@oddessentials/odd-ai-reviewers 1.0.0

package/dist/agents/control_flow/types.d.ts

@@ -0,0 +1,782 @@
+/**
+ * Control Flow Analysis Types
+ *
+ * Type definitions for the control flow analysis agent.
+ * Based on specs/001-control-flow-analysis/contracts/control-flow-types.ts
+ */
+import { z } from 'zod';
+export declare const VulnerabilityTypeSchema: z.ZodEnum<{
+    injection: "injection";
+    null_deref: "null_deref";
+    auth_bypass: "auth_bypass";
+    xss: "xss";
+    path_traversal: "path_traversal";
+    prototype_pollution: "prototype_pollution";
+    ssrf: "ssrf";
+}>;
+export type VulnerabilityType = z.infer<typeof VulnerabilityTypeSchema>;
+export declare const SeveritySchema: z.ZodEnum<{
+    error: "error";
+    warning: "warning";
+    info: "info";
+}>;
+export type Severity = z.infer<typeof SeveritySchema>;
+export declare const MitigationStatusSchema: z.ZodEnum<{
+    none: "none";
+    partial: "partial";
+    full: "full";
+}>;
+export type MitigationStatus = z.infer<typeof MitigationStatusSchema>;
+export declare const ConfidenceSchema: z.ZodEnum<{
+    high: "high";
+    medium: "medium";
+    low: "low";
+}>;
+export type Confidence = z.infer<typeof ConfidenceSchema>;
+export declare const BudgetStatusSchema: z.ZodEnum<{
+    ok: "ok";
+    warning: "warning";
+    exceeded: "exceeded";
+    terminated: "terminated";
+}>;
+export type BudgetStatus = z.infer<typeof BudgetStatusSchema>;
+export declare const CFGNodeTypeSchema: z.ZodEnum<{
+    entry: "entry";
+    exit: "exit";
+    throw: "throw";
+    basic: "basic";
+    branch: "branch";
+    merge: "merge";
+    loop_header: "loop_header";
+    loop_body: "loop_body";
+    call: "call";
+    await: "await";
+}>;
+export type CFGNodeType = z.infer<typeof CFGNodeTypeSchema>;
+export declare const CFGEdgeTypeSchema: z.ZodEnum<{
+    await: "await";
+    sequential: "sequential";
+    branch_true: "branch_true";
+    branch_false: "branch_false";
+    loop_back: "loop_back";
+    loop_exit: "loop_exit";
+    exception: "exception";
+    return: "return";
+}>;
+export type CFGEdgeType = z.infer<typeof CFGEdgeTypeSchema>;
+export declare const MatchTypeSchema: z.ZodEnum<{
+    function_call: "function_call";
+    method_call: "method_call";
+    type_guard: "type_guard";
+    assignment: "assignment";
+    typeof_check: "typeof_check";
+    instanceof_check: "instanceof_check";
+}>;
+export type MatchType = z.infer<typeof MatchTypeSchema>;
+export declare const MitigationScopeSchema: z.ZodEnum<{
+    function: "function";
+    block: "block";
+    module: "module";
+}>;
+export type MitigationScope = z.infer<typeof MitigationScopeSchema>;
+export declare const SourceLocationSchema: z.ZodObject<{
+    file: z.ZodString;
+    line: z.ZodNumber;
+    column: z.ZodOptional<z.ZodNumber>;
+    endLine: z.ZodOptional<z.ZodNumber>;
+    endColumn: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strip>;
+export type SourceLocation = z.infer<typeof SourceLocationSchema>;
+export declare const ParameterConstraintSchema: z.ZodObject<{
+    index: z.ZodNumber;
+    constraint: z.ZodEnum<{
+        string: "string";
+        any: "any";
+        tainted_source: "tainted_source";
+    }>;
+}, z.core.$strip>;
+export type ParameterConstraint = z.infer<typeof ParameterConstraintSchema>;
+export declare const ReturnConstraintSchema: z.ZodEnum<{
+    truthy: "truthy";
+    defined: "defined";
+    sanitized: "sanitized";
+}>;
+export type ReturnConstraint = z.infer<typeof ReturnConstraintSchema>;
+export declare const MatchCriteriaSchema: z.ZodObject<{
+    type: z.ZodEnum<{
+        function_call: "function_call";
+        method_call: "method_call";
+        type_guard: "type_guard";
+        assignment: "assignment";
+        typeof_check: "typeof_check";
+        instanceof_check: "instanceof_check";
+    }>;
+    name: z.ZodOptional<z.ZodString>;
+    namePattern: z.ZodOptional<z.ZodString>;
+    module: z.ZodOptional<z.ZodString>;
+    parameters: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        index: z.ZodNumber;
+        constraint: z.ZodEnum<{
+            string: "string";
+            any: "any";
+            tainted_source: "tainted_source";
+        }>;
+    }, z.core.$strip>>>;
+    returnConstraint: z.ZodOptional<z.ZodEnum<{
+        truthy: "truthy";
+        defined: "defined";
+        sanitized: "sanitized";
+    }>>;
+}, z.core.$strip>;
+export type MatchCriteria = z.infer<typeof MatchCriteriaSchema>;
+export declare const MitigationPatternSchema: z.ZodObject<{
+    id: z.ZodString;
+    name: z.ZodString;
+    description: z.ZodString;
+    mitigates: z.ZodArray<z.ZodEnum<{
+        injection: "injection";
+        null_deref: "null_deref";
+        auth_bypass: "auth_bypass";
+        xss: "xss";
+        path_traversal: "path_traversal";
+        prototype_pollution: "prototype_pollution";
+        ssrf: "ssrf";
+    }>>;
+    match: z.ZodObject<{
+        type: z.ZodEnum<{
+            function_call: "function_call";
+            method_call: "method_call";
+            type_guard: "type_guard";
+            assignment: "assignment";
+            typeof_check: "typeof_check";
+            instanceof_check: "instanceof_check";
+        }>;
+        name: z.ZodOptional<z.ZodString>;
+        namePattern: z.ZodOptional<z.ZodString>;
+        module: z.ZodOptional<z.ZodString>;
+        parameters: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            index: z.ZodNumber;
+            constraint: z.ZodEnum<{
+                string: "string";
+                any: "any";
+                tainted_source: "tainted_source";
+            }>;
+        }, z.core.$strip>>>;
+        returnConstraint: z.ZodOptional<z.ZodEnum<{
+            truthy: "truthy";
+            defined: "defined";
+            sanitized: "sanitized";
+        }>>;
+    }, z.core.$strip>;
+    confidence: z.ZodEnum<{
+        high: "high";
+        medium: "medium";
+        low: "low";
+    }>;
+    isBuiltIn: z.ZodOptional<z.ZodBoolean>;
+    deprecated: z.ZodOptional<z.ZodBoolean>;
+    deprecationReason: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type MitigationPattern = z.infer<typeof MitigationPatternSchema>;
+/**
+ * A single entry in the call chain from vulnerability to mitigation.
+ * Used to track how mitigations in other files are reached.
+ */
+export declare const CallChainEntrySchema: z.ZodObject<{
+    file: z.ZodString;
+    functionName: z.ZodString;
+    line: z.ZodNumber;
+}, z.core.$strip>;
+export type CallChainEntry = z.infer<typeof CallChainEntrySchema>;
+/**
+ * Result of evaluating a single regex pattern with timeout protection.
+ */
+export declare const PatternEvaluationResultSchema: z.ZodObject<{
+    patternId: z.ZodString;
+    matched: z.ZodBoolean;
+    timedOut: z.ZodBoolean;
+    elapsedMs: z.ZodNumber;
+    inputLength: z.ZodNumber;
+}, z.core.$strip>;
+export type PatternEvaluationResult = z.infer<typeof PatternEvaluationResultSchema>;
+/**
+ * Summary information about a cross-file mitigation for finding metadata.
+ * Used in finding messages to report mitigation locations.
+ */
+export declare const CrossFileMitigationInfoSchema: z.ZodObject<{
+    patternId: z.ZodString;
+    file: z.ZodString;
+    line: z.ZodNumber;
+    depth: z.ZodNumber;
+    functionName: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type CrossFileMitigationInfo = z.infer<typeof CrossFileMitigationInfoSchema>;
+/**
+ * Summary information about a pattern that timed out during evaluation.
+ * Used in finding metadata to indicate conservative results.
+ */
+export declare const PatternTimeoutInfoSchema: z.ZodObject<{
+    patternId: z.ZodString;
+    elapsedMs: z.ZodNumber;
+}, z.core.$strip>;
+export type PatternTimeoutInfo = z.infer<typeof PatternTimeoutInfoSchema>;
+export declare const MitigationInstanceSchema: z.ZodObject<{
+    patternId: z.ZodString;
+    location: z.ZodObject<{
+        file: z.ZodString;
+        line: z.ZodNumber;
+        column: z.ZodOptional<z.ZodNumber>;
+        endLine: z.ZodOptional<z.ZodNumber>;
+        endColumn: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>;
+    protectedVariables: z.ZodArray<z.ZodString>;
+    protectedPaths: z.ZodArray<z.ZodString>;
+    scope: z.ZodEnum<{
+        function: "function";
+        block: "block";
+        module: "module";
+    }>;
+    confidence: z.ZodEnum<{
+        high: "high";
+        medium: "medium";
+        low: "low";
+    }>;
+    callChain: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        file: z.ZodString;
+        functionName: z.ZodString;
+        line: z.ZodNumber;
+    }, z.core.$strip>>>;
+    discoveryDepth: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strip>;
+export type MitigationInstance = z.infer<typeof MitigationInstanceSchema>;
+export declare const CFGNodeSchema: z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodEnum<{
+        entry: "entry";
+        exit: "exit";
+        throw: "throw";
+        basic: "basic";
+        branch: "branch";
+        merge: "merge";
+        loop_header: "loop_header";
+        loop_body: "loop_body";
+        call: "call";
+        await: "await";
+    }>;
+    lineStart: z.ZodNumber;
+    lineEnd: z.ZodNumber;
+    mitigations: z.ZodArray<z.ZodObject<{
+        patternId: z.ZodString;
+        location: z.ZodObject<{
+            file: z.ZodString;
+            line: z.ZodNumber;
+            column: z.ZodOptional<z.ZodNumber>;
+            endLine: z.ZodOptional<z.ZodNumber>;
+            endColumn: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>;
+        protectedVariables: z.ZodArray<z.ZodString>;
+        protectedPaths: z.ZodArray<z.ZodString>;
+        scope: z.ZodEnum<{
+            function: "function";
+            block: "block";
+            module: "module";
+        }>;
+        confidence: z.ZodEnum<{
+            high: "high";
+            medium: "medium";
+            low: "low";
+        }>;
+        callChain: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            file: z.ZodString;
+            functionName: z.ZodString;
+            line: z.ZodNumber;
+        }, z.core.$strip>>>;
+        discoveryDepth: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    taintedVariables: z.ZodArray<z.ZodString>;
+}, z.core.$strip>;
+export type CFGNode = z.infer<typeof CFGNodeSchema>;
+export declare const CFGEdgeSchema: z.ZodObject<{
+    from: z.ZodString;
+    to: z.ZodString;
+    type: z.ZodEnum<{
+        await: "await";
+        sequential: "sequential";
+        branch_true: "branch_true";
+        branch_false: "branch_false";
+        loop_back: "loop_back";
+        loop_exit: "loop_exit";
+        exception: "exception";
+        return: "return";
+    }>;
+    conditionValue: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+export type CFGEdge = z.infer<typeof CFGEdgeSchema>;
+export declare const CallSiteSchema: z.ZodObject<{
+    nodeId: z.ZodString;
+    calleeName: z.ZodString;
+    calleeFile: z.ZodOptional<z.ZodString>;
+    isResolved: z.ZodBoolean;
+    isDynamic: z.ZodBoolean;
+    location: z.ZodObject<{
+        file: z.ZodString;
+        line: z.ZodNumber;
+        column: z.ZodOptional<z.ZodNumber>;
+        endLine: z.ZodOptional<z.ZodNumber>;
+        endColumn: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type CallSite = z.infer<typeof CallSiteSchema>;
+export declare const ControlFlowGraphSchema: z.ZodObject<{
+    functionId: z.ZodString;
+    functionName: z.ZodString;
+    filePath: z.ZodString;
+    startLine: z.ZodNumber;
+    endLine: z.ZodNumber;
+    nodes: z.ZodRecord<z.ZodString, z.ZodObject<{
+        id: z.ZodString;
+        type: z.ZodEnum<{
+            entry: "entry";
+            exit: "exit";
+            throw: "throw";
+            basic: "basic";
+            branch: "branch";
+            merge: "merge";
+            loop_header: "loop_header";
+            loop_body: "loop_body";
+            call: "call";
+            await: "await";
+        }>;
+        lineStart: z.ZodNumber;
+        lineEnd: z.ZodNumber;
+        mitigations: z.ZodArray<z.ZodObject<{
+            patternId: z.ZodString;
+            location: z.ZodObject<{
+                file: z.ZodString;
+                line: z.ZodNumber;
+                column: z.ZodOptional<z.ZodNumber>;
+                endLine: z.ZodOptional<z.ZodNumber>;
+                endColumn: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$strip>;
+            protectedVariables: z.ZodArray<z.ZodString>;
+            protectedPaths: z.ZodArray<z.ZodString>;
+            scope: z.ZodEnum<{
+                function: "function";
+                block: "block";
+                module: "module";
+            }>;
+            confidence: z.ZodEnum<{
+                high: "high";
+                medium: "medium";
+                low: "low";
+            }>;
+            callChain: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                file: z.ZodString;
+                functionName: z.ZodString;
+                line: z.ZodNumber;
+            }, z.core.$strip>>>;
+            discoveryDepth: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>>;
+        taintedVariables: z.ZodArray<z.ZodString>;
+    }, z.core.$strip>>;
+    edges: z.ZodArray<z.ZodObject<{
+        from: z.ZodString;
+        to: z.ZodString;
+        type: z.ZodEnum<{
+            await: "await";
+            sequential: "sequential";
+            branch_true: "branch_true";
+            branch_false: "branch_false";
+            loop_back: "loop_back";
+            loop_exit: "loop_exit";
+            exception: "exception";
+            return: "return";
+        }>;
+        conditionValue: z.ZodOptional<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    entryNode: z.ZodString;
+    exitNodes: z.ZodArray<z.ZodString>;
+    callSites: z.ZodArray<z.ZodObject<{
+        nodeId: z.ZodString;
+        calleeName: z.ZodString;
+        calleeFile: z.ZodOptional<z.ZodString>;
+        isResolved: z.ZodBoolean;
+        isDynamic: z.ZodBoolean;
+        location: z.ZodObject<{
+            file: z.ZodString;
+            line: z.ZodNumber;
+            column: z.ZodOptional<z.ZodNumber>;
+            endLine: z.ZodOptional<z.ZodNumber>;
+            endColumn: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export type ControlFlowGraph = z.infer<typeof ControlFlowGraphSchema>;
+export declare const PotentialVulnerabilitySchema: z.ZodObject<{
+    id: z.ZodString;
+    type: z.ZodEnum<{
+        injection: "injection";
+        null_deref: "null_deref";
+        auth_bypass: "auth_bypass";
+        xss: "xss";
+        path_traversal: "path_traversal";
+        prototype_pollution: "prototype_pollution";
+        ssrf: "ssrf";
+    }>;
+    sinkLocation: z.ZodObject<{
+        file: z.ZodString;
+        line: z.ZodNumber;
+        column: z.ZodOptional<z.ZodNumber>;
+        endLine: z.ZodOptional<z.ZodNumber>;
+        endColumn: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>;
+    taintedSource: z.ZodOptional<z.ZodObject<{
+        file: z.ZodString;
+        line: z.ZodNumber;
+        column: z.ZodOptional<z.ZodNumber>;
+        endLine: z.ZodOptional<z.ZodNumber>;
+        endColumn: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>>;
+    affectedVariable: z.ZodString;
+    requiredMitigations: z.ZodArray<z.ZodEnum<{
+        injection: "injection";
+        null_deref: "null_deref";
+        auth_bypass: "auth_bypass";
+        xss: "xss";
+        path_traversal: "path_traversal";
+        prototype_pollution: "prototype_pollution";
+        ssrf: "ssrf";
+    }>>;
+    description: z.ZodString;
+}, z.core.$strip>;
+export type PotentialVulnerability = z.infer<typeof PotentialVulnerabilitySchema>;
+export declare const FindingMetadataSchema: z.ZodObject<{
+    mitigationStatus: z.ZodEnum<{
+        none: "none";
+        partial: "partial";
+        full: "full";
+    }>;
+    originalSeverity: z.ZodOptional<z.ZodEnum<{
+        error: "error";
+        warning: "warning";
+        info: "info";
+    }>>;
+    pathsCovered: z.ZodNumber;
+    pathsTotal: z.ZodNumber;
+    unprotectedPaths: z.ZodArray<z.ZodString>;
+    mitigationsDetected: z.ZodArray<z.ZodString>;
+    analysisDepth: z.ZodNumber;
+    degraded: z.ZodBoolean;
+    degradedReason: z.ZodOptional<z.ZodString>;
+    crossFileMitigations: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        patternId: z.ZodString;
+        file: z.ZodString;
+        line: z.ZodNumber;
+        depth: z.ZodNumber;
+        functionName: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    patternTimeouts: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        patternId: z.ZodString;
+        elapsedMs: z.ZodNumber;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
+export type FindingMetadata = z.infer<typeof FindingMetadataSchema>;
+export declare const ControlFlowFindingSchema: z.ZodObject<{
+    severity: z.ZodEnum<{
+        error: "error";
+        warning: "warning";
+        info: "info";
+    }>;
+    file: z.ZodString;
+    line: z.ZodNumber;
+    endLine: z.ZodOptional<z.ZodNumber>;
+    message: z.ZodString;
+    suggestion: z.ZodOptional<z.ZodString>;
+    ruleId: z.ZodString;
+    sourceAgent: z.ZodLiteral<"control_flow">;
+    fingerprint: z.ZodString;
+    metadata: z.ZodObject<{
+        mitigationStatus: z.ZodEnum<{
+            none: "none";
+            partial: "partial";
+            full: "full";
+        }>;
+        originalSeverity: z.ZodOptional<z.ZodEnum<{
+            error: "error";
+            warning: "warning";
+            info: "info";
+        }>>;
+        pathsCovered: z.ZodNumber;
+        pathsTotal: z.ZodNumber;
+        unprotectedPaths: z.ZodArray<z.ZodString>;
+        mitigationsDetected: z.ZodArray<z.ZodString>;
+        analysisDepth: z.ZodNumber;
+        degraded: z.ZodBoolean;
+        degradedReason: z.ZodOptional<z.ZodString>;
+        crossFileMitigations: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            patternId: z.ZodString;
+            file: z.ZodString;
+            line: z.ZodNumber;
+            depth: z.ZodNumber;
+            functionName: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        patternTimeouts: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            patternId: z.ZodString;
+            elapsedMs: z.ZodNumber;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export type ControlFlowFinding = z.infer<typeof ControlFlowFindingSchema>;
+export declare const AnalysisBudgetConfigSchema: z.ZodObject<{
+    maxDurationMs: z.ZodDefault<z.ZodNumber>;
+    maxLinesChanged: z.ZodDefault<z.ZodNumber>;
+    maxCallDepth: z.ZodDefault<z.ZodNumber>;
+    maxNodesVisited: z.ZodDefault<z.ZodNumber>;
+}, z.core.$strip>;
+export type AnalysisBudgetConfig = z.infer<typeof AnalysisBudgetConfigSchema>;
+/**
+ * Risk level for ReDoS vulnerability assessment.
+ */
+export declare const ReDoSRiskLevelSchema: z.ZodEnum<{
+    none: "none";
+    high: "high";
+    medium: "medium";
+    low: "low";
+}>;
+export type ReDoSRiskLevel = z.infer<typeof ReDoSRiskLevelSchema>;
+/**
+ * Result of checking a pattern for ReDoS vulnerability patterns.
+ * Internal result from static pattern analysis.
+ */
+export declare const ReDoSDetectionResultSchema: z.ZodObject<{
+    hasNestedQuantifiers: z.ZodBoolean;
+    hasOverlappingAlternation: z.ZodBoolean;
+    hasQuantifiedOverlap: z.ZodBoolean;
+    starHeight: z.ZodNumber;
+    vulnerabilityScore: z.ZodNumber;
+    detectedPatterns: z.ZodArray<z.ZodString>;
+}, z.core.$strip>;
+export type ReDoSDetectionResult = z.infer<typeof ReDoSDetectionResultSchema>;
+/**
+ * Result of validating a regex pattern for ReDoS vulnerabilities.
+ * Captures validation status and details for audit logging and error reporting.
+ */
+export declare const PatternValidationResultSchema: z.ZodObject<{
+    pattern: z.ZodString;
+    patternId: z.ZodString;
+    isValid: z.ZodBoolean;
+    rejectionReasons: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    redosRisk: z.ZodEnum<{
+        none: "none";
+        high: "high";
+        medium: "medium";
+        low: "low";
+    }>;
+    validationTimeMs: z.ZodNumber;
+    whitelisted: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+export type PatternValidationResult = z.infer<typeof PatternValidationResultSchema>;
+/**
+ * Error type categories for validation errors.
+ */
+export declare const ValidationErrorTypeSchema: z.ZodEnum<{
+    compilation: "compilation";
+    validation: "validation";
+    timeout: "timeout";
+    resource: "resource";
+}>;
+export type ValidationErrorType = z.infer<typeof ValidationErrorTypeSchema>;
+/**
+ * Represents an error encountered during pattern validation or execution.
+ * Structured error information for logging and recovery decisions.
+ */
+export declare const ValidationErrorSchema: z.ZodObject<{
+    errorType: z.ZodEnum<{
+        compilation: "compilation";
+        validation: "validation";
+        timeout: "timeout";
+        resource: "resource";
+    }>;
+    patternId: z.ZodString;
+    message: z.ZodString;
+    details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    recoverable: z.ZodBoolean;
+    timestamp: z.ZodNumber;
+}, z.core.$strip>;
+export type ValidationError = z.infer<typeof ValidationErrorSchema>;
+export declare const PatternOverrideSchema: z.ZodObject<{
+    patternId: z.ZodString;
+    confidence: z.ZodOptional<z.ZodEnum<{
+        high: "high";
+        medium: "medium";
+        low: "low";
+    }>>;
+    deprecated: z.ZodOptional<z.ZodBoolean>;
+    deprecationReason: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type PatternOverride = z.infer<typeof PatternOverrideSchema>;
+export declare const ControlFlowConfigSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    maxCallDepth: z.ZodDefault<z.ZodNumber>;
+    timeBudgetMs: z.ZodDefault<z.ZodNumber>;
+    sizeBudgetLines: z.ZodDefault<z.ZodNumber>;
+    mitigationPatterns: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        description: z.ZodString;
+        mitigates: z.ZodArray<z.ZodEnum<{
+            injection: "injection";
+            null_deref: "null_deref";
+            auth_bypass: "auth_bypass";
+            xss: "xss";
+            path_traversal: "path_traversal";
+            prototype_pollution: "prototype_pollution";
+            ssrf: "ssrf";
+        }>>;
+        match: z.ZodObject<{
+            type: z.ZodEnum<{
+                function_call: "function_call";
+                method_call: "method_call";
+                type_guard: "type_guard";
+                assignment: "assignment";
+                typeof_check: "typeof_check";
+                instanceof_check: "instanceof_check";
+            }>;
+            name: z.ZodOptional<z.ZodString>;
+            namePattern: z.ZodOptional<z.ZodString>;
+            module: z.ZodOptional<z.ZodString>;
+            parameters: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                index: z.ZodNumber;
+                constraint: z.ZodEnum<{
+                    string: "string";
+                    any: "any";
+                    tainted_source: "tainted_source";
+                }>;
+            }, z.core.$strip>>>;
+            returnConstraint: z.ZodOptional<z.ZodEnum<{
+                truthy: "truthy";
+                defined: "defined";
+                sanitized: "sanitized";
+            }>>;
+        }, z.core.$strip>;
+        confidence: z.ZodEnum<{
+            high: "high";
+            medium: "medium";
+            low: "low";
+        }>;
+        isBuiltIn: z.ZodOptional<z.ZodBoolean>;
+        deprecated: z.ZodOptional<z.ZodBoolean>;
+        deprecationReason: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    patternOverrides: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        patternId: z.ZodString;
+        confidence: z.ZodOptional<z.ZodEnum<{
+            high: "high";
+            medium: "medium";
+            low: "low";
+        }>>;
+        deprecated: z.ZodOptional<z.ZodBoolean>;
+        deprecationReason: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    disabledPatterns: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    patternTimeoutMs: z.ZodDefault<z.ZodNumber>;
+    whitelistedPatterns: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    validationTimeoutMs: z.ZodDefault<z.ZodNumber>;
+    rejectionThreshold: z.ZodDefault<z.ZodEnum<{
+        none: "none";
+        high: "high";
+        medium: "medium";
+        low: "low";
+    }>>;
+}, z.core.$strip>;
+export type ControlFlowConfig = z.infer<typeof ControlFlowConfigSchema>;
+export interface AnalysisLogEntry {
+    timestamp: number;
+    level: 'debug' | 'info' | 'warn' | 'error';
+    message: string;
+    context?: Record<string, unknown>;
+}
+/**
+ * Result classification when node limit is exceeded.
+ * Uses 'unknown' to indicate incomplete analysis - NOT a safety assertion.
+ */
+export declare const NodeLimitClassificationSchema: z.ZodEnum<{
+    unknown: "unknown";
+}>;
+export type NodeLimitClassification = z.infer<typeof NodeLimitClassificationSchema>;
+/**
+ * Reason codes for traversal termination.
+ */
+export declare const TraversalTerminationReasonSchema: z.ZodEnum<{
+    node_limit_exceeded: "node_limit_exceeded";
+    completed: "completed";
+}>;
+export type TraversalTerminationReason = z.infer<typeof TraversalTerminationReasonSchema>;
+/**
+ * State maintained during a single CFG traversal.
+ *
+ * IMPORTANT: This state is per-traversal, not shared across traversals.
+ * Each new traversal should create a fresh TraversalState instance.
+ *
+ * Canonical field names for logging:
+ * - nodesVisited: Current count of nodes visited
+ * - maxNodesVisited: Configured limit from budget
+ * - classification: Result classification if limit reached ('unknown')
+ * - reason: Why traversal terminated ('node_limit_exceeded' or 'completed')
+ */
+export interface TraversalState {
+    /** Current count of nodes visited in this traversal */
+    nodesVisited: number;
+    /** Maximum nodes allowed (from budget config) */
+    maxNodesVisited: number;
+    /** Whether the node limit was reached */
+    limitReached: boolean;
+    /** Classification assigned when limit is reached */
+    classification?: NodeLimitClassification;
+    /** Reason for traversal termination */
+    reason?: TraversalTerminationReason;
+}
+/**
+ * Result of visiting a node during traversal.
+ */
+export interface NodeVisitResult {
+    /** Whether the node limit was reached on this visit */
+    limitReached: boolean;
+    /** Classification if limit was reached ('unknown' = analysis incomplete) */
+    classification?: NodeLimitClassification;
+    /** Reason for the result */
+    reason?: TraversalTerminationReason;
+}
+/**
+ * Create a fresh traversal state for a new traversal.
+ *
+ * @param maxNodesVisited - Maximum nodes to visit (from budget config)
+ * @returns Fresh traversal state with counters reset
+ */
+export declare function createTraversalState(maxNodesVisited: number): TraversalState;
+/**
+ * Validate a custom mitigation pattern configuration.
+ * Ensures patterns are declarative and side-effect-free (FR-015).
+ *
+ * Note: This validates syntax only. For ReDoS protection, use
+ * `validateMitigationPatternWithReDoSCheck` from pattern-validator.ts
+ * or ensure patterns are used through `createValidatedTimeoutRegex`.
+ */
+export declare function validateMitigationPattern(pattern: unknown): {
+    success: true;
+    data: MitigationPattern;
+} | {
+    success: false;
+    error: z.ZodError;
+};
+/**
+ * Validate control flow configuration.
+ */
+export declare function validateControlFlowConfig(config: unknown): {
+    success: true;
+    data: ControlFlowConfig;
+} | {
+    success: false;
+    error: z.ZodError;
+};
+//# sourceMappingURL=types.d.ts.map