@runa-ai/runa-cli 0.5.72 → 0.7.0

package/dist/risk-detector-plpgsql-HWKS4OLR.js

@@ -0,0 +1,1886 @@
+#!/usr/bin/env node
+import { createRequire } from 'module';
+import { stripSqlCommentsPreserveLines, buildLineStarts, lineNumberFromIndex, stripSqlStringsPreserveLines, detectRisksFromContent, stripSqlForPatternMatching } from './chunk-3FDQW524.js';
+import { init_esm_shims } from './chunk-VRXHCR5K.js';
+
+createRequire(import.meta.url);
+
+// src/validators/risk-detector-plpgsql.ts
+init_esm_shims();
+
+// src/validators/risk-detector-plpgsql-parser.ts
+init_esm_shims();
+
+// src/validators/risk-detector-plpgsql-tokenizer.ts
+init_esm_shims();
+function skipWhitespace(content, index) {
+  let cursor = index;
+  while (cursor < content.length && /\s/.test(content[cursor])) {
+    cursor += 1;
+  }
+  return cursor;
+}
+function isIdentifierStart(ch) {
+  if (!ch) return false;
+  const code = ch.charCodeAt(0);
+  return code >= 65 && code <= 90 || code >= 97 && code <= 122 || code === 95;
+}
+function isIdentifierPart(ch) {
+  if (!ch) return false;
+  const code = ch.charCodeAt(0);
+  return code >= 65 && code <= 90 || code >= 97 && code <= 122 || code >= 48 && code <= 57 || code === 95;
+}
+function isWordChar(ch) {
+  return isIdentifierPart(ch);
+}
+function readDollarTagAt(content, index) {
+  if (content[index] !== "$") return void 0;
+  const next = content[index + 1];
+  if (next === "$") return "$$";
+  if (!next || !isIdentifierStart(next)) return void 0;
+  let cursor = index + 2;
+  while (cursor < content.length && isIdentifierPart(content[cursor] ?? "")) {
+    cursor += 1;
+  }
+  if (content[cursor] !== "$") return void 0;
+  return content.slice(index, cursor + 1);
+}
+function matchesKeywordAt(content, index, keyword) {
+  if (index < 0 || index + keyword.length > content.length) return false;
+  for (let offset = 0; offset < keyword.length; offset += 1) {
+    const char = content[index + offset];
+    if (!char) return false;
+    const code = char.charCodeAt(0);
+    const upperCode = code >= 97 && code <= 122 ? code - 32 : code;
+    if (upperCode !== keyword.charCodeAt(offset)) {
+      return false;
+    }
+  }
+  return true;
+}
+function isQuoteBoundary(content, index, keyword) {
+  if (index < 0 || index + keyword.length > content.length) return false;
+  if (!matchesKeywordAt(content, index, keyword)) return false;
+  const prev = index > 0 ? content[index - 1] : " ";
+  const next = index + keyword.length < content.length ? content[index + keyword.length] : " ";
+  return !isWordChar(prev) && !isWordChar(next);
+}
+function consumeSplitLineComment(content, state) {
+  if (!state.inLineComment) return false;
+  const char = content[state.cursor] ?? "";
+  state.current += char;
+  if (char === "\n") {
+    state.inLineComment = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeSplitBlockComment(content, state) {
+  if (!state.inBlockComment) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === "*" && next === "/") {
+    state.current += "*/";
+    state.inBlockComment = false;
+    state.cursor += 2;
+    return true;
+  }
+  state.current += char;
+  state.cursor += 1;
+  return true;
+}
+function consumeSplitSingleQuote(content, state) {
+  if (!state.inSingle) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === "'" && next === "'") {
+    state.current += "''";
+    state.cursor += 2;
+    return true;
+  }
+  if (char === "'") {
+    state.inSingle = false;
+  }
+  state.current += char;
+  state.cursor += 1;
+  return true;
+}
+function tryStartSplitLineComment(content, state) {
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char !== "-" || next !== "-") return false;
+  state.inLineComment = true;
+  state.current += "--";
+  state.cursor += 2;
+  return true;
+}
+function tryStartSplitBlockComment(content, state) {
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char !== "/" || next !== "*") return false;
+  state.inBlockComment = true;
+  state.current += "/*";
+  state.cursor += 2;
+  return true;
+}
+function consumeSplitDoubleQuote(content, state) {
+  if (!state.inDouble) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === '"' && next === '"') {
+    state.current += '""';
+    state.cursor += 2;
+    return true;
+  }
+  if (char === '"') {
+    state.inDouble = false;
+  }
+  state.current += char;
+  state.cursor += 1;
+  return true;
+}
+function consumeSplitDollarQuote(content, state) {
+  if (!state.inDollar) return false;
+  const close = `$${state.dollarTag}$`;
+  if (content.startsWith(close, state.cursor)) {
+    state.inDollar = false;
+    state.dollarTag = "";
+    state.current += close;
+    state.cursor += close.length;
+    return true;
+  }
+  state.current += content[state.cursor] ?? "";
+  state.cursor += 1;
+  return true;
+}
+function tryStartSplitDollarQuote(content, state) {
+  const foundDollarTag = readDollarTagAt(content, state.cursor);
+  if (foundDollarTag === void 0) return false;
+  state.inDollar = true;
+  state.dollarTag = foundDollarTag.slice(1, -1);
+  state.current += foundDollarTag;
+  state.cursor += foundDollarTag.length;
+  return true;
+}
+function tryStartSplitSingleQuote(content, state) {
+  if (content[state.cursor] !== "'") return false;
+  state.inSingle = true;
+  state.current += "'";
+  state.cursor += 1;
+  return true;
+}
+function tryStartSplitDoubleQuote(content, state) {
+  if (content[state.cursor] !== '"') return false;
+  state.inDouble = true;
+  state.current += '"';
+  state.cursor += 1;
+  return true;
+}
+function flushCurrentSplitStatement(state) {
+  const statement = state.current.trim();
+  if (statement.length > 0) {
+    state.ranges.push({ statement, startOffset: state.currentStart });
+  }
+}
+function trySplitAtTerminator(content, state) {
+  const char = content[state.cursor] ?? "";
+  if (char === "(") {
+    state.depth += 1;
+  } else if (char === ")" && state.depth > 0) {
+    state.depth -= 1;
+  }
+  if (char !== ";" || state.depth !== 0) return false;
+  flushCurrentSplitStatement(state);
+  state.current = "";
+  state.currentStart = state.cursor + 1;
+  state.cursor += 1;
+  return true;
+}
+function appendSplitChar(content, state) {
+  state.current += content[state.cursor] ?? "";
+  state.cursor += 1;
+}
+var SPLIT_STEPS = [
+  consumeSplitLineComment,
+  consumeSplitBlockComment,
+  consumeSplitSingleQuote,
+  tryStartSplitLineComment,
+  tryStartSplitBlockComment,
+  consumeSplitDoubleQuote,
+  consumeSplitDollarQuote,
+  tryStartSplitDollarQuote,
+  tryStartSplitSingleQuote,
+  tryStartSplitDoubleQuote,
+  trySplitAtTerminator
+];
+function runSplitStep(content, state) {
+  for (const step of SPLIT_STEPS) {
+    if (step(content, state)) {
+      return true;
+    }
+  }
+  return false;
+}
+function splitPlpgsqlStatementsWithOffsets(content) {
+  const state = {
+    ranges: [],
+    current: "",
+    currentStart: 0,
+    inSingle: false,
+    inDouble: false,
+    inDollar: false,
+    dollarTag: "",
+    inLineComment: false,
+    inBlockComment: false,
+    depth: 0,
+    cursor: 0
+  };
+  while (state.cursor < content.length) {
+    if (runSplitStep(content, state)) continue;
+    appendSplitChar(content, state);
+  }
+  flushCurrentSplitStatement(state);
+  return state.ranges;
+}
+function skipLineCommentToEol(content, start) {
+  let cursor = start;
+  while (cursor < content.length && content[cursor] !== "\n") {
+    cursor += 1;
+  }
+  return cursor;
+}
+function skipBlockComment(content, start) {
+  let cursor = start;
+  while (cursor + 1 < content.length && !(content[cursor] === "*" && content[cursor + 1] === "/")) {
+    cursor += 1;
+  }
+  if (cursor + 1 < content.length) {
+    cursor += 2;
+  }
+  return cursor;
+}
+function consumeExecuteOuterSingle(body, state) {
+  if (!state.inSingle) return false;
+  const char = body[state.cursor] ?? "";
+  const next = body[state.cursor + 1] ?? "";
+  if (char === "'" && next === "'") {
+    state.cursor += 2;
+    return true;
+  }
+  if (char === "'") {
+    state.inSingle = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeExecuteOuterDouble(body, state) {
+  if (!state.inDouble) return false;
+  const char = body[state.cursor] ?? "";
+  const next = body[state.cursor + 1] ?? "";
+  if (char === '"' && next === '"') {
+    state.cursor += 2;
+    return true;
+  }
+  if (char === '"') {
+    state.inDouble = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeExecuteOuterDollar(body, state) {
+  if (!state.inDollar) return false;
+  const close = `$${state.dollarTag}$`;
+  if (body.startsWith(close, state.cursor)) {
+    state.inDollar = false;
+    state.dollarTag = "";
+    state.cursor += close.length;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+function tryStartExecuteOuterDollar(body, state) {
+  const foundDollarTag = readDollarTagAt(body, state.cursor);
+  if (foundDollarTag === void 0) return false;
+  state.inDollar = true;
+  state.dollarTag = foundDollarTag.slice(1, -1);
+  state.cursor += foundDollarTag.length;
+  return true;
+}
+function tryStartExecuteOuterSingle(body, state) {
+  if (body[state.cursor] !== "'") return false;
+  state.inSingle = true;
+  state.cursor += 1;
+  return true;
+}
+function tryStartExecuteOuterDouble(body, state) {
+  if (body[state.cursor] !== '"') return false;
+  state.inDouble = true;
+  state.cursor += 1;
+  return true;
+}
+function trySkipExecuteOuterLineComment(body, state) {
+  const char = body[state.cursor] ?? "";
+  const next = body[state.cursor + 1] ?? "";
+  if (char !== "-" || next !== "-") return false;
+  state.cursor = skipLineCommentToEol(body, state.cursor + 2);
+  return true;
+}
+function trySkipExecuteOuterBlockComment(body, state) {
+  const char = body[state.cursor] ?? "";
+  const next = body[state.cursor + 1] ?? "";
+  if (char !== "/" || next !== "*") return false;
+  state.cursor = skipBlockComment(body, state.cursor + 2);
+  return true;
+}
+var EXECUTE_OUTER_STEPS = [
+  consumeExecuteOuterSingle,
+  consumeExecuteOuterDouble,
+  consumeExecuteOuterDollar,
+  tryStartExecuteOuterDollar,
+  tryStartExecuteOuterSingle,
+  tryStartExecuteOuterDouble,
+  trySkipExecuteOuterLineComment,
+  trySkipExecuteOuterBlockComment
+];
+function runExecuteOuterStep(body, state) {
+  for (const step of EXECUTE_OUTER_STEPS) {
+    if (step(body, state)) {
+      return true;
+    }
+  }
+  return false;
+}
+function consumeExprSingle(body, state) {
+  if (!state.inSingle) return false;
+  const ch = body[state.cursor] ?? "";
+  const nx = body[state.cursor + 1] ?? "";
+  if (ch === "'" && nx === "'") {
+    state.cursor += 2;
+    return true;
+  }
+  if (ch === "'") {
+    state.inSingle = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeExprDouble(body, state) {
+  if (!state.inDouble) return false;
+  const ch = body[state.cursor] ?? "";
+  const nx = body[state.cursor + 1] ?? "";
+  if (ch === '"' && nx === '"') {
+    state.cursor += 2;
+    return true;
+  }
+  if (ch === '"') {
+    state.inDouble = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeExprLineComment(body, state) {
+  if (!state.inLineComment) return false;
+  if (body[state.cursor] === "\n") {
+    state.inLineComment = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeExprBlockComment(body, state) {
+  if (!state.inBlockComment) return false;
+  const ch = body[state.cursor] ?? "";
+  const nx = body[state.cursor + 1] ?? "";
+  if (ch === "*" && nx === "/") {
+    state.inBlockComment = false;
+    state.cursor += 2;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeExprDollar(body, state) {
+  if (!state.inDollar) return false;
+  const close = `$${state.dollarTag}$`;
+  if (body.startsWith(close, state.cursor)) {
+    state.inDollar = false;
+    state.dollarTag = "";
+    state.cursor += close.length;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+function tryStartExprDollar(body, state) {
+  const localDollarTag = readDollarTagAt(body, state.cursor);
+  if (localDollarTag === void 0) return false;
+  state.inDollar = true;
+  state.dollarTag = localDollarTag.slice(1, -1);
+  state.cursor += localDollarTag.length;
+  return true;
+}
+function tryStartExprLineComment(body, state) {
+  const ch = body[state.cursor] ?? "";
+  const nx = body[state.cursor + 1] ?? "";
+  if (ch !== "-" || nx !== "-") return false;
+  state.inLineComment = true;
+  state.cursor += 2;
+  return true;
+}
+function tryStartExprBlockComment(body, state) {
+  const ch = body[state.cursor] ?? "";
+  const nx = body[state.cursor + 1] ?? "";
+  if (ch !== "/" || nx !== "*") return false;
+  state.inBlockComment = true;
+  state.cursor += 2;
+  return true;
+}
+function tryStartExprSingle(body, state) {
+  if (body[state.cursor] !== "'") return false;
+  state.inSingle = true;
+  state.cursor += 1;
+  return true;
+}
+function tryStartExprDouble(body, state) {
+  if (body[state.cursor] !== '"') return false;
+  state.inDouble = true;
+  state.cursor += 1;
+  return true;
+}
+var EXECUTE_EXPR_STEPS = [
+  consumeExprSingle,
+  consumeExprDouble,
+  consumeExprLineComment,
+  consumeExprBlockComment,
+  consumeExprDollar,
+  tryStartExprDollar,
+  tryStartExprLineComment,
+  tryStartExprBlockComment,
+  tryStartExprSingle,
+  tryStartExprDouble
+];
+function runExecuteExprStep(body, state) {
+  for (const step of EXECUTE_EXPR_STEPS) {
+    if (step(body, state)) {
+      return true;
+    }
+  }
+  return false;
+}
+function shouldStopExecuteExpression(body, state) {
+  const ch = body[state.cursor] ?? "";
+  if (ch === "(") {
+    state.depth += 1;
+  } else if (ch === ")" && state.depth > 0) {
+    state.depth -= 1;
+  }
+  if (ch === ";") {
+    state.exprEnd = state.cursor;
+    return true;
+  }
+  if (state.depth === 0 && isQuoteBoundary(body, state.cursor, "USING")) {
+    state.hasUsingClause = true;
+    state.exprEnd = state.cursor;
+    return true;
+  }
+  if (state.depth === 0 && isQuoteBoundary(body, state.cursor, "INTO")) {
+    state.hasIntoClause = true;
+    state.exprEnd = state.cursor;
+    return true;
+  }
+  return false;
+}
+function buildExecuteExpressionInfo(body, statementStartOffset, state) {
+  if (state.exprEnd > state.exprStart) {
+    return {
+      expression: body.slice(state.exprStart, state.exprEnd).trim(),
+      statementStartOffset,
+      hasUsingClause: state.hasUsingClause,
+      hasIntoClause: state.hasIntoClause
+    };
+  }
+  if (state.cursor >= body.length && state.cursor > state.exprStart) {
+    return {
+      expression: body.slice(state.exprStart, state.cursor).trim(),
+      statementStartOffset,
+      hasUsingClause: state.hasUsingClause,
+      hasIntoClause: state.hasIntoClause
+    };
+  }
+  if (state.cursor < body.length && body[state.cursor] === ";") {
+    return {
+      expression: body.slice(state.exprStart, state.cursor).trim(),
+      statementStartOffset,
+      hasUsingClause: state.hasUsingClause,
+      hasIntoClause: state.hasIntoClause
+    };
+  }
+  return null;
+}
+function parseExecuteExpressionAt(body, statementStartOffset) {
+  const indexCursor = skipWhitespace(body, statementStartOffset + 7);
+  if (isQuoteBoundary(body, indexCursor, "ON")) {
+    return {
+      info: null,
+      nextCursor: Math.max(indexCursor + 2, statementStartOffset + 1)
+    };
+  }
+  const state = {
+    cursor: indexCursor,
+    exprStart: indexCursor,
+    exprEnd: indexCursor,
+    depth: 0,
+    hasUsingClause: false,
+    hasIntoClause: false,
+    inSingle: false,
+    inDouble: false,
+    inDollar: false,
+    inLineComment: false,
+    inBlockComment: false,
+    dollarTag: ""
+  };
+  while (state.cursor < body.length) {
+    if (runExecuteExprStep(body, state)) continue;
+    if (shouldStopExecuteExpression(body, state)) break;
+    state.cursor += 1;
+  }
+  return {
+    info: buildExecuteExpressionInfo(body, statementStartOffset, state),
+    nextCursor: Math.max(state.cursor + 1, state.exprStart + 1)
+  };
+}
+function extractExecuteExpressions(body) {
+  const statements = [];
+  const state = {
+    cursor: 0,
+    inSingle: false,
+    inDouble: false,
+    inDollar: false,
+    dollarTag: ""
+  };
+  while (state.cursor < body.length) {
+    if (runExecuteOuterStep(body, state)) continue;
+    if (isQuoteBoundary(body, state.cursor, "EXECUTE")) {
+      const parsed = parseExecuteExpressionAt(body, state.cursor);
+      if (parsed.info) {
+        statements.push(parsed.info);
+      }
+      state.cursor = parsed.nextCursor;
+      continue;
+    }
+    state.cursor += 1;
+  }
+  return statements;
+}
+
+// src/validators/risk-detector-plpgsql-expression-resolver.ts
+init_esm_shims();
+function skipWhitespace2(content, index) {
+  let cursor = index;
+  while (cursor < content.length && /\s/.test(content[cursor])) {
+    cursor += 1;
+  }
+  return cursor;
+}
+function skipIdentifier(content, index) {
+  let cursor = index;
+  while (cursor < content.length && /[A-Za-z0-9_]/.test(content[cursor])) {
+    cursor += 1;
+  }
+  return cursor;
+}
+function readDollarTagAt2(content, index) {
+  if (content[index] !== "$") return void 0;
+  const next = content[index + 1];
+  if (next === "$") return "$$";
+  const isIdentifierStart2 = (char) => {
+    if (!char) return false;
+    const code = char.charCodeAt(0);
+    return code >= 65 && code <= 90 || code >= 97 && code <= 122 || code === 95;
+  };
+  const isIdentifierPart2 = (char) => {
+    if (!char) return false;
+    const code = char.charCodeAt(0);
+    return code >= 65 && code <= 90 || code >= 97 && code <= 122 || code >= 48 && code <= 57 || code === 95;
+  };
+  if (!next || !isIdentifierStart2(next)) return void 0;
+  let cursor = index + 2;
+  while (cursor < content.length && isIdentifierPart2(content[cursor] ?? "")) {
+    cursor += 1;
+  }
+  if (content[cursor] !== "$") return void 0;
+  return content.slice(index, cursor + 1);
+}
+function emitTopLevelSegment(state) {
+  const segment = state.current.trim();
+  if (segment.length > 0) {
+    state.segments.push(segment);
+  }
+  state.current = "";
+}
+function consumeTopLevelSingle(content, state) {
+  if (!state.inSingle) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === "'" && next === "'") {
+    state.current += "''";
+    state.cursor += 2;
+    return true;
+  }
+  if (char === "'") {
+    state.inSingle = false;
+  }
+  state.current += char;
+  state.cursor += 1;
+  return true;
+}
+function consumeTopLevelDouble(content, state) {
+  if (!state.inDouble) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === '"' && next === '"') {
+    state.current += '""';
+    state.cursor += 2;
+    return true;
+  }
+  if (char === '"') {
+    state.inDouble = false;
+  }
+  state.current += char;
+  state.cursor += 1;
+  return true;
+}
+function consumeTopLevelDollar(content, state) {
+  if (!state.inDollar) return false;
+  const close = `$${state.dollarTag}$`;
+  if (content.startsWith(close, state.cursor)) {
+    state.inDollar = false;
+    state.dollarTag = "";
+    state.current += close;
+    state.cursor += close.length;
+    return true;
+  }
+  state.current += content[state.cursor] ?? "";
+  state.cursor += 1;
+  return true;
+}
+function tryStartTopLevelDollar(content, state) {
+  const foundDollarTag = readDollarTagAt2(content, state.cursor);
+  if (foundDollarTag === void 0) return false;
+  state.inDollar = true;
+  state.dollarTag = foundDollarTag.slice(1, -1);
+  state.current += foundDollarTag;
+  state.cursor += foundDollarTag.length;
+  return true;
+}
+function tryStartTopLevelSingle(content, state) {
+  if (content[state.cursor] !== "'") return false;
+  state.inSingle = true;
+  state.current += "'";
+  state.cursor += 1;
+  return true;
+}
+function tryStartTopLevelDouble(content, state) {
+  if (content[state.cursor] !== '"') return false;
+  state.inDouble = true;
+  state.current += '"';
+  state.cursor += 1;
+  return true;
+}
+function tryConsumeTopLevelLineComment(content, state) {
+  if (!state.preserveComments) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char !== "-" || next !== "-") return false;
+  while (state.cursor < content.length && content[state.cursor] !== "\n") {
+    state.current += content[state.cursor] ?? "";
+    state.cursor += 1;
+  }
+  return true;
+}
+function tryConsumeTopLevelBlockComment(content, state) {
+  if (!state.preserveComments) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char !== "/" || next !== "*") return false;
+  while (state.cursor + 1 < content.length && !(content[state.cursor] === "*" && content[state.cursor + 1] === "/")) {
+    state.current += content[state.cursor] ?? "";
+    state.cursor += 1;
+  }
+  if (state.cursor + 1 < content.length) {
+    state.current += "*/";
+    state.cursor += 2;
+  }
+  return true;
+}
+function tryConsumeTopLevelSeparator(content, state) {
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === "(") {
+    state.depth += 1;
+  } else if (char === ")" && state.depth > 0) {
+    state.depth -= 1;
+  }
+  if (state.depth !== 0) return false;
+  if (state.separator === "||") {
+    if (char !== "|" || next !== "|") return false;
+    emitTopLevelSegment(state);
+    state.cursor += 2;
+    return true;
+  }
+  if (char !== ",") return false;
+  emitTopLevelSegment(state);
+  state.cursor += 1;
+  return true;
+}
+var TOP_LEVEL_SPLIT_STEPS = [
+  consumeTopLevelSingle,
+  consumeTopLevelDouble,
+  consumeTopLevelDollar,
+  tryStartTopLevelDollar,
+  tryStartTopLevelSingle,
+  tryStartTopLevelDouble,
+  tryConsumeTopLevelLineComment,
+  tryConsumeTopLevelBlockComment,
+  tryConsumeTopLevelSeparator
+];
+function runTopLevelSplitStep(content, state) {
+  for (const step of TOP_LEVEL_SPLIT_STEPS) {
+    if (step(content, state)) return true;
+  }
+  return false;
+}
+function splitTopLevelSegments(content, separator, preserveComments) {
+  const state = {
+    segments: [],
+    current: "",
+    cursor: 0,
+    depth: 0,
+    inSingle: false,
+    inDouble: false,
+    inDollar: false,
+    dollarTag: "",
+    separator,
+    preserveComments
+  };
+  while (state.cursor < content.length) {
+    if (runTopLevelSplitStep(content, state)) continue;
+    state.current += content[state.cursor] ?? "";
+    state.cursor += 1;
+  }
+  emitTopLevelSegment(state);
+  return state.segments;
+}
+function extractTopLevelSqlTokens(content) {
+  return splitTopLevelSegments(content, "||", true);
+}
+function splitFunctionArguments(content) {
+  return splitTopLevelSegments(content, ",", false);
+}
+function parseEQuotedLiteral(trimmed) {
+  if (!trimmed.startsWith("E'")) return void 0;
+  let cursor = 2;
+  let result = "";
+  while (cursor < trimmed.length) {
+    const char = trimmed[cursor] ?? "";
+    if (char === "'") {
+      if (trimmed[cursor + 1] === "'") {
+        result += "'";
+        cursor += 2;
+        continue;
+      }
+      return result;
+    }
+    result += char;
+    if (char === "\\" && trimmed[cursor + 1] !== void 0) {
+      cursor += 1;
+      result += trimmed[cursor] ?? "";
+    }
+    cursor += 1;
+  }
+  return void 0;
+}
+function parseStandardQuotedLiteral(trimmed) {
+  if (!trimmed.startsWith("'") || !trimmed.endsWith("'")) return void 0;
+  let cursor = 1;
+  let result = "";
+  while (cursor < trimmed.length - 1) {
+    const char = trimmed[cursor] ?? "";
+    if (char === "'") {
+      if (trimmed[cursor + 1] === "'") {
+        result += "'";
+        cursor += 2;
+        continue;
+      }
+      return result;
+    }
+    result += char;
+    if (char === "\\" && cursor + 1 < trimmed.length - 1) {
+      cursor += 1;
+      const escapedChar = trimmed[cursor];
+      if (escapedChar === void 0) {
+        return result;
+      }
+      result += escapedChar;
+    }
+    cursor += 1;
+  }
+  return result;
+}
+function parseQuotedLiteral(content) {
+  if (!content) return void 0;
+  const trimmed = content.trim();
+  const eQuoted = parseEQuotedLiteral(trimmed);
+  if (eQuoted !== void 0) return eQuoted;
+  return parseStandardQuotedLiteral(trimmed);
+}
+function parseDollarLiteral(content) {
+  const tagMatch = readDollarTagAt2(content.trim(), 0);
+  if (!tagMatch || !content.trim().endsWith(tagMatch)) {
+    return void 0;
+  }
+  const trimmed = content.trim();
+  const bodyStart = tagMatch.length;
+  const tagText = tagMatch.slice(1, -1);
+  const closeTag = `$${tagText}$`;
+  if (!trimmed.endsWith(closeTag) || trimmed.length < bodyStart + closeTag.length) return void 0;
+  return trimmed.slice(bodyStart, trimmed.length - closeTag.length);
+}
+function parseStaticSqlLiteral(content) {
+  const trimmed = content.trim();
+  const single = parseQuotedLiteral(trimmed);
+  if (single !== void 0) return single;
+  return parseDollarLiteral(trimmed);
+}
+function consumeFunctionCallSingle(content, state) {
+  if (!state.inSingle) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === "'" && next === "'") {
+    state.cursor += 2;
+    return true;
+  }
+  if (char === "'") {
+    state.inSingle = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeFunctionCallDouble(content, state) {
+  if (!state.inDouble) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === '"' && next === '"') {
+    state.cursor += 2;
+    return true;
+  }
+  if (char === '"') {
+    state.inDouble = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeFunctionCallDollar(content, state) {
+  if (!state.inDollar) return false;
+  const close = `$${state.dollarTag}$`;
+  if (content.startsWith(close, state.cursor)) {
+    state.inDollar = false;
+    state.dollarTag = "";
+    state.cursor += close.length;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+function tryStartFunctionCallDollar(content, state) {
+  const foundDollarTag = readDollarTagAt2(content, state.cursor);
+  if (foundDollarTag === void 0) return false;
+  state.inDollar = true;
+  state.dollarTag = foundDollarTag.slice(1, -1);
+  state.cursor += foundDollarTag.length;
+  return true;
+}
+function tryStartFunctionCallSingle(content, state) {
+  if (content[state.cursor] !== "'") return false;
+  state.inSingle = true;
+  state.cursor += 1;
+  return true;
+}
+function tryStartFunctionCallDouble(content, state) {
+  if (content[state.cursor] !== '"') return false;
+  state.inDouble = true;
+  state.cursor += 1;
+  return true;
+}
+function consumeFunctionCallParens(content, state) {
+  const char = content[state.cursor] ?? "";
+  if (char === "(") {
+    state.depth += 1;
+    state.cursor += 1;
+    return true;
+  }
+  if (char !== ")") return false;
+  state.depth -= 1;
+  if (state.depth === 0) {
+    state.closeIndex = state.cursor;
+    state.cursor = content.length;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+var FUNCTION_CALL_SCAN_STEPS = [
+  consumeFunctionCallSingle,
+  consumeFunctionCallDouble,
+  consumeFunctionCallDollar,
+  tryStartFunctionCallDollar,
+  tryStartFunctionCallSingle,
+  tryStartFunctionCallDouble,
+  consumeFunctionCallParens
+];
+function runFunctionCallScanStep(content, state) {
+  for (const step of FUNCTION_CALL_SCAN_STEPS) {
+    if (step(content, state)) return true;
+  }
+  return false;
+}
+function findTopLevelCallCloseIndex(content, openIndex) {
+  const state = {
+    cursor: openIndex,
+    depth: 0,
+    closeIndex: -1,
+    inSingle: false,
+    inDouble: false,
+    inDollar: false,
+    dollarTag: ""
+  };
+  while (state.cursor < content.length && state.closeIndex < 0) {
+    if (runFunctionCallScanStep(content, state)) continue;
+    state.cursor += 1;
+  }
+  return state.closeIndex;
+}
+function extractTopLevelFunctionCall(content) {
+  const normalized = stripOuterParentheses(content.trim());
+  if (!normalized) return void 0;
+  const match = normalized.match(/^([A-Za-z_][A-Za-z0-9_]*?(?:\.[A-Za-z_][A-Za-z0-9_]*)?)\s*\(/i);
+  if (!match || match.index !== 0) return void 0;
+  const functionName = match[1];
+  if (match[0] === void 0) return void 0;
+  const openIndex = match[0].length - 1;
+  const closeIndex = findTopLevelCallCloseIndex(normalized, openIndex);
+  if (closeIndex !== normalized.length - 1 || closeIndex < 0) return void 0;
+  const args = splitFunctionArguments(normalized.slice(openIndex + 1, closeIndex));
+  return { functionName: functionName.toUpperCase(), args };
+}
+function resolveIdentifierValue(name, stringEnv) {
+  const trimmed = name.trim();
+  if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(trimmed)) return void 0;
+  return stringEnv.get(trimmed.toLowerCase());
+}
+function quoteAsLiteral(value) {
+  return `'${value.replace(/'/g, "''")}'`;
+}
+function staticSql(sql) {
+  return { kind: "static", sql };
+}
+function unresolved(reason) {
+  return { kind: "unresolved", reason };
+}
+function isDigitChar(char) {
+  return char !== void 0 && char >= "0" && char <= "9";
+}
+function consumeDigits(content, start) {
+  let cursor = start;
+  while (isDigitChar(content[cursor])) {
+    cursor += 1;
+  }
+  return cursor;
+}
+function consumeFormatSpaces(template, start) {
+  let cursor = start;
+  while (template[cursor] === " ") {
+    cursor += 1;
+  }
+  return cursor;
+}
+function consumeFormatFlagsAndWidth(template, start) {
+  let cursor = start;
+  while (cursor < template.length) {
+    const modifier = template[cursor];
+    if (isDigitChar(modifier)) {
+      cursor += 1;
+      continue;
+    }
+    if (modifier === "-" || modifier === "+" || modifier === " " || modifier === "#" || modifier === "0") {
+      cursor += 1;
+      continue;
+    }
+    break;
+  }
+  return cursor;
+}
+function consumeFormatPrecision(template, start) {
+  if (template[start] !== ".") return start;
+  return consumeDigits(template, start + 1);
+}
+function parseFormatPlaceholder(template, cursor) {
+  if (template[cursor] !== "%") return void 0;
+  const next = template[cursor + 1];
+  if (next === void 0) return void 0;
+  if (next === "%") {
+    return { kind: "escaped", nextCursor: cursor + 2 };
+  }
+  let specCursor = cursor + 1;
+  let positionalArgIndex;
+  if (isDigitChar(template[specCursor])) {
+    const argStart = specCursor;
+    specCursor = consumeDigits(template, specCursor);
+    const rawIndex = template.slice(argStart, specCursor);
+    if (!rawIndex || template[specCursor] !== "$") return void 0;
+    positionalArgIndex = Number(rawIndex) - 1;
+    if (!Number.isInteger(positionalArgIndex) || positionalArgIndex < 0) {
+      return void 0;
+    }
+    specCursor += 1;
+  }
+  specCursor = consumeFormatSpaces(template, specCursor);
+  specCursor = consumeFormatFlagsAndWidth(template, specCursor);
+  specCursor = consumeFormatPrecision(template, specCursor);
+  const specifier = template[specCursor];
+  if (specifier === void 0) return void 0;
+  return {
+    kind: "specifier",
+    specifier,
+    positionalArgIndex,
+    nextCursor: specCursor + 1
+  };
+}
+function updateFormatMode(state, positionalArgIndex) {
+  if (positionalArgIndex === void 0) {
+    if (state.mode === "positional") return false;
+    if (state.mode === "unset") {
+      state.mode = "sequential";
+    }
+    return true;
+  }
+  if (state.mode === "sequential") return false;
+  state.mode = "positional";
+  state.maxArgIndex = Math.max(state.maxArgIndex, positionalArgIndex);
+  return true;
+}
+function readFormatArgument(args, state, positionalArgIndex) {
+  if (positionalArgIndex !== void 0) {
+    return args[positionalArgIndex];
+  }
+  const argument = args[state.argIndex];
+  if (argument === void 0) return void 0;
+  state.argIndex += 1;
+  return argument;
+}
+function renderFormatSpecifier(specifier, argumentExpression, stringEnv) {
+  const spec = specifier.toLowerCase();
+  if (spec !== "i" && spec !== "l" && spec !== "s") return void 0;
+  const resolved = resolveStringExpression(argumentExpression, stringEnv);
+  if (resolved.kind !== "static") return void 0;
+  if (spec === "l") return quoteAsLiteral(resolved.sql);
+  return resolved.sql;
+}
+function consumeFormatLiteralChar(template, cursor, state) {
+  const char = template[cursor] ?? "";
+  if (char === "%") return void 0;
+  state.output += char;
+  return cursor + 1;
+}
+function applyFormatPlaceholder(template, cursor, args, state, stringEnv) {
+  const placeholder = parseFormatPlaceholder(template, cursor);
+  if (placeholder === void 0) return void 0;
+  if (placeholder.kind === "escaped") {
+    state.output += "%";
+    return placeholder.nextCursor;
+  }
+  if (!updateFormatMode(state, placeholder.positionalArgIndex)) return void 0;
+  const argument = readFormatArgument(args, state, placeholder.positionalArgIndex);
+  if (argument === void 0) return void 0;
+  const rendered = renderFormatSpecifier(placeholder.specifier, argument, stringEnv);
+  if (rendered === void 0) return void 0;
+  state.output += rendered;
+  return placeholder.nextCursor;
+}
+function hasValidFormatPositionalRange(state, argsLength) {
+  return state.mode !== "positional" || state.maxArgIndex < argsLength;
+}
+function resolveFormatTemplate(template, args, stringEnv) {
+  const state = {
+    output: "",
+    argIndex: 0,
+    mode: "unset",
+    maxArgIndex: -1
+  };
+  let cursor = 0;
+  while (cursor < template.length) {
+    const literalCursor = consumeFormatLiteralChar(template, cursor, state);
+    if (literalCursor !== void 0) {
+      cursor = literalCursor;
+      continue;
+    }
+    const placeholderCursor = applyFormatPlaceholder(template, cursor, args, state, stringEnv);
+    if (placeholderCursor === void 0) return void 0;
+    cursor = placeholderCursor;
+  }
+  if (!hasValidFormatPositionalRange(state, args.length)) return void 0;
+  return state.output;
+}
+function resolveFormatFunctionCall(call, stringEnv) {
+  if (call.args.length === 0) {
+    return unresolved("FORMAT requires arguments");
+  }
+  const formatTemplate = resolveStringExpression(call.args[0] ?? "", stringEnv);
+  if (formatTemplate.kind !== "static" || formatTemplate.sql.length === 0) {
+    return unresolved("FORMAT format string is dynamic");
+  }
+  const rendered = resolveFormatTemplate(formatTemplate.sql, call.args.slice(1), stringEnv);
+  if (rendered === void 0) {
+    return unresolved("FORMAT placeholders or arguments are not statically resolvable");
+  }
+  return staticSql(rendered);
+}
+function resolveConcatFunctionCall(call, stringEnv) {
+  if (call.functionName === "CONCAT_WS" && call.args.length < 2) {
+    return unresolved("CONCAT_WS requires separator and value arguments");
+  }
+  let separator = "";
+  let valueStartIndex = 0;
+  if (call.functionName === "CONCAT_WS") {
+    const sep = resolveStringExpression(call.args[0] ?? "", stringEnv);
+    if (sep.kind !== "static") {
+      return unresolved("CONCAT_WS separator is not statically resolvable");
+    }
+    separator = sep.sql;
+    valueStartIndex = 1;
+  }
+  const pieces = [];
+  for (let i = valueStartIndex; i < call.args.length; i += 1) {
+    const value = resolveStringExpression(call.args[i] ?? "", stringEnv);
+    if (value.kind !== "static") {
+      return unresolved("CONCAT function argument is not statically resolvable");
+    }
+    pieces.push(value.sql);
+  }
+  return staticSql(call.functionName === "CONCAT_WS" ? pieces.join(separator) : pieces.join(""));
+}
+function resolveQuoteIdentFunctionCall(call, stringEnv) {
+  if (call.args.length !== 1) {
+    return unresolved("QUOTE_IDENT should have one argument");
+  }
+  const ident = resolveStringExpression(call.args[0] ?? "", stringEnv);
+  if (ident.kind !== "static") {
+    return unresolved("QUOTE_IDENT argument is not statically resolvable");
+  }
+  return staticSql(ident.sql);
+}
+function resolveCoalesceFunctionCall(call, stringEnv) {
+  if (call.args.length === 0) {
+    return unresolved("COALESCE requires at least one argument");
+  }
+  for (const arg of call.args) {
+    const resolvedArg = resolveStringExpression(arg, stringEnv);
+    if (resolvedArg.kind === "static") {
+      if (resolvedArg.sql.length > 0) return staticSql(resolvedArg.sql);
+      continue;
+    }
+    return unresolved("COALESCE argument is not statically resolvable");
+  }
+  return unresolved("COALESCE arguments are empty/unresolvable");
+}
+function resolveKnownFunctionCall(call, stringEnv) {
+  if (call.functionName === "FORMAT") {
+    return resolveFormatFunctionCall(call, stringEnv);
+  }
+  if (call.functionName === "CONCAT" || call.functionName === "CONCAT_WS") {
+    return resolveConcatFunctionCall(call, stringEnv);
+  }
+  if (call.functionName === "QUOTE_IDENT") {
+    return resolveQuoteIdentFunctionCall(call, stringEnv);
+  }
+  if (call.functionName === "COALESCE") {
+    return resolveCoalesceFunctionCall(call, stringEnv);
+  }
+  return void 0;
+}
+function resolveTopLevelConcatExpression(normalized, stringEnv) {
+  const topLevelConcat = extractTopLevelSqlTokens(normalized);
+  if (topLevelConcat.length <= 1) return void 0;
+  const pieces = [];
+  for (const piece of topLevelConcat) {
+    const maybe = resolveStringExpression(piece, stringEnv);
+    if (maybe.kind !== "static") {
+      return unresolved("Concat with dynamic fragments");
+    }
+    pieces.push(maybe.sql);
+  }
+  return staticSql(pieces.join(""));
+}
+function resolveStringExpression(expression, stringEnv) {
+  const normalized = stripOuterParentheses(expression.trim());
+  if (!normalized) return unresolved("Empty expression");
+  const staticLiteral = parseStaticSqlLiteral(normalized);
+  if (staticLiteral !== void 0) return staticSql(staticLiteral);
+  const envValue = resolveIdentifierValue(normalized, stringEnv);
+  if (envValue !== void 0) return staticSql(envValue);
+  const call = extractTopLevelFunctionCall(normalized);
+  if (call !== void 0) {
+    const knownCallResult = resolveKnownFunctionCall(call, stringEnv);
+    if (knownCallResult !== void 0) return knownCallResult;
+  }
+  const concatResult = resolveTopLevelConcatExpression(normalized, stringEnv);
+  if (concatResult !== void 0) return concatResult;
+  if (isPureLiteralValue(normalized)) {
+    return unresolved("Expression is pure SQL literal but not usable as string SQL text");
+  }
+  return unresolved("Expression cannot be reconstructed statically");
+}
+var ASSIGNMENT_CONTROL_KEYWORDS = /* @__PURE__ */ new Set([
+  "IF",
+  "ELSIF",
+  "ELSE",
+  "THEN",
+  "LOOP",
+  "FOR",
+  "WHILE",
+  "CASE",
+  "WHEN",
+  "BEGIN",
+  "END",
+  "RETURN",
+  "PERFORM"
+]);
+function consumeAssignmentSingle(content, state) {
+  if (!state.inSingle) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === "'" && next === "'") {
+    state.cursor += 2;
+    return true;
+  }
+  if (char === "'") {
+    state.inSingle = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeAssignmentDouble(content, state) {
+  if (!state.inDouble) return false;
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === '"' && next === '"') {
+    state.cursor += 2;
+    return true;
+  }
+  if (char === '"') {
+    state.inDouble = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeAssignmentDollar(content, state) {
+  if (!state.inDollar) return false;
+  const close = `$${state.dollarTag}$`;
+  if (content.startsWith(close, state.cursor)) {
+    state.inDollar = false;
+    state.dollarTag = "";
+    state.cursor += close.length;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+function tryStartAssignmentDollar(content, state) {
+  const foundDollarTag = readDollarTagAt2(content, state.cursor);
+  if (foundDollarTag === void 0) return false;
+  state.inDollar = true;
+  state.dollarTag = foundDollarTag.slice(1, -1);
+  state.cursor += foundDollarTag.length;
+  return true;
+}
+function trySkipAssignmentLineComment(content, state) {
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char !== "-" || next !== "-") return false;
+  state.cursor += 2;
+  while (state.cursor < content.length && content[state.cursor] !== "\n") {
+    state.cursor += 1;
+  }
+  if (content[state.cursor] === "\n") {
+    state.cursor += 1;
+  }
+  return true;
+}
+function trySkipAssignmentBlockComment(content, state) {
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char !== "/" || next !== "*") return false;
+  state.cursor += 2;
+  while (state.cursor + 1 < content.length) {
+    if (content[state.cursor] === "*" && content[state.cursor + 1] === "/") {
+      state.cursor += 2;
+      return true;
+    }
+    state.cursor += 1;
+  }
+  return true;
+}
+function tryStartAssignmentSingle(content, state) {
+  if (content[state.cursor] !== "'") return false;
+  state.inSingle = true;
+  state.cursor += 1;
+  return true;
+}
+function tryStartAssignmentDouble(content, state) {
+  if (content[state.cursor] !== '"') return false;
+  state.inDouble = true;
+  state.cursor += 1;
+  return true;
+}
+function scanAssignmentOperator(content, state) {
+  const char = content[state.cursor] ?? "";
+  const next = content[state.cursor + 1] ?? "";
+  if (char === "(") {
+    state.depth += 1;
+    state.cursor += 1;
+    return true;
+  }
+  if (char === ")" && state.depth > 0) {
+    state.depth -= 1;
+    state.cursor += 1;
+    return true;
+  }
+  if (char === ":" && next === "=" && state.depth === 0) {
+    state.assignmentIndex = state.cursor;
+    state.cursor = content.length;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+var ASSIGNMENT_SCAN_STEPS = [
+  consumeAssignmentSingle,
+  consumeAssignmentDouble,
+  consumeAssignmentDollar,
+  tryStartAssignmentDollar,
+  trySkipAssignmentLineComment,
+  trySkipAssignmentBlockComment,
+  tryStartAssignmentSingle,
+  tryStartAssignmentDouble,
+  scanAssignmentOperator
+];
+function runAssignmentScanStep(content, state) {
+  for (const step of ASSIGNMENT_SCAN_STEPS) {
+    if (step(content, state)) return;
+  }
+}
+function findTopLevelAssignmentIndex(content) {
+  const state = {
+    cursor: 0,
+    depth: 0,
+    inSingle: false,
+    inDouble: false,
+    inDollar: false,
+    dollarTag: "",
+    assignmentIndex: -1
+  };
+  while (state.cursor < content.length - 1 && state.assignmentIndex < 0) {
+    runAssignmentScanStep(content, state);
+  }
+  return state.assignmentIndex;
+}
+function isConditionalAssignmentContext(left) {
+  return /\b(?:IF|ELSIF|ELSE|CASE|WHEN)\b/i.test(left);
+}
+function extractDeclarationAssignmentTarget(left) {
+  const declarationMatch = left.match(
+    /^(?:\s*DECLARE\s+)?([A-Za-z_][A-Za-z0-9_]*)\b(\s+[\s\S]+)$/i
+  );
+  const declarationTarget = declarationMatch?.[1];
+  if (!declarationTarget) return void 0;
+  const normalizedTarget = declarationTarget.toUpperCase();
+  if (ASSIGNMENT_CONTROL_KEYWORDS.has(normalizedTarget)) return void 0;
+  return normalizedTarget.toLowerCase();
+}
+function extractTrailingAssignmentTarget(left) {
+  const leftMatch = left.match(/([A-Za-z_][A-Za-z0-9_]*)\s*$/);
+  return leftMatch?.[1]?.toLowerCase();
+}
+function parseTopLevelAssignment(statement) {
+  const normalized = statement.trim();
+  if (!normalized) return void 0;
+  if (!normalized.includes(":=")) return void 0;
+  const assignmentIndex = findTopLevelAssignmentIndex(normalized);
+  if (assignmentIndex < 0) return void 0;
+  const left = normalized.slice(0, assignmentIndex).trim();
+  const right = normalized.slice(assignmentIndex + 2).trim();
+  if (!left || !right) return void 0;
+  const isConditionalContext = isConditionalAssignmentContext(left);
+  const declarationTarget = extractDeclarationAssignmentTarget(left);
+  if (declarationTarget !== void 0) {
+    return { target: declarationTarget, expression: right, isConditionalContext };
+  }
+  const fallbackTarget = extractTrailingAssignmentTarget(left);
+  if (fallbackTarget === void 0) return void 0;
+  return { target: fallbackTarget, expression: right, isConditionalContext };
+}
+function mergeStringEnvValue(env, target, nextValue) {
+  const previous = env.get(target);
+  if (previous === void 0 || previous === nextValue) {
+    env.set(target, nextValue);
+    return;
+  }
+  env.delete(target);
+}
+function extractStaticSqlFromExpression(expression, stringEnv = /* @__PURE__ */ new Map()) {
+  const normalized = stripOuterParentheses(expression.trim());
+  if (!normalized) {
+    return { kind: "unresolved", reason: "Empty expression" };
+  }
+  return resolveStringExpression(normalized, stringEnv);
+}
+function hasSingleOuterParentheses(content) {
+  if (!content.startsWith("(") || !content.endsWith(")")) return false;
+  let depth = 0;
+  for (let i = 0; i < content.length; i += 1) {
+    const char = content[i] ?? "";
+    if (char === "(") {
+      depth += 1;
+      continue;
+    }
+    if (char !== ")") {
+      continue;
+    }
+    depth -= 1;
+    if (depth < 0) return false;
+    if (depth === 0 && i !== content.length - 1) {
+      return false;
+    }
+  }
+  return depth === 0;
+}
+function stripOuterParentheses(content) {
+  let trimmed = content.trim();
+  while (hasSingleOuterParentheses(trimmed)) {
+    trimmed = trimmed.slice(1, -1).trim();
+  }
+  return trimmed;
+}
+function isPureLiteralValue(value) {
+  const trimmed = value.trim();
+  if (!trimmed) return false;
+  if (/^(?:null|true|false|\d+(?:\.\d+)?|-\d+(?:\.\d+)?)$/i.test(trimmed)) return true;
+  return parseStaticSqlLiteral(trimmed) !== void 0 || parseDollarLiteral(trimmed) !== void 0;
+}
+
+// src/validators/risk-detector-plpgsql.ts
+var DO_STATEMENT_PATTERN = /\bDO\b/gi;
+var CREATE_OR_ALTER_FUNCTION_PATTERN = /\b(?:CREATE|ALTER)\s+(?:OR\s+REPLACE\s+)?(?:FUNCTION|PROCEDURE)\b/gi;
+function readDollarTag(content, index) {
+  const match = content.slice(index).match(/^\$([A-Za-z_][A-Za-z0-9_]*)?\$/);
+  return match ? match[0] : void 0;
+}
+function isWordChar2(char) {
+  return /[A-Za-z0-9_]/.test(char);
+}
+function isKeywordAt(content, contentIndex, keyword) {
+  const endIndex = contentIndex + keyword.length;
+  if (endIndex > content.length) return false;
+  if (content.slice(contentIndex, endIndex).toUpperCase() !== keyword) return false;
+  const before = contentIndex > 0 ? content[contentIndex - 1] : " ";
+  const after = endIndex < content.length ? content[endIndex] : " ";
+  return !isWordChar2(before) && !isWordChar2(after);
+}
+function consumeSingleQuote(content, state) {
+  if (!state.inSingleQuote) return false;
+  if (content[state.cursor] === "'" && content[state.cursor + 1] === "'") {
+    state.cursor += 2;
+    return true;
+  }
+  if (content[state.cursor] === "'") {
+    state.inSingleQuote = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeDoubleQuote(content, state) {
+  if (!state.inDoubleQuote) return false;
+  if (content[state.cursor] === '"' && content[state.cursor + 1] === '"') {
+    state.cursor += 2;
+    return true;
+  }
+  if (content[state.cursor] === '"') {
+    state.inDoubleQuote = false;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeDollarQuote(content, state) {
+  if (state.inDollarQuote === void 0) return false;
+  const close = `$${state.inDollarQuote}$`;
+  if (content.startsWith(close, state.cursor)) {
+    state.inDollarQuote = void 0;
+    state.cursor += close.length;
+    return true;
+  }
+  state.cursor += 1;
+  return true;
+}
+function consumeQuotedSpan(content, state) {
+  if (consumeSingleQuote(content, state)) return true;
+  if (consumeDoubleQuote(content, state)) return true;
+  return consumeDollarQuote(content, state);
+}
+function tryStartSingleQuote(content, state) {
+  if (content[state.cursor] !== "'") return false;
+  state.inSingleQuote = true;
+  state.cursor += 1;
+  return true;
+}
+function tryStartDoubleQuote(content, state) {
+  if (content[state.cursor] !== '"') return false;
+  state.inDoubleQuote = true;
+  state.cursor += 1;
+  return true;
+}
+function tryStartDollarQuote(content, state) {
+  const dollarTag = readDollarTag(content, state.cursor);
+  if (dollarTag === void 0) return false;
+  state.inDollarQuote = dollarTag.slice(1, -1);
+  state.cursor += dollarTag.length;
+  return true;
+}
+function tryStartQuotedSpan(content, state) {
+  if (tryStartSingleQuote(content, state)) return true;
+  if (tryStartDoubleQuote(content, state)) return true;
+  return tryStartDollarQuote(content, state);
+}
+function findKeywordFromOffset(content, start, keyword) {
+  const state = {
+    cursor: start,
+    inSingleQuote: false,
+    inDoubleQuote: false,
+    inDollarQuote: void 0
+  };
+  while (state.cursor < content.length) {
+    if (consumeQuotedSpan(content, state)) continue;
+    if (tryStartQuotedSpan(content, state)) continue;
+    if (isKeywordAt(content, state.cursor, keyword)) {
+      return state.cursor;
+    }
+    state.cursor += 1;
+  }
+  return void 0;
+}
+var MAX_DOLLAR_QUOTE_DEPTH = 50;
+function skipUntilDollarClose(content, state, openTag, depth) {
+  if (depth >= MAX_DOLLAR_QUOTE_DEPTH) return -1;
+  const nestedTag = readDollarTag(content, state.cursor);
+  if (nestedTag === void 0 || nestedTag === openTag) {
+    return state.cursor;
+  }
+  const nestedStart = state.cursor + nestedTag.length;
+  const nestedEnd = closeIndexForDollarTag(content, nestedStart, nestedTag, depth + 1);
+  if (nestedEnd === -1) return -1;
+  state.cursor = nestedEnd + nestedTag.length;
+  return state.cursor;
+}
+function closeIndexForDollarTag(content, bodyStart, openTag, depth = 0) {
+  if (depth >= MAX_DOLLAR_QUOTE_DEPTH) return -1;
+  const state = {
+    cursor: bodyStart,
+    inSingleQuote: false,
+    inDoubleQuote: false,
+    inDollarQuote: void 0
+  };
+  while (state.cursor < content.length) {
+    if (consumeQuotedSpan(content, state)) continue;
+    if (content.startsWith(openTag, state.cursor)) {
+      return state.cursor;
+    }
+    const nestedCursor = skipUntilDollarClose(content, state, openTag, depth);
+    if (nestedCursor !== state.cursor) {
+      continue;
+    }
+    if (tryStartSingleQuote(content, state)) continue;
+    if (tryStartDoubleQuote(content, state)) continue;
+    state.cursor += 1;
+  }
+  return -1;
+}
+function resolveBodyRange(content, openTagStart, statementType) {
+  const openTag = readDollarTag(content, openTagStart);
+  if (openTag === void 0) return void 0;
+  const bodyStart = openTagStart + openTag.length;
+  const bodyEnd = closeIndexForDollarTag(content, bodyStart, openTag);
+  if (bodyEnd === -1) return void 0;
+  return {
+    range: { bodyStart, bodyEnd, statementType },
+    nextScanIndex: bodyEnd + openTag.length
+  };
+}
+function skipDoLanguageClause(content, cursor) {
+  if (!isKeywordAt(content, cursor, "LANGUAGE")) {
+    return cursor;
+  }
+  const langNameStart = skipWhitespace2(content, cursor + "LANGUAGE".length);
+  const afterLangName = skipIdentifier(content, langNameStart);
+  return skipWhitespace2(content, afterLangName);
+}
+function collectDoBodyRanges(content) {
+  const ranges = [];
+  DO_STATEMENT_PATTERN.lastIndex = 0;
+  let doMatch = DO_STATEMENT_PATTERN.exec(content);
+  while (doMatch !== null) {
+    const doStart = doMatch.index;
+    if (findKeywordFromOffset(content, doStart, "DO") !== doStart) {
+      DO_STATEMENT_PATTERN.lastIndex = doStart + doMatch[0].length;
+      doMatch = DO_STATEMENT_PATTERN.exec(content);
+      continue;
+    }
+    let cursor = skipWhitespace2(content, doStart + doMatch[0].length);
+    cursor = skipDoLanguageClause(content, cursor);
+    const resolved = resolveBodyRange(content, cursor, "do");
+    if (resolved !== void 0) {
+      ranges.push(resolved.range);
+      DO_STATEMENT_PATTERN.lastIndex = resolved.nextScanIndex;
+    }
+    doMatch = DO_STATEMENT_PATTERN.exec(content);
+  }
+  DO_STATEMENT_PATTERN.lastIndex = 0;
+  return ranges;
+}
+function collectFunctionBodyRanges(content) {
+  const ranges = [];
+  CREATE_OR_ALTER_FUNCTION_PATTERN.lastIndex = 0;
+  let functionMatch = CREATE_OR_ALTER_FUNCTION_PATTERN.exec(content);
+  while (functionMatch !== null) {
+    const start = functionMatch.index;
+    const asIndex = findKeywordFromOffset(content, start + functionMatch[0].length, "AS");
+    if (asIndex === void 0) {
+      CREATE_OR_ALTER_FUNCTION_PATTERN.lastIndex = start + functionMatch[0].length;
+      functionMatch = CREATE_OR_ALTER_FUNCTION_PATTERN.exec(content);
+      continue;
+    }
+    const bodyStartAt = skipWhitespace2(content, asIndex + 2);
+    const resolved = resolveBodyRange(content, bodyStartAt, "function");
+    if (resolved !== void 0) {
+      ranges.push(resolved.range);
+      CREATE_OR_ALTER_FUNCTION_PATTERN.lastIndex = resolved.nextScanIndex;
+    }
+    functionMatch = CREATE_OR_ALTER_FUNCTION_PATTERN.exec(content);
+  }
+  CREATE_OR_ALTER_FUNCTION_PATTERN.lastIndex = 0;
+  return ranges;
+}
+function findFunctionAndDoBodies(content) {
+  return [...collectDoBodyRanges(content), ...collectFunctionBodyRanges(content)];
+}
+function enrichStaticExecuteRiskFromSql(sql, sourceLine) {
+  const staticSql2 = stripSqlForPatternMatching(sql);
+  if (!staticSql2.trim()) return [];
+  const staticSqlLineStarts = buildLineStarts(sql);
+  return detectRisksFromContent(staticSql2, sql, staticSqlLineStarts).map((risk) => ({
+    ...risk,
+    line: sourceLine,
+    evidence: {
+      source: "static execute body",
+      snippet: sql.trim().slice(0, 200),
+      detail: "Reconstructed PL/pgSQL EXECUTE expression"
+    }
+  }));
+}
+function buildDoBlockRisk(commentlessContent, range, declarationLine) {
+  const bodyPreviewStart = Math.max(0, range.bodyStart - 80);
+  const bodyPreviewEnd = range.bodyEnd + 80;
+  return {
+    level: "medium",
+    description: "DO block detected in SQL",
+    mitigation: "Prefer static declarative SQL or move bootstrap logic to idempotent script files with clear intent",
+    line: declarationLine,
+    reasonCode: "PLPGSQL_DO_BLOCK_DETECTED",
+    confidence: "medium",
+    evidence: {
+      source: "findFunctionAndDoBodies",
+      snippet: range.statementType === "do" ? commentlessContent.slice(bodyPreviewStart, bodyPreviewEnd) : void 0,
+      detail: `${range.statementType.toUpperCase()} block detected in schema SQL`
+    }
+  };
+}
+function maybeAddDoBlockRisk(risks, dedupe, commentlessContent, range, declarationLine) {
+  if (range.statementType !== "do") return;
+  const doKey = `do:${range.statementType}:${declarationLine}`;
+  if (dedupe.has(doKey)) return;
+  dedupe.add(doKey);
+  risks.push(buildDoBlockRisk(commentlessContent, range, declarationLine));
+}
+function applyStatementAssignment(statement, stringEnv) {
+  const assignment = parseTopLevelAssignment(statement.statement);
+  if (!assignment) return;
+  const resolved = extractStaticSqlFromExpression(assignment.expression, stringEnv);
+  if (resolved.kind !== "static") {
+    stringEnv.delete(assignment.target);
+    return;
+  }
+  if (assignment.isConditionalContext) {
+    mergeStringEnvValue(stringEnv, assignment.target, resolved.sql);
+    return;
+  }
+  stringEnv.set(assignment.target, resolved.sql);
+}
+function buildExecuteLine(content, lineStarts, range, statement, execute) {
+  return lineNumberFromIndex(
+    content,
+    range.bodyStart + statement.startOffset + execute.statementStartOffset,
+    lineStarts
+  );
+}
+function buildExecuteKey(range, statement, execute, executeLine) {
+  return `execute:${range.statementType}:${statement.startOffset}:${execute.statementStartOffset}:${executeLine}`;
+}
+function buildStaticExecuteRisk(execute, executeLine) {
+  return {
+    level: "medium",
+    description: "Static EXECUTE SQL detected in PL/pgSQL body",
+    mitigation: "Prefer declarative/static SQL when possible; keep this change explicit in declarative schemas",
+    line: executeLine,
+    reasonCode: "PLPGSQL_EXECUTE_STATIC",
+    confidence: "low",
+    evidence: {
+      source: "extractExecuteExpressions",
+      snippet: execute.expression.slice(0, 200),
+      detail: "Static EXECUTE SQL detected from reconstructed expression"
+    }
+  };
+}
+function pushDerivedStaticRisks(risks, dedupe, staticSql2, executeLine, hasUsingClause) {
+  const staticRisks = enrichStaticExecuteRiskFromSql(staticSql2, executeLine);
+  for (const staticRisk of staticRisks) {
+    const key = `${staticRisk.level}:${staticRisk.description}:${executeLine}`;
+    const dedupeKey = `static:${key}`;
+    if (dedupe.has(dedupeKey)) continue;
+    dedupe.add(dedupeKey);
+    risks.push({
+      ...staticRisk,
+      reasonCode: staticRisk.reasonCode ?? "PLPGSQL_EXECUTE_STATIC",
+      confidence: staticRisk.confidence ?? "low",
+      evidence: {
+        ...staticRisk.evidence,
+        source: staticRisk.evidence?.source ?? "detectRisksFromContent",
+        detail: `Static EXECUTE SQL analyzed from reconstructed expression${hasUsingClause ? " (USING clause present)" : ""}`
+      }
+    });
+  }
+}
+function maybeBuildUsingClauseRisk(execute, executeLine) {
+  if (!execute.hasUsingClause) return void 0;
+  return {
+    level: "high",
+    description: "PL/pgSQL EXECUTE uses USING bindings; values are applied at runtime and must be auditable",
+    mitigation: "Avoid runtime-bound SQL mutation in migration paths, or keep this change in idempotent with explicit review",
+    line: executeLine,
+    reasonCode: "PLPGSQL_EXECUTE_DYNAMIC_USING",
+    confidence: "high",
+    evidence: {
+      source: "extractExecuteExpressions",
+      snippet: execute.expression.slice(0, 200),
+      detail: "EXECUTE contains USING clause"
+    }
+  };
+}
+function pushBodyStaticRisks(risks, dedupe, body, bodyStartLine) {
+  const searchableBody = stripSqlStringsPreserveLines(body);
+  if (!searchableBody.trim()) return;
+  const bodyLineStarts = buildLineStarts(body);
+  const bodyRisks = detectRisksFromContent(searchableBody, body, bodyLineStarts);
+  for (const risk of bodyRisks) {
+    const line = bodyStartLine + ((risk.line ?? 1) - 1);
+    const dedupeKey = `body:${risk.reasonCode ?? risk.description}:${line}`;
+    if (dedupe.has(dedupeKey)) continue;
+    dedupe.add(dedupeKey);
+    risks.push({
+      ...risk,
+      line,
+      evidence: {
+        source: "plpgsql body",
+        snippet: body.trim().slice(0, 200),
+        detail: `Matched ${risk.reasonCode ?? "pattern"} inside PL/pgSQL body`
+      }
+    });
+  }
+}
+function buildUnresolvedExecuteRisk(execute, executeLine, reason) {
+  const clauseSuffix = execute.hasUsingClause ? " includes USING clause" : execute.hasIntoClause ? " includes INTO clause" : "";
+  return {
+    level: "high",
+    description: `UNRESOLVED_DYNAMIC_SQL in PL/PGSQL EXECUTE: ${reason}${clauseSuffix}`,
+    mitigation: "Resolve SQL construction at migration time or add manual review before production apply preview",
+    line: executeLine,
+    reasonCode: execute.hasUsingClause ? "PLPGSQL_EXECUTE_DYNAMIC_USING" : execute.hasIntoClause ? "PLPGSQL_EXECUTE_DYNAMIC_INTO" : "PLPGSQL_EXECUTE_UNRESOLVED",
+    confidence: "high",
+    evidence: {
+      source: "extractStaticSqlFromExpression",
+      snippet: execute.expression.slice(0, 200),
+      detail: `Failed to reconstruct dynamic SQL (${reason})`
+    }
+  };
+}
+function analyzeExecuteStatement(risks, dedupe, content, lineStarts, range, statement, execute, stringEnv) {
+  const executeLine = buildExecuteLine(content, lineStarts, range, statement, execute);
+  const executeKey = buildExecuteKey(range, statement, execute, executeLine);
+  if (dedupe.has(executeKey)) return;
+  dedupe.add(executeKey);
+  const extracted = extractStaticSqlFromExpression(execute.expression, stringEnv);
+  if (extracted.kind !== "static") {
+    risks.push(buildUnresolvedExecuteRisk(execute, executeLine, extracted.reason));
+    return;
+  }
+  risks.push(buildStaticExecuteRisk(execute, executeLine));
+  pushDerivedStaticRisks(risks, dedupe, extracted.sql, executeLine, execute.hasUsingClause);
+  const usingRisk = maybeBuildUsingClauseRisk(execute, executeLine);
+  if (usingRisk !== void 0) {
+    risks.push(usingRisk);
+  }
+}
+function analyzeBodyRange(risks, dedupe, content, commentlessContent, lineStarts, range) {
+  const declarationLine = lineNumberFromIndex(commentlessContent, range.bodyStart, lineStarts);
+  maybeAddDoBlockRisk(risks, dedupe, commentlessContent, range, declarationLine);
+  const body = commentlessContent.slice(range.bodyStart, range.bodyEnd);
+  pushBodyStaticRisks(risks, dedupe, body, declarationLine);
+  const stringEnv = /* @__PURE__ */ new Map();
+  for (const statement of splitPlpgsqlStatementsWithOffsets(body)) {
+    applyStatementAssignment(statement, stringEnv);
+    const executeStatements = extractExecuteExpressions(statement.statement);
+    for (const execute of executeStatements) {
+      analyzeExecuteStatement(
+        risks,
+        dedupe,
+        content,
+        lineStarts,
+        range,
+        statement,
+        execute,
+        stringEnv
+      );
+    }
+  }
+}
+function detectPlpgsqlDynamicExecutionRisks(content) {
+  const commentlessContent = stripSqlCommentsPreserveLines(content);
+  const lineStarts = buildLineStarts(commentlessContent);
+  const ranges = findFunctionAndDoBodies(commentlessContent);
+  if (ranges.length === 0) return [];
+  const risks = [];
+  const dedupe = /* @__PURE__ */ new Set();
+  for (const range of ranges) {
+    analyzeBodyRange(risks, dedupe, content, commentlessContent, lineStarts, range);
+  }
+  return risks;
+}
+
+export { detectPlpgsqlDynamicExecutionRisks };