: path_traversal
+// =============================================================================
+export const pathTraversalPatterns = [
+    {
+        id: 'path-resolve',
+        name: 'Path Resolve',
+        description: 'Resolves path segments to absolute path',
+        mitigates: ['path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^resolve$',
+            module: 'path',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+    {
+        id: 'path-normalize',
+        name: 'Path Normalize',
+        description: 'Normalizes path by resolving . and ..',
+        mitigates: ['path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^normalize$',
+            module: 'path',
+        },
+        confidence: 'low', // normalize alone doesn't prevent traversal
+        isBuiltIn: true,
+    },
+    {
+        id: 'path-basename',
+        name: 'Path Basename',
+        description: 'Extracts filename only, preventing directory traversal',
+        mitigates: ['path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^basename$',
+            module: 'path',
+        },
+        confidence: 'high',
+        isBuiltIn: true,
+    },
+    {
+        id: 'startsWith-check',
+        name: 'Path Prefix Check',
+        description: 'Verifies path starts with allowed directory',
+        mitigates: ['path_traversal'],
+        match: {
+            type: 'method_call',
+            namePattern: '^startsWith$',
+            returnConstraint: 'truthy',
+        },
+        confidence: 'medium',
+        isBuiltIn: true,
+    },
+];
+// =============================================================================
+// Aggregate Exports
+// =============================================================================
+/**
+ * All built-in mitigation patterns.
+ * Organized by category for easy reference and testing.
+ */
+export const BUILTIN_PATTERNS = [
+    ...inputValidationPatterns,
+    ...nullSafetyPatterns,
+    ...authCheckPatterns,
+    ...outputEncodingPatterns,
+    ...pathTraversalPatterns,
+];
+/**
+ * Pattern lookup by ID for fast access.
+ */
+export const PATTERN_BY_ID = new Map(BUILTIN_PATTERNS.map((p) => [p.id, p]));
+/**
+ * Get patterns that mitigate a specific vulnerability type.
+ */
+export function getPatternsForVulnerability(vulnType) {
+    return BUILTIN_PATTERNS.filter((p) => p.mitigates.includes(vulnType));
+}
+/**
+ * Get pattern by ID.
+ */
+export function getPatternById(id) {
+    return PATTERN_BY_ID.get(id);
+}
+//# sourceMappingURL=mitigation-patterns.js.map