@opencodereview/core 1.9.1

package/dist/detectors/security-pattern.js

@@ -0,0 +1,235 @@
+/**
+ * Security Pattern Detector (V3)
+ *
+ * Detects AI-generated security anti-patterns:
+ * 1. Hardcoded secrets/credentials (CWE-798)
+ * 2. eval/Function constructor usage (CWE-95)
+ * 3. SQL injection via string concatenation/template literals (CWE-89)
+ * 4. Insecure cryptography: Math.random(), MD5/SHA1 for passwords (CWE-328/338)
+ * 5. Insecure defaults: cors origin '*', disabled security headers (CWE-942)
+ *
+ * AI models frequently generate code with these patterns from training data.
+ *
+ * Implements the unified Detector interface.
+ *
+ * @since 0.3.0
+ */
+import { AIDefectCategory } from '../types.js';
+// ─── Hardcoded Secret Patterns ───
+const SECRET_NAME_PATTERN = /(?:password|passwd|pwd|api_?key|apikey|secret|token|credential|private_?key|auth_?token|access_?key|client_?secret)\s*[:=]\s*['"`]([^'"`]{4,})['"`]/i;
+const SECRET_ASSIGNMENT_PATTERN = /(?:const|let|var)\s+(?:password|passwd|pwd|apiKey|api_key|secret|token|credential|privateKey|private_key|authToken|auth_token|accessKey|access_key|clientSecret|client_secret)\s*=\s*['"`]([^'"`]{4,})['"`]/i;
+// ─── SQL Patterns ───
+const SQL_CONCAT_PATTERN = /['"`](?:SELECT|INSERT|UPDATE|DELETE|DROP|ALTER|CREATE|TRUNCATE)\s.*?['"`]\s*\+\s*\w+/i;
+const SQL_TEMPLATE_PATTERN = /(?:SELECT|INSERT|UPDATE|DELETE|DROP|ALTER|CREATE|TRUNCATE)\s.*?\$\{/i;
+// ─── All Security Patterns ───
+const SECURITY_PATTERNS = [
+    // 1. Hardcoded secrets
+    {
+        type: 'hardcoded-secret',
+        regex: SECRET_NAME_PATTERN,
+        severity: 'critical',
+        message: 'Hardcoded secret/credential detected',
+        suggestion: 'Use environment variables (process.env.XXX) or a secrets manager instead of hardcoding credentials.',
+        cweId: 'CWE-798',
+        skipTests: true,
+    },
+    {
+        type: 'hardcoded-secret',
+        regex: SECRET_ASSIGNMENT_PATTERN,
+        severity: 'critical',
+        message: 'Hardcoded secret assigned to variable with sensitive name',
+        suggestion: 'Use environment variables (process.env.XXX) or a secrets manager.',
+        cweId: 'CWE-798',
+        skipTests: true,
+    },
+    // 2. eval / Function constructor
+    {
+        type: 'unsafe-eval',
+        regex: /\beval\s*\(/,
+        severity: 'high',
+        message: 'Use of eval() detected — allows arbitrary code execution',
+        suggestion: 'Avoid eval(). Use JSON.parse() for data parsing, or safer alternatives like Function constructors with strict sandboxing.',
+        cweId: 'CWE-95',
+    },
+    {
+        type: 'unsafe-eval',
+        regex: /new\s+Function\s*\(/,
+        severity: 'high',
+        message: 'Use of new Function() detected — allows dynamic code execution',
+        suggestion: 'Avoid new Function(). Use structured approaches to achieve dynamic behavior.',
+        cweId: 'CWE-95',
+    },
+    // 3. SQL injection
+    {
+        type: 'sql-injection',
+        regex: SQL_CONCAT_PATTERN,
+        severity: 'medium',
+        message: 'Potential SQL injection: SQL query built with string concatenation',
+        suggestion: 'Use parameterized queries or an ORM instead of string concatenation for SQL queries.',
+        cweId: 'CWE-89',
+    },
+    {
+        type: 'sql-injection',
+        regex: SQL_TEMPLATE_PATTERN,
+        severity: 'medium',
+        message: 'Potential SQL injection: SQL query built with template literal interpolation',
+        suggestion: 'Use parameterized queries (e.g., $1 placeholders) instead of template literal interpolation.',
+        cweId: 'CWE-89',
+    },
+    // 4. Insecure crypto
+    {
+        type: 'insecure-random',
+        regex: /Math\.random\s*\(\)/,
+        severity: 'medium',
+        message: 'Math.random() is not cryptographically secure',
+        suggestion: 'Use crypto.randomBytes() or crypto.randomUUID() for security-sensitive random values.',
+        cweId: 'CWE-338',
+    },
+    {
+        type: 'insecure-hash',
+        regex: /createHash\s*\(\s*['"]md5['"]\s*\)/,
+        severity: 'medium',
+        message: 'MD5 is cryptographically broken — should not be used for security purposes',
+        suggestion: 'Use SHA-256 or SHA-3 for hashing. Use bcrypt/scrypt/argon2 for password hashing.',
+        cweId: 'CWE-328',
+    },
+    {
+        type: 'insecure-hash',
+        regex: /createHash\s*\(\s*['"]sha1['"]\s*\)/,
+        severity: 'medium',
+        message: 'SHA-1 is deprecated for security use — vulnerable to collision attacks',
+        suggestion: 'Use SHA-256 or SHA-3 for hashing. Use bcrypt/scrypt/argon2 for password hashing.',
+        cweId: 'CWE-328',
+    },
+    // 5. Insecure defaults
+    {
+        type: 'insecure-cors',
+        regex: /cors\s*\(\s*\{[^}]*origin\s*:\s*['"`]\*['"`]/,
+        severity: 'medium',
+        message: 'CORS configured with wildcard origin — allows any domain to make requests',
+        suggestion: 'Restrict CORS origin to specific trusted domains instead of using wildcard \'*\'.',
+        cweId: 'CWE-942',
+    },
+    {
+        type: 'insecure-config',
+        regex: /helmet\s*\(\s*\{[^}]*contentSecurityPolicy\s*:\s*false/,
+        severity: 'medium',
+        message: 'Content Security Policy is disabled in helmet configuration',
+        suggestion: 'Enable Content Security Policy. Configure it for your specific needs rather than disabling it.',
+        cweId: 'CWE-693',
+    },
+    {
+        type: 'insecure-config',
+        regex: /rejectUnauthorized\s*:\s*false/,
+        severity: 'medium',
+        message: 'TLS certificate verification is disabled (rejectUnauthorized: false)',
+        suggestion: 'Do not disable TLS certificate verification in production. Fix the certificate chain instead.',
+        cweId: 'CWE-295',
+    },
+];
+// ─── Helpers ───
+function isTestFile(filePath) {
+    return /\.(test|spec)\.[jt]sx?$/.test(filePath) ||
+        filePath.includes('__tests__') ||
+        filePath.includes('__mocks__') ||
+        /\/tests?\//.test(filePath);
+}
+// ─── Main Detector ───
+/**
+ * SecurityPatternDetector — detects common security anti-patterns in AI-generated code.
+ *
+ * Scans source code with regex patterns for 5 categories:
+ * hardcoded secrets, eval usage, SQL injection, insecure crypto, insecure defaults.
+ */
+export class SecurityPatternDetector {
+    name = 'security-pattern';
+    version = '1.0.0';
+    tier = 1;
+    // ─── V3 Unified Interface ───
+    async detect(files) {
+        const allIssues = [];
+        let globalIndex = 0;
+        for (const file of files) {
+            const issues = this.analyzeFile(file.path, file.content);
+            for (const issue of issues) {
+                issue.id = `security:${globalIndex++}`;
+                allIssues.push(issue);
+            }
+        }
+        return allIssues;
+    }
+    // ─── Internal Analysis ───
+    analyzeFile(filePath, source) {
+        const issues = [];
+        const lines = source.split('\n');
+        const isTest = isTestFile(filePath);
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const trimmed = line.trim();
+            // Skip comments
+            if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*')) {
+                continue;
+            }
+            // Skip suppressed lines
+            const prevLine = i > 0 ? lines[i - 1] : '';
+            if (prevLine.includes('// ai-validator-ignore') || prevLine.includes('// ai-validator-disable')) {
+                continue;
+            }
+            for (const pattern of SECURITY_PATTERNS) {
+                // Skip test-file-only patterns in test files
+                if (pattern.skipTests && isTest) {
+                    continue;
+                }
+                // Reset regex state
+                const regex = new RegExp(pattern.regex.source, pattern.regex.flags);
+                const match = regex.exec(line);
+                if (match) {
+                    // Additional check: for hardcoded secrets, skip env variable references
+                    if (pattern.type === 'hardcoded-secret') {
+                        if (line.includes('process.env') || line.includes('env.') ||
+                            line.includes('config.') || line.includes('Config.')) {
+                            continue;
+                        }
+                        // Skip example/placeholder values
+                        const value = match[1] || '';
+                        if (value === 'xxx' || value === 'XXX' || value === '***' ||
+                            value === 'your-' || value.startsWith('your-') ||
+                            value === 'placeholder' || value === 'changeme') {
+                            continue;
+                        }
+                    }
+                    // For SQL injection, skip tagged template literals (sql``, Prisma.$queryRaw``)
+                    if (pattern.type === 'sql-injection') {
+                        if (/(?:sql|Prisma\.\$queryRaw)\s*`/.test(line)) {
+                            continue;
+                        }
+                    }
+                    issues.push({
+                        id: '', // set in detect()
+                        detector: this.name,
+                        type: pattern.type,
+                        category: AIDefectCategory.SECURITY_ANTIPATTERN,
+                        severity: pattern.severity,
+                        message: pattern.message,
+                        file: filePath,
+                        line: i + 1,
+                        column: match.index + 1,
+                        suggestion: pattern.suggestion,
+                        fix: {
+                            description: pattern.suggestion,
+                            autoFixable: false,
+                        },
+                        references: pattern.cweId
+                            ? { urls: [`https://cwe.mitre.org/data/definitions/${pattern.cweId.replace('CWE-', '')}.html`], cweId: pattern.cweId }
+                            : undefined,
+                        confidence: 0.85,
+                        detectionSource: 'static',
+                    });
+                }
+            }
+        }
+        return issues;
+    }
+}
+export default SecurityPatternDetector;
+//# sourceMappingURL=security-pattern.js.map

package/dist/detectors/security-pattern.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-pattern.js","sourceRoot":"","sources":["../../src/detectors/security-pattern.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAgB/C,oCAAoC;AAEpC,MAAM,mBAAmB,GAAG,sJAAsJ,CAAC;AAEnL,MAAM,yBAAyB,GAAG,8MAA8M,CAAC;AAEjP,uBAAuB;AAEvB,MAAM,kBAAkB,GAAG,uFAAuF,CAAC;AACnH,MAAM,oBAAoB,GAAG,sEAAsE,CAAC;AAEpG,gCAAgC;AAEhC,MAAM,iBAAiB,GAAsB;IAC3C,uBAAuB;IACvB;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,mBAAmB;QAC1B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,sCAAsC;QAC/C,UAAU,EAAE,qGAAqG;QACjH,KAAK,EAAE,SAAS;QAChB,SAAS,EAAE,IAAI;KAChB;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE,yBAAyB;QAChC,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,2DAA2D;QACpE,UAAU,EAAE,mEAAmE;QAC/E,KAAK,EAAE,SAAS;QAChB,SAAS,EAAE,IAAI;KAChB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,aAAa;QACpB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,0DAA0D;QACnE,UAAU,EAAE,2HAA2H;QACvI,KAAK,EAAE,QAAQ;KAChB;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,qBAAqB;QAC5B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,gEAAgE;QACzE,UAAU,EAAE,8EAA8E;QAC1F,KAAK,EAAE,QAAQ;KAChB;IAED,mBAAmB;IACnB;QACE,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,kBAAkB;QACzB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,oEAAoE;QAC7E,UAAU,EAAE,sFAAsF;QAClG,KAAK,EAAE,QAAQ;KAChB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,8EAA8E;QACvF,UAAU,EAAE,8FAA8F;QAC1G,KAAK,EAAE,QAAQ;KAChB;IAED,qBAAqB;IACrB;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,qBAAqB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,+CAA+C;QACxD,UAAU,EAAE,uFAAuF;QACnG,KAAK,EAAE,SAAS;KACjB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,oCAAoC;QAC3C,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,4EAA4E;QACrF,UAAU,EAAE,kFAAkF;QAC9F,KAAK,EAAE,SAAS;KACjB;IACD;QACE,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,qCAAqC;QAC5C,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,wEAAwE;QACjF,UAAU,EAAE,kFAAkF;QAC9F,KAAK,EAAE,SAAS;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,eAAe;QACrB,KAAK,EAAE,8CAA8C;QACrD,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2EAA2E;QACpF,UAAU,EAAE,mFAAmF;QAC/F,KAAK,EAAE,SAAS;KACjB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,wDAAwD;QAC/D,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,6DAA6D;QACtE,UAAU,EAAE,gGAAgG;QAC5G,KAAK,EAAE,SAAS;KACjB;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,gCAAgC;QACvC,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,sEAAsE;QAC/E,UAAU,EAAE,+FAA+F;QAC3G,KAAK,EAAE,SAAS;KACjB;CACF,CAAC;AAEF,kBAAkB;AAElB,SAAS,UAAU,CAAC,QAAgB;IAClC,OAAO,yBAAyB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC7C,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC9B,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC9B,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,wBAAwB;AAExB;;;;;GAKG;AACH,MAAM,OAAO,uBAAuB;IACzB,IAAI,GAAG,kBAAkB,CAAC;IAC1B,OAAO,GAAG,OAAO,CAAC;IAClB,IAAI,GAAG,CAAU,CAAC;IAE3B,+BAA+B;IAE/B,KAAK,CAAC,MAAM,CAAC,KAAqB;QAChC,MAAM,SAAS,GAAmB,EAAE,CAAC;QACrC,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACzD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,EAAE,GAAG,YAAY,WAAW,EAAE,EAAE,CAAC;gBACvC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,4BAA4B;IAEpB,WAAW,CAAC,QAAgB,EAAE,MAAc;QAClD,MAAM,MAAM,GAAmB,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACjC,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAE5B,gBAAgB;YAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpF,SAAS;YACX,CAAC;YAED,wBAAwB;YACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,IAAI,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;gBAChG,SAAS;YACX,CAAC;YAED,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,6CAA6C;gBAC7C,IAAI,OAAO,CAAC,SAAS,IAAI,MAAM,EAAE,CAAC;oBAChC,SAAS;gBACX,CAAC;gBAED,oBAAoB;gBACpB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACpE,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAE/B,IAAI,KAAK,EAAE,CAAC;oBACV,wEAAwE;oBACxE,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;wBACxC,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;4BACrD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;4BACzD,SAAS;wBACX,CAAC;wBACD,kCAAkC;wBAClC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;wBAC7B,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK;4BACrD,KAAK,KAAK,OAAO,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;4BAC9C,KAAK,KAAK,aAAa,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;4BACpD,SAAS;wBACX,CAAC;oBACH,CAAC;oBAED,+EAA+E;oBAC/E,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;wBACrC,IAAI,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;4BAChD,SAAS;wBACX,CAAC;oBACH,CAAC;oBAED,MAAM,CAAC,IAAI,CAAC;wBACV,EAAE,EAAE,EAAE,EAAE,kBAAkB;wBAC1B,QAAQ,EAAE,IAAI,CAAC,IAAI;wBACnB,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,QAAQ,EAAE,gBAAgB,CAAC,oBAAoB;wBAC/C,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;wBACvB,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,GAAG,EAAE;4BACH,WAAW,EAAE,OAAO,CAAC,UAAU;4BAC/B,WAAW,EAAE,KAAK;yBACnB;wBACD,UAAU,EAAE,OAAO,CAAC,KAAK;4BACvB,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,0CAA0C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;4BACtH,CAAC,CAAC,SAAS;wBACb,UAAU,EAAE,IAAI;wBAChB,eAAe,EAAE,QAAQ;qBAC1B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,eAAe,uBAAuB,CAAC"}

package/dist/detectors/stale-api.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Stale API Detector (V3)
+ *
+ * Detects AI-generated code using deprecated/removed APIs.
+ * AI models trained on older data frequently suggest outdated APIs
+ * (e.g., new Buffer(), fs.exists(), React.createClass()).
+ *
+ * Uses an embedded JSON database of deprecated APIs for fast regex-based scanning.
+ *
+ * Implements the unified Detector interface.
+ *
+ * @since 0.3.0
+ */
+import type { Detector, UnifiedIssue, FileAnalysis } from '../types.js';
+export interface DeprecatedAPIEntry {
+    api: string;
+    pattern: string;
+    replacement: string;
+    deprecated_since: string;
+    severity: string;
+    references: string[];
+}
+/**
+ * StaleAPIDetector — detects deprecated/outdated API usage in AI-generated code.
+ *
+ * Scans source code using regex patterns from an embedded deprecated API database.
+ * Reports matches as UnifiedIssue with category STALE_KNOWLEDGE.
+ */
+export declare class StaleAPIDetector implements Detector {
+    readonly name = "stale-api";
+    readonly version = "1.0.0";
+    readonly tier: 1;
+    private entries;
+    private compiledPatterns;
+    constructor();
+    /**
+     * Allow injecting custom entries (useful for testing).
+     */
+    static withEntries(entries: DeprecatedAPIEntry[]): StaleAPIDetector;
+    detect(files: FileAnalysis[]): Promise<UnifiedIssue[]>;
+    private analyzeFile;
+}
+export default StaleAPIDetector;
+//# sourceMappingURL=stale-api.d.ts.map

package/dist/detectors/stale-api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stale-api.d.ts","sourceRoot":"","sources":["../../src/detectors/stale-api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAY,MAAM,aAAa,CAAC;AAKlF,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AA2DD;;;;;GAKG;AACH,qBAAa,gBAAiB,YAAW,QAAQ;IAC/C,QAAQ,CAAC,IAAI,eAAe;IAC5B,QAAQ,CAAC,OAAO,WAAW;IAC3B,QAAQ,CAAC,IAAI,EAAG,CAAC,CAAU;IAE3B,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,gBAAgB,CAAsD;;IAU9E;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,kBAAkB,EAAE,GAAG,gBAAgB;IAY7D,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAiB5D,OAAO,CAAC,WAAW;CAoDpB;AAED,eAAe,gBAAgB,CAAC"}

package/dist/detectors/stale-api.js

@@ -0,0 +1,160 @@
+/**
+ * Stale API Detector (V3)
+ *
+ * Detects AI-generated code using deprecated/removed APIs.
+ * AI models trained on older data frequently suggest outdated APIs
+ * (e.g., new Buffer(), fs.exists(), React.createClass()).
+ *
+ * Uses an embedded JSON database of deprecated APIs for fast regex-based scanning.
+ *
+ * Implements the unified Detector interface.
+ *
+ * @since 0.3.0
+ */
+import { readFileSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { AIDefectCategory } from '../types.js';
+// ─── Load Embedded Database ───
+function resolveDataPath() {
+    // Try multiple strategies to find the data file
+    const candidates = [];
+    // Strategy 1: Relative to this source file (works in ESM)
+    try {
+        const thisFile = fileURLToPath(import.meta.url);
+        candidates.push(join(dirname(thisFile), '..', 'data', 'deprecated-apis-js.json'));
+    }
+    catch {
+        // import.meta.url not available (e.g., vitest transforms)
+    }
+    // Strategy 2: Relative to CWD (packages/core)
+    candidates.push(join(process.cwd(), 'src', 'data', 'deprecated-apis-js.json'));
+    // Strategy 3: Relative to CWD (project root)
+    candidates.push(join(process.cwd(), 'packages', 'core', 'src', 'data', 'deprecated-apis-js.json'));
+    for (const candidate of candidates) {
+        try {
+            readFileSync(candidate, 'utf-8');
+            return candidate;
+        }
+        catch {
+            continue;
+        }
+    }
+    return candidates[0]; // fallback, will fail gracefully
+}
+function loadDeprecatedAPIs() {
+    try {
+        const dataPath = resolveDataPath();
+        const raw = readFileSync(dataPath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return [];
+    }
+}
+// ─── Helpers ───
+function mapSeverity(sev) {
+    switch (sev) {
+        case 'critical': return 'critical';
+        case 'high': return 'high';
+        case 'medium': return 'medium';
+        case 'low': return 'low';
+        case 'info': return 'info';
+        default: return 'high';
+    }
+}
+// ─── Main Detector ───
+/**
+ * StaleAPIDetector — detects deprecated/outdated API usage in AI-generated code.
+ *
+ * Scans source code using regex patterns from an embedded deprecated API database.
+ * Reports matches as UnifiedIssue with category STALE_KNOWLEDGE.
+ */
+export class StaleAPIDetector {
+    name = 'stale-api';
+    version = '1.0.0';
+    tier = 1;
+    entries;
+    compiledPatterns;
+    constructor() {
+        this.entries = loadDeprecatedAPIs();
+        this.compiledPatterns = this.entries.map(entry => ({
+            entry,
+            regex: new RegExp(entry.pattern, 'g'),
+        }));
+    }
+    /**
+     * Allow injecting custom entries (useful for testing).
+     */
+    static withEntries(entries) {
+        const detector = new StaleAPIDetector();
+        detector.entries = entries;
+        detector.compiledPatterns = entries.map(entry => ({
+            entry,
+            regex: new RegExp(entry.pattern, 'g'),
+        }));
+        return detector;
+    }
+    // ─── V3 Unified Interface ───
+    async detect(files) {
+        const allIssues = [];
+        let globalIndex = 0;
+        for (const file of files) {
+            const issues = this.analyzeFile(file.path, file.content);
+            for (const issue of issues) {
+                issue.id = `stale-api:${globalIndex++}`;
+                allIssues.push(issue);
+            }
+        }
+        return allIssues;
+    }
+    // ─── Internal Analysis ───
+    analyzeFile(filePath, source) {
+        const issues = [];
+        const lines = source.split('\n');
+        for (const { entry, regex } of this.compiledPatterns) {
+            // Reset regex lastIndex for each file
+            regex.lastIndex = 0;
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const trimmed = line.trim();
+                // Skip comments
+                if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*')) {
+                    continue;
+                }
+                // Skip suppressed lines
+                const prevLine = i > 0 ? lines[i - 1] : '';
+                if (prevLine.includes('// ai-validator-ignore') || prevLine.includes('// ai-validator-disable')) {
+                    continue;
+                }
+                // Reset regex for each line
+                regex.lastIndex = 0;
+                const match = regex.exec(line);
+                if (match) {
+                    issues.push({
+                        id: '', // will be set in detect()
+                        detector: this.name,
+                        type: 'deprecated-api',
+                        category: AIDefectCategory.STALE_KNOWLEDGE,
+                        severity: mapSeverity(entry.severity),
+                        message: `Deprecated API usage: '${entry.api}' (deprecated since ${entry.deprecated_since})`,
+                        file: filePath,
+                        line: i + 1,
+                        column: match.index + 1,
+                        suggestion: `Replace with: ${entry.replacement}`,
+                        fix: {
+                            description: `Replace '${entry.api}' with ${entry.replacement}`,
+                            autoFixable: false,
+                        },
+                        references: entry.references,
+                        confidence: 0.9,
+                        detectionSource: 'static',
+                    });
+                }
+            }
+        }
+        return issues;
+    }
+}
+export default StaleAPIDetector;
+//# sourceMappingURL=stale-api.js.map

package/dist/detectors/stale-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stale-api.js","sourceRoot":"","sources":["../../src/detectors/stale-api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAa/C,iCAAiC;AAEjC,SAAS,eAAe;IACtB,gDAAgD;IAChD,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,0DAA0D;IAC1D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,yBAAyB,CAAC,CAAC,CAAC;IACpF,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;IAC5D,CAAC;IAED,8CAA8C;IAC9C,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,CAAC,CAAC,CAAC;IAE/E,6CAA6C;IAC7C,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,yBAAyB,CAAC,CAAC,CAAC;IAEnG,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACjC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,iCAAiC;AACzD,CAAC;AAED,SAAS,kBAAkB;IACzB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,kBAAkB;AAElB,SAAS,WAAW,CAAC,GAAW;IAC9B,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,UAAU,CAAC,CAAC,OAAO,UAAU,CAAC;QACnC,KAAK,MAAM,CAAC,CAAC,OAAO,MAAM,CAAC;QAC3B,KAAK,QAAQ,CAAC,CAAC,OAAO,QAAQ,CAAC;QAC/B,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,CAAC;QACzB,KAAK,MAAM,CAAC,CAAC,OAAO,MAAM,CAAC;QAC3B,OAAO,CAAC,CAAC,OAAO,MAAM,CAAC;IACzB,CAAC;AACH,CAAC;AAED,wBAAwB;AAExB;;;;;GAKG;AACH,MAAM,OAAO,gBAAgB;IAClB,IAAI,GAAG,WAAW,CAAC;IACnB,OAAO,GAAG,OAAO,CAAC;IAClB,IAAI,GAAG,CAAU,CAAC;IAEnB,OAAO,CAAuB;IAC9B,gBAAgB,CAAsD;IAE9E;QACE,IAAI,CAAC,OAAO,GAAG,kBAAkB,EAAE,CAAC;QACpC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACjD,KAAK;YACL,KAAK,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC;SACtC,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,OAA6B;QAC9C,MAAM,QAAQ,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACxC,QAAQ,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,QAAQ,CAAC,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAChD,KAAK;YACL,KAAK,EAAE,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC;SACtC,CAAC,CAAC,CAAC;QACJ,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,+BAA+B;IAE/B,KAAK,CAAC,MAAM,CAAC,KAAqB;QAChC,MAAM,SAAS,GAAmB,EAAE,CAAC;QACrC,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACzD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,KAAK,CAAC,EAAE,GAAG,aAAa,WAAW,EAAE,EAAE,CAAC;gBACxC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,4BAA4B;IAEpB,WAAW,CAAC,QAAgB,EAAE,MAAc;QAClD,MAAM,MAAM,GAAmB,EAAE,CAAC;QAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,KAAK,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACrD,sCAAsC;YACtC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAE5B,gBAAgB;gBAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpF,SAAS;gBACX,CAAC;gBAED,wBAAwB;gBACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,IAAI,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,CAAC,EAAE,CAAC;oBAChG,SAAS;gBACX,CAAC;gBAED,4BAA4B;gBAC5B,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;gBACpB,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/B,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,CAAC;wBACV,EAAE,EAAE,EAAE,EAAE,0BAA0B;wBAClC,QAAQ,EAAE,IAAI,CAAC,IAAI;wBACnB,IAAI,EAAE,gBAAgB;wBACtB,QAAQ,EAAE,gBAAgB,CAAC,eAAe;wBAC1C,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC;wBACrC,OAAO,EAAE,0BAA0B,KAAK,CAAC,GAAG,uBAAuB,KAAK,CAAC,gBAAgB,GAAG;wBAC5F,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,CAAC;wBACvB,UAAU,EAAE,iBAAiB,KAAK,CAAC,WAAW,EAAE;wBAChD,GAAG,EAAE;4BACH,WAAW,EAAE,YAAY,KAAK,CAAC,GAAG,UAAU,KAAK,CAAC,WAAW,EAAE;4BAC/D,WAAW,EAAE,KAAK;yBACnB;wBACD,UAAU,EAAE,KAAK,CAAC,UAAU;wBAC5B,UAAU,EAAE,GAAG;wBACf,eAAe,EAAE,QAAQ;qBAC1B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,eAAe,gBAAgB,CAAC"}

package/dist/detectors/type-safety.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Type Safety Detector (V3)
+ *
+ * TypeScript-specific type safety analysis:
+ * 1. Excessive `any` usage (`: any`, `as any`, `<any>`)
+ * 2. Missing return types on exported functions
+ * 3. Unsafe type assertions (`as unknown as X`)
+ * 4. Non-null assertion operator abuse (`!.`)
+ *
+ * AI models frequently generate TypeScript code with excessive `any` usage,
+ * unsafe assertions, and missing type annotations.
+ *
+ * Only operates on .ts/.tsx files.
+ *
+ * Implements the unified Detector interface.
+ *
+ * @since 0.3.0
+ */
+import type { Detector, UnifiedIssue, FileAnalysis } from '../types.js';
+/**
+ * TypeSafetyDetector — detects type safety issues in AI-generated TypeScript code.
+ *
+ * Analyzes:
+ * - `any` abuse (: any, as any, <any>)
+ * - Missing return type annotations on exported functions
+ * - Unsafe type assertions (as unknown as X)
+ * - Excessive non-null assertion (!) usage
+ */
+export declare class TypeSafetyDetector implements Detector {
+    readonly name = "type-safety";
+    readonly version = "1.0.0";
+    readonly tier: 1;
+    detect(files: FileAnalysis[]): Promise<UnifiedIssue[]>;
+    private analyzeFile;
+    private detectAnyUsage;
+    private detectMissingReturnTypes;
+    private detectUnsafeAssertions;
+    private detectNonNullAssertions;
+}
+export default TypeSafetyDetector;
+//# sourceMappingURL=type-safety.d.ts.map

package/dist/detectors/type-safety.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"type-safety.d.ts","sourceRoot":"","sources":["../../src/detectors/type-safety.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAY,MAAM,aAAa,CAAC;AAWlF;;;;;;;;GAQG;AACH,qBAAa,kBAAmB,YAAW,QAAQ;IACjD,QAAQ,CAAC,IAAI,iBAAiB;IAC9B,QAAQ,CAAC,OAAO,WAAW;IAC3B,QAAQ,CAAC,IAAI,EAAG,CAAC,CAAU;IAIrB,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAoB5D,OAAO,CAAC,WAAW;IAqBnB,OAAO,CAAC,cAAc;IAsHtB,OAAO,CAAC,wBAAwB;IAoDhC,OAAO,CAAC,sBAAsB;IAqC9B,OAAO,CAAC,uBAAuB;CA8ChC;AAED,eAAe,kBAAkB,CAAC"}