npm - al-sem - Versions diffs - 0.0.1 - Mend

al-sem 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (231) hide show

package/LICENSE +21 -0
package/README.md +361 -0
package/package.json +64 -0
package/scripts/d40-diff.ts +44 -0
package/scripts/fetch-native-parser.ts +179 -0
package/scripts/precision-sample.ts +99 -0
package/scripts/precision-study.ts +42 -0
package/scripts/precision-tabulate.ts +52 -0
package/src/cli/baseline.ts +31 -0
package/src/cli/diff.ts +199 -0
package/src/cli/events-chains.ts +56 -0
package/src/cli/events-fanout.ts +87 -0
package/src/cli/exit-code.ts +30 -0
package/src/cli/fingerprint-indexes.ts +130 -0
package/src/cli/fingerprint-query.ts +543 -0
package/src/cli/fingerprint-witness.ts +493 -0
package/src/cli/fingerprint.ts +292 -0
package/src/cli/format-compact-json.ts +45 -0
package/src/cli/format-events.ts +77 -0
package/src/cli/format-fingerprint.ts +295 -0
package/src/cli/format-html.ts +503 -0
package/src/cli/format-json.ts +13 -0
package/src/cli/format-policy.ts +95 -0
package/src/cli/format-sarif.ts +186 -0
package/src/cli/format-terminal.ts +153 -0
package/src/cli/index.ts +566 -0
package/src/cli/policy.ts +204 -0
package/src/config/roots-config.ts +302 -0
package/src/deps/cache-versions.ts +74 -0
package/src/deps/canonical-json.ts +27 -0
package/src/deps/dependency-artifact.ts +144 -0
package/src/deps/dependency-cache.ts +262 -0
package/src/deps/dependency-dag.ts +128 -0
package/src/deps/dependency-package-discovery.ts +85 -0
package/src/deps/dependency-pipeline.ts +483 -0
package/src/deps/dependency-projection.ts +211 -0
package/src/deps/dependency-resolver.ts +154 -0
package/src/deps/workspace-dependencies.ts +114 -0
package/src/detectors/capability-query.ts +145 -0
package/src/detectors/confidence.ts +52 -0
package/src/detectors/d1-db-op-in-loop.ts +457 -0
package/src/detectors/d10-self-modifying-loop.ts +114 -0
package/src/detectors/d11-modify-without-get.ts +129 -0
package/src/detectors/d12-dead-integration-event.ts +81 -0
package/src/detectors/d13-cross-app-internal-call.ts +105 -0
package/src/detectors/d14-dead-routine.ts +151 -0
package/src/detectors/d16-obsolete-routine-call.ts +94 -0
package/src/detectors/d17-min-version-drift.ts +157 -0
package/src/detectors/d18-constant-filter-in-loop.ts +151 -0
package/src/detectors/d19-unused-parameter.ts +116 -0
package/src/detectors/d2-event-fanout-in-loop.ts +240 -0
package/src/detectors/d20-unreachable-after-exit.ts +92 -0
package/src/detectors/d21-read-without-load.ts +128 -0
package/src/detectors/d22-flowfield-without-calcfields.ts +168 -0
package/src/detectors/d29-subscriber-modify-on-event-record.ts +163 -0
package/src/detectors/d3-load-state.ts +72 -0
package/src/detectors/d3-missing-setloadfields.ts +234 -0
package/src/detectors/d32-constant-boolean-parameter.ts +185 -0
package/src/detectors/d33-unfiltered-bulk-write.ts +173 -0
package/src/detectors/d34-commit-in-loop.ts +206 -0
package/src/detectors/d35-commit-in-event-subscriber.ts +138 -0
package/src/detectors/d36-late-setloadfields.ts +162 -0
package/src/detectors/d37-validate-without-persist.ts +271 -0
package/src/detectors/d38-subscriber-to-obsolete-event.ts +140 -0
package/src/detectors/d39-record-left-dirty-across-chain.ts +165 -0
package/src/detectors/d4-repeated-lookup-in-loop.ts +128 -0
package/src/detectors/d40-transitive-load-missing.ts +217 -0
package/src/detectors/d41-transitive-filter-loss.ts +200 -0
package/src/detectors/d42-cross-call-wrong-setloadfields.ts +243 -0
package/src/detectors/d43-event-ishandled-skip.ts +257 -0
package/src/detectors/d44-event-multi-subscriber-overlap.ts +223 -0
package/src/detectors/d45-event-transitive-table-exposure.ts +159 -0
package/src/detectors/d5-set-based-opportunity.ts +162 -0
package/src/detectors/d7-recursive-event-expansion.ts +151 -0
package/src/detectors/d8-commit-in-transaction.ts +132 -0
package/src/detectors/d9-transaction-span-summary.ts +107 -0
package/src/detectors/detector-context.ts +121 -0
package/src/detectors/finding-grouping.ts +61 -0
package/src/detectors/path-merge.ts +174 -0
package/src/detectors/registry.ts +176 -0
package/src/detectors/table-display.ts +42 -0
package/src/diff/diff-abi.ts +195 -0
package/src/diff/diff-capabilities.ts +179 -0
package/src/diff/diff-engine.ts +146 -0
package/src/diff/diff-events.ts +323 -0
package/src/diff/diff-identity.ts +73 -0
package/src/diff/diff-indexes.ts +199 -0
package/src/diff/diff-permissions.ts +260 -0
package/src/diff/diff-policy.ts +101 -0
package/src/diff/diff-preflight.ts +66 -0
package/src/diff/diff-renames.ts +104 -0
package/src/diff/diff-schema.ts +232 -0
package/src/diff/format-diff.ts +148 -0
package/src/engine/attribute-parser.ts +50 -0
package/src/engine/capability-cone.ts +531 -0
package/src/engine/combined-graph.ts +357 -0
package/src/engine/control-flow-walker.ts +1317 -0
package/src/engine/dispatch-sites.ts +199 -0
package/src/engine/effect-lattice.ts +81 -0
package/src/engine/entry-points.ts +57 -0
package/src/engine/event-flow.ts +524 -0
package/src/engine/event-relay.ts +92 -0
package/src/engine/op-classification.ts +92 -0
package/src/engine/path-walker.ts +189 -0
package/src/engine/reverse-call-graph.ts +23 -0
package/src/engine/root-classifier-overlay.ts +194 -0
package/src/engine/root-classifier.ts +135 -0
package/src/engine/scc.ts +110 -0
package/src/engine/source-anchor.ts +25 -0
package/src/engine/summary-context.ts +104 -0
package/src/engine/summary-engine.ts +296 -0
package/src/engine/summary-runner.ts +560 -0
package/src/engine/transaction-spans.ts +112 -0
package/src/engine/uncertainty-util.ts +54 -0
package/src/hash.ts +31 -0
package/src/index/attribute-from-node.ts +141 -0
package/src/index/callee-from-node.ts +181 -0
package/src/index/capability/background.ts +90 -0
package/src/index/capability/commit.ts +44 -0
package/src/index/capability/dispatch.ts +164 -0
package/src/index/capability/events.ts +65 -0
package/src/index/capability/extractor.ts +124 -0
package/src/index/capability/file-blob.ts +137 -0
package/src/index/capability/http.ts +159 -0
package/src/index/capability/hyperlink.ts +60 -0
package/src/index/capability/isolated-storage.ts +179 -0
package/src/index/capability/table.ts +113 -0
package/src/index/capability/telemetry.ts +84 -0
package/src/index/capability/ui.ts +55 -0
package/src/index/capability/value-source.ts +202 -0
package/src/index/expression-from-node.ts +117 -0
package/src/index/indexer.ts +102 -0
package/src/index/intraprocedural-body.ts +1467 -0
package/src/index/intraprocedural-ops.ts +253 -0
package/src/index/intraprocedural-refs.ts +188 -0
package/src/index/object-indexer.ts +279 -0
package/src/index/routine-indexer.ts +282 -0
package/src/index/routine-signature.ts +46 -0
package/src/index/variable-indexer.ts +134 -0
package/src/index/variable-initializer-extractor.ts +155 -0
package/src/index/variable-type-normalizer.ts +83 -0
package/src/index.ts +267 -0
package/src/mcp/server.ts +72 -0
package/src/mcp/session.ts +49 -0
package/src/mcp/tools/explain-path.ts +75 -0
package/src/mcp/tools/get-analysis-health.ts +62 -0
package/src/mcp/tools/get-finding.ts +47 -0
package/src/mcp/tools/get-routine-summary.ts +126 -0
package/src/mcp/tools/list-findings.ts +85 -0
package/src/mcp/tools/list-hotspots.ts +78 -0
package/src/mcp/tools/list-rollups.ts +103 -0
package/src/mcp/tools/validators.ts +25 -0
package/src/model/attributes.ts +120 -0
package/src/model/callee.ts +45 -0
package/src/model/capability.ts +187 -0
package/src/model/coverage.ts +85 -0
package/src/model/entities.ts +628 -0
package/src/model/expression.ts +98 -0
package/src/model/finding.ts +110 -0
package/src/model/graph-edge.ts +93 -0
package/src/model/graph.ts +62 -0
package/src/model/identity.ts +81 -0
package/src/model/ids.ts +90 -0
package/src/model/index.ts +13 -0
package/src/model/model.ts +51 -0
package/src/model/permission.ts +76 -0
package/src/model/root-classification.ts +116 -0
package/src/model/stable-identity.ts +102 -0
package/src/model/summary.ts +96 -0
package/src/parser/ast.ts +82 -0
package/src/parser/native/ffi.ts +145 -0
package/src/parser/native/parse-index-pool.ts +148 -0
package/src/parser/native/parse-index-worker.ts +94 -0
package/src/parser/native/wrapper.ts +353 -0
package/src/parser/parser-init.ts +43 -0
package/src/perf/profiler.ts +66 -0
package/src/policy/policy-default.yaml +83 -0
package/src/policy/policy-engine.ts +339 -0
package/src/policy/policy-loader.ts +257 -0
package/src/policy/policy-schema.json +379 -0
package/src/policy/policy-types.ts +81 -0
package/src/policy/predicate-compiler.ts +151 -0
package/src/policy/predicate-evaluator.ts +267 -0
package/src/policy/predicate-fields.ts +439 -0
package/src/projection/actionable-anchor.ts +48 -0
package/src/projection/finding-filters.ts +44 -0
package/src/projection/finding-fingerprint.ts +54 -0
package/src/projection/finding-groups.ts +41 -0
package/src/projection/finding-summary.ts +110 -0
package/src/projection/rollup-findings.ts +105 -0
package/src/providers/discover.ts +88 -0
package/src/providers/external.ts +46 -0
package/src/providers/types.ts +36 -0
package/src/providers/workspace.ts +117 -0
package/src/resolve/call-resolver.ts +117 -0
package/src/resolve/coverage.ts +61 -0
package/src/resolve/event-graph.ts +166 -0
package/src/resolve/implicit-edges.ts +53 -0
package/src/resolve/record-types.ts +36 -0
package/src/resolve/resolver.ts +23 -0
package/src/resolve/semantic-graph.ts +29 -0
package/src/resolve/symbol-table.ts +69 -0
package/src/snapshot/app-snapshot.ts +74 -0
package/src/snapshot/compose.ts +100 -0
package/src/snapshot/derive/callsite-evidence.ts +76 -0
package/src/snapshot/derive/capability-facts.ts +70 -0
package/src/snapshot/derive/contracts.ts +131 -0
package/src/snapshot/derive/coverage.ts +35 -0
package/src/snapshot/derive/event-declarations.ts +140 -0
package/src/snapshot/derive/identity-table.ts +58 -0
package/src/snapshot/derive/inputs.ts +91 -0
package/src/snapshot/derive/operation-evidence.ts +70 -0
package/src/snapshot/derive/permissions.ts +186 -0
package/src/snapshot/derive/root-classifications.ts +56 -0
package/src/snapshot/derive/schema.ts +130 -0
package/src/snapshot/derive/typed-edges.ts +60 -0
package/src/snapshot/derive/workspace-fingerprint.ts +19 -0
package/src/snapshot/deserialize.ts +40 -0
package/src/snapshot/serialize-cbor-gz.ts +12 -0
package/src/snapshot/serialize-cbor.ts +19 -0
package/src/snapshot/serialize-json.ts +22 -0
package/src/snapshot/shard.ts +134 -0
package/src/snapshot/types.ts +181 -0
package/src/symbols/app-manifest.ts +96 -0
package/src/symbols/app-package-zip.ts +50 -0
package/src/symbols/embedded-source-reader.ts +41 -0
package/src/symbols/package-hash.ts +81 -0
package/src/symbols/symbol-reader.ts +101 -0
package/src/symbols/symbol-reference-parser.ts +378 -0
package/src/symbols/symbol-reference-reader.ts +27 -0
package/tsconfig.json +18 -0

package/src/index/expression-from-node.ts ADDED Viewed

@@ -0,0 +1,117 @@
+// src/index/expression-from-node.ts
+// Build a structured `ExpressionInfo` from a tree-sitter expression node.
+//
+// Used by the body indexer to populate `CallSite.argumentInfos` and
+// `RecordOperation.fieldArgumentInfos`. Same shape regardless of where the
+// expression appears — detectors that need a literal-vs-non-literal decision
+// (D18) or quoted-vs-unquoted name disambiguation (D4, D22) read the
+// resulting `ExpressionInfo` through the `model/expression.ts` helpers
+// instead of re-parsing the raw text.
+import type { ExpressionInfo, ExpressionKind } from "../model/expression.ts";
+import type { Node as SyntaxNode } from "../parser/native/wrapper.ts";
+/** Strip surrounding single or double quotes. */
+function stripQuoteChars(text: string): string {
+	if (text.length < 2) return text;
+	const first = text[0];
+	const last = text[text.length - 1];
+	if ((first === '"' && last === '"') || (first === "'" && last === "'")) {
+		return text.slice(1, -1);
+	}
+	return text;
+}
+/** Map a tree-sitter node type into the closed `ExpressionKind` enum. */
+function kindOf(nodeType: string): ExpressionKind {
+	switch (nodeType) {
+		case "string_literal":
+		case "integer":
+		case "decimal":
+		case "boolean":
+		case "identifier":
+		case "quoted_identifier":
+		case "qualified_enum_value":
+		case "database_reference":
+		case "unary_expression":
+		case "member_expression":
+		case "call_expression":
+		case "parenthesized_expression":
+			return nodeType;
+		default:
+			return "other";
+	}
+}
+/**
+ * For `unary_expression`, return the operand's kind when the operand is a
+ * numeric literal (`integer` / `decimal`). The signed text — `text` field —
+ * acts as the value. Used by D18 to treat `-5` / `+5.5` as loop-invariant
+ * literals just like a bare `5`.
+ */
+function unaryLiteralValue(node: SyntaxNode, text: string): string | undefined {
+	for (const child of node.namedChildren) {
+		if (child === null) continue;
+		if (child.type === "integer" || child.type === "decimal") return text;
+		return undefined;
+	}
+	return undefined;
+}
+/** Pull derived `value` / `qualifier` / `member` fields for the kinds that have them. */
+function deriveParts(
+	node: SyntaxNode,
+	kind: ExpressionKind,
+	text: string,
+): { value?: string; qualifier?: string; member?: string } {
+	switch (kind) {
+		case "string_literal":
+		case "quoted_identifier":
+			return { value: stripQuoteChars(text) };
+		case "integer":
+		case "decimal":
+		case "boolean":
+		case "identifier":
+			return { value: text };
+		case "qualified_enum_value": {
+			const qualifier = node.childForFieldName("enum_type")?.text;
+			const memberRaw = node.childForFieldName("value")?.text;
+			const member = memberRaw !== undefined ? stripQuoteChars(memberRaw) : undefined;
+			return {
+				value: member,
+				...(qualifier !== undefined ? { qualifier } : {}),
+				...(member !== undefined ? { member } : {}),
+			};
+		}
+		case "database_reference": {
+			const qualifier = node.childForFieldName("keyword")?.text;
+			const memberRaw = node.childForFieldName("table_name")?.text;
+			const member = memberRaw !== undefined ? stripQuoteChars(memberRaw) : undefined;
+			return {
+				value: member,
+				...(qualifier !== undefined ? { qualifier } : {}),
+				...(member !== undefined ? { member } : {}),
+			};
+		}
+		case "unary_expression": {
+			const value = unaryLiteralValue(node, text);
+			return value !== undefined ? { value } : {};
+		}
+		default:
+			return {};
+	}
+}
+/** Build an `ExpressionInfo` from an arbitrary expression node. */
+export function expressionInfoFromNode(node: SyntaxNode): ExpressionInfo {
+	const kind = kindOf(node.type);
+	const text = node.text;
+	const parts = deriveParts(node, kind, text);
+	return {
+		kind,
+		text,
+		...(parts.value !== undefined ? { value: parts.value } : {}),
+		...(parts.qualifier !== undefined ? { qualifier: parts.qualifier } : {}),
+		...(parts.member !== undefined ? { member: parts.member } : {}),
+	};
+}

package/src/index/indexer.ts ADDED Viewed

@@ -0,0 +1,102 @@
+import { sha256Hex } from "../hash.ts";
+import type { App } from "../model/entities.ts";
+import type { Diagnostic } from "../model/finding.ts";
+import type { ModelIdentity } from "../model/identity.ts";
+import type { SemanticIndex } from "../model/model.ts";
+import { NativeParserUnavailableError, parseALSource } from "../parser/parser-init.ts";
+import type { SourceUnit } from "../providers/types.ts";
+import { indexObjects } from "./object-indexer.ts";
+import { indexRoutines } from "./routine-indexer.ts";
+export interface BuildIndexResult {
+	index: SemanticIndex;
+	diagnostics: Diagnostic[];
+}
+/**
+ * Parse and index every source unit into a SemanticIndex. Parse/index failures degrade
+ * gracefully: the offending unit is skipped with a diagnostic; other units still index.
+ */
+export async function buildSemanticIndex(
+	units: SourceUnit[],
+	identity: ModelIdentity,
+	modelInstanceId: string,
+): Promise<BuildIndexResult> {
+	const diagnostics: Diagnostic[] = [];
+	const index: SemanticIndex = {
+		identity,
+		apps: identity.apps.map(
+			(a): App => ({
+				appGuid: a.appGuid,
+				publisher: a.publisher,
+				name: a.name,
+				version: a.version,
+			}),
+		),
+		objects: [],
+		routines: [],
+		tables: [],
+	};
+	let parserDownGuard = false;
+	for (const unit of units) {
+		if (parserDownGuard) break;
+		if (unit.kind !== "source" || unit.content === undefined) continue;
+		let tree: Awaited<ReturnType<typeof parseALSource>> | undefined;
+		try {
+			tree = await parseALSource(unit.content);
+			const sourceHash = sha256Hex(unit.content);
+			const objResults = indexObjects({
+				tree,
+				appGuid: unit.appGuid,
+				sourceUnitId: unit.id,
+				modelInstanceId,
+				sourceHash,
+			});
+			if (objResults.length === 0) {
+				diagnostics.push({
+					severity: "info",
+					stage: "index",
+					message: `No object declaration found in ${unit.relativePath}`,
+					sourceRef: unit.id,
+				});
+				continue;
+			}
+			for (const objResult of objResults) {
+				if (!objResult.object || !objResult.objectNode) continue;
+				objResult.object.analysisRole = unit.analysisRole ?? "primary";
+				index.objects.push(objResult.object);
+				if (objResult.table) index.tables.push(objResult.table);
+				const routines = indexRoutines({
+					objectNode: objResult.objectNode,
+					object: objResult.object,
+					sourceUnitId: unit.id,
+					modelInstanceId,
+				});
+				for (const r of routines) r.analysisRole = unit.analysisRole ?? "primary";
+				index.routines.push(...routines);
+			}
+		} catch (err) {
+			if (err instanceof NativeParserUnavailableError) {
+				diagnostics.push({
+					severity: "error",
+					stage: "parse",
+					message: `[PARSER001] native parser unavailable: ${err.message}`,
+				});
+				parserDownGuard = true;
+				continue;
+			}
+			diagnostics.push({
+				severity: "warning",
+				stage: "index",
+				message: `Failed to index ${unit.relativePath}: ${(err as Error).message}`,
+				sourceRef: unit.id,
+			});
+		} finally {
+			// Free WASM-backed tree-sitter `Tree` — JS GC alone doesn't reclaim it.
+			tree?.delete();
+		}
+	}
+	return { index, diagnostics };
+}