agent-security-scanner-mcp 4.0.0 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +47 -58
- package/code-review-agent/README.md +25 -4
- package/code-review-agent/TODO.md +1 -1
- package/code-review-agent/bin/cr-agent.ts +7 -1
- package/code-review-agent/dist/bin/cr-agent.js +7 -1
- package/code-review-agent/dist/bin/cr-agent.js.map +1 -1
- package/code-review-agent/dist/src/analyzer/engine.d.ts +5 -0
- package/code-review-agent/dist/src/analyzer/engine.d.ts.map +1 -1
- package/code-review-agent/dist/src/analyzer/engine.js +30 -3
- package/code-review-agent/dist/src/analyzer/engine.js.map +1 -1
- package/code-review-agent/dist/src/analyzer/postprocess.d.ts +15 -0
- package/code-review-agent/dist/src/analyzer/postprocess.d.ts.map +1 -0
- package/code-review-agent/dist/src/analyzer/postprocess.js +275 -0
- package/code-review-agent/dist/src/analyzer/postprocess.js.map +1 -0
- package/code-review-agent/dist/src/analyzer/semantic.d.ts +5 -1
- package/code-review-agent/dist/src/analyzer/semantic.d.ts.map +1 -1
- package/code-review-agent/dist/src/analyzer/semantic.js +80 -20
- package/code-review-agent/dist/src/analyzer/semantic.js.map +1 -1
- package/code-review-agent/dist/src/context/assembler.d.ts +8 -2
- package/code-review-agent/dist/src/context/assembler.d.ts.map +1 -1
- package/code-review-agent/dist/src/context/assembler.js +33 -1
- package/code-review-agent/dist/src/context/assembler.js.map +1 -1
- package/code-review-agent/dist/src/context/file.d.ts.map +1 -1
- package/code-review-agent/dist/src/context/file.js +11 -23
- package/code-review-agent/dist/src/context/file.js.map +1 -1
- package/code-review-agent/dist/src/context/security-summary.d.ts +19 -0
- package/code-review-agent/dist/src/context/security-summary.d.ts.map +1 -0
- package/code-review-agent/dist/src/context/security-summary.js +199 -0
- package/code-review-agent/dist/src/context/security-summary.js.map +1 -0
- package/code-review-agent/dist/src/graph/dependency.d.ts.map +1 -1
- package/code-review-agent/dist/src/graph/dependency.js +8 -1
- package/code-review-agent/dist/src/graph/dependency.js.map +1 -1
- package/code-review-agent/dist/src/graph/resolver.d.ts.map +1 -1
- package/code-review-agent/dist/src/graph/resolver.js +14 -5
- package/code-review-agent/dist/src/graph/resolver.js.map +1 -1
- package/code-review-agent/dist/src/index.d.ts +4 -1
- package/code-review-agent/dist/src/index.d.ts.map +1 -1
- package/code-review-agent/dist/src/index.js +2 -0
- package/code-review-agent/dist/src/index.js.map +1 -1
- package/code-review-agent/dist/src/types/config.d.ts +3 -0
- package/code-review-agent/dist/src/types/config.d.ts.map +1 -1
- package/code-review-agent/dist/src/types/config.js +9 -0
- package/code-review-agent/dist/src/types/config.js.map +1 -1
- package/code-review-agent/src/analyzer/engine.ts +36 -2
- package/code-review-agent/src/analyzer/postprocess.ts +311 -0
- package/code-review-agent/src/analyzer/semantic.ts +87 -18
- package/code-review-agent/src/context/assembler.ts +44 -2
- package/code-review-agent/src/context/file.ts +13 -18
- package/code-review-agent/src/context/security-summary.ts +225 -0
- package/code-review-agent/src/graph/dependency.ts +8 -1
- package/code-review-agent/src/graph/resolver.ts +14 -5
- package/code-review-agent/src/index.ts +4 -0
- package/code-review-agent/src/types/config.ts +16 -0
- package/code-review-agent/tests/analyzer/engine.test.ts +5 -0
- package/code-review-agent/tests/analyzer/postprocess.test.ts +450 -0
- package/code-review-agent/tests/analyzer/prompt-routing.test.ts +137 -0
- package/code-review-agent/tests/config-mode.test.ts +71 -0
- package/code-review-agent/tests/context/file.test.ts +16 -1
- package/code-review-agent/tests/context/security-summary.test.ts +181 -0
- package/code-review-agent/tests/fixtures/guarded-agent/router.py +6 -0
- package/code-review-agent/tests/fixtures/guarded-agent/tools/executor.py +10 -0
- package/code-review-agent/tests/fixtures/guarded-agent/tools/guard.py +4 -0
- package/code-review-agent/tests/fixtures/guarded-agent/vuln-tool.py +6 -0
- package/code-review-agent/tests/graph/dependency.test.ts +76 -0
- package/index.js +18 -18
- package/openclaw.plugin.json +1 -1
- package/package.json +3 -2
- package/scripts/postinstall.js +43 -4
- package/server.json +1 -1
- package/src/cli/init-hooks.js +3 -3
- package/src/cli/init.js +1 -1
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import * as fs from 'node:fs';
|
|
2
2
|
import * as path from 'node:path';
|
|
3
|
+
import { extractImports as extractImportInfos } from '../graph/resolver.js';
|
|
3
4
|
const LANGUAGE_MAP = {
|
|
4
5
|
'.js': 'javascript',
|
|
5
6
|
'.mjs': 'javascript',
|
|
@@ -108,31 +109,18 @@ export function isGeneratedFile(content) {
|
|
|
108
109
|
return GENERATED_MARKERS.some((m) => header.includes(m));
|
|
109
110
|
}
|
|
110
111
|
function extractImports(content, language) {
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
const
|
|
115
|
-
|
|
116
|
-
imports.push(m[1]);
|
|
117
|
-
// require
|
|
118
|
-
const requires = content.matchAll(/require\s*\(\s*['"]([^'"]+)['"]\s*\)/g);
|
|
119
|
-
for (const m of requires)
|
|
120
|
-
imports.push(m[1]);
|
|
121
|
-
}
|
|
122
|
-
else if (language === 'python') {
|
|
123
|
-
const pyImports = content.matchAll(/(?:from\s+(\S+)\s+import|import\s+(\S+))/g);
|
|
124
|
-
for (const m of pyImports)
|
|
125
|
-
imports.push(m[1] ?? m[2]);
|
|
112
|
+
// Delegate to the canonical graph resolver for JS/TS/Python/Go
|
|
113
|
+
// to avoid logic divergence between file context and dependency graph
|
|
114
|
+
if (['javascript', 'typescript', 'python', 'go'].includes(language)) {
|
|
115
|
+
const infos = extractImportInfos(content, language);
|
|
116
|
+
return [...new Set(infos.map((i) => i.specifier))];
|
|
126
117
|
}
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
}
|
|
132
|
-
else if (language === 'java') {
|
|
133
|
-
const javaImports = content.matchAll(/import\s+([\w.]+);/g);
|
|
134
|
-
for (const m of javaImports)
|
|
118
|
+
// Languages not yet in the graph resolver
|
|
119
|
+
const imports = [];
|
|
120
|
+
if (language === 'java') {
|
|
121
|
+
for (const m of content.matchAll(/import\s+([\w.]+);/g)) {
|
|
135
122
|
imports.push(m[1]);
|
|
123
|
+
}
|
|
136
124
|
}
|
|
137
125
|
return [...new Set(imports)];
|
|
138
126
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"file.js","sourceRoot":"","sources":["../../../src/context/file.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"file.js","sourceRoot":"","sources":["../../../src/context/file.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,cAAc,IAAI,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE5E,MAAM,YAAY,GAA2B;IAC3C,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,YAAY;IACnB,MAAM,EAAE,YAAY;IACpB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,IAAI;IACX,KAAK,EAAE,MAAM;IACb,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,MAAM;IACb,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,GAAG;IACT,MAAM,EAAE,KAAK;IACb,KAAK,EAAE,QAAQ;IACf,QAAQ,EAAE,OAAO;IACjB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEF,MAAM,aAAa,GAAG;IACpB,kBAAkB;IAClB,kBAAkB;IAClB,YAAY;IACZ,cAAc;IACd,cAAc;IACd,aAAa;IACb,aAAa;IACb,aAAa;CACd,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,kBAAkB;IAClB,OAAO;IACP,SAAS;IACT,UAAU;IACV,SAAS;IACT,QAAQ;IACR,OAAO;IACP,WAAW;IACX,aAAa;CACd,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,mBAAmB;IACnB,gBAAgB;IAChB,mBAAmB;IACnB,sBAAsB;IACtB,eAAe;CAChB,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,WAAmB,EACnB,KAAuB;IAEvB,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,YAAY,GAAa,EAAE,CAAC;IAChC,IAAI,CAAC;QACH,YAAY,GAAG,EAAE;aACd,WAAW,CAAC,OAAO,CAAC;aACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACZ,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACnC,IAAI,CAAC;gBAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO,KAAK,CAAC;YAAC,CAAC;QACpE,CAAC,CAAC;aACD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;aAC5C,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClB,CAAC;IAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;IAEhC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAElD,IAAI,UAAU,GAAa,EAAE,CAAC;IAC9B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxE,IAAI,IAAI,EAAE,CAAC;YACT,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,YAAY;QACtB,OAAO;QACP,QAAQ;QACR,SAAS,EAAE,KAAK,CAAC,MAAM;QACvB,OAAO;QACP,UAAU;QACV,YAAY;QACZ,UAAU,EAAE,UAAU,CAAC,YAAY,CAAC;QACpC,YAAY,EAAE,YAAY,CAAC,YAAY,CAAC;QACxC,WAAW,EAAE,eAAe,CAAC,OAAO,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrC,mDAAmD;IACnD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,gCAAgC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrC,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACrC,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,+DAA+D;IAC/D,sEAAsE;IACtE,IAAI,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,MAAM,KAAK,GAAG,kBAAkB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED,0CAA0C;IAC1C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/B,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { FileContext, DependencyGraph } from '../types/analysis.js';
|
|
2
|
+
export interface RelatedFileSummary {
|
|
3
|
+
filePath: string;
|
|
4
|
+
relationship: 'imports' | 'imported-by' | 'sibling';
|
|
5
|
+
relevantLines: string[];
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Build compact security-relevant summaries of files related to the one
|
|
9
|
+
* being analyzed. This gives the LLM enough context to understand:
|
|
10
|
+
* - Whether a called module has guards (allowlist, validation)
|
|
11
|
+
* - Whether an imported file contains a dangerous sink
|
|
12
|
+
* - Whether sibling files provide auth/policy enforcement
|
|
13
|
+
*/
|
|
14
|
+
export declare function buildRelatedFileSummaries(file: FileContext, projectRoot: string, graph?: DependencyGraph): RelatedFileSummary[];
|
|
15
|
+
/**
|
|
16
|
+
* Format related file summaries for inclusion in the LLM prompt.
|
|
17
|
+
*/
|
|
18
|
+
export declare function formatRelatedFileSummaries(summaries: RelatedFileSummary[]): string;
|
|
19
|
+
//# sourceMappingURL=security-summary.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-summary.d.ts","sourceRoot":"","sources":["../../../src/context/security-summary.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAoCzE,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,SAAS,GAAG,aAAa,GAAG,SAAS,CAAC;IACpD,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,WAAW,EACjB,WAAW,EAAE,MAAM,EACnB,KAAK,CAAC,EAAE,eAAe,GACtB,kBAAkB,EAAE,CA6CtB;AAgHD;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,SAAS,EAAE,kBAAkB,EAAE,GAAG,MAAM,CASlF"}
|
|
@@ -0,0 +1,199 @@
|
|
|
1
|
+
import * as fs from 'node:fs';
|
|
2
|
+
import * as path from 'node:path';
|
|
3
|
+
/**
|
|
4
|
+
* Keywords that indicate security-relevant lines worth including in summaries.
|
|
5
|
+
*/
|
|
6
|
+
const SECURITY_RELEVANT_PATTERNS = [
|
|
7
|
+
// Dangerous sinks
|
|
8
|
+
/\b(subprocess|exec|eval|system|popen|spawn|shell_exec|os\.system|os\.popen)\b/,
|
|
9
|
+
/\b(requests?\.(get|post|put|delete|patch|head)|fetch|urllib|http\.request|axios)\b/,
|
|
10
|
+
/\b(query|execute|cursor\.execute|\.raw\(|\.query\(|sequelize|knex)\b/,
|
|
11
|
+
/\b(fs\.(readFile|writeFile|unlink|rmdir|rename)|open\(|os\.remove|shutil)\b/,
|
|
12
|
+
// Guard / policy patterns
|
|
13
|
+
/\b(allowlist|allow_list|whitelist|denylist|deny_list|blocklist|blacklist)\b/,
|
|
14
|
+
/\b(validate|sanitize|authorize|authenticate|check_perm|has_perm)\b/,
|
|
15
|
+
/\b(guard|policy|permission|auth_check|is_allowed\w*|can_access\w*|ALLOWED_\w+)\b/,
|
|
16
|
+
/\b(shell\s*=\s*(True|False)|parameterized|prepared_statement|bind_param)\b/,
|
|
17
|
+
// Routing / dispatching
|
|
18
|
+
/\b(app\.(get|post|put|delete|patch|use)|router\.(get|post|put|delete))\b/,
|
|
19
|
+
/\b(dispatch|handle_request|route_to|forward_to)\b/,
|
|
20
|
+
];
|
|
21
|
+
/**
|
|
22
|
+
* Maximum number of nearby files to summarize.
|
|
23
|
+
*/
|
|
24
|
+
const MAX_RELATED_FILES = 4;
|
|
25
|
+
/**
|
|
26
|
+
* Maximum lines to extract per file summary.
|
|
27
|
+
*/
|
|
28
|
+
const MAX_SUMMARY_LINES = 15;
|
|
29
|
+
/**
|
|
30
|
+
* Maximum bytes to read from any related file.
|
|
31
|
+
*/
|
|
32
|
+
const MAX_FILE_READ_BYTES = 64 * 1024;
|
|
33
|
+
/**
|
|
34
|
+
* Build compact security-relevant summaries of files related to the one
|
|
35
|
+
* being analyzed. This gives the LLM enough context to understand:
|
|
36
|
+
* - Whether a called module has guards (allowlist, validation)
|
|
37
|
+
* - Whether an imported file contains a dangerous sink
|
|
38
|
+
* - Whether sibling files provide auth/policy enforcement
|
|
39
|
+
*/
|
|
40
|
+
export function buildRelatedFileSummaries(file, projectRoot, graph) {
|
|
41
|
+
const summaries = [];
|
|
42
|
+
const seen = new Set();
|
|
43
|
+
// Priority 1: files this file imports (may contain sinks or guards)
|
|
44
|
+
for (const imp of file.imports) {
|
|
45
|
+
if (summaries.length >= MAX_RELATED_FILES)
|
|
46
|
+
break;
|
|
47
|
+
const resolved = resolveLocalFile(imp, file.filePath, projectRoot);
|
|
48
|
+
if (!resolved)
|
|
49
|
+
continue;
|
|
50
|
+
const relativePath = path.relative(projectRoot, resolved);
|
|
51
|
+
if (seen.has(relativePath))
|
|
52
|
+
continue;
|
|
53
|
+
seen.add(relativePath);
|
|
54
|
+
const summary = summarizeFile(resolved, projectRoot, 'imports');
|
|
55
|
+
if (summary)
|
|
56
|
+
summaries.push(summary);
|
|
57
|
+
}
|
|
58
|
+
// Priority 2: files that import this file (may be routers/controllers)
|
|
59
|
+
for (const importer of file.importedBy) {
|
|
60
|
+
if (summaries.length >= MAX_RELATED_FILES)
|
|
61
|
+
break;
|
|
62
|
+
const fullPath = path.resolve(projectRoot, importer);
|
|
63
|
+
const normalized = path.relative(projectRoot, fullPath);
|
|
64
|
+
if (seen.has(normalized))
|
|
65
|
+
continue;
|
|
66
|
+
seen.add(normalized);
|
|
67
|
+
const summary = summarizeFile(fullPath, projectRoot, 'imported-by');
|
|
68
|
+
if (summary)
|
|
69
|
+
summaries.push(summary);
|
|
70
|
+
}
|
|
71
|
+
// Priority 3: security-relevant sibling files (guard, policy, tool, etc.)
|
|
72
|
+
const securitySiblingKeywords = /\b(guard|policy|validator|auth|tool|command|executor|service|middleware)\b/i;
|
|
73
|
+
for (const sibling of file.siblingFiles) {
|
|
74
|
+
if (summaries.length >= MAX_RELATED_FILES)
|
|
75
|
+
break;
|
|
76
|
+
if (!securitySiblingKeywords.test(sibling))
|
|
77
|
+
continue;
|
|
78
|
+
const siblingPath = path.resolve(path.dirname(path.resolve(projectRoot, file.filePath)), sibling);
|
|
79
|
+
const normalized = path.relative(projectRoot, siblingPath);
|
|
80
|
+
if (seen.has(normalized))
|
|
81
|
+
continue;
|
|
82
|
+
seen.add(normalized);
|
|
83
|
+
const summary = summarizeFile(siblingPath, projectRoot, 'sibling');
|
|
84
|
+
if (summary)
|
|
85
|
+
summaries.push(summary);
|
|
86
|
+
}
|
|
87
|
+
return summaries;
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Extract security-relevant lines from a file.
|
|
91
|
+
*/
|
|
92
|
+
function summarizeFile(filePath, projectRoot, relationship) {
|
|
93
|
+
try {
|
|
94
|
+
const stat = fs.statSync(filePath);
|
|
95
|
+
if (!stat.isFile() || stat.size > MAX_FILE_READ_BYTES)
|
|
96
|
+
return null;
|
|
97
|
+
}
|
|
98
|
+
catch {
|
|
99
|
+
return null;
|
|
100
|
+
}
|
|
101
|
+
let content;
|
|
102
|
+
try {
|
|
103
|
+
content = fs.readFileSync(filePath, 'utf-8');
|
|
104
|
+
}
|
|
105
|
+
catch {
|
|
106
|
+
return null;
|
|
107
|
+
}
|
|
108
|
+
const lines = content.split('\n');
|
|
109
|
+
const relevantLines = [];
|
|
110
|
+
for (let i = 0; i < lines.length && relevantLines.length < MAX_SUMMARY_LINES; i++) {
|
|
111
|
+
const line = lines[i];
|
|
112
|
+
if (SECURITY_RELEVANT_PATTERNS.some((p) => p.test(line))) {
|
|
113
|
+
relevantLines.push(`L${i + 1}: ${line.trim()}`);
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
// No relevant lines found — skip this file
|
|
117
|
+
if (relevantLines.length === 0)
|
|
118
|
+
return null;
|
|
119
|
+
return {
|
|
120
|
+
filePath: path.relative(projectRoot, filePath),
|
|
121
|
+
relationship,
|
|
122
|
+
relevantLines,
|
|
123
|
+
};
|
|
124
|
+
}
|
|
125
|
+
/**
|
|
126
|
+
* Try to resolve a local import specifier to an actual file path.
|
|
127
|
+
* Handles:
|
|
128
|
+
* - Relative imports: ./foo, ../bar
|
|
129
|
+
* - Python bare module imports: tools.executor → tools/executor.py
|
|
130
|
+
* - Python single-token imports: guard → guard.py, tools → tools/__init__.py
|
|
131
|
+
*/
|
|
132
|
+
function resolveLocalFile(specifier, fromFile, projectRoot) {
|
|
133
|
+
const fromDir = path.dirname(path.resolve(projectRoot, fromFile));
|
|
134
|
+
let basePath;
|
|
135
|
+
if (specifier.startsWith('.')) {
|
|
136
|
+
// Relative import (JS/TS/Python relative)
|
|
137
|
+
basePath = path.resolve(fromDir, specifier);
|
|
138
|
+
}
|
|
139
|
+
else if (/^[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*$/.test(specifier) && !specifier.includes('/')) {
|
|
140
|
+
// Python bare module import:
|
|
141
|
+
// tools.executor → tools/executor
|
|
142
|
+
// guard → guard
|
|
143
|
+
// tools → tools
|
|
144
|
+
const asPath = specifier.replace(/\./g, '/');
|
|
145
|
+
basePath = path.resolve(fromDir, asPath);
|
|
146
|
+
// Also try from project root (Python resolves from project root or cwd)
|
|
147
|
+
const fromRoot = path.resolve(projectRoot, asPath);
|
|
148
|
+
const rootCandidates = [
|
|
149
|
+
`${fromRoot}.py`,
|
|
150
|
+
path.join(fromRoot, '__init__.py'),
|
|
151
|
+
];
|
|
152
|
+
for (const candidate of rootCandidates) {
|
|
153
|
+
try {
|
|
154
|
+
if (fs.statSync(candidate).isFile())
|
|
155
|
+
return candidate;
|
|
156
|
+
}
|
|
157
|
+
catch { /* not found */ }
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
else {
|
|
161
|
+
// Non-local third-party import
|
|
162
|
+
return null;
|
|
163
|
+
}
|
|
164
|
+
// Try exact path, then common extensions
|
|
165
|
+
const candidates = [
|
|
166
|
+
basePath,
|
|
167
|
+
`${basePath}.ts`,
|
|
168
|
+
`${basePath}.js`,
|
|
169
|
+
`${basePath}.py`,
|
|
170
|
+
`${basePath}.go`,
|
|
171
|
+
path.join(basePath, 'index.ts'),
|
|
172
|
+
path.join(basePath, 'index.js'),
|
|
173
|
+
`${basePath}.tsx`,
|
|
174
|
+
`${basePath}.jsx`,
|
|
175
|
+
path.join(basePath, '__init__.py'),
|
|
176
|
+
];
|
|
177
|
+
for (const candidate of candidates) {
|
|
178
|
+
try {
|
|
179
|
+
if (fs.statSync(candidate).isFile()) {
|
|
180
|
+
return candidate;
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
catch { /* not found, try next */ }
|
|
184
|
+
}
|
|
185
|
+
return null;
|
|
186
|
+
}
|
|
187
|
+
/**
|
|
188
|
+
* Format related file summaries for inclusion in the LLM prompt.
|
|
189
|
+
*/
|
|
190
|
+
export function formatRelatedFileSummaries(summaries) {
|
|
191
|
+
if (summaries.length === 0)
|
|
192
|
+
return '';
|
|
193
|
+
const parts = summaries.map((s) => {
|
|
194
|
+
const header = `${s.filePath} (${s.relationship}):`;
|
|
195
|
+
return [header, ...s.relevantLines].join('\n ');
|
|
196
|
+
});
|
|
197
|
+
return parts.join('\n\n');
|
|
198
|
+
}
|
|
199
|
+
//# sourceMappingURL=security-summary.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-summary.js","sourceRoot":"","sources":["../../../src/context/security-summary.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC;;GAEG;AACH,MAAM,0BAA0B,GAAG;IACjC,kBAAkB;IAClB,+EAA+E;IAC/E,oFAAoF;IACpF,sEAAsE;IACtE,6EAA6E;IAC7E,0BAA0B;IAC1B,6EAA6E;IAC7E,oEAAoE;IACpE,kFAAkF;IAClF,4EAA4E;IAC5E,wBAAwB;IACxB,0EAA0E;IAC1E,mDAAmD;CACpD,CAAC;AAEF;;GAEG;AACH,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAE5B;;GAEG;AACH,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B;;GAEG;AACH,MAAM,mBAAmB,GAAG,EAAE,GAAG,IAAI,CAAC;AAQtC;;;;;;GAMG;AACH,MAAM,UAAU,yBAAyB,CACvC,IAAiB,EACjB,WAAmB,EACnB,KAAuB;IAEvB,MAAM,SAAS,GAAyB,EAAE,CAAC;IAC3C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,oEAAoE;IACpE,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QAC/B,IAAI,SAAS,CAAC,MAAM,IAAI,iBAAiB;YAAE,MAAM;QACjD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACnE,IAAI,CAAC,QAAQ;YAAE,SAAS;QACxB,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC;YAAE,SAAS;QACrC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAEvB,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QAChE,IAAI,OAAO;YAAE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,uEAAuE;IACvE,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACvC,IAAI,SAAS,CAAC,MAAM,IAAI,iBAAiB;YAAE,MAAM;QACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACrD,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACxD,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YAAE,SAAS;QACnC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAErB,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;QACpE,IAAI,OAAO;YAAE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,0EAA0E;IAC1E,MAAM,uBAAuB,GAAG,6EAA6E,CAAC;IAC9G,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACxC,IAAI,SAAS,CAAC,MAAM,IAAI,iBAAiB;YAAE,MAAM;QACjD,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,SAAS;QAErD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAClG,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;YAAE,SAAS;QACnC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAErB,MAAM,OAAO,GAAG,aAAa,CAAC,WAAW,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QACnE,IAAI,OAAO;YAAE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,QAAgB,EAChB,WAAmB,EACnB,YAAgD;IAEhD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,IAAI,CAAC,IAAI,GAAG,mBAAmB;YAAE,OAAO,IAAI,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,aAAa,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC,EAAE,EAAE,CAAC;QAClF,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACzD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5C,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC;QAC9C,YAAY;QACZ,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,gBAAgB,CACvB,SAAiB,EACjB,QAAgB,EAChB,WAAmB;IAEnB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC;IAElE,IAAI,QAAgB,CAAC;IAErB,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,0CAA0C;QAC1C,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC9C,CAAC;SAAM,IAAI,iCAAiC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzF,6BAA6B;QAC7B,oCAAoC;QACpC,kBAAkB;QAClB,kBAAkB;QAClB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC7C,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAEzC,wEAAwE;QACxE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG;YACrB,GAAG,QAAQ,KAAK;YAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC;SACnC,CAAC;QACF,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,CAAC;YACvC,IAAI,CAAC;gBACH,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE;oBAAE,OAAO,SAAS,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;SAAM,CAAC;QACN,+BAA+B;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yCAAyC;IACzC,MAAM,UAAU,GAAG;QACjB,QAAQ;QACR,GAAG,QAAQ,KAAK;QAChB,GAAG,QAAQ,KAAK;QAChB,GAAG,QAAQ,KAAK;QAChB,GAAG,QAAQ,KAAK;QAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC/B,GAAG,QAAQ,MAAM;QACjB,GAAG,QAAQ,MAAM;QACjB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC;KACnC,CAAC;IAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;gBACpC,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CAAC,SAA+B;IACxE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEtC,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAChC,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,YAAY,IAAI,CAAC;QACpD,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency.d.ts","sourceRoot":"","sources":["../../../src/graph/dependency.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAkB,MAAM,sBAAsB,CAAC;AAwB5E,qBAAa,sBAAsB;IACjC,OAAO,CAAC,KAAK,CAAqC;IAClD,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,WAAW,CAAS;gBAEhB,WAAW,EAAE,MAAM;IAI/B,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,eAAe;
|
|
1
|
+
{"version":3,"file":"dependency.d.ts","sourceRoot":"","sources":["../../../src/graph/dependency.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAkB,MAAM,sBAAsB,CAAC;AAwB5E,qBAAa,sBAAsB;IACjC,OAAO,CAAC,KAAK,CAAqC;IAClD,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,WAAW,CAAS;gBAEhB,WAAW,EAAE,MAAM;IAI/B,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,eAAe;IAgF5C,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE;IAIpC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE;CAGrC"}
|
|
@@ -55,7 +55,14 @@ export class DependencyGraphBuilder {
|
|
|
55
55
|
for (const imp of imports) {
|
|
56
56
|
if (!imp.isLocal)
|
|
57
57
|
continue;
|
|
58
|
-
|
|
58
|
+
// Try resolving from the file's directory first, then from project root
|
|
59
|
+
// (Python bare imports resolve from sys.path which includes project root)
|
|
60
|
+
let resolved = resolveImportPath(imp.specifier, file, language);
|
|
61
|
+
if (!resolved && !imp.specifier.startsWith('.')) {
|
|
62
|
+
// Create a synthetic "from project root" path for resolution
|
|
63
|
+
const rootSentinel = path.join(this.projectRoot, '__resolve_root__.py');
|
|
64
|
+
resolved = resolveImportPath(imp.specifier, rootSentinel, language);
|
|
65
|
+
}
|
|
59
66
|
if (resolved) {
|
|
60
67
|
const resolvedRel = path.relative(this.projectRoot, resolved);
|
|
61
68
|
resolvedImports.push(resolvedRel);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency.js","sourceRoot":"","sources":["../../../src/graph/dependency.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAElE,MAAM,SAAS,GAAG,CAAC,CAAC;AACpB,MAAM,SAAS,GAAG,GAAG,CAAC;AAEtB,MAAM,YAAY,GAA2B;IAC3C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACzC,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,IAAI;IACX,KAAK,EAAE,MAAM;IACb,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,MAAM;IACb,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,GAAG;IACT,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,GAAG;IACT,MAAM,EAAE,KAAK;IACb,KAAK,EAAE,QAAQ;IACf,QAAQ,EAAE,OAAO;IACjB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEF,MAAM,OAAO,sBAAsB;IACzB,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC1C,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5B,WAAW,CAAS;IAE5B,YAAY,WAAmB;QAC7B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAoB;QACxB,MAAM,KAAK,GAA2C,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3E,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACvC,KAAK,EAAE,CAAC;SACT,CAAC,CAAC,CAAC;QAEJ,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,SAAS,EAAE,CAAC;YACvD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;YAC5B,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;YAE7B,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,SAAS;gBAAE,SAAS;YAC1D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAEvB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,IAAI,CAAC,GAAG,CAAC,OAAO;oBAAE,SAAS;gBAE3B,
|
|
1
|
+
{"version":3,"file":"dependency.js","sourceRoot":"","sources":["../../../src/graph/dependency.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAElE,MAAM,SAAS,GAAG,CAAC,CAAC;AACpB,MAAM,SAAS,GAAG,GAAG,CAAC;AAEtB,MAAM,YAAY,GAA2B;IAC3C,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACrF,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,YAAY;IACzC,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,IAAI;IACX,KAAK,EAAE,MAAM;IACb,OAAO,EAAE,MAAM;IACf,KAAK,EAAE,MAAM;IACb,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,GAAG;IACT,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,GAAG;IACT,MAAM,EAAE,KAAK;IACb,KAAK,EAAE,QAAQ;IACf,QAAQ,EAAE,OAAO;IACjB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEF,MAAM,OAAO,sBAAsB;IACzB,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC1C,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5B,WAAW,CAAS;IAE5B,YAAY,WAAmB;QAC7B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,KAAK,CAAC,UAAoB;QACxB,MAAM,KAAK,GAA2C,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3E,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACvC,KAAK,EAAE,CAAC;SACT,CAAC,CAAC,CAAC;QAEJ,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,SAAS,EAAE,CAAC;YACvD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,EAAG,CAAC;YAC5B,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC;YAE7B,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,GAAG,SAAS;gBAAE,SAAS;YAC1D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAEvB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;YACnC,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAClD,MAAM,eAAe,GAAa,EAAE,CAAC;YAErC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,IAAI,CAAC,GAAG,CAAC,OAAO;oBAAE,SAAS;gBAE3B,wEAAwE;gBACxE,0EAA0E;gBAC1E,IAAI,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAChE,IAAI,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChD,6DAA6D;oBAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;oBACxE,QAAQ,GAAG,iBAAiB,CAAC,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;gBACtE,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;oBAC9D,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;oBAElC,gCAAgC;oBAChC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;wBACjC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE;4BAC1B,IAAI,EAAE,WAAW;4BACjB,OAAO,EAAE,EAAE;4BACX,UAAU,EAAE,EAAE;yBACf,CAAC,CAAC;oBACL,CAAC;oBAED,mBAAmB;oBACnB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAE,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBAEtD,sBAAsB;oBACtB,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAChC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,GAAG,CAAC,EAAE,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,OAAO,GAAG,eAAe,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE;oBACtB,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE,eAAe;oBACxB,UAAU,EAAE,EAAE;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC;SACvG,CAAC;IACJ,CAAC;IAED,YAAY,CAAC,IAAY;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,IAAI,EAAE,CAAC;IAChD,CAAC;IAED,YAAY,CAAC,IAAY;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI,EAAE,CAAC;IAC7C,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../../src/graph/resolver.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAKD,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,EAAE,
|
|
1
|
+
{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../../src/graph/resolver.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAKD,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,EAAE,CAiD9E;AAED,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,MAAM,GAAG,IAAI,CA8Df;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAe1E"}
|
|
@@ -27,10 +27,14 @@ export function extractImports(content, language) {
|
|
|
27
27
|
}
|
|
28
28
|
}
|
|
29
29
|
else if (language === 'python') {
|
|
30
|
-
// from
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
30
|
+
// `from package import name` — emit both `package` and `package.name`
|
|
31
|
+
// since `name` might be a submodule (file) or a symbol within the package.
|
|
32
|
+
for (const m of content.matchAll(/from\s+(\S+)\s+import\s+(\w+)/g)) {
|
|
33
|
+
const pkg = m[1];
|
|
34
|
+
const name = m[2];
|
|
35
|
+
imports.push({ specifier: pkg, isLocal: isLocalImport(pkg, language), resolved: null });
|
|
36
|
+
const sub = `${pkg}.${name}`;
|
|
37
|
+
imports.push({ specifier: sub, isLocal: isLocalImport(sub, language), resolved: null });
|
|
34
38
|
}
|
|
35
39
|
// import module
|
|
36
40
|
for (const m of content.matchAll(/^import\s+(\S+)/gm)) {
|
|
@@ -114,7 +118,12 @@ export function isLocalImport(specifier, language) {
|
|
|
114
118
|
return specifier.startsWith('./') || specifier.startsWith('../');
|
|
115
119
|
}
|
|
116
120
|
if (language === 'python') {
|
|
117
|
-
|
|
121
|
+
// Relative imports (starts with .) are always local.
|
|
122
|
+
// Bare imports (tools, tools.executor) may be local — let resolveImportPath
|
|
123
|
+
// do a filesystem check rather than rejecting them outright.
|
|
124
|
+
if (specifier.startsWith('.'))
|
|
125
|
+
return true;
|
|
126
|
+
return /^[a-zA-Z_]\w*(\.[a-zA-Z_]\w*)*$/.test(specifier);
|
|
118
127
|
}
|
|
119
128
|
if (language === 'go') {
|
|
120
129
|
return !specifier.includes('.');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../../../src/graph/resolver.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAQlC,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AACrE,MAAM,aAAa,GAAG,CAAC,KAAK,CAAC,CAAC;AAE9B,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,QAAgB;IAC9D,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,aAAa;QACb,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,8CAA8C,CAAC,EAAE,CAAC;YACjF,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;QACD,4FAA4F;QAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,oDAAoD,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;QACD,UAAU;QACV,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;QACD,iBAAiB;QACjB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,sCAAsC,CAAC,EAAE,CAAC;YACzE,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,
|
|
1
|
+
{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../../../src/graph/resolver.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAQlC,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AACrE,MAAM,aAAa,GAAG,CAAC,KAAK,CAAC,CAAC;AAE9B,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,QAAgB;IAC9D,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,aAAa;QACb,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,8CAA8C,CAAC,EAAE,CAAC;YACjF,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;QACD,4FAA4F;QAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,oDAAoD,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;QACD,UAAU;QACV,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAAE,CAAC;YAC1E,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;QACD,iBAAiB;QACjB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,sCAAsC,CAAC,EAAE,CAAC;YACzE,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,sEAAsE;QACtE,2EAA2E;QAC3E,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,gCAAgC,CAAC,EAAE,CAAC;YACnE,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjB,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YACxF,MAAM,GAAG,GAAG,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,gBAAgB;QAChB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC;SAAM,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5F,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,QAAgB,EAChB,QAAgB;IAEhB,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEvC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,+DAA+D;QAC/D,MAAM,UAAU,GAAa,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAE9C,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YAChC,UAAU,CAAC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,CAAC;QAC9B,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YAChC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,GAAG,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,CAAC;gBACH,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE;oBAAE,OAAO,SAAS,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,yDAAyD;QACzD,IAAI,UAAU,GAAG,OAAO,CAAC;QACzB,IAAI,UAAU,GAAG,SAAS,CAAC;QAE3B,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9B,0CAA0C;YAC1C,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC/C,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBAChC,UAAU,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,mDAAmD;gBAC7E,kDAAkD;gBAClD,UAAU,GAAG,OAAO,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC9B,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,MAAM,UAAU,GAAG,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;QAE5E,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,IAAI,GAAG,GAAG,CAAC;gBAC7B,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE;oBAAE,OAAO,SAAS,CAAC;YACxD,CAAC;YAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;QAC7B,CAAC;QAED,8CAA8C;QAC9C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;YAChD,IAAI,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE;gBAAE,OAAO,QAAQ,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;IAE7B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,QAAgB;IAC/D,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,OAAO,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,qDAAqD;QACrD,4EAA4E;QAC5E,6DAA6D;QAC7D,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAC3C,OAAO,iCAAiC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
export { AnalysisEngine, type ProgressCallback } from './analyzer/engine.js';
|
|
2
2
|
export { IntentProfiler } from './analyzer/intent.js';
|
|
3
3
|
export { SemanticAnalyzer } from './analyzer/semantic.js';
|
|
4
|
+
export { postFilterFindings, suppressCarrierFindings } from './analyzer/postprocess.js';
|
|
4
5
|
export { AnthropicProvider } from './llm/anthropic.js';
|
|
5
6
|
export { ClaudeCliProvider } from './llm/claude-cli.js';
|
|
6
7
|
export { OpenAIProvider } from './llm/openai.js';
|
|
@@ -11,10 +12,12 @@ export { zodToJsonSchema, zodToAnthropicTool, zodToOpenAIResponseFormat } from '
|
|
|
11
12
|
export { buildProjectContext, formatProjectContextForLLM } from './context/project.js';
|
|
12
13
|
export { buildFileContext, isTestFile, isConfigFile, isGeneratedFile } from './context/file.js';
|
|
13
14
|
export { ContextAssembler } from './context/assembler.js';
|
|
15
|
+
export { buildRelatedFileSummaries, formatRelatedFileSummaries } from './context/security-summary.js';
|
|
16
|
+
export type { RelatedFileSummary } from './context/security-summary.js';
|
|
14
17
|
export { DependencyGraphBuilder } from './graph/dependency.js';
|
|
15
18
|
export { resolveImportPath, extractImports, isLocalImport } from './graph/resolver.js';
|
|
16
19
|
export type { AnalysisResult, AnalysisStats, FileAnalysisResult, ProjectContext, FileContext, DependencyNode, DependencyGraph, } from './types/analysis.js';
|
|
17
|
-
export type { AnalysisOptions, CRAgentConfig, } from './types/config.js';
|
|
20
|
+
export type { AnalysisMode, AnalysisOptions, CRAgentConfig, } from './types/config.js';
|
|
18
21
|
export { loadConfig, resolveOptions } from './types/config.js';
|
|
19
22
|
export { FindingSchema, FileAnalysisResponseSchema, IntentProfileSchema, TriageDecisionSchema, SeveritySchema, CategorySchema, IntentAlignmentSchema, RiskDomainSchema, } from './types/findings.js';
|
|
20
23
|
export type { Finding, FileAnalysisResponse, IntentProfile, TriageDecision, Severity, Category, IntentAlignment, RiskDomain, } from './types/findings.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,KAAK,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAGxF,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAClE,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAGlG,OAAO,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AACvF,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAChG,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AACtG,YAAY,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGxE,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGvF,YAAY,EACV,cAAc,EACd,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,WAAW,EACX,cAAc,EACd,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,YAAY,EACZ,eAAe,EACf,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EACL,aAAa,EACb,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,OAAO,EACP,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,UAAU,GACX,MAAM,qBAAqB,CAAC"}
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
export { AnalysisEngine } from './analyzer/engine.js';
|
|
3
3
|
export { IntentProfiler } from './analyzer/intent.js';
|
|
4
4
|
export { SemanticAnalyzer } from './analyzer/semantic.js';
|
|
5
|
+
export { postFilterFindings, suppressCarrierFindings } from './analyzer/postprocess.js';
|
|
5
6
|
// LLM providers
|
|
6
7
|
export { AnthropicProvider } from './llm/anthropic.js';
|
|
7
8
|
export { ClaudeCliProvider } from './llm/claude-cli.js';
|
|
@@ -13,6 +14,7 @@ export { zodToJsonSchema, zodToAnthropicTool, zodToOpenAIResponseFormat } from '
|
|
|
13
14
|
export { buildProjectContext, formatProjectContextForLLM } from './context/project.js';
|
|
14
15
|
export { buildFileContext, isTestFile, isConfigFile, isGeneratedFile } from './context/file.js';
|
|
15
16
|
export { ContextAssembler } from './context/assembler.js';
|
|
17
|
+
export { buildRelatedFileSummaries, formatRelatedFileSummaries } from './context/security-summary.js';
|
|
16
18
|
// Graph
|
|
17
19
|
export { DependencyGraphBuilder } from './graph/dependency.js';
|
|
18
20
|
export { resolveImportPath, extractImports, isLocalImport } from './graph/resolver.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc;AACd,OAAO,EAAE,cAAc,EAAyB,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc;AACd,OAAO,EAAE,cAAc,EAAyB,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAExF,gBAAgB;AAChB,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAElG,UAAU;AACV,OAAO,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AACvF,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAChG,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAGtG,QAAQ;AACR,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAiBvF,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EACL,aAAa,EACb,0BAA0B,EAC1B,mBAAmB,EACnB,oBAAoB,EACpB,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,qBAAqB,CAAC"}
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
+
export type AnalysisMode = 'review' | 'security';
|
|
1
2
|
export interface AnalysisOptions {
|
|
3
|
+
mode: AnalysisMode;
|
|
2
4
|
provider: 'anthropic' | 'openai' | 'claude-cli';
|
|
3
5
|
model?: string;
|
|
4
6
|
triageModel?: string;
|
|
@@ -11,6 +13,7 @@ export interface AnalysisOptions {
|
|
|
11
13
|
maxFileSize: number;
|
|
12
14
|
}
|
|
13
15
|
export interface CRAgentConfig {
|
|
16
|
+
mode?: AnalysisMode;
|
|
14
17
|
provider?: 'anthropic' | 'openai' | 'claude-cli';
|
|
15
18
|
model?: string;
|
|
16
19
|
triageModel?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,YAAY,CAAC;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,WAAW,GAAG,QAAQ,GAAG,YAAY,CAAC;IACjD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEjD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,YAAY,CAAC;IACnB,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,YAAY,CAAC;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,YAAY,CAAC;IACpB,QAAQ,CAAC,EAAE,WAAW,GAAG,QAAQ,GAAG,YAAY,CAAC;IACjD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAcD,wBAAgB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAQpE;AAED,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,OAAO,CAAC,eAAe,CAAC,EAClC,MAAM,EAAE,aAAa,GAAG,IAAI,EAC5B,GAAG,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAe,GACpD,eAAe,CA+BjB"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import * as fs from 'node:fs';
|
|
2
2
|
import * as path from 'node:path';
|
|
3
3
|
const DEFAULTS = {
|
|
4
|
+
mode: 'review',
|
|
4
5
|
provider: 'anthropic',
|
|
5
6
|
confidenceThreshold: 0.7,
|
|
6
7
|
format: 'text',
|
|
@@ -21,7 +22,15 @@ export function loadConfig(projectRoot) {
|
|
|
21
22
|
}
|
|
22
23
|
}
|
|
23
24
|
export function resolveOptions(cliFlags, config, env = process.env) {
|
|
25
|
+
const mode = cliFlags.mode ??
|
|
26
|
+
config?.mode ??
|
|
27
|
+
env.CR_AGENT_MODE ??
|
|
28
|
+
DEFAULTS.mode;
|
|
29
|
+
if (mode !== 'review' && mode !== 'security') {
|
|
30
|
+
throw new Error(`Invalid analysis mode "${mode}". Must be "review" or "security".`);
|
|
31
|
+
}
|
|
24
32
|
return {
|
|
33
|
+
mode,
|
|
25
34
|
provider: cliFlags.provider ??
|
|
26
35
|
config?.provider ??
|
|
27
36
|
env.CR_AGENT_PROVIDER ??
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AA6BlC,MAAM,QAAQ,GAAoB;IAChC,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,WAAW;IACrB,mBAAmB,EAAE,GAAG;IACxB,MAAM,EAAE,MAAM;IACd,OAAO,EAAE,KAAK;IACd,WAAW,EAAE,OAAO,CAAC,GAAG,EAAE;IAC1B,OAAO,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC;IAClN,gBAAgB,EAAE,CAAC;IACnB,WAAW,EAAE,GAAG,GAAG,IAAI;CACxB,CAAC;AAEF,MAAM,UAAU,UAAU,CAAC,WAAmB;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,QAAkC,EAClC,MAA4B,EAC5B,MAA0C,OAAO,CAAC,GAAG;IAErD,MAAM,IAAI,GACR,QAAQ,CAAC,IAAI;QACb,MAAM,EAAE,IAAI;QACX,GAAG,CAAC,aAA0C;QAC/C,QAAQ,CAAC,IAAI,CAAC;IAEhB,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,oCAAoC,CAAC,CAAC;IACtF,CAAC;IAED,OAAO;QACL,IAAI;QACJ,QAAQ,EACN,QAAQ,CAAC,QAAQ;YACjB,MAAM,EAAE,QAAQ;YACf,GAAG,CAAC,iBAA6D;YAClE,QAAQ,CAAC,QAAQ;QACnB,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,MAAM,EAAE,KAAK,IAAI,GAAG,CAAC,cAAc,IAAI,SAAS;QACzE,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,MAAM,EAAE,WAAW,IAAI,SAAS;QACrE,mBAAmB,EACjB,QAAQ,CAAC,mBAAmB;YAC5B,MAAM,EAAE,mBAAmB;YAC3B,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QAChG,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM;QAC1C,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;QAC7C,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW;QACzD,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,MAAM,EAAE,OAAO,IAAI,QAAQ,CAAC,OAAO;QAChE,gBAAgB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,gBAAgB,IAAI,MAAM,EAAE,gBAAgB,IAAI,QAAQ,CAAC,gBAAgB,CAAC;QACjH,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,MAAM,EAAE,WAAW,IAAI,QAAQ,CAAC,WAAW;KACjF,CAAC;AACJ,CAAC"}
|
|
@@ -13,6 +13,7 @@ import { SemanticAnalyzer } from './semantic.js';
|
|
|
13
13
|
import { buildProjectContext } from '../context/project.js';
|
|
14
14
|
import { buildFileContext } from '../context/file.js';
|
|
15
15
|
import { DependencyGraphBuilder } from '../graph/dependency.js';
|
|
16
|
+
import { postFilterFindings, suppressCarrierFindings } from './postprocess.js';
|
|
16
17
|
|
|
17
18
|
const CODE_EXTENSIONS = new Set([
|
|
18
19
|
'.js', '.mjs', '.cjs', '.jsx',
|
|
@@ -90,6 +91,9 @@ export class AnalysisEngine {
|
|
|
90
91
|
const analyzer = new SemanticAnalyzer(
|
|
91
92
|
this.router.getAnalysisProvider(),
|
|
92
93
|
this.router.getTriageProvider(),
|
|
94
|
+
this.options.mode,
|
|
95
|
+
projectRoot,
|
|
96
|
+
graph,
|
|
93
97
|
);
|
|
94
98
|
|
|
95
99
|
// Triage files in parallel
|
|
@@ -206,6 +210,14 @@ export class AnalysisEngine {
|
|
|
206
210
|
this.onProgress('finalize', `Deduplicating ${allFindings.length} raw finding(s)`);
|
|
207
211
|
allFindings = this.dedup(allFindings);
|
|
208
212
|
|
|
213
|
+
// Mode-aware post-filtering
|
|
214
|
+
const beforePostFilter = allFindings.length;
|
|
215
|
+
allFindings = postFilterFindings(allFindings, this.options.mode);
|
|
216
|
+
if (this.options.mode === 'security') {
|
|
217
|
+
allFindings = suppressCarrierFindings(allFindings);
|
|
218
|
+
this.onProgress('finalize', `Security filter: ${beforePostFilter} → ${allFindings.length}`);
|
|
219
|
+
}
|
|
220
|
+
|
|
209
221
|
// Filter by confidence
|
|
210
222
|
const beforeFilter = allFindings.length;
|
|
211
223
|
allFindings = allFindings.filter(
|
|
@@ -282,10 +294,11 @@ export class AnalysisEngine {
|
|
|
282
294
|
}
|
|
283
295
|
|
|
284
296
|
private dedup(findings: Finding[]): Finding[] {
|
|
297
|
+
// Phase 1: group by file + rich signature (CWE > normalized title > category)
|
|
285
298
|
const groups = new Map<string, Finding[]>();
|
|
286
299
|
|
|
287
300
|
for (const finding of findings) {
|
|
288
|
-
const key = `${finding.location.file}:${finding
|
|
301
|
+
const key = `${finding.location.file}:${this.dedupSignature(finding)}`;
|
|
289
302
|
const group = groups.get(key) ?? [];
|
|
290
303
|
group.push(finding);
|
|
291
304
|
groups.set(key, group);
|
|
@@ -293,7 +306,6 @@ export class AnalysisEngine {
|
|
|
293
306
|
|
|
294
307
|
const result: Finding[] = [];
|
|
295
308
|
for (const group of groups.values()) {
|
|
296
|
-
// Merge overlapping line ranges, keep highest confidence
|
|
297
309
|
const merged = this.mergeOverlapping(group);
|
|
298
310
|
result.push(...merged);
|
|
299
311
|
}
|
|
@@ -301,6 +313,27 @@ export class AnalysisEngine {
|
|
|
301
313
|
return result;
|
|
302
314
|
}
|
|
303
315
|
|
|
316
|
+
/**
|
|
317
|
+
* Generate a dedup signature that's more precise than just category.
|
|
318
|
+
* Priority: CWE (most specific) > normalized title > category fallback.
|
|
319
|
+
*/
|
|
320
|
+
private dedupSignature(finding: Finding): string {
|
|
321
|
+
if (finding.cwe) {
|
|
322
|
+
return `cwe:${finding.cwe.toLowerCase()}`;
|
|
323
|
+
}
|
|
324
|
+
|
|
325
|
+
// Normalize the title: lowercase, strip numbers/punctuation, collapse whitespace
|
|
326
|
+
const normalized = finding.title
|
|
327
|
+
.toLowerCase()
|
|
328
|
+
.replace(/\b(line|col|at)\s*\d+/g, '')
|
|
329
|
+
.replace(/[^a-z0-9\s]/g, '')
|
|
330
|
+
.replace(/\s+/g, ' ')
|
|
331
|
+
.trim();
|
|
332
|
+
|
|
333
|
+
// Use first 60 chars of normalized title + category for grouping
|
|
334
|
+
return `${finding.category}:${normalized.slice(0, 60)}`;
|
|
335
|
+
}
|
|
336
|
+
|
|
304
337
|
private mergeOverlapping(findings: Finding[]): Finding[] {
|
|
305
338
|
if (findings.length <= 1) return findings;
|
|
306
339
|
|
|
@@ -360,6 +393,7 @@ export class AnalysisEngine {
|
|
|
360
393
|
|
|
361
394
|
const runNext = async (): Promise<void> => {
|
|
362
395
|
while (index < items.length) {
|
|
396
|
+
// Safe: index++ between awaits is non-concurrent in single-threaded JS
|
|
363
397
|
const currentIndex = index++;
|
|
364
398
|
results[currentIndex] = await fn(items[currentIndex]);
|
|
365
399
|
}
|