@snovon/solast 0.2.0

package/dist/detectors/reflection-token-balance-desync.js

@@ -0,0 +1,246 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReflectionTokenBalanceDesyncDetector = void 0;
+const ast_1 = require("./_common/ast");
+const access_control_1 = require("./_common/access-control");
+const RULE_ID = 'reflection-token-balance-desync';
+const REFLECTION_SIGNAL = /reflect|deliver|rtotal|ttotal|rowned|towned|ramount|tamount|reflected|token/i;
+const ASSIGNMENT_OPERATORS = new Set(['=', '-=', '+=', '*=', '/=']);
+// SafeMath helpers (`add`/`sub`/`mul`/`div`) are pure arithmetic — they return a
+// new value and do not mutate the receiver. Mutation is tracked via assignment
+// operators in BinaryOperation; only semantically mutating container methods
+// belong here.
+const MUTATING_MEMBERS = new Set(['push', 'pop']);
+function getDirectCallName(expr) {
+    if (!expr)
+        return '';
+    if (expr.type === 'Identifier')
+        return expr.name || '';
+    return '';
+}
+function getMemberName(expr) {
+    if (!expr)
+        return '';
+    if (expr.type === 'MemberAccess')
+        return expr.memberName || '';
+    return '';
+}
+function getBaseName(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (node.type === 'Identifier')
+        return node.name;
+    if (node.type === 'MemberAccess') {
+        return node.memberName;
+    }
+    if (node.type === 'IndexAccess') {
+        return getBaseName(node.base || node.baseExpression);
+    }
+    return null;
+}
+function isPublicOrExternal(node) {
+    if (node.visibility === 'public' || node.visibility === 'external')
+        return true;
+    if (node.visibility === 'default')
+        return true; // Solidity default is public
+    return false;
+}
+class ReflectionTokenBalanceDesyncDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    currentFile = '';
+    currentContract = '';
+    findings = [];
+    stateVariables = new Set();
+    mappings = new Set();
+    rateVariables = new Set();
+    divisions = new Map();
+    currentFunction = null;
+    setFile(file) {
+        this.currentFile = file;
+        this.currentContract = '';
+        this.findings = [];
+        this.currentFunction = null;
+    }
+    getFindings() {
+        return this.findings;
+    }
+    ContractDefinition(node) {
+        this.currentContract = node.name || '';
+        this.stateVariables.clear();
+        this.mappings.clear();
+        this.rateVariables.clear();
+        this.divisions.clear();
+        this.currentFunction = null;
+    }
+    ContractDefinition_post() {
+        this.currentContract = '';
+        this.stateVariables.clear();
+        this.mappings.clear();
+        this.rateVariables.clear();
+        this.divisions.clear();
+        this.currentFunction = null;
+    }
+    ['ContractDefinition:exit']() {
+        this.ContractDefinition_post();
+    }
+    StateVariableDeclaration(node) {
+        for (const variable of node.variables || []) {
+            if (variable?.name) {
+                this.stateVariables.add(variable.name);
+                if (variable.typeName && (0, ast_1.isNode)(variable.typeName, 'Mapping')) {
+                    this.mappings.add(variable.name);
+                }
+            }
+        }
+        this.refreshRateVariables();
+    }
+    BinaryOperation(node) {
+        if (node.operator === '/') {
+            this.recordDivision(node.left || node.leftExpression, node.right || node.rightExpression);
+        }
+        if (!this.currentFunction || !ASSIGNMENT_OPERATORS.has(node.operator))
+            return;
+        const leftName = getBaseName(node.left || node.leftExpression);
+        this.recordFunctionMutation(leftName);
+    }
+    FunctionCall(node) {
+        const mname = getMemberName(node.expression);
+        if (mname === 'div' && (node.arguments || []).length === 1) {
+            this.recordDivision(node.expression.expression, (node.arguments || [])[0]);
+        }
+        if (!this.currentFunction)
+            return;
+        const cname = getDirectCallName(node.expression);
+        if (cname === 'require' || cname === 'assert') {
+            const arg = (node.arguments || [])[0];
+            if ((0, access_control_1.requireExpressesAccessControl)(arg, (name) => access_control_1.DEFAULT_PRIVILEGED_KEYWORDS.includes(name.toLowerCase()))) {
+                this.currentFunction.hasAccessControl = true;
+            }
+        }
+        if (MUTATING_MEMBERS.has(mname)) {
+            const leftName = getBaseName(node.expression.expression);
+            this.recordFunctionMutation(leftName);
+        }
+    }
+    FunctionDefinition(node) {
+        this.currentFunction = null;
+        if (!node.body)
+            return;
+        if (!isPublicOrExternal(node))
+            return;
+        this.currentFunction = {
+            node,
+            modifiedStateVars: new Set(),
+            modifiedMappings: new Set(),
+            hasAccessControl: (0, access_control_1.hasRecognisedAccessControlModifier)(node),
+        };
+    }
+    FunctionDefinition_post(node) {
+        if (!this.currentFunction || this.currentFunction.node !== node)
+            return;
+        const fn = this.currentFunction;
+        this.currentFunction = null;
+        if (fn.hasAccessControl)
+            return;
+        if (fn.modifiedMappings.size === 0)
+            return;
+        // Check if it modifies exactly one side of a division pair
+        let isDesync = false;
+        for (const div of this.divisions.values()) {
+            if (!this.stateVariables.has(div.a) || !this.stateVariables.has(div.b))
+                continue;
+            const modifiesA = fn.modifiedStateVars.has(div.a);
+            const modifiesB = fn.modifiedStateVars.has(div.b);
+            if (modifiesA && !modifiesB) {
+                isDesync = true;
+                break;
+            }
+            if (!modifiesA && modifiesB) {
+                isDesync = true;
+                break;
+            }
+        }
+        if (!isDesync)
+            return;
+        // Surface signal check
+        const fnName = node.name || '';
+        let hasSignal = REFLECTION_SIGNAL.test(fnName);
+        if (!hasSignal) {
+            for (const mv of fn.modifiedStateVars) {
+                if (REFLECTION_SIGNAL.test(mv))
+                    hasSignal = true;
+            }
+        }
+        if (!hasSignal) {
+            for (const mm of fn.modifiedMappings) {
+                if (REFLECTION_SIGNAL.test(mm))
+                    hasSignal = true;
+            }
+        }
+        // Also check rate variables
+        if (!hasSignal) {
+            for (const rv of this.rateVariables) {
+                if (REFLECTION_SIGNAL.test(rv))
+                    hasSignal = true;
+            }
+        }
+        if (!hasSignal)
+            return;
+        const { line, column } = (0, ast_1.assertLoc)(node);
+        this.findings.push({
+            file: this.currentFile,
+            contract: this.currentContract,
+            function: node.name || '<anonymous>',
+            line,
+            column,
+            pattern: RULE_ID,
+            confidence: 'high',
+            ruleId: RULE_ID,
+            severity: 'high',
+            message: `Reflection token balance desync in '${node.name || '<anonymous>'}': function asymmetrically modifies the reflected ledger or rate without updating the other side proportionally, allowing repeated drains.`,
+            contractName: this.currentContract,
+            functionName: node.name || '<anonymous>',
+            findingId: '',
+            contractHash: ''
+        });
+    }
+    ['FunctionDefinition:exit'](node) {
+        this.FunctionDefinition_post(node);
+    }
+    recordDivision(left, right) {
+        const leftName = getBaseName(left);
+        const rightName = getBaseName(right);
+        if (!leftName || !rightName)
+            return;
+        const key = `${leftName}/${rightName}`;
+        if (!this.divisions.has(key)) {
+            this.divisions.set(key, { a: leftName, b: rightName });
+        }
+        if (this.stateVariables.has(leftName) && this.stateVariables.has(rightName)) {
+            this.rateVariables.add(leftName);
+            this.rateVariables.add(rightName);
+        }
+    }
+    refreshRateVariables() {
+        for (const div of this.divisions.values()) {
+            if (this.stateVariables.has(div.a) && this.stateVariables.has(div.b)) {
+                this.rateVariables.add(div.a);
+                this.rateVariables.add(div.b);
+            }
+        }
+    }
+    recordFunctionMutation(name) {
+        if (!this.currentFunction || !name || !this.stateVariables.has(name))
+            return;
+        if (this.mappings.has(name)) {
+            this.currentFunction.modifiedMappings.add(name);
+        }
+        else {
+            this.currentFunction.modifiedStateVars.add(name);
+        }
+    }
+}
+exports.ReflectionTokenBalanceDesyncDetector = ReflectionTokenBalanceDesyncDetector;
+//# sourceMappingURL=reflection-token-balance-desync.js.map

package/dist/detectors/registry-engine.d.ts

@@ -0,0 +1,34 @@
+import type { ScanResult } from '../index';
+import type { SemanticModel } from '../semantic/model';
+import type { TaintTracker } from '../semantic/taint-tracker';
+import type { Detector, DetectorProfileEntry } from './types';
+export declare class DetectorRegistry {
+    private readonly detectors;
+    private readonly fanoutCache;
+    private readonly profile;
+    private readonly profileStats;
+    constructor(options?: {
+        profile?: boolean;
+    });
+    register(detector: Detector): this;
+    ids(): string[];
+    detectorsForSarif(): Detector[];
+    runAll(ast: any, file: string, sourceText?: string, rules?: string[], enabledRules?: string[], ignorePatterns?: string[], semantic?: SemanticModel, taint?: TaintTracker, solcVersion?: string, ignoredDetectorIds?: string[], tier?: 'core' | 'extended' | 'all'): ScanResult[];
+    ignoredDetectorIds(rules?: string[], enabledRules?: string[], ignorePatterns?: string[]): string[];
+    private getOrBuildFanout;
+    /**
+     * Accumulate one detector visit into the profile stats. Cheap (Map
+     * lookup + bigint add); only called when `SOLAST_PROFILE=1`.
+     */
+    private recordProfile;
+    /**
+     * Render the accumulated per-detector profile stats as a stable
+     * multi-line summary, sorted by total time descending. Returns the
+     * empty string when profiling was not enabled or no detector ran.
+     * The caller (typically the CLI, after scan completion) decides
+     * where to write the summary — stderr is the convention so the
+     * NDJSON / SARIF stdout pipeline stays clean.
+     */
+    formatProfileSummary(): string;
+    getProfileStats(): DetectorProfileEntry[];
+}

package/dist/detectors/registry-engine.js

@@ -0,0 +1,388 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DetectorRegistry = void 0;
+const parser_1 = __importDefault(require("@solidity-parser/parser"));
+const solc_walker_1 = require("../ast/solc-walker");
+const glob_1 = require("../rules/glob");
+const tiers_1 = require("../rules/tiers");
+const types_1 = require("./types");
+class DetectorRegistry {
+    detectors = [];
+    // Memoized fan-out visitor objects, keyed by `astKind|rule-set|enabled-set`.
+    // Building the fan-out walks every detector's prototype chain and binds
+    // each visitor method, which is repeated work if a registry is reused
+    // across files. Cache entries are invalidated on register().
+    fanoutCache = new Map();
+    // P.2 telemetry: aggregate stats per detector id, accumulating across
+    // every `runAll` call on this registry. Empty / unused when
+    // `SOLAST_PROFILE` is not `'1'` at module load.
+    profile;
+    profileStats = new Map();
+    constructor(options = {}) {
+        this.profile = options.profile ?? types_1.PROFILE_ENABLED;
+    }
+    register(detector) {
+        // supportedAstKinds is mandatory at registration time (roadmap 1.5,
+        // review G.6). The 0.2 conformance gate previously enforced this
+        // statically over the registry returned by
+        // `createDefaultDetectorRegistry`; the exemption-list scaffold has
+        // since been drained to zero so the runtime check below is now the
+        // authoritative source of truth. A missing or invalid field is a
+        // programming error in the detector class and must surface
+        // immediately — not silently produce a detector that gets dispatched
+        // for AST kinds it can't handle.
+        if (!Array.isArray(detector.supportedAstKinds) || detector.supportedAstKinds.length === 0) {
+            throw new Error(`Detector "${detector.id}" must declare supportedAstKinds: `
+                + `add a readonly supportedAstKinds = ['parser' as const] (or ['solc' as const], or both) field on the class. `
+                + `See CONTRIBUTING.md.`);
+        }
+        for (const kind of detector.supportedAstKinds) {
+            if (kind !== 'parser' && kind !== 'solc') {
+                throw new Error(`Detector "${detector.id}" has invalid supportedAstKinds entry ${JSON.stringify(kind)}: `
+                    + `expected "parser" or "solc".`);
+            }
+        }
+        this.detectors.push(detector);
+        if (this.fanoutCache.size > 0)
+            this.fanoutCache.clear();
+        return this;
+    }
+    ids() {
+        return this.detectors.map(detector => detector.id);
+    }
+    detectorsForSarif() {
+        return this.detectors.slice();
+    }
+    runAll(ast, file, sourceText, rules, enabledRules, ignorePatterns, semantic, taint, solcVersion, ignoredDetectorIds, tier) {
+        const astKind = getAstKind(ast);
+        if (!astKind)
+            return [];
+        const results = [];
+        const selectedRules = rules ? new Set(rules) : null;
+        const enabledRuleSet = enabledRules ? new Set(enabledRules) : null;
+        const ignoredRuleSet = ignoredDetectorIds ? new Set(ignoredDetectorIds) : null;
+        // Construct the DetectorContext once per runAll call; detectors that
+        // consume cross-file information receive the same instance (so they
+        // can cache lookups via reference equality if useful).
+        const ctx = { file, semantic, taint, solcVersion };
+        // Filter eligible detectors once. Sort the visitor-style ones into a
+        // dedicated bucket so we can fan one walk out to all of them; the
+        // scanAst-style ones drive their own traversal and run as before.
+        const visitorDetectors = [];
+        for (const detector of this.detectors) {
+            if (selectedRules && !selectedRules.has(detector.id))
+                continue;
+            if (!selectedRules && detector.enabledByDefault === false && !enabledRuleSet?.has(detector.id))
+                continue;
+            if (ignoredRuleSet?.has(detector.id))
+                continue;
+            if (matchesAnyRuleGlob(detector.id, ignorePatterns))
+                continue;
+            if (tier && tier !== 'all' && tiers_1.ruleTiers[detector.id] !== tier)
+                continue;
+            if (detector.supportedAstKinds && !detector.supportedAstKinds.includes(astKind))
+                continue;
+            if (hasVisitorMethods(detector)) {
+                visitorDetectors.push(detector);
+            }
+            else if (detector.scanAst) {
+                if (this.profile) {
+                    const t0 = process.hrtime.bigint();
+                    const r = detector.scanAst(ast, file, sourceText, ctx);
+                    const t1 = process.hrtime.bigint();
+                    this.recordProfile(detector.id, t1 - t0, 1);
+                    results.push(...r);
+                }
+                else {
+                    results.push(...detector.scanAst(ast, file, sourceText, ctx));
+                }
+            }
+        }
+        const assignTiers = (findings) => {
+            for (const res of findings) {
+                if (!res.tier) {
+                    res.tier = tiers_1.ruleTiers[res.ruleId] || 'extended';
+                }
+            }
+            return findings;
+        };
+        if (visitorDetectors.length === 0)
+            return assignTiers(results);
+        // Single-pass shared visitor pump (review finding C1).
+        //
+        // Previously each detector got its own AST walk via parser.visit /
+        // walkSolcAst. With ~100+ detectors registered today that meant the
+        // same tree was traversed once per detector, multiplying the work
+        // by the registry size. The fan-out below builds one visitor object
+        // whose handler for each event fans out to every detector that
+        // subscribes to that event, walks the AST exactly once, then
+        // collects each detector's findings.
+        //
+        // Behavior preservation: from any single detector's perspective the
+        // sequence of node visits is identical (document order, both entry
+        // and post hooks). Detectors don't observe each other's state, and
+        // none of the current detectors use a visitor return value to
+        // short-circuit traversal, so the multi-subscriber dispatch matches
+        // the original per-detector walk in observable outcomes.
+        for (const detector of visitorDetectors) {
+            detector.setFile?.(file);
+            detector.setContext?.(ctx);
+            detector.setSourceText?.(sourceText);
+            detector.setSemanticModel?.(semantic);
+        }
+        const fanout = this.getOrBuildFanout(astKind, visitorDetectors, selectedRules, enabledRuleSet, this.profile);
+        if (astKind === 'parser') {
+            parser_1.default.visit(ast, fanout);
+        }
+        else {
+            (0, solc_walker_1.walkSolcAst)(ast, fanout, sourceText);
+        }
+        for (const detector of visitorDetectors) {
+            results.push(...(detector.getFindings?.() ?? []));
+        }
+        // 4. Return results with tier assigned.
+        for (const res of results) {
+            if (!res.tier) {
+                res.tier = tiers_1.ruleTiers[res.ruleId] || 'extended';
+            }
+        }
+        return results;
+    }
+    ignoredDetectorIds(rules, enabledRules, ignorePatterns) {
+        if (!ignorePatterns || ignorePatterns.length === 0)
+            return [];
+        const selectedRules = rules ? new Set(rules) : null;
+        const enabledRuleSet = enabledRules ? new Set(enabledRules) : null;
+        const ignored = [];
+        for (const detector of this.detectors) {
+            if (selectedRules && !selectedRules.has(detector.id))
+                continue;
+            if (!selectedRules && detector.enabledByDefault === false && !enabledRuleSet?.has(detector.id))
+                continue;
+            if (matchesAnyRuleGlob(detector.id, ignorePatterns))
+                ignored.push(detector.id);
+        }
+        return ignored.sort((a, b) => a.localeCompare(b));
+    }
+    getOrBuildFanout(astKind, visitorDetectors, selectedRules, enabledRuleSet, profile) {
+        const ruleKey = selectedRules ? [...selectedRules].sort().join(',') : '*';
+        const enabledKey = enabledRuleSet ? [...enabledRuleSet].sort().join(',') : '-';
+        // Cache key includes profile flag because the profiled fanout uses
+        // wrapper closures that record timing — a non-profiled run would
+        // otherwise reuse the slower wrappers.
+        const cacheKey = `${astKind}|${ruleKey}|${enabledKey}|p${profile ? '1' : '0'}`;
+        const cached = this.fanoutCache.get(cacheKey);
+        // Identity check on the visitor-detector list: a cached entry is
+        // only reusable when the eligible-detector array has the same
+        // shape — protects against subtle drift if the caller mutates
+        // detectors between calls.
+        if (cached && cached.visitorDetectors.length === visitorDetectors.length) {
+            let same = true;
+            for (let i = 0; i < visitorDetectors.length; i++) {
+                if (cached.visitorDetectors[i] !== visitorDetectors[i]) {
+                    same = false;
+                    break;
+                }
+            }
+            if (same)
+                return cached.fanout;
+        }
+        const fanout = buildFanoutVisitor(visitorDetectors, profile ? (detectorId, timeNs) => this.recordProfile(detectorId, timeNs, 1) : undefined);
+        this.fanoutCache.set(cacheKey, { visitorDetectors: visitorDetectors.slice(), fanout });
+        return fanout;
+    }
+    /**
+     * Accumulate one detector visit into the profile stats. Cheap (Map
+     * lookup + bigint add); only called when `SOLAST_PROFILE=1`.
+     */
+    recordProfile(detectorId, timeNs, visits) {
+        const existing = this.profileStats.get(detectorId);
+        if (existing) {
+            existing.timeNs += timeNs;
+            existing.visits += visits;
+        }
+        else {
+            this.profileStats.set(detectorId, { timeNs, visits });
+        }
+    }
+    /**
+     * Render the accumulated per-detector profile stats as a stable
+     * multi-line summary, sorted by total time descending. Returns the
+     * empty string when profiling was not enabled or no detector ran.
+     * The caller (typically the CLI, after scan completion) decides
+     * where to write the summary — stderr is the convention so the
+     * NDJSON / SARIF stdout pipeline stays clean.
+     */
+    formatProfileSummary() {
+        if (!this.profile || this.profileStats.size === 0)
+            return '';
+        const entries = Array.from(this.profileStats.entries())
+            .map(([id, s]) => ({ id, visits: s.visits, ms: Number(s.timeNs / 1000n) / 1000 }))
+            .sort((a, b) => b.ms - a.ms);
+        const totalMs = entries.reduce((sum, e) => sum + e.ms, 0);
+        const totalVisits = entries.reduce((sum, e) => sum + e.visits, 0);
+        const lines = [];
+        lines.push(`solast: per-detector profile (${entries.length} detectors, ${totalVisits} visits, ${totalMs.toFixed(2)}ms total)`);
+        lines.push('  time(ms)   visits  detector');
+        for (const e of entries) {
+            lines.push(`  ${e.ms.toFixed(3).padStart(8)}  ${String(e.visits).padStart(7)}  ${e.id}`);
+        }
+        return lines.join('\n');
+    }
+    getProfileStats() {
+        if (!this.profile)
+            return [];
+        return Array.from(this.profileStats.entries())
+            .map(([id, s]) => ({ id, visits: s.visits, timeNs: s.timeNs }));
+    }
+}
+exports.DetectorRegistry = DetectorRegistry;
+function matchesAnyRuleGlob(ruleId, patterns) {
+    return Boolean(patterns && patterns.some(pattern => (0, glob_1.matchesRuleGlob)(ruleId, pattern)));
+}
+/**
+ * Build a single visitor object whose handlers dispatch to every
+ * detector that subscribed to that event. Visitor handler names follow
+ * the AST node-type convention (`ContractDefinition`,
+ * `FunctionDefinition`, ...). We additionally route `<Type>:exit`
+ * (parser-style post-hook), `<Type>_post` (solc-walker-style post-hook),
+ * and the two `enterNestedStatementBody` / `exitNestedStatementBody`
+ * hooks the solc walker fires.
+ *
+ * Anything else (lowercase private helpers, `id`, `findings` instance
+ * fields) is intentionally NOT exported into the fan-out — the walker
+ * never queries those names so it would be harmless either way, but
+ * the explicit allowlist keeps the behaviour easy to audit.
+ *
+ * Two performance shortcuts that matter on a hot loop with ~100+
+ * detectors:
+ *   - Methods are pre-bound to their owning detector at construction
+ *     time. The per-node dispatch path doesn't need `Function.call`
+ *     and doesn't rebind `this` — the walker invokes `arr[i](node)`.
+ *   - Events with a single subscriber bypass the iteration entirely;
+ *     the fanout entry IS the bound method. Many of the ~100+
+ *     detectors register one-of-a-kind hooks (e.g., a detector-
+ *     specific `StateVariableDeclaration`), so the single-subscriber
+ *     path is the common case.
+ */
+function buildFanoutVisitor(detectors, recordProfile) {
+    // Two parallel maps: `bound` stores raw bound handlers (for the
+    // non-profile path, which keeps the single-subscriber + tight-loop
+    // shortcuts). `boundWithId` adds the detector id alongside each
+    // handler so the profile-path wrapper can attribute time correctly.
+    const bound = new Map();
+    const boundWithId = new Map();
+    for (const detector of detectors) {
+        for (const name of collectVisitorMethodNames(detector)) {
+            const fn = detector[name];
+            if (typeof fn !== 'function')
+                continue;
+            const handler = fn.bind(detector);
+            const list = bound.get(name);
+            if (list)
+                list.push(handler);
+            else
+                bound.set(name, [handler]);
+            if (recordProfile) {
+                const listWithId = boundWithId.get(name);
+                const entry = { id: detector.id, fn: handler };
+                if (listWithId)
+                    listWithId.push(entry);
+                else
+                    boundWithId.set(name, [entry]);
+            }
+        }
+    }
+    const fanout = {};
+    for (const [name, handlers] of bound) {
+        if (recordProfile) {
+            // Profile path: every handler invocation is timed and attributed
+            // to its detector id. We skip the single-subscriber fast path
+            // because the wrapper must always record.
+            const arr = boundWithId.get(name);
+            const len = arr.length;
+            const rec = recordProfile;
+            fanout[name] = function (node) {
+                for (let i = 0; i < len; i++) {
+                    const entry = arr[i];
+                    const t0 = process.hrtime.bigint();
+                    entry.fn(node);
+                    const t1 = process.hrtime.bigint();
+                    rec(entry.id, t1 - t0);
+                }
+            };
+            continue;
+        }
+        if (handlers.length === 1) {
+            // Single-subscriber fast path — the fanout entry is the bound
+            // method itself, eliminating per-visit closure overhead.
+            fanout[name] = handlers[0];
+        }
+        else {
+            const arr = handlers;
+            const len = arr.length;
+            fanout[name] = function (node) {
+                for (let i = 0; i < len; i++)
+                    arr[i](node);
+            };
+        }
+    }
+    return fanout;
+}
+/**
+ * Enumerate visitor method names declared on a detector instance. Walks
+ * the prototype chain (so visitor methods declared on the detector class
+ * are picked up) plus any instance-own properties (some detectors are
+ * built with `Object.assign(new D(), { ... })`). Lifecycle methods
+ * (`setFile`, `getFindings`, `scanAst`) are filtered out, and the
+ * remaining set is restricted to:
+ *   - names beginning with an uppercase letter (AST node-type events,
+ *     including the `:exit` and `_post` suffix forms), or
+ *   - the two known special hook names the solc walker fires.
+ */
+function collectVisitorMethodNames(detector) {
+    const names = new Set();
+    let proto = Object.getPrototypeOf(detector);
+    while (proto && proto !== Object.prototype) {
+        for (const name of Object.getOwnPropertyNames(proto)) {
+            if (types_1.LIFECYCLE_METHOD_NAMES.has(name))
+                continue;
+            if (isVisitorEventName(name))
+                names.add(name);
+        }
+        proto = Object.getPrototypeOf(proto);
+    }
+    for (const name of Object.getOwnPropertyNames(detector)) {
+        if (types_1.LIFECYCLE_METHOD_NAMES.has(name))
+            continue;
+        if (isVisitorEventName(name))
+            names.add(name);
+    }
+    return [...names];
+}
+function hasVisitorMethods(detector) {
+    return collectVisitorMethodNames(detector).length > 0;
+}
+function isVisitorEventName(name) {
+    if (types_1.SPECIAL_HOOK_NAMES.has(name))
+        return true;
+    // AST node types start with an uppercase letter. The `:exit` and
+    // `_post` post-hook forms inherit that property.
+    const first = name.charCodeAt(0);
+    return first >= 0x41 && first <= 0x5a;
+}
+function getAstKind(ast) {
+    if (!ast)
+        return null;
+    if (typeof ast?.type === 'string')
+        return 'parser';
+    if (typeof ast?.nodeType === 'string')
+        return 'solc';
+    if (ast && typeof ast === 'object' && Object.keys(ast).length === 0)
+        return null;
+    throw new Error("scanAst: unrecognized AST shape (expected root with 'type' for @solidity-parser/parser or 'nodeType' for solc compact JSON)");
+}
+//# sourceMappingURL=registry-engine.js.map