@triedotdev/mcp 1.0.167 → 1.0.169

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/README.md +64 -27
  2. package/dist/{chunk-YDHUCDHM.js → chunk-3XR6WVAW.js} +8 -8
  3. package/dist/{chunk-4MXH2ZPT.js → chunk-7IO4YUI3.js} +8 -8
  4. package/dist/{chunk-7WITSO22.js → chunk-AHD2CBQ7.js} +77 -55
  5. package/dist/chunk-AHD2CBQ7.js.map +1 -0
  6. package/dist/{chunk-575YT2SD.js → chunk-BUTOP5EB.js} +195 -1
  7. package/dist/chunk-BUTOP5EB.js.map +1 -0
  8. package/dist/{chunk-MRHKX5M5.js → chunk-FBNURWRY.js} +3 -3
  9. package/dist/{chunk-YZ6Y2H3P.js → chunk-FVRO5RN3.js} +66 -49
  10. package/dist/chunk-FVRO5RN3.js.map +1 -0
  11. package/dist/{chunk-5BRRRTN6.js → chunk-G3I7SZLW.js} +4 -4
  12. package/dist/{chunk-XTFWT2XM.js → chunk-I2O5OYQT.js} +2 -2
  13. package/dist/{chunk-XE6KQRKZ.js → chunk-KCUOWRPX.js} +2 -2
  14. package/dist/{chunk-LQIMKE3P.js → chunk-SASNMSB5.js} +106 -33
  15. package/dist/{chunk-LQIMKE3P.js.map → chunk-SASNMSB5.js.map} +1 -1
  16. package/dist/cli/main.js +7 -9
  17. package/dist/cli/main.js.map +1 -1
  18. package/dist/cli/yolo-daemon.js +10 -12
  19. package/dist/cli/yolo-daemon.js.map +1 -1
  20. package/dist/{fast-analyzer-XXYMOXRK.js → fast-analyzer-3GCCZMLK.js} +3 -3
  21. package/dist/{goal-manager-YOB7VWK7.js → goal-manager-QUKX2W6C.js} +3 -3
  22. package/dist/{goal-validator-ULKIBDPX.js → goal-validator-2SFSKKVU.js} +3 -3
  23. package/dist/{hypothesis-7BFFT5JY.js → hypothesis-KCPBR652.js} +3 -3
  24. package/dist/index.js +11 -13
  25. package/dist/index.js.map +1 -1
  26. package/dist/{issue-store-ZIRP23EP.js → issue-store-YAXTNRRY.js} +2 -2
  27. package/dist/server/mcp-server.js +11 -13
  28. package/dist/{tiered-storage-Z3YCR465.js → tiered-storage-DYNC5CQ6.js} +3 -2
  29. package/dist/{trie-agent-3YDPEGHJ.js → trie-agent-I3HAHY2G.js} +7 -9
  30. package/dist/{chunk-OMR4YCBS.js → vibe-code-signatures-5ZULYP3D.js} +4 -4
  31. package/dist/{chunk-OMR4YCBS.js.map → vibe-code-signatures-5ZULYP3D.js.map} +1 -1
  32. package/dist/{chunk-SY6KQG44.js → vulnerability-signatures-2URZSXAQ.js} +5 -5
  33. package/dist/{chunk-SY6KQG44.js.map → vulnerability-signatures-2URZSXAQ.js.map} +1 -1
  34. package/package.json +1 -1
  35. package/dist/chunk-575YT2SD.js.map +0 -1
  36. package/dist/chunk-7WITSO22.js.map +0 -1
  37. package/dist/chunk-YZ6Y2H3P.js.map +0 -1
  38. package/dist/vibe-code-signatures-F6URTBW3.js +0 -16
  39. package/dist/vibe-code-signatures-F6URTBW3.js.map +0 -1
  40. package/dist/vulnerability-signatures-T7SKHORW.js +0 -18
  41. package/dist/vulnerability-signatures-T7SKHORW.js.map +0 -1
  42. /package/dist/{chunk-YDHUCDHM.js.map → chunk-3XR6WVAW.js.map} +0 -0
  43. /package/dist/{chunk-4MXH2ZPT.js.map → chunk-7IO4YUI3.js.map} +0 -0
  44. /package/dist/{chunk-MRHKX5M5.js.map → chunk-FBNURWRY.js.map} +0 -0
  45. /package/dist/{chunk-5BRRRTN6.js.map → chunk-G3I7SZLW.js.map} +0 -0
  46. /package/dist/{chunk-XTFWT2XM.js.map → chunk-I2O5OYQT.js.map} +0 -0
  47. /package/dist/{chunk-XE6KQRKZ.js.map → chunk-KCUOWRPX.js.map} +0 -0
  48. /package/dist/{fast-analyzer-XXYMOXRK.js.map → fast-analyzer-3GCCZMLK.js.map} +0 -0
  49. /package/dist/{goal-manager-YOB7VWK7.js.map → goal-manager-QUKX2W6C.js.map} +0 -0
  50. /package/dist/{goal-validator-ULKIBDPX.js.map → goal-validator-2SFSKKVU.js.map} +0 -0
  51. /package/dist/{hypothesis-7BFFT5JY.js.map → hypothesis-KCPBR652.js.map} +0 -0
  52. /package/dist/{issue-store-ZIRP23EP.js.map → issue-store-YAXTNRRY.js.map} +0 -0
  53. /package/dist/{tiered-storage-Z3YCR465.js.map → tiered-storage-DYNC5CQ6.js.map} +0 -0
  54. /package/dist/{trie-agent-3YDPEGHJ.js.map → trie-agent-I3HAHY2G.js.map} +0 -0
package/dist/{chunk-OMR4YCBS.js.map → vibe-code-signatures-5ZULYP3D.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/trie/vibe-code-signatures.ts"],"sourcesContent":["/**\n * Vibe Code Signatures\n * \n * Patterns commonly found in AI-generated and \"vibe coded\" projects.\n * These are issues that non-technical users encounter when using\n * AI tools like Cursor, v0, Lovable, Bolt, Replit, etc.\n * \n * Research sources:\n * - Reddit r/vibecoding (~130k members) - Andrej Karpathy's vibe coding movement\n * - Reddit r/ClaudeAI (~431k members) - Claude usage patterns\n * - Reddit r/cursor - Cursor IDE specific issues\n * - vibecodingwiki.com - Community documentation\n * - Twitter/X discussions on AI coding\n * \n * \"Vibe coding\" (coined by Andrej Karpathy, Feb 2025):\n * AI-assisted development where you describe tasks to LLMs and they generate code.\n * Focus on iterative experimentation over code correctness.\n * \n * Common issues we detect:\n * - Massive single files (1000+ line App.jsx - THE classic vibe code smell)\n * - API keys exposed in frontend (NEXT_PUBLIC_, VITE_, etc.)\n * - No error handling on fetch/axios calls\n * - No loading states (blank screens while data loads)\n * - No empty states (nothing shown when no data)\n * - Hardcoded localhost URLs that break in production\n * - Console.log debugging left everywhere\n * - TypeScript 'any' used to silence all type errors\n * - useEffect misuse (async useEffect, missing deps)\n * - No input validation on req.body\n * - Database calls directly in React components\n * - Copy-paste duplication instead of components\n * - @ts-ignore and eslint-disable to hide problems\n */\n\nimport { AhoCorasick, PatternMetadata } from './trie.js';\nimport { isInteractiveMode } from '../utils/progress.js';\n\nexport interface VibeCodeMatch {\n pattern: string;\n line: number;\n column: number;\n severity: 'critical' | 'serious' | 'moderate' | 'low';\n category: string;\n description: string;\n commonMistake: string;\n fix: string;\n learnMore?: string;\n}\n\n/**\n * Vibe code anti-patterns - things AI often generates wrong\n */\nconst VIBE_CODE_PATTERNS: Array<{\n pattern: string;\n metadata: PatternMetadata & { commonMistake: string; learnMore?: string };\n}> = [\n // ============================================\n // CRITICAL: Security issues AI often creates\n // ============================================\n {\n pattern: 'NEXT_PUBLIC_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Environment variable exposed to browser',\n commonMistake: 'AI puts API keys in NEXT_PUBLIC_ variables, exposing them to users',\n fix: 'Only NEXT_PUBLIC_ for non-sensitive data. Move secrets to server-side API routes',\n learnMore: 'https://nextjs.org/docs/basic-features/environment-variables',\n },\n },\n {\n pattern: 'VITE_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Environment variable exposed to browser',\n commonMistake: 'AI puts API keys in VITE_ variables, exposing them to users',\n fix: 'Only VITE_ for non-sensitive data. Create a backend API to hide secrets',\n learnMore: 'https://vitejs.dev/guide/env-and-mode.html',\n },\n },\n {\n pattern: 'REACT_APP_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Environment variable exposed to browser',\n commonMistake: 'AI puts sensitive keys in REACT_APP_ making them visible in bundle',\n fix: 'Never put secrets in REACT_APP_. Use a backend proxy for API calls',\n },\n },\n {\n pattern: '\"sk-',\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'OpenAI API key pattern detected in string',\n commonMistake: 'AI generates code with OpenAI key in frontend - anyone can steal it!',\n fix: 'NEVER put sk- keys in frontend. Create /api/chat endpoint on server',\n },\n },\n {\n pattern: \"'sk-\",\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'OpenAI API key pattern detected in string',\n commonMistake: 'AI generates code with OpenAI key in frontend - anyone can steal it!',\n fix: 'NEVER put sk- keys in frontend. Create /api/chat endpoint on server',\n },\n },\n {\n pattern: '`sk-',\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'OpenAI API key pattern detected in template',\n commonMistake: 'AI generates code with OpenAI key in frontend - anyone can steal it!',\n fix: 'NEVER put sk- keys in frontend. Create /api/chat endpoint on server',\n },\n },\n {\n pattern: 'sk_live_',\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'Stripe live secret key detected',\n commonMistake: 'Stripe secret key in frontend = attackers can charge your account',\n fix: 'Use Stripe.js with publishable key only. Secret key stays on server',\n },\n },\n {\n pattern: 'sk_test_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Stripe test secret key in code',\n commonMistake: 'Even test keys shouldnt be in frontend - bad habit',\n fix: 'Move to environment variables on server side',\n },\n },\n\n // ============================================\n // SERIOUS: Giant file anti-patterns\n // ============================================\n {\n pattern: 'function App()',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'giant-file',\n description: 'Main App component - check file size',\n commonMistake: 'AI puts EVERYTHING in App.jsx - 1000+ lines, impossible to maintain',\n fix: 'Split into components: Header, Sidebar, MainContent, Footer, etc.',\n },\n },\n {\n pattern: 'export default function Home',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'giant-file',\n description: 'Next.js page component - check file size',\n commonMistake: 'AI dumps entire page logic in one file including API calls',\n fix: 'Extract components to /components, hooks to /hooks, API to /lib',\n },\n },\n {\n pattern: 'useState(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'state-management',\n description: 'useState hook - check if overused',\n commonMistake: 'AI creates 20+ useState calls in one component instead of useReducer',\n fix: 'Group related state with useReducer or create custom hooks',\n },\n },\n\n // ============================================\n // No error handling\n // ============================================\n {\n pattern: 'fetch(',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-error-handling',\n description: 'fetch call - verify error handling exists',\n commonMistake: 'AI generates fetch() without try/catch or .catch() - app crashes on network error',\n fix: 'Wrap in try/catch, add loading state, show error message to user',\n },\n },\n {\n pattern: 'axios.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-error-handling',\n description: 'axios call - verify error handling exists',\n commonMistake: 'AI uses axios without error handling or loading states',\n fix: 'Add try/catch, loading state, and user-friendly error messages',\n },\n },\n {\n pattern: '.then(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'no-error-handling',\n description: 'Promise chain - check for .catch()',\n commonMistake: 'AI chains .then() without .catch() - silent failures',\n fix: 'Always add .catch() or use async/await with try/catch',\n },\n },\n {\n pattern: 'await ',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'no-error-handling',\n description: 'await - verify try/catch exists',\n commonMistake: 'AI uses await without try/catch wrapper',\n fix: 'Wrap async operations in try/catch blocks',\n },\n },\n\n // ============================================\n // Missing loading/empty states\n // ============================================\n {\n pattern: 'isLoading',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'loading-state',\n description: 'Loading state exists - good!',\n commonMistake: 'This is actually good! Just verify its being used',\n fix: 'Make sure to show spinner/skeleton while isLoading is true',\n },\n },\n {\n pattern: 'loading ?',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'loading-state',\n description: 'Conditional loading render',\n commonMistake: 'AI sometimes forgets the else case for loading',\n fix: 'Show meaningful loading UI, not just null',\n },\n },\n {\n pattern: '{data &&',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'empty-state',\n description: 'Conditional data render',\n commonMistake: 'AI checks if data exists but no UI for when its missing',\n fix: 'Add empty state: \"No items found\" or call-to-action',\n },\n },\n {\n pattern: '{data?.map(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'empty-state',\n description: 'Optional chaining on map',\n commonMistake: 'Shows nothing when data is empty - confusing for users',\n fix: 'Check data.length and show \"No items yet\" message',\n },\n },\n\n // ============================================\n // Hardcoded values\n // ============================================\n {\n pattern: 'localhost:',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'hardcoded',\n description: 'Hardcoded localhost URL',\n commonMistake: 'AI hardcodes localhost:3000 URLs - breaks in production',\n fix: 'Use environment variable: process.env.NEXT_PUBLIC_API_URL',\n },\n },\n {\n pattern: 'http://localhost',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'hardcoded',\n description: 'Hardcoded localhost URL',\n commonMistake: 'Works locally, fails when deployed',\n fix: 'Use relative URLs (/api/...) or environment variables',\n },\n },\n {\n pattern: '127.0.0.1',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'hardcoded',\n description: 'Hardcoded localhost IP',\n commonMistake: 'Hardcoded local IP wont work in production',\n fix: 'Use environment variables for all URLs',\n },\n },\n\n // ============================================\n // Copy-paste code smells\n // ============================================\n {\n pattern: 'TODO',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'incomplete',\n description: 'TODO comment left behind',\n commonMistake: 'AI leaves TODO comments that never get done',\n fix: 'Either implement the TODO or remove it',\n },\n },\n {\n pattern: 'FIXME',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'incomplete',\n description: 'FIXME comment - known issue',\n commonMistake: 'AI acknowledges a problem but doesnt fix it',\n fix: 'Actually fix the issue or create a GitHub issue to track it',\n },\n },\n {\n pattern: '// eslint-disable',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'ESLint rule disabled',\n commonMistake: 'AI disables linter instead of fixing the actual problem',\n fix: 'Fix the underlying issue, dont silence the linter',\n },\n },\n {\n pattern: '@ts-ignore',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'TypeScript error ignored',\n commonMistake: 'AI uses @ts-ignore to hide type errors instead of fixing them',\n fix: 'Fix the type error properly or use @ts-expect-error with explanation',\n },\n },\n {\n pattern: '@ts-nocheck',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'code-smell',\n description: 'TypeScript checking disabled for entire file',\n commonMistake: 'AI disables all type checking - defeats the purpose of TypeScript',\n fix: 'Remove @ts-nocheck and fix type errors one by one',\n },\n },\n {\n pattern: ': any',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'any type used',\n commonMistake: 'AI uses \"any\" to avoid writing proper types',\n fix: 'Define proper interfaces/types for your data',\n },\n },\n {\n pattern: 'as any',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'Type assertion to any',\n commonMistake: 'AI casts to \"any\" to silence type errors',\n fix: 'Use proper type narrowing or define correct types',\n },\n },\n\n // ============================================\n // Debug code left in\n // ============================================\n {\n pattern: 'console.log(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'debug-code',\n description: 'console.log left in code',\n commonMistake: 'AI adds console.log for debugging, forgets to remove',\n fix: 'Remove before production or use proper logging library',\n },\n },\n {\n pattern: 'console.error(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'debug-code',\n description: 'console.error in code',\n commonMistake: 'Error logging is fine but should use proper error tracking',\n fix: 'Consider using Sentry, LogRocket, or similar for production',\n },\n },\n {\n pattern: 'debugger',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'debug-code',\n description: 'debugger statement left in code',\n commonMistake: 'AI leaves debugger statements - freezes browser in production!',\n fix: 'Remove all debugger statements before deploying',\n },\n },\n\n // ============================================\n // Bad practices specific to frameworks\n // ============================================\n {\n pattern: 'useEffect(() => {',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'react-antipattern',\n description: 'useEffect usage - verify necessity',\n commonMistake: 'AI overuses useEffect for things that dont need it',\n fix: 'Consider: Is this really a side effect? Could use useMemo, derived state, or event handler instead?',\n learnMore: 'https://react.dev/learn/you-might-not-need-an-effect',\n },\n },\n {\n pattern: 'useEffect(async',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'react-antipattern',\n description: 'async useEffect - incorrect pattern',\n commonMistake: 'AI makes useEffect async directly - causes warnings and bugs',\n fix: 'Define async function inside useEffect, then call it',\n },\n },\n {\n pattern: ', [])',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'react-antipattern',\n description: 'Empty dependency array',\n commonMistake: 'AI uses [] to \"fix\" useEffect warnings without understanding why',\n fix: 'Verify all dependencies are listed, or intentionally run once',\n },\n },\n {\n pattern: 'key={index}',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'react-antipattern',\n description: 'Array index used as key',\n commonMistake: 'AI uses array index as key - causes bugs with reordering/filtering',\n fix: 'Use unique identifier from data: key={item.id}',\n },\n },\n {\n pattern: 'key={i}',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'react-antipattern',\n description: 'Loop index used as key',\n commonMistake: 'Using loop index as key breaks React reconciliation',\n fix: 'Use unique identifier: key={item.id} or key={item.slug}',\n },\n },\n\n // ============================================\n // No input validation\n // ============================================\n {\n pattern: 'req.body.',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'no-validation',\n description: 'Request body accessed directly',\n commonMistake: 'AI trusts user input without validation - security risk!',\n fix: 'Validate with Zod, Yup, or joi before using req.body',\n },\n },\n {\n pattern: 'req.query.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-validation',\n description: 'Query param accessed directly',\n commonMistake: 'AI doesnt validate query parameters',\n fix: 'Validate and sanitize query parameters before use',\n },\n },\n {\n pattern: 'req.params.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-validation',\n description: 'URL param accessed directly',\n commonMistake: 'AI trusts URL parameters without validation',\n fix: 'Validate params (especially IDs) before database queries',\n },\n },\n\n // ============================================\n // Mixing concerns (DB in components)\n // ============================================\n {\n pattern: 'prisma.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'mixing-concerns',\n description: 'Prisma in component/page',\n commonMistake: 'AI puts database calls directly in React components',\n fix: 'Move to API routes, server actions, or /lib/db.ts',\n },\n },\n {\n pattern: 'mongoose.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'mixing-concerns',\n description: 'Mongoose in component',\n commonMistake: 'Database logic mixed with UI code',\n fix: 'Create separate /lib/db.ts or /services/ for data access',\n },\n },\n {\n pattern: 'supabase.',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'mixing-concerns',\n description: 'Supabase client usage',\n commonMistake: 'AI puts Supabase calls everywhere instead of centralizing',\n fix: 'Create /lib/supabase.ts with helper functions',\n },\n },\n\n // ============================================\n // Common AI oversights\n // ============================================\n {\n pattern: 'onClick={() =>',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'performance',\n description: 'Inline arrow function in onClick',\n commonMistake: 'AI creates new function on every render',\n fix: 'For simple cases its fine, but consider useCallback for expensive components',\n },\n },\n {\n pattern: 'style={{',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'performance',\n description: 'Inline style object',\n commonMistake: 'AI uses inline styles creating new objects every render',\n fix: 'Use CSS classes, Tailwind, or define styles outside component',\n },\n },\n {\n pattern: 'new Date()',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'dates',\n description: 'Date creation',\n commonMistake: 'AI uses new Date() without considering timezones',\n fix: 'Consider timezone handling, use date-fns or dayjs for complex date logic',\n },\n },\n\n // ============================================\n // Vibe coding specific patterns (r/vibecoding)\n // ============================================\n {\n pattern: 'just works',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'Comment suggesting \"it just works\"',\n commonMistake: 'Classic vibe coding - accepting code without understanding it',\n fix: 'Take time to understand WHY it works, or it will break later',\n },\n },\n {\n pattern: 'idk why',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'vibe-smell',\n description: 'Comment admitting confusion',\n commonMistake: 'AI generated something you dont understand - tech debt waiting to happen',\n fix: 'Ask the AI to explain what this code does and why',\n },\n },\n {\n pattern: 'dont touch',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'vibe-smell',\n description: 'Warning comment about fragile code',\n commonMistake: 'Code that \"works but nobody knows how\" - very fragile',\n fix: 'Refactor this section or at least document what it does',\n },\n },\n {\n pattern: '// ai generated',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'AI generated code marker',\n commonMistake: 'At least you labeled it! But did you review it?',\n fix: 'Review AI-generated code for security issues and edge cases',\n },\n },\n {\n pattern: '// cursor',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'Cursor-generated code marker',\n commonMistake: 'Marked as Cursor-generated - make sure to review',\n fix: 'Verify the logic is correct and handles errors properly',\n },\n },\n {\n pattern: '// copilot',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'Copilot-generated code marker',\n commonMistake: 'Copilot suggestion accepted without review',\n fix: 'Always review Copilot suggestions for correctness',\n },\n },\n\n // ============================================\n // Deployment/Production issues\n // ============================================\n {\n pattern: 'npm run dev',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'deployment',\n description: 'Dev script reference',\n commonMistake: 'Make sure you also have build and start scripts for production',\n fix: 'Verify you can run: npm run build && npm start',\n },\n },\n {\n pattern: 'development',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'deployment',\n description: 'Development mode reference',\n commonMistake: 'Ensure dev-only code doesnt run in production',\n fix: 'Check NODE_ENV and use proper environment detection',\n },\n },\n {\n pattern: '.env.local',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'deployment',\n description: 'Local env file reference',\n commonMistake: 'Local env works, but did you set up production env vars?',\n fix: 'Set up environment variables in your deployment platform',\n },\n },\n\n // ============================================\n // Common LLM hallucination patterns\n // ============================================\n {\n pattern: 'import { something }',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'hallucination',\n description: 'Named import - verify it exists',\n commonMistake: 'AI sometimes imports functions that dont exist in the library',\n fix: 'If you get \"X is not exported\" error, check library docs',\n },\n },\n {\n pattern: 'v3',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'hallucination',\n description: 'Version number in code',\n commonMistake: 'AI may use outdated API patterns from old library versions',\n fix: 'Check you are using the correct API for your installed version',\n },\n },\n\n // ============================================\n // Quick prototyping shortcuts that become problems\n // ============================================\n {\n pattern: 'setTimeout(',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'timing-hack',\n description: 'setTimeout usage',\n commonMistake: 'AI uses setTimeout to \"fix\" race conditions instead of proper async',\n fix: 'Use proper async/await, promises, or state management instead',\n },\n },\n {\n pattern: 'sleep(',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'timing-hack',\n description: 'Sleep function usage',\n commonMistake: 'Artificial delays hide real timing issues',\n fix: 'Fix the underlying race condition instead of adding delays',\n },\n },\n {\n pattern: 'window.location.reload',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'hack',\n description: 'Page reload to \"fix\" state issues',\n commonMistake: 'AI reloads page instead of properly managing state',\n fix: 'Fix state management - reloading is bad UX',\n },\n },\n {\n pattern: 'force: true',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'hack',\n description: 'Force flag usage',\n commonMistake: 'AI uses force flags to bypass checks instead of fixing root cause',\n fix: 'Understand why the check exists before bypassing it',\n },\n },\n];\n\n/**\n * File-level checks (not pattern based, but size/structure based)\n */\nexport interface FileLevelIssue {\n file: string;\n issue: string;\n severity: 'critical' | 'serious' | 'moderate' | 'low';\n category: string;\n commonMistake: string;\n fix: string;\n}\n\nexport function checkFileLevelIssues(filePath: string, content: string): FileLevelIssue[] {\n const issues: FileLevelIssue[] = [];\n const lines = content.split('\\n');\n const lineCount = lines.length;\n const fileName = filePath.split('/').pop() || '';\n\n // Giant file check\n if (lineCount > 500) {\n issues.push({\n file: filePath,\n issue: `File has ${lineCount} lines - way too big!`,\n severity: lineCount > 1000 ? 'serious' : 'moderate',\n category: 'giant-file',\n commonMistake: 'AI dumps everything in one file. Reddit is FULL of posts about 2000 line App.jsx files',\n fix: `Split into smaller files. Rule of thumb: components < 200 lines, pages < 300 lines`,\n });\n }\n\n // Too many useState\n const useStateCount = (content.match(/useState\\(/g) || []).length;\n if (useStateCount > 10) {\n issues.push({\n file: filePath,\n issue: `${useStateCount} useState hooks in one component`,\n severity: useStateCount > 15 ? 'serious' : 'moderate',\n category: 'state-explosion',\n commonMistake: 'AI creates separate useState for every field instead of grouping',\n fix: 'Group related state into objects, or use useReducer for complex state',\n });\n }\n\n // Too many useEffect\n const useEffectCount = (content.match(/useEffect\\(/g) || []).length;\n if (useEffectCount > 5) {\n issues.push({\n file: filePath,\n issue: `${useEffectCount} useEffect hooks - probably too many`,\n severity: 'moderate',\n category: 'effect-hell',\n commonMistake: 'AI creates useEffect for everything. Most effects are unnecessary',\n fix: 'Review each useEffect - many can be replaced with event handlers or derived state',\n });\n }\n\n // Main file patterns\n if (/^(App|app|main|Main|index|page)\\.(jsx?|tsx?)$/.test(fileName) && lineCount > 300) {\n issues.push({\n file: filePath,\n issue: `Main entry file is ${lineCount} lines`,\n severity: 'serious',\n category: 'giant-main',\n commonMistake: 'Classic AI pattern: everything in App.jsx or page.tsx',\n fix: 'Extract: Header, Footer, Sidebar, MainContent as separate components',\n });\n }\n\n // No TypeScript types\n if (filePath.endsWith('.tsx') || filePath.endsWith('.ts')) {\n const anyCount = (content.match(/:\\s*any\\b/g) || []).length;\n if (anyCount > 5) {\n issues.push({\n file: filePath,\n issue: `${anyCount} uses of \"any\" type`,\n severity: 'moderate',\n category: 'weak-typing',\n commonMistake: 'AI uses \"any\" to avoid writing proper types',\n fix: 'Define interfaces for your data shapes. AI can help: \"Generate types for this data\"',\n });\n }\n }\n\n // Console.log density\n const consoleLogCount = (content.match(/console\\.(log|warn|error|debug)/g) || []).length;\n if (consoleLogCount > 10) {\n issues.push({\n file: filePath,\n issue: `${consoleLogCount} console statements - cleanup needed`,\n severity: 'low',\n category: 'debug-code',\n commonMistake: 'AI adds console.log for debugging, user never removes them',\n fix: 'Remove debug logs before deploying. Use proper error tracking for production.',\n });\n }\n\n return issues;\n}\n\n/**\n * Build the vibe code trie\n */\nlet vibeCodeTrie: AhoCorasick<PatternMetadata & { commonMistake: string }> | null = null;\n\nexport function getVibeCodeTrie(): AhoCorasick<PatternMetadata & { commonMistake: string }> {\n if (!vibeCodeTrie) {\n vibeCodeTrie = new AhoCorasick<PatternMetadata & { commonMistake: string }>();\n \n for (const { pattern, metadata } of VIBE_CODE_PATTERNS) {\n vibeCodeTrie.addPattern(pattern, metadata, metadata);\n }\n \n vibeCodeTrie.build();\n if (!isInteractiveMode()) {\n console.error(` Loaded ${VIBE_CODE_PATTERNS.length} vibe-code patterns into trie`);\n }\n }\n \n return vibeCodeTrie;\n}\n\n/**\n * Files/patterns to exclude from vibe code checks\n */\nconst VIBE_EXCLUDED_PATTERNS = [\n /package-lock\\.json$/,\n /yarn\\.lock$/,\n /pnpm-lock\\.yaml$/,\n /node_modules[\\/\\\\]/,\n /\\.min\\.[jt]s$/,\n /dist[\\/\\\\]/,\n /build[\\/\\\\]/,\n /\\.d\\.ts$/,\n /vulnerability-signatures\\.[jt]s$/, // CRITICAL: Never scan ourselves!\n /vibe-code-signatures\\.[jt]s$/, // Never scan signature files\n /legal\\.[jt]s$/, // Legal skill contains detection patterns\n /security-scanner\\.[jt]s$/, // Security scanner contains patterns\n /agent-smith\\.[jt]s$/, // Agent Smith contains patterns\n /security\\.[jt]s$/, // Security skill\n /privacy\\.[jt]s$/, // Privacy skill\n /soc2\\.[jt]s$/, // SOC2 skill\n /skills[\\/\\\\]built-in[\\/\\\\]/, // Never scan Trie's own skill implementations\n /skills[\\/\\\\].*\\.[jt]s$/, // Never scan any skills directory\n /trie-agents?[\\/\\\\]src[\\/\\\\]/, // Never scan Trie's source when installed as dependency\n /trie-agents?[\\/\\\\]dist[\\/\\\\]/, // Never scan Trie's dist when installed\n];\n\n/**\n * Check if a file should be excluded from vibe code scans\n */\nfunction shouldExcludeVibeFile(filePath: string): boolean {\n // Normalize path to use forward slashes for consistent matching\n const normalizedPath = filePath.replace(/\\\\/g, '/');\n \n // Check against exclusion patterns\n if (VIBE_EXCLUDED_PATTERNS.some(pattern => pattern.test(normalizedPath))) {\n return true;\n }\n \n // Also exclude files in Trie's source directories (handles both installed and development)\n if (normalizedPath.includes('trie') && normalizedPath.includes('/src/')) {\n return true;\n }\n \n // Exclude specific Trie scanner/skill files by filename (regardless of path)\n const fileName = normalizedPath.split('/').pop() || '';\n const TRIE_SCANNER_FILES = [\n 'vulnerability-signatures.ts', 'vulnerability-signatures.js',\n 'vibe-code-signatures.ts', 'vibe-code-signatures.js',\n 'legal.ts', 'legal.js',\n 'security-scanner.ts', 'security-scanner.js',\n 'agent-smith.ts', 'agent-smith.js',\n 'security.ts', 'security.js',\n 'privacy.ts', 'privacy.js',\n 'soc2.ts', 'soc2.js',\n ];\n if (TRIE_SCANNER_FILES.includes(fileName)) {\n // Only exclude if it looks like it's in a skills/trie directory\n if (normalizedPath.includes('/skills/') || normalizedPath.includes('/trie/')) {\n return true;\n }\n }\n \n return false;\n}\n\n/**\n * Check if line is a false positive for vibe patterns\n */\nfunction isVibeFalsePositive(line: string, pattern: string, filePath: string, category: string): boolean {\n const trimmedLine = line.trim();\n \n // Skip comments\n if (trimmedLine.startsWith('//') || \n trimmedLine.startsWith('*') || \n trimmedLine.startsWith('/*') ||\n trimmedLine.startsWith('#')) {\n return true;\n }\n \n // Skip type definitions\n if (/^\\s*(interface|type|export\\s+interface|export\\s+type)\\s/.test(line)) {\n return true;\n }\n \n // Skip when reading from environment\n if (/process\\.env|import\\.meta\\.env/.test(line)) {\n // Allow NEXT_PUBLIC_, VITE_, REACT_APP_ when reading env\n if (['exposed-secrets'].includes(category) && !/=\\s*['\"`]/.test(line)) {\n return true;\n }\n }\n \n // Pattern-specific false positive detection\n switch (pattern) {\n case 'console.log(':\n case 'console.error(':\n // Allow in development/debug files\n if (/debug|dev|development/i.test(filePath)) return true;\n // Allow console.error for error handling\n if (pattern === 'console.error(') return true;\n break;\n \n case 'useState(':\n // Low severity, only flag if excessive (handled by file-level checks)\n return true; // Don't flag individual useState\n \n case 'await ':\n // Very common, only flag if there's obvious missing try/catch\n // Let the file-level check handle this\n return true;\n \n case '.then(':\n // Only flag if no .catch in nearby context\n return true; // Too noisy, disable\n \n case 'TODO':\n case 'FIXME':\n // These are intentional markers, low priority\n break;\n \n case 'useEffect(() => {':\n // Very common, only flag excessive usage via file-level checks\n return true;\n \n case ', [])':\n // Common and often correct, disable as too noisy\n return true;\n \n case 'development':\n // Too generic\n return true;\n \n case 'import { something }':\n // Way too generic, disable\n return true;\n \n case 'v3':\n // Too generic\n return true;\n \n case 'new Date()':\n // Very common and usually fine\n return true;\n \n case 'style={{':\n case 'onClick={() =>':\n // Common patterns, not always a problem\n return true;\n }\n \n // Skip test files for most patterns\n if (/\\.(test|spec)\\.[jt]sx?$/.test(filePath) || /__tests__\\//.test(filePath)) {\n // Only keep critical patterns (exposed secrets) in test files\n if (!['exposed-secrets'].includes(category)) {\n return true;\n }\n }\n \n return false;\n}\n\n/**\n * Scan for vibe code issues\n */\nexport function scanForVibeCodeIssues(code: string, filePath: string): VibeCodeMatch[] {\n // Skip excluded files entirely\n if (shouldExcludeVibeFile(filePath)) {\n return [];\n }\n \n const trie = getVibeCodeTrie();\n const rawMatches = trie.search(code);\n const lines = code.split('\\n');\n \n const matches: VibeCodeMatch[] = [];\n const seen = new Set<string>();\n \n for (const match of rawMatches) {\n const key = `${match.line}:${match.pattern}`;\n if (seen.has(key)) continue;\n seen.add(key);\n \n const line = lines[match.line - 1] || '';\n const meta = match.metadata as any;\n const category = meta.category || 'unknown';\n \n // Check for false positives\n if (isVibeFalsePositive(line, match.pattern, filePath, category)) continue;\n \n matches.push({\n pattern: match.pattern,\n line: match.line,\n column: match.column,\n severity: meta.severity,\n category,\n description: meta.description || '',\n commonMistake: meta.commonMistake || '',\n fix: meta.fix || '',\n learnMore: meta.learnMore,\n });\n }\n \n return matches;\n}\n\n/**\n * Get vibe code pattern statistics\n */\nexport function getVibeCodeStats(): { total: number; byCategory: Record<string, number> } {\n const byCategory: Record<string, number> = {};\n \n for (const { metadata } of VIBE_CODE_PATTERNS) {\n const cat = metadata.category || 'unknown';\n byCategory[cat] = (byCategory[cat] || 0) + 1;\n }\n \n return {\n total: VIBE_CODE_PATTERNS.length,\n byCategory,\n };\n}\n\n"],"mappings":";;;;;;;;AAoDA,IAAM,qBAGD;AAAA;AAAA;AAAA;AAAA,EAIH;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,MACL,WAAW;AAAA,IACb;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,MACL,WAAW;AAAA,IACb;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,MACL,WAAW;AAAA,IACb;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AACF;AAcO,SAAS,qBAAqB,UAAkB,SAAmC;AACxF,QAAM,SAA2B,CAAC;AAClC,QAAM,QAAQ,QAAQ,MAAM,IAAI;AAChC,QAAM,YAAY,MAAM;AACxB,QAAM,WAAW,SAAS,MAAM,GAAG,EAAE,IAAI,KAAK;AAG9C,MAAI,YAAY,KAAK;AACnB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,YAAY,SAAS;AAAA,MAC5B,UAAU,YAAY,MAAO,YAAY;AAAA,MACzC,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,QAAM,iBAAiB,QAAQ,MAAM,aAAa,KAAK,CAAC,GAAG;AAC3D,MAAI,gBAAgB,IAAI;AACtB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,GAAG,aAAa;AAAA,MACvB,UAAU,gBAAgB,KAAK,YAAY;AAAA,MAC3C,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,QAAM,kBAAkB,QAAQ,MAAM,cAAc,KAAK,CAAC,GAAG;AAC7D,MAAI,iBAAiB,GAAG;AACtB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,GAAG,cAAc;AAAA,MACxB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,MAAI,gDAAgD,KAAK,QAAQ,KAAK,YAAY,KAAK;AACrF,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,sBAAsB,SAAS;AAAA,MACtC,UAAU;AAAA,MACV,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,MAAI,SAAS,SAAS,MAAM,KAAK,SAAS,SAAS,KAAK,GAAG;AACzD,UAAM,YAAY,QAAQ,MAAM,YAAY,KAAK,CAAC,GAAG;AACrD,QAAI,WAAW,GAAG;AAChB,aAAO,KAAK;AAAA,QACV,MAAM;AAAA,QACN,OAAO,GAAG,QAAQ;AAAA,QAClB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,eAAe;AAAA,QACf,KAAK;AAAA,MACP,CAAC;AAAA,IACH;AAAA,EACF;AAGA,QAAM,mBAAmB,QAAQ,MAAM,kCAAkC,KAAK,CAAC,GAAG;AAClF,MAAI,kBAAkB,IAAI;AACxB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,GAAG,eAAe;AAAA,MACzB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAKA,IAAI,eAAgF;AAE7E,SAAS,kBAA4E;AAC1F,MAAI,CAAC,cAAc;AACjB,mBAAe,IAAI,YAAyD;AAE5E,eAAW,EAAE,SAAS,SAAS,KAAK,oBAAoB;AACtD,mBAAa,WAAW,SAAS,UAAU,QAAQ;AAAA,IACrD;AAEA,iBAAa,MAAM;AACnB,QAAI,CAAC,kBAAkB,GAAG;AACxB,cAAQ,MAAM,aAAa,mBAAmB,MAAM,+BAA+B;AAAA,IACrF;AAAA,EACF;AAEA,SAAO;AACT;AAKA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKA,SAAS,sBAAsB,UAA2B;AAExD,QAAM,iBAAiB,SAAS,QAAQ,OAAO,GAAG;AAGlD,MAAI,uBAAuB,KAAK,aAAW,QAAQ,KAAK,cAAc,CAAC,GAAG;AACxE,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,SAAS,MAAM,KAAK,eAAe,SAAS,OAAO,GAAG;AACvE,WAAO;AAAA,EACT;AAGA,QAAM,WAAW,eAAe,MAAM,GAAG,EAAE,IAAI,KAAK;AACpD,QAAM,qBAAqB;AAAA,IACzB;AAAA,IAA+B;AAAA,IAC/B;AAAA,IAA2B;AAAA,IAC3B;AAAA,IAAY;AAAA,IACZ;AAAA,IAAuB;AAAA,IACvB;AAAA,IAAkB;AAAA,IAClB;AAAA,IAAe;AAAA,IACf;AAAA,IAAc;AAAA,IACd;AAAA,IAAW;AAAA,EACb;AACA,MAAI,mBAAmB,SAAS,QAAQ,GAAG;AAEzC,QAAI,eAAe,SAAS,UAAU,KAAK,eAAe,SAAS,QAAQ,GAAG;AAC5E,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,oBAAoB,MAAc,SAAiB,UAAkB,UAA2B;AACvG,QAAM,cAAc,KAAK,KAAK;AAG9B,MAAI,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,KAC1B,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,GAAG;AAC/B,WAAO;AAAA,EACT;AAGA,MAAI,0DAA0D,KAAK,IAAI,GAAG;AACxE,WAAO;AAAA,EACT;AAGA,MAAI,iCAAiC,KAAK,IAAI,GAAG;AAE/C,QAAI,CAAC,iBAAiB,EAAE,SAAS,QAAQ,KAAK,CAAC,YAAY,KAAK,IAAI,GAAG;AACrE,aAAO;AAAA,IACT;AAAA,EACF;AAGA,UAAQ,SAAS;AAAA,IACf,KAAK;AAAA,IACL,KAAK;AAEH,UAAI,yBAAyB,KAAK,QAAQ,EAAG,QAAO;AAEpD,UAAI,YAAY,iBAAkB,QAAO;AACzC;AAAA,IAEF,KAAK;AAEH,aAAO;AAAA;AAAA,IAET,KAAK;AAGH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA;AAAA,IAET,KAAK;AAAA,IACL,KAAK;AAEH;AAAA,IAEF,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAAA,IACL,KAAK;AAEH,aAAO;AAAA,EACX;AAGA,MAAI,0BAA0B,KAAK,QAAQ,KAAK,cAAc,KAAK,QAAQ,GAAG;AAE5E,QAAI,CAAC,CAAC,iBAAiB,EAAE,SAAS,QAAQ,GAAG;AAC3C,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,sBAAsB,MAAc,UAAmC;AAErF,MAAI,sBAAsB,QAAQ,GAAG;AACnC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,OAAO,gBAAgB;AAC7B,QAAM,aAAa,KAAK,OAAO,IAAI;AACnC,QAAM,QAAQ,KAAK,MAAM,IAAI;AAE7B,QAAM,UAA2B,CAAC;AAClC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,SAAS,YAAY;AAC9B,UAAM,MAAM,GAAG,MAAM,IAAI,IAAI,MAAM,OAAO;AAC1C,QAAI,KAAK,IAAI,GAAG,EAAG;AACnB,SAAK,IAAI,GAAG;AAEZ,UAAM,OAAO,MAAM,MAAM,OAAO,CAAC,KAAK;AACtC,UAAM,OAAO,MAAM;AACnB,UAAM,WAAW,KAAK,YAAY;AAGlC,QAAI,oBAAoB,MAAM,MAAM,SAAS,UAAU,QAAQ,EAAG;AAElE,YAAQ,KAAK;AAAA,MACX,SAAS,MAAM;AAAA,MACf,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,UAAU,KAAK;AAAA,MACf;AAAA,MACA,aAAa,KAAK,eAAe;AAAA,MACjC,eAAe,KAAK,iBAAiB;AAAA,MACrC,KAAK,KAAK,OAAO;AAAA,MACjB,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAKO,SAAS,mBAA0E;AACxF,QAAM,aAAqC,CAAC;AAE5C,aAAW,EAAE,SAAS,KAAK,oBAAoB;AAC7C,UAAM,MAAM,SAAS,YAAY;AACjC,eAAW,GAAG,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,EAC7C;AAEA,SAAO;AAAA,IACL,OAAO,mBAAmB;AAAA,IAC1B;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../src/trie/vibe-code-signatures.ts"],"sourcesContent":["/**\n * Vibe Code Signatures\n * \n * Patterns commonly found in AI-generated and \"vibe coded\" projects.\n * These are issues that non-technical users encounter when using\n * AI tools like Cursor, v0, Lovable, Bolt, Replit, etc.\n * \n * Research sources:\n * - Reddit r/vibecoding (~130k members) - Andrej Karpathy's vibe coding movement\n * - Reddit r/ClaudeAI (~431k members) - Claude usage patterns\n * - Reddit r/cursor - Cursor IDE specific issues\n * - vibecodingwiki.com - Community documentation\n * - Twitter/X discussions on AI coding\n * \n * \"Vibe coding\" (coined by Andrej Karpathy, Feb 2025):\n * AI-assisted development where you describe tasks to LLMs and they generate code.\n * Focus on iterative experimentation over code correctness.\n * \n * Common issues we detect:\n * - Massive single files (1000+ line App.jsx - THE classic vibe code smell)\n * - API keys exposed in frontend (NEXT_PUBLIC_, VITE_, etc.)\n * - No error handling on fetch/axios calls\n * - No loading states (blank screens while data loads)\n * - No empty states (nothing shown when no data)\n * - Hardcoded localhost URLs that break in production\n * - Console.log debugging left everywhere\n * - TypeScript 'any' used to silence all type errors\n * - useEffect misuse (async useEffect, missing deps)\n * - No input validation on req.body\n * - Database calls directly in React components\n * - Copy-paste duplication instead of components\n * - @ts-ignore and eslint-disable to hide problems\n */\n\nimport { AhoCorasick, PatternMetadata } from './trie.js';\nimport { isInteractiveMode } from '../utils/progress.js';\n\nexport interface VibeCodeMatch {\n pattern: string;\n line: number;\n column: number;\n severity: 'critical' | 'serious' | 'moderate' | 'low';\n category: string;\n description: string;\n commonMistake: string;\n fix: string;\n learnMore?: string;\n}\n\n/**\n * Vibe code anti-patterns - things AI often generates wrong\n */\nconst VIBE_CODE_PATTERNS: Array<{\n pattern: string;\n metadata: PatternMetadata & { commonMistake: string; learnMore?: string };\n}> = [\n // ============================================\n // CRITICAL: Security issues AI often creates\n // ============================================\n {\n pattern: 'NEXT_PUBLIC_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Environment variable exposed to browser',\n commonMistake: 'AI puts API keys in NEXT_PUBLIC_ variables, exposing them to users',\n fix: 'Only NEXT_PUBLIC_ for non-sensitive data. Move secrets to server-side API routes',\n learnMore: 'https://nextjs.org/docs/basic-features/environment-variables',\n },\n },\n {\n pattern: 'VITE_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Environment variable exposed to browser',\n commonMistake: 'AI puts API keys in VITE_ variables, exposing them to users',\n fix: 'Only VITE_ for non-sensitive data. Create a backend API to hide secrets',\n learnMore: 'https://vitejs.dev/guide/env-and-mode.html',\n },\n },\n {\n pattern: 'REACT_APP_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Environment variable exposed to browser',\n commonMistake: 'AI puts sensitive keys in REACT_APP_ making them visible in bundle',\n fix: 'Never put secrets in REACT_APP_. Use a backend proxy for API calls',\n },\n },\n {\n pattern: '\"sk-',\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'OpenAI API key pattern detected in string',\n commonMistake: 'AI generates code with OpenAI key in frontend - anyone can steal it!',\n fix: 'NEVER put sk- keys in frontend. Create /api/chat endpoint on server',\n },\n },\n {\n pattern: \"'sk-\",\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'OpenAI API key pattern detected in string',\n commonMistake: 'AI generates code with OpenAI key in frontend - anyone can steal it!',\n fix: 'NEVER put sk- keys in frontend. Create /api/chat endpoint on server',\n },\n },\n {\n pattern: '`sk-',\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'OpenAI API key pattern detected in template',\n commonMistake: 'AI generates code with OpenAI key in frontend - anyone can steal it!',\n fix: 'NEVER put sk- keys in frontend. Create /api/chat endpoint on server',\n },\n },\n {\n pattern: 'sk_live_',\n metadata: {\n type: 'pattern',\n severity: 'critical',\n category: 'exposed-secrets',\n description: 'Stripe live secret key detected',\n commonMistake: 'Stripe secret key in frontend = attackers can charge your account',\n fix: 'Use Stripe.js with publishable key only. Secret key stays on server',\n },\n },\n {\n pattern: 'sk_test_',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'exposed-secrets',\n description: 'Stripe test secret key in code',\n commonMistake: 'Even test keys shouldnt be in frontend - bad habit',\n fix: 'Move to environment variables on server side',\n },\n },\n\n // ============================================\n // SERIOUS: Giant file anti-patterns\n // ============================================\n {\n pattern: 'function App()',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'giant-file',\n description: 'Main App component - check file size',\n commonMistake: 'AI puts EVERYTHING in App.jsx - 1000+ lines, impossible to maintain',\n fix: 'Split into components: Header, Sidebar, MainContent, Footer, etc.',\n },\n },\n {\n pattern: 'export default function Home',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'giant-file',\n description: 'Next.js page component - check file size',\n commonMistake: 'AI dumps entire page logic in one file including API calls',\n fix: 'Extract components to /components, hooks to /hooks, API to /lib',\n },\n },\n {\n pattern: 'useState(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'state-management',\n description: 'useState hook - check if overused',\n commonMistake: 'AI creates 20+ useState calls in one component instead of useReducer',\n fix: 'Group related state with useReducer or create custom hooks',\n },\n },\n\n // ============================================\n // No error handling\n // ============================================\n {\n pattern: 'fetch(',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-error-handling',\n description: 'fetch call - verify error handling exists',\n commonMistake: 'AI generates fetch() without try/catch or .catch() - app crashes on network error',\n fix: 'Wrap in try/catch, add loading state, show error message to user',\n },\n },\n {\n pattern: 'axios.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-error-handling',\n description: 'axios call - verify error handling exists',\n commonMistake: 'AI uses axios without error handling or loading states',\n fix: 'Add try/catch, loading state, and user-friendly error messages',\n },\n },\n {\n pattern: '.then(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'no-error-handling',\n description: 'Promise chain - check for .catch()',\n commonMistake: 'AI chains .then() without .catch() - silent failures',\n fix: 'Always add .catch() or use async/await with try/catch',\n },\n },\n {\n pattern: 'await ',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'no-error-handling',\n description: 'await - verify try/catch exists',\n commonMistake: 'AI uses await without try/catch wrapper',\n fix: 'Wrap async operations in try/catch blocks',\n },\n },\n\n // ============================================\n // Missing loading/empty states\n // ============================================\n {\n pattern: 'isLoading',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'loading-state',\n description: 'Loading state exists - good!',\n commonMistake: 'This is actually good! Just verify its being used',\n fix: 'Make sure to show spinner/skeleton while isLoading is true',\n },\n },\n {\n pattern: 'loading ?',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'loading-state',\n description: 'Conditional loading render',\n commonMistake: 'AI sometimes forgets the else case for loading',\n fix: 'Show meaningful loading UI, not just null',\n },\n },\n {\n pattern: '{data &&',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'empty-state',\n description: 'Conditional data render',\n commonMistake: 'AI checks if data exists but no UI for when its missing',\n fix: 'Add empty state: \"No items found\" or call-to-action',\n },\n },\n {\n pattern: '{data?.map(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'empty-state',\n description: 'Optional chaining on map',\n commonMistake: 'Shows nothing when data is empty - confusing for users',\n fix: 'Check data.length and show \"No items yet\" message',\n },\n },\n\n // ============================================\n // Hardcoded values\n // ============================================\n {\n pattern: 'localhost:',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'hardcoded',\n description: 'Hardcoded localhost URL',\n commonMistake: 'AI hardcodes localhost:3000 URLs - breaks in production',\n fix: 'Use environment variable: process.env.NEXT_PUBLIC_API_URL',\n },\n },\n {\n pattern: 'http://localhost',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'hardcoded',\n description: 'Hardcoded localhost URL',\n commonMistake: 'Works locally, fails when deployed',\n fix: 'Use relative URLs (/api/...) or environment variables',\n },\n },\n {\n pattern: '127.0.0.1',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'hardcoded',\n description: 'Hardcoded localhost IP',\n commonMistake: 'Hardcoded local IP wont work in production',\n fix: 'Use environment variables for all URLs',\n },\n },\n\n // ============================================\n // Copy-paste code smells\n // ============================================\n {\n pattern: 'TODO',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'incomplete',\n description: 'TODO comment left behind',\n commonMistake: 'AI leaves TODO comments that never get done',\n fix: 'Either implement the TODO or remove it',\n },\n },\n {\n pattern: 'FIXME',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'incomplete',\n description: 'FIXME comment - known issue',\n commonMistake: 'AI acknowledges a problem but doesnt fix it',\n fix: 'Actually fix the issue or create a GitHub issue to track it',\n },\n },\n {\n pattern: '// eslint-disable',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'ESLint rule disabled',\n commonMistake: 'AI disables linter instead of fixing the actual problem',\n fix: 'Fix the underlying issue, dont silence the linter',\n },\n },\n {\n pattern: '@ts-ignore',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'TypeScript error ignored',\n commonMistake: 'AI uses @ts-ignore to hide type errors instead of fixing them',\n fix: 'Fix the type error properly or use @ts-expect-error with explanation',\n },\n },\n {\n pattern: '@ts-nocheck',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'code-smell',\n description: 'TypeScript checking disabled for entire file',\n commonMistake: 'AI disables all type checking - defeats the purpose of TypeScript',\n fix: 'Remove @ts-nocheck and fix type errors one by one',\n },\n },\n {\n pattern: ': any',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'any type used',\n commonMistake: 'AI uses \"any\" to avoid writing proper types',\n fix: 'Define proper interfaces/types for your data',\n },\n },\n {\n pattern: 'as any',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'code-smell',\n description: 'Type assertion to any',\n commonMistake: 'AI casts to \"any\" to silence type errors',\n fix: 'Use proper type narrowing or define correct types',\n },\n },\n\n // ============================================\n // Debug code left in\n // ============================================\n {\n pattern: 'console.log(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'debug-code',\n description: 'console.log left in code',\n commonMistake: 'AI adds console.log for debugging, forgets to remove',\n fix: 'Remove before production or use proper logging library',\n },\n },\n {\n pattern: 'console.error(',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'debug-code',\n description: 'console.error in code',\n commonMistake: 'Error logging is fine but should use proper error tracking',\n fix: 'Consider using Sentry, LogRocket, or similar for production',\n },\n },\n {\n pattern: 'debugger',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'debug-code',\n description: 'debugger statement left in code',\n commonMistake: 'AI leaves debugger statements - freezes browser in production!',\n fix: 'Remove all debugger statements before deploying',\n },\n },\n\n // ============================================\n // Bad practices specific to frameworks\n // ============================================\n {\n pattern: 'useEffect(() => {',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'react-antipattern',\n description: 'useEffect usage - verify necessity',\n commonMistake: 'AI overuses useEffect for things that dont need it',\n fix: 'Consider: Is this really a side effect? Could use useMemo, derived state, or event handler instead?',\n learnMore: 'https://react.dev/learn/you-might-not-need-an-effect',\n },\n },\n {\n pattern: 'useEffect(async',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'react-antipattern',\n description: 'async useEffect - incorrect pattern',\n commonMistake: 'AI makes useEffect async directly - causes warnings and bugs',\n fix: 'Define async function inside useEffect, then call it',\n },\n },\n {\n pattern: ', [])',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'react-antipattern',\n description: 'Empty dependency array',\n commonMistake: 'AI uses [] to \"fix\" useEffect warnings without understanding why',\n fix: 'Verify all dependencies are listed, or intentionally run once',\n },\n },\n {\n pattern: 'key={index}',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'react-antipattern',\n description: 'Array index used as key',\n commonMistake: 'AI uses array index as key - causes bugs with reordering/filtering',\n fix: 'Use unique identifier from data: key={item.id}',\n },\n },\n {\n pattern: 'key={i}',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'react-antipattern',\n description: 'Loop index used as key',\n commonMistake: 'Using loop index as key breaks React reconciliation',\n fix: 'Use unique identifier: key={item.id} or key={item.slug}',\n },\n },\n\n // ============================================\n // No input validation\n // ============================================\n {\n pattern: 'req.body.',\n metadata: {\n type: 'pattern',\n severity: 'serious',\n category: 'no-validation',\n description: 'Request body accessed directly',\n commonMistake: 'AI trusts user input without validation - security risk!',\n fix: 'Validate with Zod, Yup, or joi before using req.body',\n },\n },\n {\n pattern: 'req.query.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-validation',\n description: 'Query param accessed directly',\n commonMistake: 'AI doesnt validate query parameters',\n fix: 'Validate and sanitize query parameters before use',\n },\n },\n {\n pattern: 'req.params.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'no-validation',\n description: 'URL param accessed directly',\n commonMistake: 'AI trusts URL parameters without validation',\n fix: 'Validate params (especially IDs) before database queries',\n },\n },\n\n // ============================================\n // Mixing concerns (DB in components)\n // ============================================\n {\n pattern: 'prisma.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'mixing-concerns',\n description: 'Prisma in component/page',\n commonMistake: 'AI puts database calls directly in React components',\n fix: 'Move to API routes, server actions, or /lib/db.ts',\n },\n },\n {\n pattern: 'mongoose.',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'mixing-concerns',\n description: 'Mongoose in component',\n commonMistake: 'Database logic mixed with UI code',\n fix: 'Create separate /lib/db.ts or /services/ for data access',\n },\n },\n {\n pattern: 'supabase.',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'mixing-concerns',\n description: 'Supabase client usage',\n commonMistake: 'AI puts Supabase calls everywhere instead of centralizing',\n fix: 'Create /lib/supabase.ts with helper functions',\n },\n },\n\n // ============================================\n // Common AI oversights\n // ============================================\n {\n pattern: 'onClick={() =>',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'performance',\n description: 'Inline arrow function in onClick',\n commonMistake: 'AI creates new function on every render',\n fix: 'For simple cases its fine, but consider useCallback for expensive components',\n },\n },\n {\n pattern: 'style={{',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'performance',\n description: 'Inline style object',\n commonMistake: 'AI uses inline styles creating new objects every render',\n fix: 'Use CSS classes, Tailwind, or define styles outside component',\n },\n },\n {\n pattern: 'new Date()',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'dates',\n description: 'Date creation',\n commonMistake: 'AI uses new Date() without considering timezones',\n fix: 'Consider timezone handling, use date-fns or dayjs for complex date logic',\n },\n },\n\n // ============================================\n // Vibe coding specific patterns (r/vibecoding)\n // ============================================\n {\n pattern: 'just works',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'Comment suggesting \"it just works\"',\n commonMistake: 'Classic vibe coding - accepting code without understanding it',\n fix: 'Take time to understand WHY it works, or it will break later',\n },\n },\n {\n pattern: 'idk why',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'vibe-smell',\n description: 'Comment admitting confusion',\n commonMistake: 'AI generated something you dont understand - tech debt waiting to happen',\n fix: 'Ask the AI to explain what this code does and why',\n },\n },\n {\n pattern: 'dont touch',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'vibe-smell',\n description: 'Warning comment about fragile code',\n commonMistake: 'Code that \"works but nobody knows how\" - very fragile',\n fix: 'Refactor this section or at least document what it does',\n },\n },\n {\n pattern: '// ai generated',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'AI generated code marker',\n commonMistake: 'At least you labeled it! But did you review it?',\n fix: 'Review AI-generated code for security issues and edge cases',\n },\n },\n {\n pattern: '// cursor',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'Cursor-generated code marker',\n commonMistake: 'Marked as Cursor-generated - make sure to review',\n fix: 'Verify the logic is correct and handles errors properly',\n },\n },\n {\n pattern: '// copilot',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'vibe-smell',\n description: 'Copilot-generated code marker',\n commonMistake: 'Copilot suggestion accepted without review',\n fix: 'Always review Copilot suggestions for correctness',\n },\n },\n\n // ============================================\n // Deployment/Production issues\n // ============================================\n {\n pattern: 'npm run dev',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'deployment',\n description: 'Dev script reference',\n commonMistake: 'Make sure you also have build and start scripts for production',\n fix: 'Verify you can run: npm run build && npm start',\n },\n },\n {\n pattern: 'development',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'deployment',\n description: 'Development mode reference',\n commonMistake: 'Ensure dev-only code doesnt run in production',\n fix: 'Check NODE_ENV and use proper environment detection',\n },\n },\n {\n pattern: '.env.local',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'deployment',\n description: 'Local env file reference',\n commonMistake: 'Local env works, but did you set up production env vars?',\n fix: 'Set up environment variables in your deployment platform',\n },\n },\n\n // ============================================\n // Common LLM hallucination patterns\n // ============================================\n {\n pattern: 'import { something }',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'hallucination',\n description: 'Named import - verify it exists',\n commonMistake: 'AI sometimes imports functions that dont exist in the library',\n fix: 'If you get \"X is not exported\" error, check library docs',\n },\n },\n {\n pattern: 'v3',\n metadata: {\n type: 'pattern',\n severity: 'low',\n category: 'hallucination',\n description: 'Version number in code',\n commonMistake: 'AI may use outdated API patterns from old library versions',\n fix: 'Check you are using the correct API for your installed version',\n },\n },\n\n // ============================================\n // Quick prototyping shortcuts that become problems\n // ============================================\n {\n pattern: 'setTimeout(',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'timing-hack',\n description: 'setTimeout usage',\n commonMistake: 'AI uses setTimeout to \"fix\" race conditions instead of proper async',\n fix: 'Use proper async/await, promises, or state management instead',\n },\n },\n {\n pattern: 'sleep(',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'timing-hack',\n description: 'Sleep function usage',\n commonMistake: 'Artificial delays hide real timing issues',\n fix: 'Fix the underlying race condition instead of adding delays',\n },\n },\n {\n pattern: 'window.location.reload',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'hack',\n description: 'Page reload to \"fix\" state issues',\n commonMistake: 'AI reloads page instead of properly managing state',\n fix: 'Fix state management - reloading is bad UX',\n },\n },\n {\n pattern: 'force: true',\n metadata: {\n type: 'pattern',\n severity: 'moderate',\n category: 'hack',\n description: 'Force flag usage',\n commonMistake: 'AI uses force flags to bypass checks instead of fixing root cause',\n fix: 'Understand why the check exists before bypassing it',\n },\n },\n];\n\n/**\n * File-level checks (not pattern based, but size/structure based)\n */\nexport interface FileLevelIssue {\n file: string;\n issue: string;\n severity: 'critical' | 'serious' | 'moderate' | 'low';\n category: string;\n commonMistake: string;\n fix: string;\n}\n\nexport function checkFileLevelIssues(filePath: string, content: string): FileLevelIssue[] {\n const issues: FileLevelIssue[] = [];\n const lines = content.split('\\n');\n const lineCount = lines.length;\n const fileName = filePath.split('/').pop() || '';\n\n // Giant file check\n if (lineCount > 500) {\n issues.push({\n file: filePath,\n issue: `File has ${lineCount} lines - way too big!`,\n severity: lineCount > 1000 ? 'serious' : 'moderate',\n category: 'giant-file',\n commonMistake: 'AI dumps everything in one file. Reddit is FULL of posts about 2000 line App.jsx files',\n fix: `Split into smaller files. Rule of thumb: components < 200 lines, pages < 300 lines`,\n });\n }\n\n // Too many useState\n const useStateCount = (content.match(/useState\\(/g) || []).length;\n if (useStateCount > 10) {\n issues.push({\n file: filePath,\n issue: `${useStateCount} useState hooks in one component`,\n severity: useStateCount > 15 ? 'serious' : 'moderate',\n category: 'state-explosion',\n commonMistake: 'AI creates separate useState for every field instead of grouping',\n fix: 'Group related state into objects, or use useReducer for complex state',\n });\n }\n\n // Too many useEffect\n const useEffectCount = (content.match(/useEffect\\(/g) || []).length;\n if (useEffectCount > 5) {\n issues.push({\n file: filePath,\n issue: `${useEffectCount} useEffect hooks - probably too many`,\n severity: 'moderate',\n category: 'effect-hell',\n commonMistake: 'AI creates useEffect for everything. Most effects are unnecessary',\n fix: 'Review each useEffect - many can be replaced with event handlers or derived state',\n });\n }\n\n // Main file patterns\n if (/^(App|app|main|Main|index|page)\\.(jsx?|tsx?)$/.test(fileName) && lineCount > 300) {\n issues.push({\n file: filePath,\n issue: `Main entry file is ${lineCount} lines`,\n severity: 'serious',\n category: 'giant-main',\n commonMistake: 'Classic AI pattern: everything in App.jsx or page.tsx',\n fix: 'Extract: Header, Footer, Sidebar, MainContent as separate components',\n });\n }\n\n // No TypeScript types\n if (filePath.endsWith('.tsx') || filePath.endsWith('.ts')) {\n const anyCount = (content.match(/:\\s*any\\b/g) || []).length;\n if (anyCount > 5) {\n issues.push({\n file: filePath,\n issue: `${anyCount} uses of \"any\" type`,\n severity: 'moderate',\n category: 'weak-typing',\n commonMistake: 'AI uses \"any\" to avoid writing proper types',\n fix: 'Define interfaces for your data shapes. AI can help: \"Generate types for this data\"',\n });\n }\n }\n\n // Console.log density\n const consoleLogCount = (content.match(/console\\.(log|warn|error|debug)/g) || []).length;\n if (consoleLogCount > 10) {\n issues.push({\n file: filePath,\n issue: `${consoleLogCount} console statements - cleanup needed`,\n severity: 'low',\n category: 'debug-code',\n commonMistake: 'AI adds console.log for debugging, user never removes them',\n fix: 'Remove debug logs before deploying. Use proper error tracking for production.',\n });\n }\n\n return issues;\n}\n\n/**\n * Build the vibe code trie\n */\nlet vibeCodeTrie: AhoCorasick<PatternMetadata & { commonMistake: string }> | null = null;\n\nexport function getVibeCodeTrie(): AhoCorasick<PatternMetadata & { commonMistake: string }> {\n if (!vibeCodeTrie) {\n vibeCodeTrie = new AhoCorasick<PatternMetadata & { commonMistake: string }>();\n \n for (const { pattern, metadata } of VIBE_CODE_PATTERNS) {\n vibeCodeTrie.addPattern(pattern, metadata, metadata);\n }\n \n vibeCodeTrie.build();\n if (!isInteractiveMode()) {\n console.error(` Loaded ${VIBE_CODE_PATTERNS.length} vibe-code patterns into trie`);\n }\n }\n \n return vibeCodeTrie;\n}\n\n/**\n * Files/patterns to exclude from vibe code checks\n */\nconst VIBE_EXCLUDED_PATTERNS = [\n /package-lock\\.json$/,\n /yarn\\.lock$/,\n /pnpm-lock\\.yaml$/,\n /node_modules[\\/\\\\]/,\n /\\.min\\.[jt]s$/,\n /dist[\\/\\\\]/,\n /build[\\/\\\\]/,\n /\\.d\\.ts$/,\n /vulnerability-signatures\\.[jt]s$/, // CRITICAL: Never scan ourselves!\n /vibe-code-signatures\\.[jt]s$/, // Never scan signature files\n /legal\\.[jt]s$/, // Legal skill contains detection patterns\n /security-scanner\\.[jt]s$/, // Security scanner contains patterns\n /agent-smith\\.[jt]s$/, // Agent Smith contains patterns\n /security\\.[jt]s$/, // Security skill\n /privacy\\.[jt]s$/, // Privacy skill\n /soc2\\.[jt]s$/, // SOC2 skill\n /skills[\\/\\\\]built-in[\\/\\\\]/, // Never scan Trie's own skill implementations\n /skills[\\/\\\\].*\\.[jt]s$/, // Never scan any skills directory\n /trie-agents?[\\/\\\\]src[\\/\\\\]/, // Never scan Trie's source when installed as dependency\n /trie-agents?[\\/\\\\]dist[\\/\\\\]/, // Never scan Trie's dist when installed\n];\n\n/**\n * Check if a file should be excluded from vibe code scans\n */\nfunction shouldExcludeVibeFile(filePath: string): boolean {\n // Normalize path to use forward slashes for consistent matching\n const normalizedPath = filePath.replace(/\\\\/g, '/');\n \n // Check against exclusion patterns\n if (VIBE_EXCLUDED_PATTERNS.some(pattern => pattern.test(normalizedPath))) {\n return true;\n }\n \n // Also exclude files in Trie's source directories (handles both installed and development)\n if (normalizedPath.includes('trie') && normalizedPath.includes('/src/')) {\n return true;\n }\n \n // Exclude specific Trie scanner/skill files by filename (regardless of path)\n const fileName = normalizedPath.split('/').pop() || '';\n const TRIE_SCANNER_FILES = [\n 'vulnerability-signatures.ts', 'vulnerability-signatures.js',\n 'vibe-code-signatures.ts', 'vibe-code-signatures.js',\n 'legal.ts', 'legal.js',\n 'security-scanner.ts', 'security-scanner.js',\n 'agent-smith.ts', 'agent-smith.js',\n 'security.ts', 'security.js',\n 'privacy.ts', 'privacy.js',\n 'soc2.ts', 'soc2.js',\n ];\n if (TRIE_SCANNER_FILES.includes(fileName)) {\n // Only exclude if it looks like it's in a skills/trie directory\n if (normalizedPath.includes('/skills/') || normalizedPath.includes('/trie/')) {\n return true;\n }\n }\n \n return false;\n}\n\n/**\n * Check if line is a false positive for vibe patterns\n */\nfunction isVibeFalsePositive(line: string, pattern: string, filePath: string, category: string): boolean {\n const trimmedLine = line.trim();\n \n // Skip comments\n if (trimmedLine.startsWith('//') || \n trimmedLine.startsWith('*') || \n trimmedLine.startsWith('/*') ||\n trimmedLine.startsWith('#')) {\n return true;\n }\n \n // Skip type definitions\n if (/^\\s*(interface|type|export\\s+interface|export\\s+type)\\s/.test(line)) {\n return true;\n }\n \n // Skip when reading from environment\n if (/process\\.env|import\\.meta\\.env/.test(line)) {\n // Allow NEXT_PUBLIC_, VITE_, REACT_APP_ when reading env\n if (['exposed-secrets'].includes(category) && !/=\\s*['\"`]/.test(line)) {\n return true;\n }\n }\n \n // Pattern-specific false positive detection\n switch (pattern) {\n case 'console.log(':\n case 'console.error(':\n // Allow in development/debug files\n if (/debug|dev|development/i.test(filePath)) return true;\n // Allow console.error for error handling\n if (pattern === 'console.error(') return true;\n break;\n \n case 'useState(':\n // Low severity, only flag if excessive (handled by file-level checks)\n return true; // Don't flag individual useState\n \n case 'await ':\n // Very common, only flag if there's obvious missing try/catch\n // Let the file-level check handle this\n return true;\n \n case '.then(':\n // Only flag if no .catch in nearby context\n return true; // Too noisy, disable\n \n case 'TODO':\n case 'FIXME':\n // These are intentional markers, low priority\n break;\n \n case 'useEffect(() => {':\n // Very common, only flag excessive usage via file-level checks\n return true;\n \n case ', [])':\n // Common and often correct, disable as too noisy\n return true;\n \n case 'development':\n // Too generic\n return true;\n \n case 'import { something }':\n // Way too generic, disable\n return true;\n \n case 'v3':\n // Too generic\n return true;\n \n case 'new Date()':\n // Very common and usually fine\n return true;\n \n case 'style={{':\n case 'onClick={() =>':\n // Common patterns, not always a problem\n return true;\n }\n \n // Skip test files for most patterns\n if (/\\.(test|spec)\\.[jt]sx?$/.test(filePath) || /__tests__\\//.test(filePath)) {\n // Only keep critical patterns (exposed secrets) in test files\n if (!['exposed-secrets'].includes(category)) {\n return true;\n }\n }\n \n return false;\n}\n\n/**\n * Scan for vibe code issues\n */\nexport function scanForVibeCodeIssues(code: string, filePath: string): VibeCodeMatch[] {\n // Skip excluded files entirely\n if (shouldExcludeVibeFile(filePath)) {\n return [];\n }\n \n const trie = getVibeCodeTrie();\n const rawMatches = trie.search(code);\n const lines = code.split('\\n');\n \n const matches: VibeCodeMatch[] = [];\n const seen = new Set<string>();\n \n for (const match of rawMatches) {\n const key = `${match.line}:${match.pattern}`;\n if (seen.has(key)) continue;\n seen.add(key);\n \n const line = lines[match.line - 1] || '';\n const meta = match.metadata as any;\n const category = meta.category || 'unknown';\n \n // Check for false positives\n if (isVibeFalsePositive(line, match.pattern, filePath, category)) continue;\n \n matches.push({\n pattern: match.pattern,\n line: match.line,\n column: match.column,\n severity: meta.severity,\n category,\n description: meta.description || '',\n commonMistake: meta.commonMistake || '',\n fix: meta.fix || '',\n learnMore: meta.learnMore,\n });\n }\n \n return matches;\n}\n\n/**\n * Get vibe code pattern statistics\n */\nexport function getVibeCodeStats(): { total: number; byCategory: Record<string, number> } {\n const byCategory: Record<string, number> = {};\n \n for (const { metadata } of VIBE_CODE_PATTERNS) {\n const cat = metadata.category || 'unknown';\n byCategory[cat] = (byCategory[cat] || 0) + 1;\n }\n \n return {\n total: VIBE_CODE_PATTERNS.length,\n byCategory,\n };\n}\n\n"],"mappings":";;;;;;;;;AAoDA,IAAM,qBAGD;AAAA;AAAA;AAAA;AAAA,EAIH;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,MACL,WAAW;AAAA,IACb;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,MACL,WAAW;AAAA,IACb;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,MACL,WAAW;AAAA,IACb;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,eAAe;AAAA,MACf,KAAK;AAAA,IACP;AAAA,EACF;AACF;AAcO,SAAS,qBAAqB,UAAkB,SAAmC;AACxF,QAAM,SAA2B,CAAC;AAClC,QAAM,QAAQ,QAAQ,MAAM,IAAI;AAChC,QAAM,YAAY,MAAM;AACxB,QAAM,WAAW,SAAS,MAAM,GAAG,EAAE,IAAI,KAAK;AAG9C,MAAI,YAAY,KAAK;AACnB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,YAAY,SAAS;AAAA,MAC5B,UAAU,YAAY,MAAO,YAAY;AAAA,MACzC,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,QAAM,iBAAiB,QAAQ,MAAM,aAAa,KAAK,CAAC,GAAG;AAC3D,MAAI,gBAAgB,IAAI;AACtB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,GAAG,aAAa;AAAA,MACvB,UAAU,gBAAgB,KAAK,YAAY;AAAA,MAC3C,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,QAAM,kBAAkB,QAAQ,MAAM,cAAc,KAAK,CAAC,GAAG;AAC7D,MAAI,iBAAiB,GAAG;AACtB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,GAAG,cAAc;AAAA,MACxB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,MAAI,gDAAgD,KAAK,QAAQ,KAAK,YAAY,KAAK;AACrF,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,sBAAsB,SAAS;AAAA,MACtC,UAAU;AAAA,MACV,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAGA,MAAI,SAAS,SAAS,MAAM,KAAK,SAAS,SAAS,KAAK,GAAG;AACzD,UAAM,YAAY,QAAQ,MAAM,YAAY,KAAK,CAAC,GAAG;AACrD,QAAI,WAAW,GAAG;AAChB,aAAO,KAAK;AAAA,QACV,MAAM;AAAA,QACN,OAAO,GAAG,QAAQ;AAAA,QAClB,UAAU;AAAA,QACV,UAAU;AAAA,QACV,eAAe;AAAA,QACf,KAAK;AAAA,MACP,CAAC;AAAA,IACH;AAAA,EACF;AAGA,QAAM,mBAAmB,QAAQ,MAAM,kCAAkC,KAAK,CAAC,GAAG;AAClF,MAAI,kBAAkB,IAAI;AACxB,WAAO,KAAK;AAAA,MACV,MAAM;AAAA,MACN,OAAO,GAAG,eAAe;AAAA,MACzB,UAAU;AAAA,MACV,UAAU;AAAA,MACV,eAAe;AAAA,MACf,KAAK;AAAA,IACP,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAKA,IAAI,eAAgF;AAE7E,SAAS,kBAA4E;AAC1F,MAAI,CAAC,cAAc;AACjB,mBAAe,IAAI,YAAyD;AAE5E,eAAW,EAAE,SAAS,SAAS,KAAK,oBAAoB;AACtD,mBAAa,WAAW,SAAS,UAAU,QAAQ;AAAA,IACrD;AAEA,iBAAa,MAAM;AACnB,QAAI,CAAC,kBAAkB,GAAG;AACxB,cAAQ,MAAM,aAAa,mBAAmB,MAAM,+BAA+B;AAAA,IACrF;AAAA,EACF;AAEA,SAAO;AACT;AAKA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKA,SAAS,sBAAsB,UAA2B;AAExD,QAAM,iBAAiB,SAAS,QAAQ,OAAO,GAAG;AAGlD,MAAI,uBAAuB,KAAK,aAAW,QAAQ,KAAK,cAAc,CAAC,GAAG;AACxE,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,SAAS,MAAM,KAAK,eAAe,SAAS,OAAO,GAAG;AACvE,WAAO;AAAA,EACT;AAGA,QAAM,WAAW,eAAe,MAAM,GAAG,EAAE,IAAI,KAAK;AACpD,QAAM,qBAAqB;AAAA,IACzB;AAAA,IAA+B;AAAA,IAC/B;AAAA,IAA2B;AAAA,IAC3B;AAAA,IAAY;AAAA,IACZ;AAAA,IAAuB;AAAA,IACvB;AAAA,IAAkB;AAAA,IAClB;AAAA,IAAe;AAAA,IACf;AAAA,IAAc;AAAA,IACd;AAAA,IAAW;AAAA,EACb;AACA,MAAI,mBAAmB,SAAS,QAAQ,GAAG;AAEzC,QAAI,eAAe,SAAS,UAAU,KAAK,eAAe,SAAS,QAAQ,GAAG;AAC5E,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKA,SAAS,oBAAoB,MAAc,SAAiB,UAAkB,UAA2B;AACvG,QAAM,cAAc,KAAK,KAAK;AAG9B,MAAI,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,KAC1B,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,GAAG;AAC/B,WAAO;AAAA,EACT;AAGA,MAAI,0DAA0D,KAAK,IAAI,GAAG;AACxE,WAAO;AAAA,EACT;AAGA,MAAI,iCAAiC,KAAK,IAAI,GAAG;AAE/C,QAAI,CAAC,iBAAiB,EAAE,SAAS,QAAQ,KAAK,CAAC,YAAY,KAAK,IAAI,GAAG;AACrE,aAAO;AAAA,IACT;AAAA,EACF;AAGA,UAAQ,SAAS;AAAA,IACf,KAAK;AAAA,IACL,KAAK;AAEH,UAAI,yBAAyB,KAAK,QAAQ,EAAG,QAAO;AAEpD,UAAI,YAAY,iBAAkB,QAAO;AACzC;AAAA,IAEF,KAAK;AAEH,aAAO;AAAA;AAAA,IAET,KAAK;AAGH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA;AAAA,IAET,KAAK;AAAA,IACL,KAAK;AAEH;AAAA,IAEF,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAEH,aAAO;AAAA,IAET,KAAK;AAAA,IACL,KAAK;AAEH,aAAO;AAAA,EACX;AAGA,MAAI,0BAA0B,KAAK,QAAQ,KAAK,cAAc,KAAK,QAAQ,GAAG;AAE5E,QAAI,CAAC,CAAC,iBAAiB,EAAE,SAAS,QAAQ,GAAG;AAC3C,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,sBAAsB,MAAc,UAAmC;AAErF,MAAI,sBAAsB,QAAQ,GAAG;AACnC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,OAAO,gBAAgB;AAC7B,QAAM,aAAa,KAAK,OAAO,IAAI;AACnC,QAAM,QAAQ,KAAK,MAAM,IAAI;AAE7B,QAAM,UAA2B,CAAC;AAClC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,SAAS,YAAY;AAC9B,UAAM,MAAM,GAAG,MAAM,IAAI,IAAI,MAAM,OAAO;AAC1C,QAAI,KAAK,IAAI,GAAG,EAAG;AACnB,SAAK,IAAI,GAAG;AAEZ,UAAM,OAAO,MAAM,MAAM,OAAO,CAAC,KAAK;AACtC,UAAM,OAAO,MAAM;AACnB,UAAM,WAAW,KAAK,YAAY;AAGlC,QAAI,oBAAoB,MAAM,MAAM,SAAS,UAAU,QAAQ,EAAG;AAElE,YAAQ,KAAK;AAAA,MACX,SAAS,MAAM;AAAA,MACf,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,UAAU,KAAK;AAAA,MACf;AAAA,MACA,aAAa,KAAK,eAAe;AAAA,MACjC,eAAe,KAAK,iBAAiB;AAAA,MACrC,KAAK,KAAK,OAAO;AAAA,MACjB,WAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAKO,SAAS,mBAA0E;AACxF,QAAM,aAAqC,CAAC;AAE5C,aAAW,EAAE,SAAS,KAAK,oBAAoB;AAC7C,UAAM,MAAM,SAAS,YAAY;AACjC,eAAW,GAAG,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,EAC7C;AAEA,SAAO;AAAA,IACL,OAAO,mBAAmB;AAAA,IAC1B;AAAA,EACF;AACF;","names":[]}
package/dist/{chunk-SY6KQG44.js → vulnerability-signatures-2URZSXAQ.js} RENAMED
@@ -4,6 +4,7 @@ import {
4
4
  import {
5
5
  isInteractiveMode
6
6
  } from "./chunk-KDHN2ZQE.js";
7
+ import "./chunk-DGUM43GV.js";
7
8
 
8
9
  // src/trie/vulnerability-signatures.ts
9
10
  var ALWAYS_EXCLUDED_FILES = [
@@ -972,12 +973,11 @@ function getVulnerabilityStats() {
972
973
  bySeverity
973
974
  };
974
975
  }
975
-
976
976
  export {
977
- shouldAlwaysExcludeFile,
978
- shouldExcludeFile,
977
+ getVulnerabilityStats,
979
978
  getVulnerabilityTrie,
980
979
  scanForVulnerabilities,
981
- getVulnerabilityStats
980
+ shouldAlwaysExcludeFile,
981
+ shouldExcludeFile
982
982
  };
983
- //# sourceMappingURL=chunk-SY6KQG44.js.map
983
+ //# sourceMappingURL=vulnerability-signatures-2URZSXAQ.js.map
package/dist/{chunk-SY6KQG44.js.map → vulnerability-signatures-2URZSXAQ.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/trie/vulnerability-signatures.ts"],"sourcesContent":["/**\n * Vulnerability Signature Database\n * \n * Pre-indexed security patterns using Aho-Corasick for O(n + z) scanning\n * where n = file size, z = number of matches.\n * \n * This is MUCH faster than running 100+ regex patterns on every file.\n * \n * IMPROVEMENTS (v2):\n * - Context-aware pattern matching to reduce false positives\n * - File path exclusions for test/lock files\n * - SQL injection detection only in SQL contexts\n * - Better secret detection avoiding package names/URLs\n */\n\nimport { AhoCorasick, PatternMetadata } from './trie.js';\nimport { isInteractiveMode } from '../utils/progress.js';\n\nexport interface VulnerabilityMatch {\n pattern: string;\n line: number;\n column: number;\n severity: 'critical' | 'serious' | 'moderate' | 'low';\n category: string;\n description: string;\n cwe?: string;\n fix: string;\n}\n\n/**\n * Files/patterns to ALWAYS exclude from scanning (never any false positives from these)\n */\nconst ALWAYS_EXCLUDED_FILES = [\n /vulnerability-signatures\\.[jt]s$/, // CRITICAL: Never scan ourselves!\n /vibe-code-signatures\\.[jt]s$/, // Never scan signature files\n /legal\\.[jt]s$/, // Legal skill contains detection patterns\n /security-scanner\\.[jt]s$/, // Security scanner contains patterns\n /agent-smith\\.[jt]s$/, // Agent Smith contains patterns\n /security\\.[jt]s$/, // Security skill\n /privacy\\.[jt]s$/, // Privacy skill\n /soc2\\.[jt]s$/, // SOC2 skill\n /skills[\\/\\\\]built-in[\\/\\\\]/, // Never scan Trie's own skill implementations\n /skills[\\/\\\\].*\\.[jt]s$/, // Never scan any skills directory\n /trie-agents?[\\/\\\\]src[\\/\\\\]/, // Never scan Trie's source when installed as dependency\n /trie-agents?[\\/\\\\]dist[\\/\\\\]/, // Never scan Trie's dist when installed\n /package-lock\\.json$/, // Lock files\n /yarn\\.lock$/,\n /pnpm-lock\\.yaml$/,\n /node_modules[\\/\\\\]/, // Dependencies\n /\\.d\\.ts$/, // Type definitions\n /\\.min\\.[jt]s$/, // Minified files\n /dist[\\/\\\\]/, // Build output\n /build[\\/\\\\]/,\n];\n\n/**\n * Files to exclude from non-critical checks (test files, examples, etc.)\n */\nconst EXCLUDED_FILE_PATTERNS = [\n /\\.test\\.[jt]sx?$/, // Test files\n /\\.spec\\.[jt]sx?$/, // Spec files\n /__tests__\\//, // Test directories\n /\\/test\\//, // test/ directory\n /\\/tests\\//, // tests/ directory\n /\\.stories\\.[jt]sx?$/, // Storybook files\n /\\.config\\.[jt]s$/, // Config files\n /example/i, // Example files\n /demo/i, // Demo files\n /fixture/i, // Test fixtures\n /mock/i, // Mock files\n];\n\n/**\n * Check if a file should be completely excluded from scanning\n */\nexport function shouldAlwaysExcludeFile(filePath: string): boolean {\n // Normalize path to use forward slashes for consistent matching\n const normalizedPath = filePath.replace(/\\\\/g, '/');\n \n // Check against exclusion patterns\n if (ALWAYS_EXCLUDED_FILES.some(pattern => pattern.test(normalizedPath))) {\n return true;\n }\n \n // Also exclude files in Trie's source directories (handles both installed and development)\n if (normalizedPath.includes('trie') && normalizedPath.includes('/src/')) {\n return true;\n }\n \n // Exclude specific Trie scanner/skill files by filename (regardless of path)\n const fileName = normalizedPath.split('/').pop() || '';\n const TRIE_SCANNER_FILES = [\n 'vulnerability-signatures.ts', 'vulnerability-signatures.js',\n 'vibe-code-signatures.ts', 'vibe-code-signatures.js',\n 'legal.ts', 'legal.js',\n 'security-scanner.ts', 'security-scanner.js',\n 'agent-smith.ts', 'agent-smith.js',\n 'security.ts', 'security.js',\n 'privacy.ts', 'privacy.js',\n 'soc2.ts', 'soc2.js',\n ];\n if (TRIE_SCANNER_FILES.includes(fileName)) {\n // Only exclude if it looks like it's in a skills/trie directory\n if (normalizedPath.includes('/skills/') || normalizedPath.includes('/trie/')) {\n return true;\n }\n }\n \n return false;\n}\n\n/**\n * Check if a file should be excluded from certain checks\n */\nexport function shouldExcludeFile(filePath: string, patternCategory: string): boolean {\n // CRITICAL: Always exclude signature files - never flag ourselves!\n if (shouldAlwaysExcludeFile(filePath)) {\n return true;\n }\n \n // For secrets in test files, we need extra context checking (done elsewhere)\n // Don't auto-exclude test files for secrets here, let isFalsePositive handle it\n if (patternCategory === 'secrets' || patternCategory === 'exposed-secrets') {\n return false;\n }\n \n // Exclude certain file types from non-critical checks\n return EXCLUDED_FILE_PATTERNS.some(pattern => pattern.test(filePath));\n}\n\n/**\n * SQL-related keywords that indicate a SQL context\n */\nconst SQL_CONTEXT_KEYWORDS = [\n 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'FROM', 'WHERE', 'JOIN',\n 'query', 'execute', 'sql', 'prisma', 'knex', 'sequelize',\n 'createQueryBuilder', 'rawQuery', '.raw('\n];\n\n/**\n * Check if a line is in a SQL context\n */\nfunction isInSQLContext(line: string, surroundingLines: string[]): boolean {\n const allContent = [line, ...surroundingLines].join(' ').toLowerCase();\n return SQL_CONTEXT_KEYWORDS.some(keyword => \n allContent.includes(keyword.toLowerCase())\n );\n}\n\n/**\n * Security vulnerability patterns organized by category\n */\nconst VULNERABILITY_PATTERNS: Array<{\n pattern: string;\n metadata: PatternMetadata;\n}> = [\n // ============================================\n // CRITICAL: Injection vulnerabilities\n // ============================================\n {\n pattern: 'eval(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'eval() can execute arbitrary code - potential RCE',\n cwe: 'CWE-95',\n fix: 'Use safer alternatives like JSON.parse() or a sandboxed interpreter',\n },\n },\n {\n pattern: 'new Function(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'new Function() can execute arbitrary code',\n cwe: 'CWE-95',\n fix: 'Avoid dynamic function creation from user input',\n },\n },\n {\n pattern: 'exec(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'Command execution - potential command injection',\n cwe: 'CWE-78',\n fix: 'Use parameterized commands and validate/sanitize all inputs',\n },\n },\n {\n pattern: 'execSync(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'Synchronous command execution - potential injection',\n cwe: 'CWE-78',\n fix: 'Use spawn with argument arrays instead of shell strings',\n },\n },\n {\n pattern: 'spawn(',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'injection',\n description: 'Process spawn - verify inputs are sanitized',\n cwe: 'CWE-78',\n fix: 'Use shell: false and pass arguments as array',\n },\n },\n {\n pattern: 'child_process',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'injection',\n description: 'Child process module - review for command injection',\n cwe: 'CWE-78',\n fix: 'Validate all inputs passed to child processes',\n },\n },\n\n // ============================================\n // CRITICAL: SQL Injection patterns\n // NOTE: ${} is NOT flagged here - we check SQL context in isFalsePositive\n // ============================================\n {\n pattern: 'SELECT * FROM',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw SQL query detected - verify parameterization',\n cwe: 'CWE-89',\n fix: 'Use ORM or parameterized queries',\n },\n },\n {\n pattern: 'INSERT INTO',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw SQL INSERT - verify parameterization',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries',\n },\n },\n {\n pattern: 'DELETE FROM',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw SQL DELETE - verify parameterization',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries',\n },\n },\n {\n pattern: '.raw(`',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'Raw query with template literal - high injection risk',\n cwe: 'CWE-89',\n fix: 'Avoid raw queries with interpolation or use proper escaping',\n },\n },\n {\n pattern: \".raw('\",\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw query method - verify for injection risk',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries instead of raw SQL',\n },\n },\n {\n pattern: '.raw(\"',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw query method - verify for injection risk',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries instead of raw SQL',\n },\n },\n {\n pattern: '`SELECT',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n {\n pattern: '`INSERT',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL INSERT in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n {\n pattern: '`UPDATE',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL UPDATE in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n {\n pattern: '`DELETE',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL DELETE in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n\n // ============================================\n // CRITICAL: XSS vulnerabilities\n // ============================================\n {\n pattern: 'innerHTML',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'innerHTML can inject malicious scripts',\n cwe: 'CWE-79',\n fix: 'Use textContent or sanitize HTML with DOMPurify',\n },\n },\n {\n pattern: 'outerHTML',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'outerHTML can inject malicious scripts',\n cwe: 'CWE-79',\n fix: 'Avoid outerHTML with user input',\n },\n },\n {\n pattern: 'document.write',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'document.write can inject malicious content',\n cwe: 'CWE-79',\n fix: 'Use DOM methods like createElement instead',\n },\n },\n {\n pattern: 'dangerouslySetInnerHTML',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'React dangerouslySetInnerHTML - XSS risk',\n cwe: 'CWE-79',\n fix: 'Sanitize with DOMPurify before using',\n },\n },\n {\n pattern: 'v-html',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'Vue v-html directive - XSS risk',\n cwe: 'CWE-79',\n fix: 'Sanitize content or use v-text',\n },\n },\n {\n pattern: '[innerHTML]',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'Angular innerHTML binding - XSS risk',\n cwe: 'CWE-79',\n fix: 'Use Angular DomSanitizer',\n },\n },\n\n // ============================================\n // CRITICAL: Hardcoded secrets\n // More specific patterns to reduce false positives\n // ============================================\n {\n pattern: \"password = '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'password = \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: \"password: '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'password: \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: \"api_key = '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: 'api_key = \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: \"apiKey: '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: 'apiKey: \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: \"secret = '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded secret',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'secret = \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded secret',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'AWS_SECRET_ACCESS_KEY=',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'AWS secret key assignment',\n cwe: 'CWE-798',\n fix: 'Use IAM roles or AWS Secrets Manager',\n },\n },\n {\n pattern: \"'Bearer \",\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'secrets',\n description: 'Hardcoded bearer token in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables for tokens',\n },\n },\n {\n pattern: '\"Bearer ',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'secrets',\n description: 'Hardcoded bearer token in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables for tokens',\n },\n },\n\n // ============================================\n // SERIOUS: Authentication issues\n // ============================================\n {\n pattern: 'password ==',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'auth',\n description: 'Plain text password comparison',\n cwe: 'CWE-256',\n fix: 'Use bcrypt.compare() or similar secure comparison',\n },\n },\n {\n pattern: 'password ===',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'auth',\n description: 'Plain text password comparison',\n cwe: 'CWE-256',\n fix: 'Use bcrypt.compare() or similar secure comparison',\n },\n },\n {\n pattern: 'MD5(',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'crypto',\n description: 'MD5 is cryptographically broken',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or bcrypt for passwords',\n },\n },\n {\n pattern: 'md5(',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'crypto',\n description: 'MD5 is cryptographically broken',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or bcrypt for passwords',\n },\n },\n {\n pattern: 'SHA1(',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'crypto',\n description: 'SHA1 is deprecated for security use',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or stronger',\n },\n },\n {\n pattern: 'sha1(',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'crypto',\n description: 'SHA1 is deprecated for security use',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or stronger',\n },\n },\n {\n pattern: 'Math.random()',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'crypto',\n description: 'Math.random() is not cryptographically secure',\n cwe: 'CWE-338',\n fix: 'Use crypto.randomBytes() or crypto.getRandomValues()',\n },\n },\n\n // ============================================\n // SERIOUS: Insecure configurations\n // ============================================\n {\n pattern: 'cors: true',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'config',\n description: 'CORS enabled - verify origin restrictions',\n cwe: 'CWE-942',\n fix: 'Specify allowed origins explicitly',\n },\n },\n {\n pattern: \"origin: '*'\",\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'CORS allows all origins',\n cwe: 'CWE-942',\n fix: 'Restrict to specific trusted origins',\n },\n },\n {\n pattern: 'origin: \"*\"',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'CORS allows all origins',\n cwe: 'CWE-942',\n fix: 'Restrict to specific trusted origins',\n },\n },\n {\n pattern: 'secure: false',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'Insecure cookie/connection setting',\n cwe: 'CWE-614',\n fix: 'Set secure: true in production',\n },\n },\n {\n pattern: 'httpOnly: false',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'Cookie accessible to JavaScript',\n cwe: 'CWE-1004',\n fix: 'Set httpOnly: true to prevent XSS cookie theft',\n },\n },\n {\n pattern: 'rejectUnauthorized: false',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'config',\n description: 'TLS certificate validation disabled',\n cwe: 'CWE-295',\n fix: 'Enable certificate validation in production',\n },\n },\n {\n pattern: 'NODE_TLS_REJECT_UNAUTHORIZED',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'config',\n description: 'TLS validation may be disabled',\n cwe: 'CWE-295',\n fix: 'Never disable TLS validation in production',\n },\n },\n\n // ============================================\n // MODERATE: Common bugs and issues\n // ============================================\n {\n pattern: '.forEach(async',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'async',\n description: 'async forEach does not await - unexpected behavior',\n cwe: 'CWE-703',\n fix: 'Use for...of loop or Promise.all(arr.map())',\n },\n },\n {\n pattern: 'JSON.parse(',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'error-handling',\n description: 'JSON.parse can throw - needs try/catch',\n cwe: 'CWE-755',\n fix: 'Wrap in try/catch block',\n },\n },\n {\n pattern: 'atob(',\n metadata: {\n type: 'vulnerability',\n severity: 'low',\n category: 'encoding',\n description: 'atob can throw on invalid input',\n cwe: 'CWE-755',\n fix: 'Wrap in try/catch and validate input',\n },\n },\n\n // ============================================\n // Privacy & Compliance patterns\n // ============================================\n {\n pattern: 'console.log(',\n metadata: {\n type: 'vulnerability',\n severity: 'low',\n category: 'logging',\n description: 'Console logging - may leak sensitive data',\n cwe: 'CWE-532',\n fix: 'Remove or replace with proper logging in production',\n },\n },\n {\n pattern: 'localStorage.setItem',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'storage',\n description: 'localStorage is accessible to XSS attacks',\n cwe: 'CWE-922',\n fix: 'Avoid storing sensitive data in localStorage',\n },\n },\n {\n pattern: 'sessionStorage.setItem',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'storage',\n description: 'sessionStorage is accessible to XSS attacks',\n cwe: 'CWE-922',\n fix: 'Avoid storing sensitive data in sessionStorage',\n },\n },\n];\n\n/**\n * Build the vulnerability signature trie\n * Called once at startup, then O(1) access\n */\nlet vulnerabilityTrie: AhoCorasick<PatternMetadata> | null = null;\n\nexport function getVulnerabilityTrie(): AhoCorasick<PatternMetadata> {\n if (!vulnerabilityTrie) {\n vulnerabilityTrie = new AhoCorasick<PatternMetadata>();\n \n for (const { pattern, metadata } of VULNERABILITY_PATTERNS) {\n vulnerabilityTrie.addPattern(pattern, metadata, metadata);\n }\n \n vulnerabilityTrie.build();\n if (!isInteractiveMode()) {\n console.error(` Loaded ${VULNERABILITY_PATTERNS.length} vulnerability signatures into trie`);\n }\n }\n \n return vulnerabilityTrie;\n}\n\n/**\n * Scan code for vulnerabilities using the trie\n * O(n + z) where n = code length, z = number of matches\n */\nexport function scanForVulnerabilities(code: string, filePath: string): VulnerabilityMatch[] {\n // CRITICAL: Skip files that should never be scanned\n if (shouldAlwaysExcludeFile(filePath)) {\n return [];\n }\n \n const trie = getVulnerabilityTrie();\n const rawMatches = trie.search(code);\n const lines = code.split('\\n');\n \n // Deduplicate and filter false positives\n const matches: VulnerabilityMatch[] = [];\n const seen = new Set<string>();\n \n for (const match of rawMatches) {\n // Create unique key for deduplication\n const key = `${match.line}:${match.pattern}`;\n if (seen.has(key)) continue;\n seen.add(key);\n \n const meta = match.metadata!;\n \n // Check file exclusions\n if (shouldExcludeFile(filePath, meta.category || '')) continue;\n \n // Filter out false positives\n if (isFalsePositive(code, match, filePath, lines)) continue;\n \n const vulnMatch: VulnerabilityMatch = {\n pattern: match.pattern,\n line: match.line,\n column: match.column,\n severity: meta.severity as any,\n category: meta.category || 'unknown',\n description: meta.description || '',\n fix: meta.fix || '',\n };\n if (meta.cwe !== undefined) {\n vulnMatch.cwe = meta.cwe;\n }\n matches.push(vulnMatch);\n }\n \n return matches;\n}\n\n/**\n * Get surrounding lines for context analysis\n */\nfunction getSurroundingLines(lines: string[], lineNum: number, range: number = 3): string[] {\n const start = Math.max(0, lineNum - range - 1);\n const end = Math.min(lines.length, lineNum + range);\n return lines.slice(start, end);\n}\n\n/**\n * Filter out common false positives with enhanced context awareness\n */\nfunction isFalsePositive(_code: string, match: any, filePath: string, lines: string[]): boolean {\n const line = lines[match.line - 1] || '';\n const trimmedLine = line.trim();\n const pattern = match.pattern;\n const category = match.metadata?.category || '';\n \n // ============================================\n // CRITICAL: Skip signature/pattern definition files\n // ============================================\n if (filePath.includes('signature') || \n filePath.includes('patterns') ||\n filePath.includes('rules')) {\n // If the line contains 'pattern:' or 'pattern =' it's a definition, not a vulnerability\n if (/pattern\\s*[:=]/.test(line)) {\n return true;\n }\n }\n \n // Skip if line is a pattern string definition (in any file)\n // e.g., pattern: \"password = '\", or { pattern: 'secret' }\n if (/^\\s*(pattern|regex|rule|signature)\\s*[:=]/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // CRITICAL: Skip test files entirely for most patterns\n // ============================================\n if (isTestFile(filePath)) {\n // Test files can have intentional bad code for testing detection\n // Only flag REAL secrets (actual API keys that look real)\n if (category === 'secrets') {\n // Skip if it's clearly test/mock data\n if (/test|mock|fake|dummy|example|fixture|sample|placeholder/i.test(line)) {\n return true;\n }\n // Skip generic fake values like \"password123\", \"secret_test\", etc.\n if (/'[a-z_]*password[a-z_0-9]*'|\"[a-z_]*password[a-z_0-9]*\"|'[a-z_]*secret[a-z_0-9]*'|\"[a-z_]*secret[a-z_0-9]*\"/i.test(line)) {\n return true;\n }\n // Skip obviously fake API keys (short or with placeholder patterns)\n if (/sk-[a-z0-9]{10,20}\"|'sk-[a-z0-9]{10,20}'|api[_-]?key.*['\"][a-z0-9_-]{5,30}['\"]/i.test(line)) {\n return true;\n }\n }\n // For non-secrets, skip all test file findings\n return true;\n }\n \n // ============================================\n // SKIP: Comments and documentation\n // ============================================\n if (trimmedLine.startsWith('//') || \n trimmedLine.startsWith('*') || \n trimmedLine.startsWith('/*') ||\n trimmedLine.startsWith('#') ||\n trimmedLine.startsWith('<!--')) {\n return true;\n }\n \n // Skip JSDoc and documentation blocks\n if (/^\\s*\\*\\s/.test(line) || /@(param|returns|example|description|see|link)/i.test(line)) {\n return true;\n }\n \n // Skip description/fix/metadata strings (common in config objects)\n if (/^\\s*(description|fix|message|help|hint|reason|why)\\s*[:=]/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // SKIP: Type definitions and interfaces\n // ============================================\n if (/^\\s*(interface|type|export\\s+interface|export\\s+type)\\s/.test(line)) {\n return true;\n }\n \n // Skip TypeScript type annotations (e.g., password: string)\n if (/:\\s*(string|number|boolean|any|unknown|null|undefined|void)\\s*(;|,|\\)|$)/.test(line)) {\n return true;\n }\n \n // Skip interface/type property definitions\n if (/^\\s*\\w+\\s*\\??\\s*:\\s*(string|number|boolean|any)/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // SKIP: Environment variable reads (not hardcoded)\n // ============================================\n if (/process\\.env|import\\.meta\\.env|getenv|os\\.environ|Deno\\.env|\\.env\\.|config\\.\\w+|settings\\.\\w+/.test(line)) {\n return true;\n }\n \n // ============================================\n // SKIP: Lock files and package metadata\n // ============================================\n if (filePath.endsWith('package-lock.json') || \n filePath.endsWith('yarn.lock') ||\n filePath.endsWith('pnpm-lock.yaml') ||\n filePath.includes('node_modules/')) {\n return true;\n }\n \n // ============================================\n // SKIP: String in object definition (metadata, not code)\n // ============================================\n // Lines like: severity: 'critical', or category: 'secrets'\n if (/^\\s*(severity|category|type|level|priority|cwe|owasp)\\s*:\\s*['\"]/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // Category-specific false positive detection\n // ============================================\n \n // SQL Injection: Only flag in SQL contexts\n if (category === 'sql-injection') {\n const surroundingLines = getSurroundingLines(lines, match.line);\n if (!isInSQLContext(line, surroundingLines)) {\n return true;\n }\n }\n \n // Secrets: Very strict detection to avoid false positives\n if (category === 'secrets' || category === 'auth') {\n // Skip function parameters (function foo(password: string))\n if (/\\(\\s*[^)]*\\w+\\s*:\\s*(string|any)/.test(line)) {\n return true;\n }\n // Skip object destructuring ({ password })\n if (/\\{\\s*\\w*password\\w*\\s*(,|\\}|:)/.test(line) && !/'|\"|`/.test(line.split(/password/i)[1] || '')) {\n return true;\n }\n // Skip when reading from env or config\n if (/=\\s*(process\\.env|config\\.|options\\.|settings\\.|env\\.)/.test(line)) {\n return true;\n }\n // Skip variable declarations without string literals\n if (/password\\s*[=:](?!\\s*['\"`])/.test(line)) {\n return true;\n }\n // Skip if it's reading from another variable\n if (/password\\s*=\\s*\\w+(\\.|$)/.test(line) && !/'|\"|`/.test(line)) {\n return true;\n }\n // Skip error messages and logging about passwords\n if (/error|message|log|warn|info|debug|throw|new Error/i.test(line)) {\n return true;\n }\n // Skip regex patterns for password validation\n if (/regex|RegExp|\\/.*password.*\\//i.test(line)) {\n return true;\n }\n }\n \n // Logging: Skip in development/debug contexts\n if (category === 'logging') {\n // console.error is often intentional\n if (pattern === 'console.error(' || pattern === 'console.warn(') {\n return true;\n }\n // Skip if in catch block (error logging)\n if (/catch|error|err\\b/.test(line)) {\n return true;\n }\n }\n \n // Config patterns: Skip legitimate security config\n if (category === 'config') {\n // Skip when setting secure values\n if (/secure:\\s*true/.test(line) || /httpOnly:\\s*true/.test(line)) {\n return true;\n }\n // Skip environment-based config\n if (/NODE_ENV|process\\.env|production|development/.test(line)) {\n return true;\n }\n // Skip conditional configs\n if (/if\\s*\\(|ternary|\\?.*:/.test(line)) {\n return true;\n }\n }\n \n // Crypto: Skip in contexts where weak crypto is acceptable\n if (category === 'crypto') {\n // MD5/SHA1 for non-security purposes (checksums, cache keys)\n if (/checksum|hash.*file|etag|cache.*key|fingerprint|integrity|content.*hash/i.test(line)) {\n return true;\n }\n // Math.random for non-crypto purposes (UI, games, etc.)\n if (pattern === 'Math.random()') {\n // Only flag if in security context\n if (!/token|secret|password|key|auth|session|csrf|nonce/i.test(line)) {\n return true;\n }\n }\n }\n \n // Async: forEach async is sometimes intentional\n if (category === 'async') {\n // Skip if there's a comment indicating it's intentional\n if (/\\/\\/.*intentional|\\/\\/.*fire.?and.?forget|\\/\\/.*parallel/i.test(line)) {\n return true;\n }\n }\n \n // ============================================\n // SKIP: Validation/check patterns (not vulnerabilities)\n // ============================================\n // Skip password validation logic\n if (/password.*length|validate.*password|check.*password|verify.*password|is.*valid/i.test(line)) {\n return true;\n }\n \n // Skip comparison against hashed values\n if (/bcrypt|argon|scrypt|pbkdf|compare.*hash|hash.*compare|verify.*hash/i.test(line)) {\n return true;\n }\n \n // Skip schema definitions (Zod, Yup, etc.)\n if (/z\\.|yup\\.|joi\\.|schema|validation|validator/i.test(line)) {\n return true;\n }\n \n // ============================================\n // SKIP: Imports and requires\n // ============================================\n if (/^\\s*(import|require|from)\\s/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // SKIP: Example/Demo files\n // ============================================\n if (/example|demo|sample|tutorial|readme/i.test(filePath)) {\n return true;\n }\n \n return false;\n}\n\n/**\n * Check if file is a test file\n */\nfunction isTestFile(filePath: string): boolean {\n return /\\.(test|spec)\\.[jt]sx?$/.test(filePath) ||\n /__tests__\\//.test(filePath) ||\n /test\\//.test(filePath) ||\n /tests\\//.test(filePath) ||\n /\\.stories\\.[jt]sx?$/.test(filePath);\n}\n\n/**\n * Get vulnerability statistics\n */\nexport function getVulnerabilityStats(): { total: number; byCategory: Record<string, number>; bySeverity: Record<string, number> } {\n const byCategory: Record<string, number> = {};\n const bySeverity: Record<string, number> = {};\n \n for (const { metadata } of VULNERABILITY_PATTERNS) {\n const cat = metadata.category || 'unknown';\n const sev = metadata.severity || 'unknown';\n byCategory[cat] = (byCategory[cat] || 0) + 1;\n bySeverity[sev] = (bySeverity[sev] || 0) + 1;\n }\n \n return {\n total: VULNERABILITY_PATTERNS.length,\n byCategory,\n bySeverity,\n };\n}\n\n"],"mappings":";;;;;;;;AAgCA,IAAM,wBAAwB;AAAA,EAC5B;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AACF;AAKA,IAAM,yBAAyB;AAAA,EAC7B;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKO,SAAS,wBAAwB,UAA2B;AAEjE,QAAM,iBAAiB,SAAS,QAAQ,OAAO,GAAG;AAGlD,MAAI,sBAAsB,KAAK,aAAW,QAAQ,KAAK,cAAc,CAAC,GAAG;AACvE,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,SAAS,MAAM,KAAK,eAAe,SAAS,OAAO,GAAG;AACvE,WAAO;AAAA,EACT;AAGA,QAAM,WAAW,eAAe,MAAM,GAAG,EAAE,IAAI,KAAK;AACpD,QAAM,qBAAqB;AAAA,IACzB;AAAA,IAA+B;AAAA,IAC/B;AAAA,IAA2B;AAAA,IAC3B;AAAA,IAAY;AAAA,IACZ;AAAA,IAAuB;AAAA,IACvB;AAAA,IAAkB;AAAA,IAClB;AAAA,IAAe;AAAA,IACf;AAAA,IAAc;AAAA,IACd;AAAA,IAAW;AAAA,EACb;AACA,MAAI,mBAAmB,SAAS,QAAQ,GAAG;AAEzC,QAAI,eAAe,SAAS,UAAU,KAAK,eAAe,SAAS,QAAQ,GAAG;AAC5E,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,kBAAkB,UAAkB,iBAAkC;AAEpF,MAAI,wBAAwB,QAAQ,GAAG;AACrC,WAAO;AAAA,EACT;AAIA,MAAI,oBAAoB,aAAa,oBAAoB,mBAAmB;AAC1E,WAAO;AAAA,EACT;AAGA,SAAO,uBAAuB,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC;AACtE;AAKA,IAAM,uBAAuB;AAAA,EAC3B;AAAA,EAAU;AAAA,EAAU;AAAA,EAAU;AAAA,EAAU;AAAA,EAAQ;AAAA,EAAS;AAAA,EACzD;AAAA,EAAS;AAAA,EAAW;AAAA,EAAO;AAAA,EAAU;AAAA,EAAQ;AAAA,EAC7C;AAAA,EAAsB;AAAA,EAAY;AACpC;AAKA,SAAS,eAAe,MAAc,kBAAqC;AACzE,QAAM,aAAa,CAAC,MAAM,GAAG,gBAAgB,EAAE,KAAK,GAAG,EAAE,YAAY;AACrE,SAAO,qBAAqB;AAAA,IAAK,aAC/B,WAAW,SAAS,QAAQ,YAAY,CAAC;AAAA,EAC3C;AACF;AAKA,IAAM,yBAGD;AAAA;AAAA;AAAA;AAAA,EAIH;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AACF;AAMA,IAAI,oBAAyD;AAEtD,SAAS,uBAAqD;AACnE,MAAI,CAAC,mBAAmB;AACtB,wBAAoB,IAAI,YAA6B;AAErD,eAAW,EAAE,SAAS,SAAS,KAAK,wBAAwB;AAC1D,wBAAkB,WAAW,SAAS,UAAU,QAAQ;AAAA,IAC1D;AAEA,sBAAkB,MAAM;AACxB,QAAI,CAAC,kBAAkB,GAAG;AACxB,cAAQ,MAAM,aAAa,uBAAuB,MAAM,qCAAqC;AAAA,IAC/F;AAAA,EACF;AAEA,SAAO;AACT;AAMO,SAAS,uBAAuB,MAAc,UAAwC;AAE3F,MAAI,wBAAwB,QAAQ,GAAG;AACrC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,OAAO,qBAAqB;AAClC,QAAM,aAAa,KAAK,OAAO,IAAI;AACnC,QAAM,QAAQ,KAAK,MAAM,IAAI;AAG7B,QAAM,UAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,SAAS,YAAY;AAE9B,UAAM,MAAM,GAAG,MAAM,IAAI,IAAI,MAAM,OAAO;AAC1C,QAAI,KAAK,IAAI,GAAG,EAAG;AACnB,SAAK,IAAI,GAAG;AAEZ,UAAM,OAAO,MAAM;AAGnB,QAAI,kBAAkB,UAAU,KAAK,YAAY,EAAE,EAAG;AAGtD,QAAI,gBAAgB,MAAM,OAAO,UAAU,KAAK,EAAG;AAEnD,UAAM,YAAgC;AAAA,MACpC,SAAS,MAAM;AAAA,MACf,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,UAAU,KAAK;AAAA,MACf,UAAU,KAAK,YAAY;AAAA,MAC3B,aAAa,KAAK,eAAe;AAAA,MACjC,KAAK,KAAK,OAAO;AAAA,IACnB;AACA,QAAI,KAAK,QAAQ,QAAW;AAC1B,gBAAU,MAAM,KAAK;AAAA,IACvB;AACA,YAAQ,KAAK,SAAS;AAAA,EACxB;AAEA,SAAO;AACT;AAKA,SAAS,oBAAoB,OAAiB,SAAiB,QAAgB,GAAa;AAC1F,QAAM,QAAQ,KAAK,IAAI,GAAG,UAAU,QAAQ,CAAC;AAC7C,QAAM,MAAM,KAAK,IAAI,MAAM,QAAQ,UAAU,KAAK;AAClD,SAAO,MAAM,MAAM,OAAO,GAAG;AAC/B;AAKA,SAAS,gBAAgB,OAAe,OAAY,UAAkB,OAA0B;AAC9F,QAAM,OAAO,MAAM,MAAM,OAAO,CAAC,KAAK;AACtC,QAAM,cAAc,KAAK,KAAK;AAC9B,QAAM,UAAU,MAAM;AACtB,QAAM,WAAW,MAAM,UAAU,YAAY;AAK7C,MAAI,SAAS,SAAS,WAAW,KAC7B,SAAS,SAAS,UAAU,KAC5B,SAAS,SAAS,OAAO,GAAG;AAE9B,QAAI,iBAAiB,KAAK,IAAI,GAAG;AAC/B,aAAO;AAAA,IACT;AAAA,EACF;AAIA,MAAI,4CAA4C,KAAK,WAAW,GAAG;AACjE,WAAO;AAAA,EACT;AAKA,MAAI,WAAW,QAAQ,GAAG;AAGxB,QAAI,aAAa,WAAW;AAE1B,UAAI,2DAA2D,KAAK,IAAI,GAAG;AACzE,eAAO;AAAA,MACT;AAEA,UAAI,+GAA+G,KAAK,IAAI,GAAG;AAC7H,eAAO;AAAA,MACT;AAEA,UAAI,kFAAkF,KAAK,IAAI,GAAG;AAChG,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAKA,MAAI,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,KAC1B,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,KAC1B,YAAY,WAAW,MAAM,GAAG;AAClC,WAAO;AAAA,EACT;AAGA,MAAI,WAAW,KAAK,IAAI,KAAK,iDAAiD,KAAK,IAAI,GAAG;AACxF,WAAO;AAAA,EACT;AAGA,MAAI,4DAA4D,KAAK,WAAW,GAAG;AACjF,WAAO;AAAA,EACT;AAKA,MAAI,0DAA0D,KAAK,IAAI,GAAG;AACxE,WAAO;AAAA,EACT;AAGA,MAAI,2EAA2E,KAAK,IAAI,GAAG;AACzF,WAAO;AAAA,EACT;AAGA,MAAI,kDAAkD,KAAK,WAAW,GAAG;AACvE,WAAO;AAAA,EACT;AAKA,MAAI,gGAAgG,KAAK,IAAI,GAAG;AAC9G,WAAO;AAAA,EACT;AAKA,MAAI,SAAS,SAAS,mBAAmB,KACrC,SAAS,SAAS,WAAW,KAC7B,SAAS,SAAS,gBAAgB,KAClC,SAAS,SAAS,eAAe,GAAG;AACtC,WAAO;AAAA,EACT;AAMA,MAAI,mEAAmE,KAAK,WAAW,GAAG;AACxF,WAAO;AAAA,EACT;AAOA,MAAI,aAAa,iBAAiB;AAChC,UAAM,mBAAmB,oBAAoB,OAAO,MAAM,IAAI;AAC9D,QAAI,CAAC,eAAe,MAAM,gBAAgB,GAAG;AAC3C,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,aAAa,aAAa,QAAQ;AAEjD,QAAI,mCAAmC,KAAK,IAAI,GAAG;AACjD,aAAO;AAAA,IACT;AAEA,QAAI,iCAAiC,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,KAAK,MAAM,WAAW,EAAE,CAAC,KAAK,EAAE,GAAG;AAClG,aAAO;AAAA,IACT;AAEA,QAAI,yDAAyD,KAAK,IAAI,GAAG;AACvE,aAAO;AAAA,IACT;AAEA,QAAI,8BAA8B,KAAK,IAAI,GAAG;AAC5C,aAAO;AAAA,IACT;AAEA,QAAI,2BAA2B,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,GAAG;AAChE,aAAO;AAAA,IACT;AAEA,QAAI,qDAAqD,KAAK,IAAI,GAAG;AACnE,aAAO;AAAA,IACT;AAEA,QAAI,iCAAiC,KAAK,IAAI,GAAG;AAC/C,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,WAAW;AAE1B,QAAI,YAAY,oBAAoB,YAAY,iBAAiB;AAC/D,aAAO;AAAA,IACT;AAEA,QAAI,oBAAoB,KAAK,IAAI,GAAG;AAClC,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,UAAU;AAEzB,QAAI,iBAAiB,KAAK,IAAI,KAAK,mBAAmB,KAAK,IAAI,GAAG;AAChE,aAAO;AAAA,IACT;AAEA,QAAI,+CAA+C,KAAK,IAAI,GAAG;AAC7D,aAAO;AAAA,IACT;AAEA,QAAI,wBAAwB,KAAK,IAAI,GAAG;AACtC,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,UAAU;AAEzB,QAAI,2EAA2E,KAAK,IAAI,GAAG;AACzF,aAAO;AAAA,IACT;AAEA,QAAI,YAAY,iBAAiB;AAE/B,UAAI,CAAC,qDAAqD,KAAK,IAAI,GAAG;AACpE,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAGA,MAAI,aAAa,SAAS;AAExB,QAAI,4DAA4D,KAAK,IAAI,GAAG;AAC1E,aAAO;AAAA,IACT;AAAA,EACF;AAMA,MAAI,kFAAkF,KAAK,IAAI,GAAG;AAChG,WAAO;AAAA,EACT;AAGA,MAAI,sEAAsE,KAAK,IAAI,GAAG;AACpF,WAAO;AAAA,EACT;AAGA,MAAI,+CAA+C,KAAK,IAAI,GAAG;AAC7D,WAAO;AAAA,EACT;AAKA,MAAI,8BAA8B,KAAK,WAAW,GAAG;AACnD,WAAO;AAAA,EACT;AAKA,MAAI,uCAAuC,KAAK,QAAQ,GAAG;AACzD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAKA,SAAS,WAAW,UAA2B;AAC7C,SAAO,0BAA0B,KAAK,QAAQ,KACvC,cAAc,KAAK,QAAQ,KAC3B,SAAS,KAAK,QAAQ,KACtB,UAAU,KAAK,QAAQ,KACvB,sBAAsB,KAAK,QAAQ;AAC5C;AAKO,SAAS,wBAAmH;AACjI,QAAM,aAAqC,CAAC;AAC5C,QAAM,aAAqC,CAAC;AAE5C,aAAW,EAAE,SAAS,KAAK,wBAAwB;AACjD,UAAM,MAAM,SAAS,YAAY;AACjC,UAAM,MAAM,SAAS,YAAY;AACjC,eAAW,GAAG,KAAK,WAAW,GAAG,KAAK,KAAK;AAC3C,eAAW,GAAG,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,EAC7C;AAEA,SAAO;AAAA,IACL,OAAO,uBAAuB;AAAA,IAC9B;AAAA,IACA;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../src/trie/vulnerability-signatures.ts"],"sourcesContent":["/**\n * Vulnerability Signature Database\n * \n * Pre-indexed security patterns using Aho-Corasick for O(n + z) scanning\n * where n = file size, z = number of matches.\n * \n * This is MUCH faster than running 100+ regex patterns on every file.\n * \n * IMPROVEMENTS (v2):\n * - Context-aware pattern matching to reduce false positives\n * - File path exclusions for test/lock files\n * - SQL injection detection only in SQL contexts\n * - Better secret detection avoiding package names/URLs\n */\n\nimport { AhoCorasick, PatternMetadata } from './trie.js';\nimport { isInteractiveMode } from '../utils/progress.js';\n\nexport interface VulnerabilityMatch {\n pattern: string;\n line: number;\n column: number;\n severity: 'critical' | 'serious' | 'moderate' | 'low';\n category: string;\n description: string;\n cwe?: string;\n fix: string;\n}\n\n/**\n * Files/patterns to ALWAYS exclude from scanning (never any false positives from these)\n */\nconst ALWAYS_EXCLUDED_FILES = [\n /vulnerability-signatures\\.[jt]s$/, // CRITICAL: Never scan ourselves!\n /vibe-code-signatures\\.[jt]s$/, // Never scan signature files\n /legal\\.[jt]s$/, // Legal skill contains detection patterns\n /security-scanner\\.[jt]s$/, // Security scanner contains patterns\n /agent-smith\\.[jt]s$/, // Agent Smith contains patterns\n /security\\.[jt]s$/, // Security skill\n /privacy\\.[jt]s$/, // Privacy skill\n /soc2\\.[jt]s$/, // SOC2 skill\n /skills[\\/\\\\]built-in[\\/\\\\]/, // Never scan Trie's own skill implementations\n /skills[\\/\\\\].*\\.[jt]s$/, // Never scan any skills directory\n /trie-agents?[\\/\\\\]src[\\/\\\\]/, // Never scan Trie's source when installed as dependency\n /trie-agents?[\\/\\\\]dist[\\/\\\\]/, // Never scan Trie's dist when installed\n /package-lock\\.json$/, // Lock files\n /yarn\\.lock$/,\n /pnpm-lock\\.yaml$/,\n /node_modules[\\/\\\\]/, // Dependencies\n /\\.d\\.ts$/, // Type definitions\n /\\.min\\.[jt]s$/, // Minified files\n /dist[\\/\\\\]/, // Build output\n /build[\\/\\\\]/,\n];\n\n/**\n * Files to exclude from non-critical checks (test files, examples, etc.)\n */\nconst EXCLUDED_FILE_PATTERNS = [\n /\\.test\\.[jt]sx?$/, // Test files\n /\\.spec\\.[jt]sx?$/, // Spec files\n /__tests__\\//, // Test directories\n /\\/test\\//, // test/ directory\n /\\/tests\\//, // tests/ directory\n /\\.stories\\.[jt]sx?$/, // Storybook files\n /\\.config\\.[jt]s$/, // Config files\n /example/i, // Example files\n /demo/i, // Demo files\n /fixture/i, // Test fixtures\n /mock/i, // Mock files\n];\n\n/**\n * Check if a file should be completely excluded from scanning\n */\nexport function shouldAlwaysExcludeFile(filePath: string): boolean {\n // Normalize path to use forward slashes for consistent matching\n const normalizedPath = filePath.replace(/\\\\/g, '/');\n \n // Check against exclusion patterns\n if (ALWAYS_EXCLUDED_FILES.some(pattern => pattern.test(normalizedPath))) {\n return true;\n }\n \n // Also exclude files in Trie's source directories (handles both installed and development)\n if (normalizedPath.includes('trie') && normalizedPath.includes('/src/')) {\n return true;\n }\n \n // Exclude specific Trie scanner/skill files by filename (regardless of path)\n const fileName = normalizedPath.split('/').pop() || '';\n const TRIE_SCANNER_FILES = [\n 'vulnerability-signatures.ts', 'vulnerability-signatures.js',\n 'vibe-code-signatures.ts', 'vibe-code-signatures.js',\n 'legal.ts', 'legal.js',\n 'security-scanner.ts', 'security-scanner.js',\n 'agent-smith.ts', 'agent-smith.js',\n 'security.ts', 'security.js',\n 'privacy.ts', 'privacy.js',\n 'soc2.ts', 'soc2.js',\n ];\n if (TRIE_SCANNER_FILES.includes(fileName)) {\n // Only exclude if it looks like it's in a skills/trie directory\n if (normalizedPath.includes('/skills/') || normalizedPath.includes('/trie/')) {\n return true;\n }\n }\n \n return false;\n}\n\n/**\n * Check if a file should be excluded from certain checks\n */\nexport function shouldExcludeFile(filePath: string, patternCategory: string): boolean {\n // CRITICAL: Always exclude signature files - never flag ourselves!\n if (shouldAlwaysExcludeFile(filePath)) {\n return true;\n }\n \n // For secrets in test files, we need extra context checking (done elsewhere)\n // Don't auto-exclude test files for secrets here, let isFalsePositive handle it\n if (patternCategory === 'secrets' || patternCategory === 'exposed-secrets') {\n return false;\n }\n \n // Exclude certain file types from non-critical checks\n return EXCLUDED_FILE_PATTERNS.some(pattern => pattern.test(filePath));\n}\n\n/**\n * SQL-related keywords that indicate a SQL context\n */\nconst SQL_CONTEXT_KEYWORDS = [\n 'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'FROM', 'WHERE', 'JOIN',\n 'query', 'execute', 'sql', 'prisma', 'knex', 'sequelize',\n 'createQueryBuilder', 'rawQuery', '.raw('\n];\n\n/**\n * Check if a line is in a SQL context\n */\nfunction isInSQLContext(line: string, surroundingLines: string[]): boolean {\n const allContent = [line, ...surroundingLines].join(' ').toLowerCase();\n return SQL_CONTEXT_KEYWORDS.some(keyword => \n allContent.includes(keyword.toLowerCase())\n );\n}\n\n/**\n * Security vulnerability patterns organized by category\n */\nconst VULNERABILITY_PATTERNS: Array<{\n pattern: string;\n metadata: PatternMetadata;\n}> = [\n // ============================================\n // CRITICAL: Injection vulnerabilities\n // ============================================\n {\n pattern: 'eval(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'eval() can execute arbitrary code - potential RCE',\n cwe: 'CWE-95',\n fix: 'Use safer alternatives like JSON.parse() or a sandboxed interpreter',\n },\n },\n {\n pattern: 'new Function(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'new Function() can execute arbitrary code',\n cwe: 'CWE-95',\n fix: 'Avoid dynamic function creation from user input',\n },\n },\n {\n pattern: 'exec(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'Command execution - potential command injection',\n cwe: 'CWE-78',\n fix: 'Use parameterized commands and validate/sanitize all inputs',\n },\n },\n {\n pattern: 'execSync(',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'injection',\n description: 'Synchronous command execution - potential injection',\n cwe: 'CWE-78',\n fix: 'Use spawn with argument arrays instead of shell strings',\n },\n },\n {\n pattern: 'spawn(',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'injection',\n description: 'Process spawn - verify inputs are sanitized',\n cwe: 'CWE-78',\n fix: 'Use shell: false and pass arguments as array',\n },\n },\n {\n pattern: 'child_process',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'injection',\n description: 'Child process module - review for command injection',\n cwe: 'CWE-78',\n fix: 'Validate all inputs passed to child processes',\n },\n },\n\n // ============================================\n // CRITICAL: SQL Injection patterns\n // NOTE: ${} is NOT flagged here - we check SQL context in isFalsePositive\n // ============================================\n {\n pattern: 'SELECT * FROM',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw SQL query detected - verify parameterization',\n cwe: 'CWE-89',\n fix: 'Use ORM or parameterized queries',\n },\n },\n {\n pattern: 'INSERT INTO',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw SQL INSERT - verify parameterization',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries',\n },\n },\n {\n pattern: 'DELETE FROM',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw SQL DELETE - verify parameterization',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries',\n },\n },\n {\n pattern: '.raw(`',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'Raw query with template literal - high injection risk',\n cwe: 'CWE-89',\n fix: 'Avoid raw queries with interpolation or use proper escaping',\n },\n },\n {\n pattern: \".raw('\",\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw query method - verify for injection risk',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries instead of raw SQL',\n },\n },\n {\n pattern: '.raw(\"',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'sql-injection',\n description: 'Raw query method - verify for injection risk',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries instead of raw SQL',\n },\n },\n {\n pattern: '`SELECT',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n {\n pattern: '`INSERT',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL INSERT in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n {\n pattern: '`UPDATE',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL UPDATE in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n {\n pattern: '`DELETE',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'sql-injection',\n description: 'SQL DELETE in template literal - check for injection',\n cwe: 'CWE-89',\n fix: 'Use parameterized queries with placeholders',\n },\n },\n\n // ============================================\n // CRITICAL: XSS vulnerabilities\n // ============================================\n {\n pattern: 'innerHTML',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'innerHTML can inject malicious scripts',\n cwe: 'CWE-79',\n fix: 'Use textContent or sanitize HTML with DOMPurify',\n },\n },\n {\n pattern: 'outerHTML',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'outerHTML can inject malicious scripts',\n cwe: 'CWE-79',\n fix: 'Avoid outerHTML with user input',\n },\n },\n {\n pattern: 'document.write',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'document.write can inject malicious content',\n cwe: 'CWE-79',\n fix: 'Use DOM methods like createElement instead',\n },\n },\n {\n pattern: 'dangerouslySetInnerHTML',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'React dangerouslySetInnerHTML - XSS risk',\n cwe: 'CWE-79',\n fix: 'Sanitize with DOMPurify before using',\n },\n },\n {\n pattern: 'v-html',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'Vue v-html directive - XSS risk',\n cwe: 'CWE-79',\n fix: 'Sanitize content or use v-text',\n },\n },\n {\n pattern: '[innerHTML]',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'xss',\n description: 'Angular innerHTML binding - XSS risk',\n cwe: 'CWE-79',\n fix: 'Use Angular DomSanitizer',\n },\n },\n\n // ============================================\n // CRITICAL: Hardcoded secrets\n // More specific patterns to reduce false positives\n // ============================================\n {\n pattern: \"password = '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'password = \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: \"password: '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'password: \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded password in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: \"api_key = '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: 'api_key = \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: \"apiKey: '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: 'apiKey: \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded API key in config',\n cwe: 'CWE-798',\n fix: 'Use environment variables',\n },\n },\n {\n pattern: \"secret = '\",\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded secret',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'secret = \"',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'Hardcoded secret',\n cwe: 'CWE-798',\n fix: 'Use environment variables or secret management',\n },\n },\n {\n pattern: 'AWS_SECRET_ACCESS_KEY=',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'secrets',\n description: 'AWS secret key assignment',\n cwe: 'CWE-798',\n fix: 'Use IAM roles or AWS Secrets Manager',\n },\n },\n {\n pattern: \"'Bearer \",\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'secrets',\n description: 'Hardcoded bearer token in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables for tokens',\n },\n },\n {\n pattern: '\"Bearer ',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'secrets',\n description: 'Hardcoded bearer token in string',\n cwe: 'CWE-798',\n fix: 'Use environment variables for tokens',\n },\n },\n\n // ============================================\n // SERIOUS: Authentication issues\n // ============================================\n {\n pattern: 'password ==',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'auth',\n description: 'Plain text password comparison',\n cwe: 'CWE-256',\n fix: 'Use bcrypt.compare() or similar secure comparison',\n },\n },\n {\n pattern: 'password ===',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'auth',\n description: 'Plain text password comparison',\n cwe: 'CWE-256',\n fix: 'Use bcrypt.compare() or similar secure comparison',\n },\n },\n {\n pattern: 'MD5(',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'crypto',\n description: 'MD5 is cryptographically broken',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or bcrypt for passwords',\n },\n },\n {\n pattern: 'md5(',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'crypto',\n description: 'MD5 is cryptographically broken',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or bcrypt for passwords',\n },\n },\n {\n pattern: 'SHA1(',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'crypto',\n description: 'SHA1 is deprecated for security use',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or stronger',\n },\n },\n {\n pattern: 'sha1(',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'crypto',\n description: 'SHA1 is deprecated for security use',\n cwe: 'CWE-328',\n fix: 'Use SHA-256 or stronger',\n },\n },\n {\n pattern: 'Math.random()',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'crypto',\n description: 'Math.random() is not cryptographically secure',\n cwe: 'CWE-338',\n fix: 'Use crypto.randomBytes() or crypto.getRandomValues()',\n },\n },\n\n // ============================================\n // SERIOUS: Insecure configurations\n // ============================================\n {\n pattern: 'cors: true',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'config',\n description: 'CORS enabled - verify origin restrictions',\n cwe: 'CWE-942',\n fix: 'Specify allowed origins explicitly',\n },\n },\n {\n pattern: \"origin: '*'\",\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'CORS allows all origins',\n cwe: 'CWE-942',\n fix: 'Restrict to specific trusted origins',\n },\n },\n {\n pattern: 'origin: \"*\"',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'CORS allows all origins',\n cwe: 'CWE-942',\n fix: 'Restrict to specific trusted origins',\n },\n },\n {\n pattern: 'secure: false',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'Insecure cookie/connection setting',\n cwe: 'CWE-614',\n fix: 'Set secure: true in production',\n },\n },\n {\n pattern: 'httpOnly: false',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'config',\n description: 'Cookie accessible to JavaScript',\n cwe: 'CWE-1004',\n fix: 'Set httpOnly: true to prevent XSS cookie theft',\n },\n },\n {\n pattern: 'rejectUnauthorized: false',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'config',\n description: 'TLS certificate validation disabled',\n cwe: 'CWE-295',\n fix: 'Enable certificate validation in production',\n },\n },\n {\n pattern: 'NODE_TLS_REJECT_UNAUTHORIZED',\n metadata: {\n type: 'vulnerability',\n severity: 'critical',\n category: 'config',\n description: 'TLS validation may be disabled',\n cwe: 'CWE-295',\n fix: 'Never disable TLS validation in production',\n },\n },\n\n // ============================================\n // MODERATE: Common bugs and issues\n // ============================================\n {\n pattern: '.forEach(async',\n metadata: {\n type: 'vulnerability',\n severity: 'serious',\n category: 'async',\n description: 'async forEach does not await - unexpected behavior',\n cwe: 'CWE-703',\n fix: 'Use for...of loop or Promise.all(arr.map())',\n },\n },\n {\n pattern: 'JSON.parse(',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'error-handling',\n description: 'JSON.parse can throw - needs try/catch',\n cwe: 'CWE-755',\n fix: 'Wrap in try/catch block',\n },\n },\n {\n pattern: 'atob(',\n metadata: {\n type: 'vulnerability',\n severity: 'low',\n category: 'encoding',\n description: 'atob can throw on invalid input',\n cwe: 'CWE-755',\n fix: 'Wrap in try/catch and validate input',\n },\n },\n\n // ============================================\n // Privacy & Compliance patterns\n // ============================================\n {\n pattern: 'console.log(',\n metadata: {\n type: 'vulnerability',\n severity: 'low',\n category: 'logging',\n description: 'Console logging - may leak sensitive data',\n cwe: 'CWE-532',\n fix: 'Remove or replace with proper logging in production',\n },\n },\n {\n pattern: 'localStorage.setItem',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'storage',\n description: 'localStorage is accessible to XSS attacks',\n cwe: 'CWE-922',\n fix: 'Avoid storing sensitive data in localStorage',\n },\n },\n {\n pattern: 'sessionStorage.setItem',\n metadata: {\n type: 'vulnerability',\n severity: 'moderate',\n category: 'storage',\n description: 'sessionStorage is accessible to XSS attacks',\n cwe: 'CWE-922',\n fix: 'Avoid storing sensitive data in sessionStorage',\n },\n },\n];\n\n/**\n * Build the vulnerability signature trie\n * Called once at startup, then O(1) access\n */\nlet vulnerabilityTrie: AhoCorasick<PatternMetadata> | null = null;\n\nexport function getVulnerabilityTrie(): AhoCorasick<PatternMetadata> {\n if (!vulnerabilityTrie) {\n vulnerabilityTrie = new AhoCorasick<PatternMetadata>();\n \n for (const { pattern, metadata } of VULNERABILITY_PATTERNS) {\n vulnerabilityTrie.addPattern(pattern, metadata, metadata);\n }\n \n vulnerabilityTrie.build();\n if (!isInteractiveMode()) {\n console.error(` Loaded ${VULNERABILITY_PATTERNS.length} vulnerability signatures into trie`);\n }\n }\n \n return vulnerabilityTrie;\n}\n\n/**\n * Scan code for vulnerabilities using the trie\n * O(n + z) where n = code length, z = number of matches\n */\nexport function scanForVulnerabilities(code: string, filePath: string): VulnerabilityMatch[] {\n // CRITICAL: Skip files that should never be scanned\n if (shouldAlwaysExcludeFile(filePath)) {\n return [];\n }\n \n const trie = getVulnerabilityTrie();\n const rawMatches = trie.search(code);\n const lines = code.split('\\n');\n \n // Deduplicate and filter false positives\n const matches: VulnerabilityMatch[] = [];\n const seen = new Set<string>();\n \n for (const match of rawMatches) {\n // Create unique key for deduplication\n const key = `${match.line}:${match.pattern}`;\n if (seen.has(key)) continue;\n seen.add(key);\n \n const meta = match.metadata!;\n \n // Check file exclusions\n if (shouldExcludeFile(filePath, meta.category || '')) continue;\n \n // Filter out false positives\n if (isFalsePositive(code, match, filePath, lines)) continue;\n \n const vulnMatch: VulnerabilityMatch = {\n pattern: match.pattern,\n line: match.line,\n column: match.column,\n severity: meta.severity as any,\n category: meta.category || 'unknown',\n description: meta.description || '',\n fix: meta.fix || '',\n };\n if (meta.cwe !== undefined) {\n vulnMatch.cwe = meta.cwe;\n }\n matches.push(vulnMatch);\n }\n \n return matches;\n}\n\n/**\n * Get surrounding lines for context analysis\n */\nfunction getSurroundingLines(lines: string[], lineNum: number, range: number = 3): string[] {\n const start = Math.max(0, lineNum - range - 1);\n const end = Math.min(lines.length, lineNum + range);\n return lines.slice(start, end);\n}\n\n/**\n * Filter out common false positives with enhanced context awareness\n */\nfunction isFalsePositive(_code: string, match: any, filePath: string, lines: string[]): boolean {\n const line = lines[match.line - 1] || '';\n const trimmedLine = line.trim();\n const pattern = match.pattern;\n const category = match.metadata?.category || '';\n \n // ============================================\n // CRITICAL: Skip signature/pattern definition files\n // ============================================\n if (filePath.includes('signature') || \n filePath.includes('patterns') ||\n filePath.includes('rules')) {\n // If the line contains 'pattern:' or 'pattern =' it's a definition, not a vulnerability\n if (/pattern\\s*[:=]/.test(line)) {\n return true;\n }\n }\n \n // Skip if line is a pattern string definition (in any file)\n // e.g., pattern: \"password = '\", or { pattern: 'secret' }\n if (/^\\s*(pattern|regex|rule|signature)\\s*[:=]/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // CRITICAL: Skip test files entirely for most patterns\n // ============================================\n if (isTestFile(filePath)) {\n // Test files can have intentional bad code for testing detection\n // Only flag REAL secrets (actual API keys that look real)\n if (category === 'secrets') {\n // Skip if it's clearly test/mock data\n if (/test|mock|fake|dummy|example|fixture|sample|placeholder/i.test(line)) {\n return true;\n }\n // Skip generic fake values like \"password123\", \"secret_test\", etc.\n if (/'[a-z_]*password[a-z_0-9]*'|\"[a-z_]*password[a-z_0-9]*\"|'[a-z_]*secret[a-z_0-9]*'|\"[a-z_]*secret[a-z_0-9]*\"/i.test(line)) {\n return true;\n }\n // Skip obviously fake API keys (short or with placeholder patterns)\n if (/sk-[a-z0-9]{10,20}\"|'sk-[a-z0-9]{10,20}'|api[_-]?key.*['\"][a-z0-9_-]{5,30}['\"]/i.test(line)) {\n return true;\n }\n }\n // For non-secrets, skip all test file findings\n return true;\n }\n \n // ============================================\n // SKIP: Comments and documentation\n // ============================================\n if (trimmedLine.startsWith('//') || \n trimmedLine.startsWith('*') || \n trimmedLine.startsWith('/*') ||\n trimmedLine.startsWith('#') ||\n trimmedLine.startsWith('<!--')) {\n return true;\n }\n \n // Skip JSDoc and documentation blocks\n if (/^\\s*\\*\\s/.test(line) || /@(param|returns|example|description|see|link)/i.test(line)) {\n return true;\n }\n \n // Skip description/fix/metadata strings (common in config objects)\n if (/^\\s*(description|fix|message|help|hint|reason|why)\\s*[:=]/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // SKIP: Type definitions and interfaces\n // ============================================\n if (/^\\s*(interface|type|export\\s+interface|export\\s+type)\\s/.test(line)) {\n return true;\n }\n \n // Skip TypeScript type annotations (e.g., password: string)\n if (/:\\s*(string|number|boolean|any|unknown|null|undefined|void)\\s*(;|,|\\)|$)/.test(line)) {\n return true;\n }\n \n // Skip interface/type property definitions\n if (/^\\s*\\w+\\s*\\??\\s*:\\s*(string|number|boolean|any)/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // SKIP: Environment variable reads (not hardcoded)\n // ============================================\n if (/process\\.env|import\\.meta\\.env|getenv|os\\.environ|Deno\\.env|\\.env\\.|config\\.\\w+|settings\\.\\w+/.test(line)) {\n return true;\n }\n \n // ============================================\n // SKIP: Lock files and package metadata\n // ============================================\n if (filePath.endsWith('package-lock.json') || \n filePath.endsWith('yarn.lock') ||\n filePath.endsWith('pnpm-lock.yaml') ||\n filePath.includes('node_modules/')) {\n return true;\n }\n \n // ============================================\n // SKIP: String in object definition (metadata, not code)\n // ============================================\n // Lines like: severity: 'critical', or category: 'secrets'\n if (/^\\s*(severity|category|type|level|priority|cwe|owasp)\\s*:\\s*['\"]/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // Category-specific false positive detection\n // ============================================\n \n // SQL Injection: Only flag in SQL contexts\n if (category === 'sql-injection') {\n const surroundingLines = getSurroundingLines(lines, match.line);\n if (!isInSQLContext(line, surroundingLines)) {\n return true;\n }\n }\n \n // Secrets: Very strict detection to avoid false positives\n if (category === 'secrets' || category === 'auth') {\n // Skip function parameters (function foo(password: string))\n if (/\\(\\s*[^)]*\\w+\\s*:\\s*(string|any)/.test(line)) {\n return true;\n }\n // Skip object destructuring ({ password })\n if (/\\{\\s*\\w*password\\w*\\s*(,|\\}|:)/.test(line) && !/'|\"|`/.test(line.split(/password/i)[1] || '')) {\n return true;\n }\n // Skip when reading from env or config\n if (/=\\s*(process\\.env|config\\.|options\\.|settings\\.|env\\.)/.test(line)) {\n return true;\n }\n // Skip variable declarations without string literals\n if (/password\\s*[=:](?!\\s*['\"`])/.test(line)) {\n return true;\n }\n // Skip if it's reading from another variable\n if (/password\\s*=\\s*\\w+(\\.|$)/.test(line) && !/'|\"|`/.test(line)) {\n return true;\n }\n // Skip error messages and logging about passwords\n if (/error|message|log|warn|info|debug|throw|new Error/i.test(line)) {\n return true;\n }\n // Skip regex patterns for password validation\n if (/regex|RegExp|\\/.*password.*\\//i.test(line)) {\n return true;\n }\n }\n \n // Logging: Skip in development/debug contexts\n if (category === 'logging') {\n // console.error is often intentional\n if (pattern === 'console.error(' || pattern === 'console.warn(') {\n return true;\n }\n // Skip if in catch block (error logging)\n if (/catch|error|err\\b/.test(line)) {\n return true;\n }\n }\n \n // Config patterns: Skip legitimate security config\n if (category === 'config') {\n // Skip when setting secure values\n if (/secure:\\s*true/.test(line) || /httpOnly:\\s*true/.test(line)) {\n return true;\n }\n // Skip environment-based config\n if (/NODE_ENV|process\\.env|production|development/.test(line)) {\n return true;\n }\n // Skip conditional configs\n if (/if\\s*\\(|ternary|\\?.*:/.test(line)) {\n return true;\n }\n }\n \n // Crypto: Skip in contexts where weak crypto is acceptable\n if (category === 'crypto') {\n // MD5/SHA1 for non-security purposes (checksums, cache keys)\n if (/checksum|hash.*file|etag|cache.*key|fingerprint|integrity|content.*hash/i.test(line)) {\n return true;\n }\n // Math.random for non-crypto purposes (UI, games, etc.)\n if (pattern === 'Math.random()') {\n // Only flag if in security context\n if (!/token|secret|password|key|auth|session|csrf|nonce/i.test(line)) {\n return true;\n }\n }\n }\n \n // Async: forEach async is sometimes intentional\n if (category === 'async') {\n // Skip if there's a comment indicating it's intentional\n if (/\\/\\/.*intentional|\\/\\/.*fire.?and.?forget|\\/\\/.*parallel/i.test(line)) {\n return true;\n }\n }\n \n // ============================================\n // SKIP: Validation/check patterns (not vulnerabilities)\n // ============================================\n // Skip password validation logic\n if (/password.*length|validate.*password|check.*password|verify.*password|is.*valid/i.test(line)) {\n return true;\n }\n \n // Skip comparison against hashed values\n if (/bcrypt|argon|scrypt|pbkdf|compare.*hash|hash.*compare|verify.*hash/i.test(line)) {\n return true;\n }\n \n // Skip schema definitions (Zod, Yup, etc.)\n if (/z\\.|yup\\.|joi\\.|schema|validation|validator/i.test(line)) {\n return true;\n }\n \n // ============================================\n // SKIP: Imports and requires\n // ============================================\n if (/^\\s*(import|require|from)\\s/.test(trimmedLine)) {\n return true;\n }\n \n // ============================================\n // SKIP: Example/Demo files\n // ============================================\n if (/example|demo|sample|tutorial|readme/i.test(filePath)) {\n return true;\n }\n \n return false;\n}\n\n/**\n * Check if file is a test file\n */\nfunction isTestFile(filePath: string): boolean {\n return /\\.(test|spec)\\.[jt]sx?$/.test(filePath) ||\n /__tests__\\//.test(filePath) ||\n /test\\//.test(filePath) ||\n /tests\\//.test(filePath) ||\n /\\.stories\\.[jt]sx?$/.test(filePath);\n}\n\n/**\n * Get vulnerability statistics\n */\nexport function getVulnerabilityStats(): { total: number; byCategory: Record<string, number>; bySeverity: Record<string, number> } {\n const byCategory: Record<string, number> = {};\n const bySeverity: Record<string, number> = {};\n \n for (const { metadata } of VULNERABILITY_PATTERNS) {\n const cat = metadata.category || 'unknown';\n const sev = metadata.severity || 'unknown';\n byCategory[cat] = (byCategory[cat] || 0) + 1;\n bySeverity[sev] = (bySeverity[sev] || 0) + 1;\n }\n \n return {\n total: VULNERABILITY_PATTERNS.length,\n byCategory,\n bySeverity,\n };\n}\n\n"],"mappings":";;;;;;;;;AAgCA,IAAM,wBAAwB;AAAA,EAC5B;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AACF;AAKA,IAAM,yBAAyB;AAAA,EAC7B;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAKO,SAAS,wBAAwB,UAA2B;AAEjE,QAAM,iBAAiB,SAAS,QAAQ,OAAO,GAAG;AAGlD,MAAI,sBAAsB,KAAK,aAAW,QAAQ,KAAK,cAAc,CAAC,GAAG;AACvE,WAAO;AAAA,EACT;AAGA,MAAI,eAAe,SAAS,MAAM,KAAK,eAAe,SAAS,OAAO,GAAG;AACvE,WAAO;AAAA,EACT;AAGA,QAAM,WAAW,eAAe,MAAM,GAAG,EAAE,IAAI,KAAK;AACpD,QAAM,qBAAqB;AAAA,IACzB;AAAA,IAA+B;AAAA,IAC/B;AAAA,IAA2B;AAAA,IAC3B;AAAA,IAAY;AAAA,IACZ;AAAA,IAAuB;AAAA,IACvB;AAAA,IAAkB;AAAA,IAClB;AAAA,IAAe;AAAA,IACf;AAAA,IAAc;AAAA,IACd;AAAA,IAAW;AAAA,EACb;AACA,MAAI,mBAAmB,SAAS,QAAQ,GAAG;AAEzC,QAAI,eAAe,SAAS,UAAU,KAAK,eAAe,SAAS,QAAQ,GAAG;AAC5E,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,kBAAkB,UAAkB,iBAAkC;AAEpF,MAAI,wBAAwB,QAAQ,GAAG;AACrC,WAAO;AAAA,EACT;AAIA,MAAI,oBAAoB,aAAa,oBAAoB,mBAAmB;AAC1E,WAAO;AAAA,EACT;AAGA,SAAO,uBAAuB,KAAK,aAAW,QAAQ,KAAK,QAAQ,CAAC;AACtE;AAKA,IAAM,uBAAuB;AAAA,EAC3B;AAAA,EAAU;AAAA,EAAU;AAAA,EAAU;AAAA,EAAU;AAAA,EAAQ;AAAA,EAAS;AAAA,EACzD;AAAA,EAAS;AAAA,EAAW;AAAA,EAAO;AAAA,EAAU;AAAA,EAAQ;AAAA,EAC7C;AAAA,EAAsB;AAAA,EAAY;AACpC;AAKA,SAAS,eAAe,MAAc,kBAAqC;AACzE,QAAM,aAAa,CAAC,MAAM,GAAG,gBAAgB,EAAE,KAAK,GAAG,EAAE,YAAY;AACrE,SAAO,qBAAqB;AAAA,IAAK,aAC/B,WAAW,SAAS,QAAQ,YAAY,CAAC;AAAA,EAC3C;AACF;AAKA,IAAM,yBAGD;AAAA;AAAA;AAAA;AAAA,EAIH;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,MACR,MAAM;AAAA,MACN,UAAU;AAAA,MACV,UAAU;AAAA,MACV,aAAa;AAAA,MACb,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AAAA,EACF;AACF;AAMA,IAAI,oBAAyD;AAEtD,SAAS,uBAAqD;AACnE,MAAI,CAAC,mBAAmB;AACtB,wBAAoB,IAAI,YAA6B;AAErD,eAAW,EAAE,SAAS,SAAS,KAAK,wBAAwB;AAC1D,wBAAkB,WAAW,SAAS,UAAU,QAAQ;AAAA,IAC1D;AAEA,sBAAkB,MAAM;AACxB,QAAI,CAAC,kBAAkB,GAAG;AACxB,cAAQ,MAAM,aAAa,uBAAuB,MAAM,qCAAqC;AAAA,IAC/F;AAAA,EACF;AAEA,SAAO;AACT;AAMO,SAAS,uBAAuB,MAAc,UAAwC;AAE3F,MAAI,wBAAwB,QAAQ,GAAG;AACrC,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,OAAO,qBAAqB;AAClC,QAAM,aAAa,KAAK,OAAO,IAAI;AACnC,QAAM,QAAQ,KAAK,MAAM,IAAI;AAG7B,QAAM,UAAgC,CAAC;AACvC,QAAM,OAAO,oBAAI,IAAY;AAE7B,aAAW,SAAS,YAAY;AAE9B,UAAM,MAAM,GAAG,MAAM,IAAI,IAAI,MAAM,OAAO;AAC1C,QAAI,KAAK,IAAI,GAAG,EAAG;AACnB,SAAK,IAAI,GAAG;AAEZ,UAAM,OAAO,MAAM;AAGnB,QAAI,kBAAkB,UAAU,KAAK,YAAY,EAAE,EAAG;AAGtD,QAAI,gBAAgB,MAAM,OAAO,UAAU,KAAK,EAAG;AAEnD,UAAM,YAAgC;AAAA,MACpC,SAAS,MAAM;AAAA,MACf,MAAM,MAAM;AAAA,MACZ,QAAQ,MAAM;AAAA,MACd,UAAU,KAAK;AAAA,MACf,UAAU,KAAK,YAAY;AAAA,MAC3B,aAAa,KAAK,eAAe;AAAA,MACjC,KAAK,KAAK,OAAO;AAAA,IACnB;AACA,QAAI,KAAK,QAAQ,QAAW;AAC1B,gBAAU,MAAM,KAAK;AAAA,IACvB;AACA,YAAQ,KAAK,SAAS;AAAA,EACxB;AAEA,SAAO;AACT;AAKA,SAAS,oBAAoB,OAAiB,SAAiB,QAAgB,GAAa;AAC1F,QAAM,QAAQ,KAAK,IAAI,GAAG,UAAU,QAAQ,CAAC;AAC7C,QAAM,MAAM,KAAK,IAAI,MAAM,QAAQ,UAAU,KAAK;AAClD,SAAO,MAAM,MAAM,OAAO,GAAG;AAC/B;AAKA,SAAS,gBAAgB,OAAe,OAAY,UAAkB,OAA0B;AAC9F,QAAM,OAAO,MAAM,MAAM,OAAO,CAAC,KAAK;AACtC,QAAM,cAAc,KAAK,KAAK;AAC9B,QAAM,UAAU,MAAM;AACtB,QAAM,WAAW,MAAM,UAAU,YAAY;AAK7C,MAAI,SAAS,SAAS,WAAW,KAC7B,SAAS,SAAS,UAAU,KAC5B,SAAS,SAAS,OAAO,GAAG;AAE9B,QAAI,iBAAiB,KAAK,IAAI,GAAG;AAC/B,aAAO;AAAA,IACT;AAAA,EACF;AAIA,MAAI,4CAA4C,KAAK,WAAW,GAAG;AACjE,WAAO;AAAA,EACT;AAKA,MAAI,WAAW,QAAQ,GAAG;AAGxB,QAAI,aAAa,WAAW;AAE1B,UAAI,2DAA2D,KAAK,IAAI,GAAG;AACzE,eAAO;AAAA,MACT;AAEA,UAAI,+GAA+G,KAAK,IAAI,GAAG;AAC7H,eAAO;AAAA,MACT;AAEA,UAAI,kFAAkF,KAAK,IAAI,GAAG;AAChG,eAAO;AAAA,MACT;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAKA,MAAI,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,KAC1B,YAAY,WAAW,IAAI,KAC3B,YAAY,WAAW,GAAG,KAC1B,YAAY,WAAW,MAAM,GAAG;AAClC,WAAO;AAAA,EACT;AAGA,MAAI,WAAW,KAAK,IAAI,KAAK,iDAAiD,KAAK,IAAI,GAAG;AACxF,WAAO;AAAA,EACT;AAGA,MAAI,4DAA4D,KAAK,WAAW,GAAG;AACjF,WAAO;AAAA,EACT;AAKA,MAAI,0DAA0D,KAAK,IAAI,GAAG;AACxE,WAAO;AAAA,EACT;AAGA,MAAI,2EAA2E,KAAK,IAAI,GAAG;AACzF,WAAO;AAAA,EACT;AAGA,MAAI,kDAAkD,KAAK,WAAW,GAAG;AACvE,WAAO;AAAA,EACT;AAKA,MAAI,gGAAgG,KAAK,IAAI,GAAG;AAC9G,WAAO;AAAA,EACT;AAKA,MAAI,SAAS,SAAS,mBAAmB,KACrC,SAAS,SAAS,WAAW,KAC7B,SAAS,SAAS,gBAAgB,KAClC,SAAS,SAAS,eAAe,GAAG;AACtC,WAAO;AAAA,EACT;AAMA,MAAI,mEAAmE,KAAK,WAAW,GAAG;AACxF,WAAO;AAAA,EACT;AAOA,MAAI,aAAa,iBAAiB;AAChC,UAAM,mBAAmB,oBAAoB,OAAO,MAAM,IAAI;AAC9D,QAAI,CAAC,eAAe,MAAM,gBAAgB,GAAG;AAC3C,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,aAAa,aAAa,QAAQ;AAEjD,QAAI,mCAAmC,KAAK,IAAI,GAAG;AACjD,aAAO;AAAA,IACT;AAEA,QAAI,iCAAiC,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,KAAK,MAAM,WAAW,EAAE,CAAC,KAAK,EAAE,GAAG;AAClG,aAAO;AAAA,IACT;AAEA,QAAI,yDAAyD,KAAK,IAAI,GAAG;AACvE,aAAO;AAAA,IACT;AAEA,QAAI,8BAA8B,KAAK,IAAI,GAAG;AAC5C,aAAO;AAAA,IACT;AAEA,QAAI,2BAA2B,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,GAAG;AAChE,aAAO;AAAA,IACT;AAEA,QAAI,qDAAqD,KAAK,IAAI,GAAG;AACnE,aAAO;AAAA,IACT;AAEA,QAAI,iCAAiC,KAAK,IAAI,GAAG;AAC/C,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,WAAW;AAE1B,QAAI,YAAY,oBAAoB,YAAY,iBAAiB;AAC/D,aAAO;AAAA,IACT;AAEA,QAAI,oBAAoB,KAAK,IAAI,GAAG;AAClC,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,UAAU;AAEzB,QAAI,iBAAiB,KAAK,IAAI,KAAK,mBAAmB,KAAK,IAAI,GAAG;AAChE,aAAO;AAAA,IACT;AAEA,QAAI,+CAA+C,KAAK,IAAI,GAAG;AAC7D,aAAO;AAAA,IACT;AAEA,QAAI,wBAAwB,KAAK,IAAI,GAAG;AACtC,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,aAAa,UAAU;AAEzB,QAAI,2EAA2E,KAAK,IAAI,GAAG;AACzF,aAAO;AAAA,IACT;AAEA,QAAI,YAAY,iBAAiB;AAE/B,UAAI,CAAC,qDAAqD,KAAK,IAAI,GAAG;AACpE,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAGA,MAAI,aAAa,SAAS;AAExB,QAAI,4DAA4D,KAAK,IAAI,GAAG;AAC1E,aAAO;AAAA,IACT;AAAA,EACF;AAMA,MAAI,kFAAkF,KAAK,IAAI,GAAG;AAChG,WAAO;AAAA,EACT;AAGA,MAAI,sEAAsE,KAAK,IAAI,GAAG;AACpF,WAAO;AAAA,EACT;AAGA,MAAI,+CAA+C,KAAK,IAAI,GAAG;AAC7D,WAAO;AAAA,EACT;AAKA,MAAI,8BAA8B,KAAK,WAAW,GAAG;AACnD,WAAO;AAAA,EACT;AAKA,MAAI,uCAAuC,KAAK,QAAQ,GAAG;AACzD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAKA,SAAS,WAAW,UAA2B;AAC7C,SAAO,0BAA0B,KAAK,QAAQ,KACvC,cAAc,KAAK,QAAQ,KAC3B,SAAS,KAAK,QAAQ,KACtB,UAAU,KAAK,QAAQ,KACvB,sBAAsB,KAAK,QAAQ;AAC5C;AAKO,SAAS,wBAAmH;AACjI,QAAM,aAAqC,CAAC;AAC5C,QAAM,aAAqC,CAAC;AAE5C,aAAW,EAAE,SAAS,KAAK,wBAAwB;AACjD,UAAM,MAAM,SAAS,YAAY;AACjC,UAAM,MAAM,SAAS,YAAY;AACjC,eAAW,GAAG,KAAK,WAAW,GAAG,KAAK,KAAK;AAC3C,eAAW,GAAG,KAAK,WAAW,GAAG,KAAK,KAAK;AAAA,EAC7C;AAEA,SAAO;AAAA,IACL,OAAO,uBAAuB;AAAA,IAC9B;AAAA,IACA;AAAA,EACF;AACF;","names":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@triedotdev/mcp",
3
- "version": "1.0.167",
3
+ "version": "1.0.169",
4
4
  "description": "Governance ledger for agent-human teams. Decision memory that travels from Cursor to CLI to CI/CD.",
5
5
  "main": "dist/index.js",
6
6
  "type": "module",