npm - @vibecheckai/cli - Versions diffs - 3.5.1 → 3.5.2 - Mend

@vibecheckai/cli 3.5.1 → 3.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/bin/registry.js +406 -154
package/bin/runners/context/analyzer.js +52 -1
package/bin/runners/context/generators/mcp.js +15 -13
package/bin/runners/context/git-context.js +3 -1
package/bin/runners/context/proof-context.js +248 -1
package/bin/runners/context/team-conventions.js +33 -7
package/bin/runners/lib/agent-firewall/ai/false-positive-analyzer.js +474 -0
package/bin/runners/lib/agent-firewall/change-packet/builder.js +488 -0
package/bin/runners/lib/agent-firewall/change-packet/schema.json +228 -0
package/bin/runners/lib/agent-firewall/change-packet/store.js +200 -0
package/bin/runners/lib/agent-firewall/claims/claim-types.js +21 -0
package/bin/runners/lib/agent-firewall/claims/extractor.js +303 -0
package/bin/runners/lib/agent-firewall/claims/patterns.js +24 -0
package/bin/runners/lib/agent-firewall/critic/index.js +151 -0
package/bin/runners/lib/agent-firewall/critic/judge.js +432 -0
package/bin/runners/lib/agent-firewall/critic/prompts.js +305 -0
package/bin/runners/lib/agent-firewall/evidence/auth-evidence.js +88 -0
package/bin/runners/lib/agent-firewall/evidence/contract-evidence.js +75 -0
package/bin/runners/lib/agent-firewall/evidence/env-evidence.js +127 -0
package/bin/runners/lib/agent-firewall/evidence/resolver.js +102 -0
package/bin/runners/lib/agent-firewall/evidence/route-evidence.js +213 -0
package/bin/runners/lib/agent-firewall/evidence/side-effect-evidence.js +145 -0
package/bin/runners/lib/agent-firewall/fs-hook/daemon.js +19 -0
package/bin/runners/lib/agent-firewall/fs-hook/installer.js +87 -0
package/bin/runners/lib/agent-firewall/fs-hook/watcher.js +184 -0
package/bin/runners/lib/agent-firewall/git-hook/pre-commit.js +163 -0
package/bin/runners/lib/agent-firewall/ide-extension/cursor.js +107 -0
package/bin/runners/lib/agent-firewall/ide-extension/vscode.js +68 -0
package/bin/runners/lib/agent-firewall/ide-extension/windsurf.js +66 -0
package/bin/runners/lib/agent-firewall/interceptor/base.js +304 -0
package/bin/runners/lib/agent-firewall/interceptor/cursor.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/vscode.js +35 -0
package/bin/runners/lib/agent-firewall/interceptor/windsurf.js +34 -0
package/bin/runners/lib/agent-firewall/lawbook/distributor.js +465 -0
package/bin/runners/lib/agent-firewall/lawbook/evaluator.js +604 -0
package/bin/runners/lib/agent-firewall/lawbook/index.js +304 -0
package/bin/runners/lib/agent-firewall/lawbook/registry.js +514 -0
package/bin/runners/lib/agent-firewall/lawbook/schema.js +420 -0
package/bin/runners/lib/agent-firewall/logger.js +141 -0
package/bin/runners/lib/agent-firewall/policy/default-policy.json +90 -0
package/bin/runners/lib/agent-firewall/policy/engine.js +103 -0
package/bin/runners/lib/agent-firewall/policy/loader.js +451 -0
package/bin/runners/lib/agent-firewall/policy/rules/auth-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/contract-drift.js +50 -0
package/bin/runners/lib/agent-firewall/policy/rules/fake-success.js +86 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-env.js +162 -0
package/bin/runners/lib/agent-firewall/policy/rules/ghost-route.js +189 -0
package/bin/runners/lib/agent-firewall/policy/rules/scope.js +93 -0
package/bin/runners/lib/agent-firewall/policy/rules/unsafe-side-effect.js +57 -0
package/bin/runners/lib/agent-firewall/policy/schema.json +183 -0
package/bin/runners/lib/agent-firewall/policy/verdict.js +54 -0
package/bin/runners/lib/agent-firewall/proposal/extractor.js +394 -0
package/bin/runners/lib/agent-firewall/proposal/index.js +212 -0
package/bin/runners/lib/agent-firewall/proposal/schema.js +251 -0
package/bin/runners/lib/agent-firewall/proposal/validator.js +386 -0
package/bin/runners/lib/agent-firewall/reality/index.js +332 -0
package/bin/runners/lib/agent-firewall/reality/state.js +625 -0
package/bin/runners/lib/agent-firewall/reality/watcher.js +322 -0
package/bin/runners/lib/agent-firewall/risk/index.js +173 -0
package/bin/runners/lib/agent-firewall/risk/scorer.js +328 -0
package/bin/runners/lib/agent-firewall/risk/thresholds.js +321 -0
package/bin/runners/lib/agent-firewall/risk/vectors.js +421 -0
package/bin/runners/lib/agent-firewall/simulator/diff-simulator.js +472 -0
package/bin/runners/lib/agent-firewall/simulator/import-resolver.js +346 -0
package/bin/runners/lib/agent-firewall/simulator/index.js +181 -0
package/bin/runners/lib/agent-firewall/simulator/route-validator.js +380 -0
package/bin/runners/lib/agent-firewall/time-machine/incident-correlator.js +661 -0
package/bin/runners/lib/agent-firewall/time-machine/index.js +267 -0
package/bin/runners/lib/agent-firewall/time-machine/replay-engine.js +436 -0
package/bin/runners/lib/agent-firewall/time-machine/state-reconstructor.js +490 -0
package/bin/runners/lib/agent-firewall/time-machine/timeline-builder.js +530 -0
package/bin/runners/lib/agent-firewall/truthpack/index.js +67 -0
package/bin/runners/lib/agent-firewall/truthpack/loader.js +137 -0
package/bin/runners/lib/agent-firewall/unblock/planner.js +337 -0
package/bin/runners/lib/agent-firewall/utils/ignore-checker.js +118 -0
package/bin/runners/lib/analysis-core.js +220 -182
package/bin/runners/lib/analyzers.js +2145 -224
package/bin/runners/lib/api-client.js +269 -0
package/bin/runners/lib/authority-badge.js +425 -0
package/bin/runners/lib/cli-output.js +242 -210
package/bin/runners/lib/default-config.js +127 -0
package/bin/runners/lib/detectors-v2.js +547 -785
package/bin/runners/lib/doctor/modules/security.js +3 -1
package/bin/runners/lib/engine/ast-cache.js +210 -0
package/bin/runners/lib/engine/auth-extractor.js +211 -0
package/bin/runners/lib/engine/billing-extractor.js +112 -0
package/bin/runners/lib/engine/enforcement-extractor.js +100 -0
package/bin/runners/lib/engine/env-extractor.js +207 -0
package/bin/runners/lib/engine/express-extractor.js +208 -0
package/bin/runners/lib/engine/extractors.js +849 -0
package/bin/runners/lib/engine/index.js +207 -0
package/bin/runners/lib/engine/repo-index.js +514 -0
package/bin/runners/lib/engine/types.js +124 -0
package/bin/runners/lib/engines/accessibility-engine.js +190 -0
package/bin/runners/lib/engines/api-consistency-engine.js +162 -0
package/bin/runners/lib/engines/ast-cache.js +99 -0
package/bin/runners/lib/engines/code-quality-engine.js +255 -0
package/bin/runners/lib/engines/console-logs-engine.js +115 -0
package/bin/runners/lib/engines/cross-file-analysis-engine.js +268 -0
package/bin/runners/lib/engines/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/deprecated-api-engine.js +226 -0
package/bin/runners/lib/engines/empty-catch-engine.js +150 -0
package/bin/runners/lib/engines/file-filter.js +131 -0
package/bin/runners/lib/engines/hardcoded-secrets-engine.js +251 -0
package/bin/runners/lib/engines/mock-data-engine.js +272 -0
package/bin/runners/lib/engines/parallel-processor.js +71 -0
package/bin/runners/lib/engines/performance-issues-engine.js +265 -0
package/bin/runners/lib/engines/security-vulnerabilities-engine.js +243 -0
package/bin/runners/lib/engines/todo-fixme-engine.js +115 -0
package/bin/runners/lib/engines/type-aware-engine.js +152 -0
package/bin/runners/lib/engines/unsafe-regex-engine.js +225 -0
package/bin/runners/lib/engines/vibecheck-engines/README.md +53 -0
package/bin/runners/lib/engines/vibecheck-engines/index.js +15 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/ast-cache.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/code-quality-engine.js +291 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/console-logs-engine.js +83 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/dead-code-engine.js +198 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/deprecated-api-engine.js +275 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/empty-catch-engine.js +167 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/file-filter.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/hardcoded-secrets-engine.js +139 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/mock-data-engine.js +140 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/parallel-processor.js +164 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/performance-issues-engine.js +234 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/type-aware-engine.js +217 -0
package/bin/runners/lib/engines/vibecheck-engines/lib/unsafe-regex-engine.js +78 -0
package/bin/runners/lib/engines/vibecheck-engines/package.json +13 -0
package/bin/runners/lib/entitlements-v2.js +152 -446
package/bin/runners/lib/error-handler.js +60 -12
package/bin/runners/lib/error-messages.js +289 -0
package/bin/runners/lib/evidence-pack.js +7 -1
package/bin/runners/lib/exit-codes.js +275 -0
package/bin/runners/lib/finding-id.js +69 -0
package/bin/runners/lib/finding-sorter.js +89 -0
package/bin/runners/lib/fingerprint.js +377 -0
package/bin/runners/lib/global-flags.js +37 -0
package/bin/runners/lib/help-formatter.js +413 -0
package/bin/runners/lib/logger.js +38 -0
package/bin/runners/lib/next-action.js +560 -0
package/bin/runners/lib/prerequisites.js +149 -0
package/bin/runners/lib/route-detection.js +137 -68
package/bin/runners/lib/route-truth.js +1167 -322
package/bin/runners/lib/scan-output.js +504 -463
package/bin/runners/lib/scan-runner.js +135 -0
package/bin/runners/lib/schemas/ajv-validator.js +464 -0
package/bin/runners/lib/schemas/error-envelope.schema.json +105 -0
package/bin/runners/lib/schemas/finding-v3.schema.json +151 -0
package/bin/runners/lib/schemas/report-artifact.schema.json +120 -0
package/bin/runners/lib/schemas/run-request.schema.json +108 -0
package/bin/runners/lib/schemas/validator.js +27 -0
package/bin/runners/lib/schemas/verdict.schema.json +140 -0
package/bin/runners/lib/ship-output-enterprise.js +239 -0
package/bin/runners/lib/ship-output.js +328 -31
package/bin/runners/lib/terminal-ui.js +234 -731
package/bin/runners/lib/truth.js +1332 -308
package/bin/runners/lib/unified-cli-output.js +604 -0
package/bin/runners/lib/unified-output.js +163 -155
package/bin/runners/lib/upsell.js +104 -204
package/bin/runners/runAgent.d.ts +5 -0
package/bin/runners/runAgent.js +161 -0
package/bin/runners/runAllowlist.js +166 -101
package/bin/runners/runApprove.js +1200 -0
package/bin/runners/runAuth.js +373 -95
package/bin/runners/runCheckpoint.js +59 -21
package/bin/runners/runClassify.js +926 -0
package/bin/runners/runContext.d.ts +4 -0
package/bin/runners/runContext.js +136 -24
package/bin/runners/runDoctor.js +115 -67
package/bin/runners/runEvidencePack.js +239 -96
package/bin/runners/runFirewall.d.ts +5 -0
package/bin/runners/runFirewall.js +134 -0
package/bin/runners/runFirewallHook.d.ts +5 -0
package/bin/runners/runFirewallHook.js +56 -0
package/bin/runners/runFix.js +6 -5
package/bin/runners/runGuard.js +212 -118
package/bin/runners/runInit.js +66 -21
package/bin/runners/runLabs.js +204 -121
package/bin/runners/runMcp.js +131 -60
package/bin/runners/runPolish.d.ts +4 -0
package/bin/runners/runPolish.js +43 -20
package/bin/runners/runProof.zip +0 -0
package/bin/runners/runProve.js +15 -5
package/bin/runners/runQuickstart.js +531 -0
package/bin/runners/runReality.js +14 -0
package/bin/runners/runReport.js +36 -4
package/bin/runners/runScan.js +689 -91
package/bin/runners/runShip.js +96 -40
package/bin/runners/runTruth.d.ts +5 -0
package/bin/runners/runTruth.js +101 -0
package/bin/runners/runValidate.js +21 -4
package/bin/runners/runWatch.js +118 -54
package/bin/scan.js +6 -1
package/bin/vibecheck.js +297 -52
package/mcp-server/HARDENING_SUMMARY.md +299 -0
package/mcp-server/agent-firewall-interceptor.js +500 -0
package/mcp-server/authority-tools.js +569 -0
package/mcp-server/conductor/conflict-resolver.js +588 -0
package/mcp-server/conductor/execution-planner.js +544 -0
package/mcp-server/conductor/index.js +377 -0
package/mcp-server/conductor/lock-manager.js +615 -0
package/mcp-server/conductor/request-queue.js +550 -0
package/mcp-server/conductor/session-manager.js +500 -0
package/mcp-server/conductor/tools.js +510 -0
package/mcp-server/deprecation-middleware.js +282 -0
package/mcp-server/handlers/index.ts +15 -0
package/mcp-server/handlers/tool-handler.ts +474 -591
package/mcp-server/index.js +1748 -1099
package/mcp-server/lib/api-client.cjs +13 -0
package/mcp-server/lib/cache-wrapper.cjs +383 -0
package/mcp-server/lib/error-envelope.js +138 -0
package/mcp-server/lib/executor.ts +428 -721
package/mcp-server/lib/index.ts +19 -0
package/mcp-server/lib/logger.cjs +30 -0
package/mcp-server/lib/rate-limiter.js +166 -0
package/mcp-server/lib/sandbox.test.ts +519 -0
package/mcp-server/lib/sandbox.ts +342 -284
package/mcp-server/lib/types.ts +267 -0
package/mcp-server/logger.js +173 -0
package/mcp-server/package.json +11 -27
package/mcp-server/premium-tools.js +2 -2
package/mcp-server/registry/tool-registry.js +794 -0
package/mcp-server/registry/tools.json +507 -378
package/mcp-server/registry.test.ts +334 -0
package/mcp-server/tests/tier-gating.test.js +297 -0
package/mcp-server/tier-auth.js +492 -347
package/mcp-server/tools-v3.js +950 -0
package/mcp-server/truth-context.js +131 -90
package/mcp-server/truth-firewall-tools.js +1612 -1001
package/mcp-server/tsconfig.json +8 -5
package/mcp-server/vibecheck-2.0-tools.js +14 -1
package/mcp-server/vibecheck-mcp-server-3.2.0.tgz +0 -0
package/mcp-server/vibecheck-tools.js +2 -2
package/package.json +4 -3
package/bin/runners/runInstall.js +0 -281
package/mcp-server/ARCHITECTURE.md +0 -339
package/mcp-server/__tests__/cache.test.ts +0 -313
package/mcp-server/__tests__/executor.test.ts +0 -239
package/mcp-server/__tests__/fixtures/exclusion-test/.cache/webpack/cache.pack +0 -1
package/mcp-server/__tests__/fixtures/exclusion-test/.next/server/chunk.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.turbo/cache.json +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/.venv/lib/env.py +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/dist/bundle.js +0 -3
package/mcp-server/__tests__/fixtures/exclusion-test/package.json +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/src/app.ts +0 -5
package/mcp-server/__tests__/fixtures/exclusion-test/venv/lib/config.py +0 -4
package/mcp-server/__tests__/ids.test.ts +0 -345
package/mcp-server/__tests__/integration/tools.test.ts +0 -410
package/mcp-server/__tests__/registry.test.ts +0 -365
package/mcp-server/__tests__/sandbox.test.ts +0 -323
package/mcp-server/__tests__/schemas.test.ts +0 -372
package/mcp-server/benchmarks/run-benchmarks.ts +0 -304
package/mcp-server/examples/doctor.request.json +0 -14
package/mcp-server/examples/doctor.response.json +0 -53
package/mcp-server/examples/error.response.json +0 -15
package/mcp-server/examples/scan.request.json +0 -14
package/mcp-server/examples/scan.response.json +0 -108
package/mcp-server/index-v3.ts +0 -293
package/mcp-server/index.old.js +0 -4137
package/mcp-server/lib/cache.ts +0 -341
package/mcp-server/lib/errors.ts +0 -346
package/mcp-server/lib/ids.ts +0 -238
package/mcp-server/lib/logger.ts +0 -368
package/mcp-server/lib/metrics.ts +0 -365
package/mcp-server/lib/validator.ts +0 -229
package/mcp-server/package-lock.json +0 -165
package/mcp-server/schemas/error-envelope.schema.json +0 -125
package/mcp-server/schemas/finding.schema.json +0 -167
package/mcp-server/schemas/report-artifact.schema.json +0 -88
package/mcp-server/schemas/run-request.schema.json +0 -75
package/mcp-server/schemas/verdict.schema.json +0 -168
package/mcp-server/tier-auth.d.ts +0 -71
package/mcp-server/vitest.config.ts +0 -16

package/bin/runners/lib/agent-firewall/simulator/route-validator.js ADDED Viewed

@@ -0,0 +1,380 @@
+/**
+ * Route Validator
+ *
+ * Validates route definitions after simulated changes.
+ * Checks for orphaned routes, duplicate routes, and broken route handlers.
+ */
+"use strict";
+const path = require("path");
+/**
+ * Extract route definitions from source code
+ * @param {string} content - File content
+ * @param {string} filePath - File path for context
+ * @returns {Array} Array of route objects
+ */
+function extractRoutes(content, filePath) {
+  const routes = [];
+  const fileType = detectFileType(filePath, content);
+  switch (fileType) {
+    case "fastify":
+      routes.push(...extractFastifyRoutes(content, filePath));
+      break;
+    case "express":
+      routes.push(...extractExpressRoutes(content, filePath));
+      break;
+    case "nextjs-api":
+      routes.push(...extractNextJsApiRoutes(content, filePath));
+      break;
+    case "nextjs-app":
+      routes.push(...extractNextJsAppRoutes(content, filePath));
+      break;
+    default:
+      // Try all extractors
+      routes.push(...extractGenericRoutes(content, filePath));
+  }
+  return routes;
+}
+/**
+ * Detect the type of routing framework used
+ */
+function detectFileType(filePath, content) {
+  const lowerPath = filePath.toLowerCase();
+  // Next.js App Router
+  if (lowerPath.includes("/app/") && (lowerPath.endsWith("route.ts") || lowerPath.endsWith("route.js"))) {
+    return "nextjs-app";
+  }
+  // Next.js Pages API
+  if (lowerPath.includes("/pages/api/") || lowerPath.includes("/api/")) {
+    return "nextjs-api";
+  }
+  // Fastify
+  if (content.includes("fastify.") || content.includes("app.register") || content.includes(".route({")) {
+    return "fastify";
+  }
+  // Express
+  if (content.includes("express.Router") || content.includes("router.get") || content.includes("app.use")) {
+    return "express";
+  }
+  return "unknown";
+}
+/**
+ * Extract Fastify routes
+ */
+function extractFastifyRoutes(content, filePath) {
+  const routes = [];
+  const methods = ["get", "post", "put", "patch", "delete", "head", "options"];
+  for (const method of methods) {
+    // Pattern: fastify.get('/path', handler) or app.get('/path', handler)
+    const regex = new RegExp(`(?:fastify|app|server)\\.${method}\\s*\\(\\s*['"\`]([^'"\`]+)['"\`]`, "gi");
+    let match;
+    while ((match = regex.exec(content)) !== null) {
+      routes.push({
+        method: method.toUpperCase(),
+        path: match[1],
+        file: filePath,
+        line: content.substring(0, match.index).split("\n").length,
+        type: "fastify",
+      });
+    }
+  }
+  // Pattern: .route({ method: 'GET', url: '/path' })
+  const routeObjRegex = /\.route\s*\(\s*\{[^}]*method:\s*['"](\w+)['"][^}]*url:\s*['"]([^'"]+)['"][^}]*\}/gi;
+  let match;
+  while ((match = routeObjRegex.exec(content)) !== null) {
+    routes.push({
+      method: match[1].toUpperCase(),
+      path: match[2],
+      file: filePath,
+      line: content.substring(0, match.index).split("\n").length,
+      type: "fastify",
+    });
+  }
+  return routes;
+}
+/**
+ * Extract Express routes
+ */
+function extractExpressRoutes(content, filePath) {
+  const routes = [];
+  const methods = ["get", "post", "put", "patch", "delete", "head", "options", "all"];
+  for (const method of methods) {
+    // Pattern: router.get('/path', handler) or app.get('/path', handler)
+    const regex = new RegExp(`(?:router|app)\\.${method}\\s*\\(\\s*['"\`]([^'"\`]+)['"\`]`, "gi");
+    let match;
+    while ((match = regex.exec(content)) !== null) {
+      routes.push({
+        method: method.toUpperCase(),
+        path: match[1],
+        file: filePath,
+        line: content.substring(0, match.index).split("\n").length,
+        type: "express",
+      });
+    }
+  }
+  // Pattern: app.use('/prefix', router)
+  const useRegex = /(?:router|app)\.use\s*\(\s*['"]([^'"]+)['"]\s*,/g;
+  let match;
+  while ((match = useRegex.exec(content)) !== null) {
+    routes.push({
+      method: "USE",
+      path: match[1],
+      file: filePath,
+      line: content.substring(0, match.index).split("\n").length,
+      type: "express-middleware",
+    });
+  }
+  return routes;
+}
+/**
+ * Extract Next.js API routes
+ */
+function extractNextJsApiRoutes(content, filePath) {
+  const routes = [];
+  // Derive route path from file path
+  const apiMatch = filePath.match(/(?:pages\/api|app)\/(.+?)\.(ts|js|tsx|jsx)$/);
+  if (apiMatch) {
+    let routePath = "/" + apiMatch[1].replace(/\\/g, "/");
+    // Handle index files
+    if (routePath.endsWith("/index")) {
+      routePath = routePath.slice(0, -6) || "/";
+    }
+    // Handle dynamic routes
+    routePath = routePath.replace(/\[([^\]]+)\]/g, ":$1");
+    // Check for exported methods
+    const methods = [];
+    if (content.includes("export default") || content.includes("export async function handler")) {
+      methods.push("GET", "POST", "PUT", "DELETE", "PATCH");
+    }
+    if (content.match(/export\s+(?:async\s+)?function\s+GET/)) methods.push("GET");
+    if (content.match(/export\s+(?:async\s+)?function\s+POST/)) methods.push("POST");
+    if (content.match(/export\s+(?:async\s+)?function\s+PUT/)) methods.push("PUT");
+    if (content.match(/export\s+(?:async\s+)?function\s+DELETE/)) methods.push("DELETE");
+    if (content.match(/export\s+(?:async\s+)?function\s+PATCH/)) methods.push("PATCH");
+    // Default to GET if no explicit methods found
+    if (methods.length === 0) {
+      methods.push("ALL");
+    }
+    for (const method of [...new Set(methods)]) {
+      routes.push({
+        method,
+        path: `/api${routePath}`,
+        file: filePath,
+        line: 1,
+        type: "nextjs-api",
+      });
+    }
+  }
+  return routes;
+}
+/**
+ * Extract Next.js App Router routes
+ */
+function extractNextJsAppRoutes(content, filePath) {
+  const routes = [];
+  // Derive route path from file path
+  const appMatch = filePath.match(/app\/(.+?)\/route\.(ts|js)$/);
+  if (appMatch) {
+    let routePath = "/" + appMatch[1].replace(/\\/g, "/");
+    // Handle dynamic routes
+    routePath = routePath.replace(/\[([^\]]+)\]/g, ":$1");
+    // Check for exported methods
+    const methods = [];
+    if (content.match(/export\s+(?:async\s+)?function\s+GET/)) methods.push("GET");
+    if (content.match(/export\s+(?:async\s+)?function\s+POST/)) methods.push("POST");
+    if (content.match(/export\s+(?:async\s+)?function\s+PUT/)) methods.push("PUT");
+    if (content.match(/export\s+(?:async\s+)?function\s+DELETE/)) methods.push("DELETE");
+    if (content.match(/export\s+(?:async\s+)?function\s+PATCH/)) methods.push("PATCH");
+    if (content.match(/export\s+(?:async\s+)?function\s+HEAD/)) methods.push("HEAD");
+    if (content.match(/export\s+(?:async\s+)?function\s+OPTIONS/)) methods.push("OPTIONS");
+    for (const method of methods) {
+      routes.push({
+        method,
+        path: routePath,
+        file: filePath,
+        line: 1,
+        type: "nextjs-app",
+      });
+    }
+  }
+  return routes;
+}
+/**
+ * Extract generic routes
+ */
+function extractGenericRoutes(content, filePath) {
+  const routes = [];
+  const methods = ["get", "post", "put", "patch", "delete"];
+  for (const method of methods) {
+    // Generic pattern: .method('path' or .method('/path'
+    const regex = new RegExp(`\\.${method}\\s*\\(\\s*['"\`](/[^'"\`]*|[^'"\`]+)['"\`]`, "gi");
+    let match;
+    while ((match = regex.exec(content)) !== null) {
+      const routePath = match[1];
+      if (routePath.startsWith("/") || routePath.includes("api")) {
+        routes.push({
+          method: method.toUpperCase(),
+          path: routePath,
+          file: filePath,
+          line: content.substring(0, match.index).split("\n").length,
+          type: "generic",
+        });
+      }
+    }
+  }
+  return routes;
+}
+/**
+ * Validate routes after changes
+ * @param {Array} originalRoutes - Original routes
+ * @param {Map} changedFiles - Changed files (path -> content)
+ * @param {Set} deletedFiles - Deleted files
+ * @returns {Object} Validation result
+ */
+function validateRoutes(originalRoutes, changedFiles, deletedFiles) {
+  const issues = [];
+  const newRoutes = [];
+  const orphanedRoutes = [];
+  const duplicates = [];
+  // Extract routes from changed files
+  for (const [filePath, content] of changedFiles) {
+    const routes = extractRoutes(content, filePath);
+    newRoutes.push(...routes);
+  }
+  // Check for orphaned routes (routes whose handlers are deleted)
+  for (const route of originalRoutes) {
+    if (deletedFiles.has(route.file)) {
+      orphanedRoutes.push({
+        route,
+        issue: "Route handler file was deleted",
+      });
+    }
+  }
+  // Check for duplicates
+  const routeMap = new Map();
+  for (const route of newRoutes) {
+    const key = `${route.method}:${route.path}`;
+    if (routeMap.has(key)) {
+      duplicates.push({
+        route,
+        existingRoute: routeMap.get(key),
+        issue: "Duplicate route definition",
+      });
+    } else {
+      routeMap.set(key, route);
+    }
+  }
+  // Build issues list
+  for (const orphan of orphanedRoutes) {
+    issues.push({
+      type: "orphaned_route",
+      severity: "error",
+      message: `Route ${orphan.route.method} ${orphan.route.path} is orphaned - handler file '${orphan.route.file}' was deleted`,
+      route: orphan.route,
+    });
+  }
+  for (const dup of duplicates) {
+    issues.push({
+      type: "duplicate_route",
+      severity: "warning",
+      message: `Duplicate route ${dup.route.method} ${dup.route.path} in '${dup.route.file}' (already defined in '${dup.existingRoute.file}')`,
+      route: dup.route,
+      existingRoute: dup.existingRoute,
+    });
+  }
+  return {
+    valid: issues.filter(i => i.severity === "error").length === 0,
+    issues,
+    newRoutes,
+    orphanedRoutes,
+    duplicates,
+    summary: {
+      totalRoutes: newRoutes.length,
+      orphanedCount: orphanedRoutes.length,
+      duplicateCount: duplicates.length,
+      errorCount: issues.filter(i => i.severity === "error").length,
+      warningCount: issues.filter(i => i.severity === "warning").length,
+    },
+  };
+}
+/**
+ * Check if a route is referenced somewhere
+ * @param {Object} route - Route to check
+ * @param {Map} files - All files
+ * @returns {Array} References found
+ */
+function findRouteReferences(route, files) {
+  const references = [];
+  const pathPattern = route.path.replace(/:[^/]+/g, "[^/]+");
+  const regex = new RegExp(`['"\`]${pathPattern}['"\`]|fetch\\s*\\([^)]*${pathPattern}`);
+  for (const [filePath, content] of files) {
+    if (regex.test(content)) {
+      references.push({
+        file: filePath,
+        route,
+      });
+    }
+  }
+  return references;
+}
+module.exports = {
+  extractRoutes,
+  validateRoutes,
+  findRouteReferences,
+  detectFileType,
+  extractFastifyRoutes,
+  extractExpressRoutes,
+  extractNextJsApiRoutes,
+  extractNextJsAppRoutes,
+};