al-sem 0.0.1

package/src/mcp/tools/list-rollups.ts

@@ -0,0 +1,103 @@
+// src/mcp/tools/list-rollups.ts
+
+import { filterFindings } from "../../projection/finding-filters.ts";
+import { rollupFindings } from "../../projection/rollup-findings.ts";
+import type { McpTool } from "../server.ts";
+import { getSession } from "../session.ts";
+import { validateMinSeverity } from "./validators.ts";
+
+/**
+ * list_rollups — grouped view of findings. Each entry is either a singleton
+ * finding or a multi-detector rollup at the same source location. Designed for
+ * agents that want the consolidated "what to fix" view instead of the raw
+ * per-detector firings.
+ *
+ * The rollup is purely presentational — agents that need per-detector identity
+ * (for baselines, SARIF, or fingerprint dedup) should call list_findings
+ * instead. The two views describe the same underlying Findings.
+ */
+export const listRollupsTool: McpTool = {
+	definition: {
+		name: "list_rollups",
+		description:
+			"List findings rolled up by source location. Multiple detectors firing at the same (file, line, column, tables) collapse into one entry — e.g. D1+D5+D10 on a single iterating-Modify. Each entry is either a singleton finding or a rollup with N contributors and aggregated fix recommendations. Use list_findings for per-detector identity.",
+		inputSchema: {
+			type: "object",
+			properties: {
+				workspaceRoot: { type: "string", description: "Absolute path to the AL workspace root." },
+				alpackagesDir: { type: "string", description: "Optional explicit .alpackages path." },
+				minSeverity: {
+					type: "string",
+					enum: ["critical", "high", "medium", "low", "info"],
+					description: "Drop findings below this severity (applied before rollup).",
+				},
+				detectors: {
+					type: "array",
+					items: { type: "string" },
+					description: "Allow-list of detector ids (applied before rollup).",
+				},
+				objectIds: { type: "array", items: { type: "string" } },
+				tableIds: { type: "array", items: { type: "string" } },
+				files: {
+					type: "array",
+					items: { type: "string" },
+					description: "Match by file path suffix (applied before rollup).",
+				},
+				limit: {
+					type: "integer",
+					minimum: 1,
+					description: "Cap output at the first N rollup entries (after sort).",
+				},
+			},
+			required: ["workspaceRoot"],
+		},
+	},
+	async handle(args) {
+		const workspaceRoot = args.workspaceRoot;
+		if (typeof workspaceRoot !== "string") {
+			return {
+				content: [
+					{ type: "text", text: "list_rollups: workspaceRoot is required and must be a string" },
+				],
+			};
+		}
+		const sev = validateMinSeverity(args.minSeverity, "list_rollups");
+		if (!sev.ok) return { content: [{ type: "text", text: sev.error }] };
+		const session = await getSession(
+			workspaceRoot,
+			typeof args.alpackagesDir === "string" ? args.alpackagesDir : undefined,
+		);
+		// Filter BEFORE rollup so rollups reflect the user's intent ("show me
+		// high-or-worse" never groups in dropped info findings).
+		const filtered = filterFindings(session.findings, {
+			minSeverity: sev.value,
+			detectors: Array.isArray(args.detectors) ? (args.detectors as string[]) : undefined,
+			objectIds: Array.isArray(args.objectIds) ? (args.objectIds as string[]) : undefined,
+			tableIds: Array.isArray(args.tableIds) ? (args.tableIds as string[]) : undefined,
+			files: Array.isArray(args.files) ? (args.files as string[]) : undefined,
+			// No limit here — limit is applied to rollups, not raw findings.
+		});
+		const rolled = rollupFindings(filtered);
+		const limited =
+			typeof args.limit === "number" && args.limit > 0 ? rolled.slice(0, args.limit) : rolled;
+		const rollupCount = limited.filter((r) => r.kind === "rolled").length;
+		return {
+			content: [
+				{
+					type: "text",
+					text: JSON.stringify(
+						{
+							entries: limited,
+							totalEntries: rolled.length,
+							rolledCount: rollupCount,
+							singletonCount: rolled.length - rollupCount,
+							totalUnderlyingFindings: filtered.length,
+						},
+						null,
+						2,
+					),
+				},
+			],
+		};
+	},
+};

package/src/mcp/tools/validators.ts

@@ -0,0 +1,25 @@
+// src/mcp/tools/validators.ts
+
+import type { FindingSummary } from "../../projection/finding-summary.ts";
+
+const SEVERITY_VALUES = ["critical", "high", "medium", "low", "info"] as const;
+
+/**
+ * Validate an MCP `minSeverity` argument. Returns the typed severity, undefined when
+ * absent, or an error string when the value is set but not in the allowed set. Callers
+ * surface the error string as a tool error rather than silently dropping every finding
+ * (the failure mode if we passed an off-enum string straight through to the rank table).
+ */
+export function validateMinSeverity(
+	value: unknown,
+	toolName: string,
+): { ok: true; value: FindingSummary["severity"] | undefined } | { ok: false; error: string } {
+	if (value === undefined) return { ok: true, value: undefined };
+	if (typeof value !== "string" || !SEVERITY_VALUES.includes(value as FindingSummary["severity"])) {
+		return {
+			ok: false,
+			error: `${toolName}: minSeverity must be one of: ${SEVERITY_VALUES.join(", ")}`,
+		};
+	}
+	return { ok: true, value: value as FindingSummary["severity"] };
+}

package/src/model/attributes.ts

@@ -0,0 +1,120 @@
+// src/model/attributes.ts
+// Structured, tree-sitter-derived attribute model. The grammar exposes every
+// `attribute_item` as a typed tree (name + typed args); we serialize that into
+// AttributeInfo at L2 index time so detectors and resolvers can query attributes
+// without re-shredding `[…]` text via regex.
+//
+// Two producers populate this model:
+//   - Native AL source: `attributeInfoFromNode` (src/index/attribute-from-node.ts)
+//     walks the `attribute_content → arguments → attribute_argument_list` tree.
+//   - `.app` ABI symbols: the symbol-reference parser builds AttributeInfo from
+//     the structured RawAttr JSON — no AL grammar involved, just typed shape
+//     detection on already-deserialized values.
+//
+// The grammar's `_attribute_argument` choice is the canonical kind list — this
+// type mirrors it. `"unknown"` is for ABI values we can't classify (shouldn't
+// occur in practice; surfaced rather than silently coerced).
+
+/** Grammar-aligned argument kinds — mirror `_attribute_argument` in tree-sitter-al. */
+export type AttributeArgKind =
+	| "boolean"
+	| "integer"
+	| "string_literal"
+	| "identifier"
+	| "quoted_identifier"
+	| "qualified_enum_value"
+	| "database_reference"
+	| "member_expression"
+	| "unknown";
+
+/**
+ * One positional argument inside an attribute's argument list.
+ *
+ * `text` is the raw, source-faithful slice (includes quotes for string_literal /
+ * quoted_identifier). `value`, when set, is the consumer-friendly unquoted form
+ * (string contents, qualified value RHS, database_reference table name). For
+ * `qualified_enum_value` and `database_reference` we also break out `qualifier`
+ * (LHS of `::`) and `member` (RHS) for direct access.
+ */
+export interface AttributeArg {
+	kind: AttributeArgKind;
+	text: string;
+	/**
+	 * Unquoted/derived value:
+	 * - string_literal: contents between the single quotes
+	 * - quoted_identifier: contents between the double quotes
+	 * - qualified_enum_value: RHS of `::` (the "value" field)
+	 * - database_reference: RHS of `::` (the "table_name" field, unquoted)
+	 * - boolean: "true" / "false"
+	 * - integer: decimal text
+	 * - identifier: same as text
+	 * Undefined for member_expression / unknown.
+	 */
+	value?: string;
+	/** LHS of `::` for qualified_enum_value / database_reference. */
+	qualifier?: string;
+	/** RHS of `::` for qualified_enum_value / database_reference. */
+	member?: string;
+}
+
+/**
+ * One `[Name(args...)]` attribute on a routine.
+ *
+ * `name` is case-preserved as written. `raw` is the full `[…]` source slice,
+ * kept for diagnostics, dump-model fidelity, and any consumer that needs the
+ * original text. `args` are positional.
+ */
+export interface AttributeInfo {
+	name: string;
+	args: AttributeArg[];
+	raw: string;
+}
+
+/**
+ * Case-insensitive lookup of the first attribute matching `name`. Returns
+ * undefined when absent — call sites should branch on that, not throw.
+ */
+export function findAttribute(
+	attrs: readonly AttributeInfo[],
+	name: string,
+): AttributeInfo | undefined {
+	const lc = name.toLowerCase();
+	for (const a of attrs) {
+		if (a.name.toLowerCase() === lc) return a;
+	}
+	return undefined;
+}
+
+/** True when at least one attribute matches `name` (case-insensitive). */
+export function hasAttribute(attrs: readonly AttributeInfo[], name: string): boolean {
+	return findAttribute(attrs, name) !== undefined;
+}
+
+/**
+ * Read the `value` of arg at `index` from `attr` when it's a string_literal.
+ * Returns undefined when the arg is absent, of the wrong kind, or value is unset.
+ */
+export function stringArg(attr: AttributeInfo, index: number): string | undefined {
+	const a = attr.args[index];
+	if (a === undefined || a.kind !== "string_literal") return undefined;
+	return a.value;
+}
+
+/**
+ * Read a qualified_enum_value / database_reference arg's qualifier and member.
+ * Returns undefined when the arg is absent or of a non-qualified kind.
+ *
+ * Examples:
+ *   `ObjectType::Codeunit`         → { qualifier: "ObjectType", member: "Codeunit" }
+ *   `Codeunit::"Sales-Post"`       → { qualifier: "Codeunit",   member: "Sales-Post" }
+ */
+export function qualifiedArg(
+	attr: AttributeInfo,
+	index: number,
+): { qualifier: string; member: string } | undefined {
+	const a = attr.args[index];
+	if (a === undefined) return undefined;
+	if (a.kind !== "qualified_enum_value" && a.kind !== "database_reference") return undefined;
+	if (a.qualifier === undefined || a.member === undefined) return undefined;
+	return { qualifier: a.qualifier, member: a.member };
+}

package/src/model/callee.ts

@@ -0,0 +1,45 @@
+// src/model/callee.ts
+// Structured classification of a CallSite's callee, derived from the
+// `call_expression` node at L2 index time. Drives the call resolver's
+// dispatch-kind decision without re-parsing the raw text.
+//
+// Two-layer rationale (per superpowers + GPT-5.5 review): cache tree-sitter-
+// derived facts as serializable DTOs on the model, not parse trees. Detectors
+// and resolvers read `CallSite.callee` directly — no `parseCallee(text)` round-
+// trip, no regex shred.
+
+/**
+ * Object-type keywords that prefix `Codeunit.Run` / `Page.Run` / `Report.Run`
+ * dispatch. Mirrors the AL object-type space; identical to the grammar's
+ * `object_type_keyword` alias minus Database/XMLport/Query (which have no
+ * `.Run` form).
+ */
+export type ObjectRunKind = "Codeunit" | "Page" | "Report";
+
+export type Callee =
+	| {
+			kind: "bare";
+			/** Procedure name, unquoted (quoted identifiers are stripped). */
+			name: string;
+	  }
+	| {
+			kind: "member";
+			/** Receiver expression text (e.g. `Sales` for `Sales.Post()`). */
+			receiver: string;
+			/** Method name. */
+			method: string;
+	  }
+	| {
+			kind: "object-run";
+			objectKind: ObjectRunKind;
+			/** Target object type — same as `objectKind` today; kept distinct in case AL ever permits a different prefix. */
+			targetType: ObjectRunKind;
+			/**
+			 * The literal object name or decimal id (as text); undefined when the target
+			 * is dynamic (a variable / expression we cannot resolve statically).
+			 */
+			targetRef?: string;
+			/** true when `targetRef` is a name (quoted or unquoted), false for a numeric id, false for dynamic. */
+			targetIsName: boolean;
+	  }
+	| { kind: "unknown" };

package/src/model/capability.ts

@@ -0,0 +1,187 @@
+import type { RecordOpType, TempState } from "./entities.ts";
+import type { CallsiteId, EventId, ObjectId, OperationId, RoutineId, TableId } from "./ids.ts";
+
+/**
+ * Where a value at a capability extraction site comes from. The spec
+ * (§3.1) called this `SourceKind`; this implementation uses `ValueSource`
+ * to avoid a name collision with the existing
+ * `SourceKind = "workspace" | "app-source" | "symbol-only" | "external-source"`
+ * in `src/model/identity.ts` (which describes AL source provenance, not
+ * value provenance). Spec amendment scheduled post-Phase-0a.
+ *
+ * `constant-var` carries a recursive `initializer: ValueSource` so a chain
+ * `literal → constant-var → constant-var → ...` resolves all the way to
+ * its root literal for static endpoint/key diffing.
+ */
+export type ValueSource =
+	| { kind: "literal"; value: string }
+	| { kind: "enum"; enumName: string; member?: string }
+	| { kind: "constant-var"; varName: string; initializer: ValueSource }
+	| { kind: "parameter"; index: number; varName: string }
+	| { kind: "table-field"; tableId: TableId | "unknown"; fieldName: string }
+	| { kind: "expression" }
+	| { kind: "unknown" };
+
+/**
+ * What the capability does. Maps roughly onto an AL platform verb —
+ * `read`/`insert`/`modify`/`delete` for table data; `execute` for object
+ * run; `publish`/`subscribe` for events; `send` for HTTP; `log` for
+ * telemetry; `store-*` for isolated storage; `commit` standalone; `open`
+ * for hyperlink/file open; `write-blob` for file/tempblob write; `start`
+ * for background sessions/tasks; `ui-*` for user interaction prompts.
+ */
+export type CapabilityOp =
+	| "read"
+	| "insert"
+	| "modify"
+	| "delete"
+	| "execute"
+	| "publish"
+	| "subscribe"
+	| "send"
+	| "log"
+	| "store-read"
+	| "store-write"
+	| "store-delete"
+	| "commit"
+	| "open"
+	| "write-blob"
+	| "start"
+	| "ui-confirm"
+	| "ui-message"
+	| "ui-error";
+
+/** The resource family the capability acts on. */
+export type CapabilityResourceKind =
+	| "table"
+	| "event"
+	| "codeunit"
+	| "page"
+	| "report"
+	| "http"
+	| "telemetry"
+	| "isolated-storage"
+	| "file"
+	| "transaction"
+	| "ui"
+	| "background";
+
+/**
+ * How certain we are about the resource identity.
+ *  - static          target fully known at static time
+ *  - boundedDynamic  enum / whitelist / option-typed target
+ *  - configDynamic   target resolved from a setup/config table field
+ *  - userDynamic     user/external input flows into the target
+ *  - unresolved      target shape is unknown
+ */
+export type CapabilityConfidence =
+	| "static"
+	| "boundedDynamic"
+	| "configDynamic"
+	| "userDynamic"
+	| "unresolved";
+
+/** Where the fact came from: the routine itself (direct) or composed via
+ *  an outgoing edge from a reachable routine (inherited). */
+export type CapabilityProvenance = "direct" | "inherited";
+
+/** The edge kind that brought an inherited fact in. `self` for direct facts. */
+export type CapabilityVia =
+	| "self"
+	| "call"
+	| "object-run"
+	| "event-dispatch"
+	| "implicit-trigger"
+	| "dependency";
+
+/**
+ * Per-resourceKind canonical semantics needed for witness rendering,
+ * permission inference, taint propagation, and policy matching.
+ *
+ * Substrate-discipline gate (spec §3.1.1): `extra` carries only resource
+ * semantics. It must NOT preserve detector-local query shapes. In
+ * particular, `SetRange`/`SetFilter`/`SetLoadFields` argument bags stay on
+ * `RecordOperation`, NOT on `CapabilityFact.extra.kind === "table"`.
+ */
+export type CapabilityExtra = TableExtra | DispatchExtra | HttpExtra | EventExtra | StorageExtra;
+
+export interface TableExtra {
+	kind: "table";
+	recordVariableId?: string;
+	tempState?: TempState;
+	/** FindSet vs FindFirst vs Get matters for permission inference;
+	 *  Init vs Modify matters for the modify-without-get family. */
+	opSubtype?: RecordOpType;
+}
+
+export interface DispatchExtra {
+	kind: "dispatch";
+	objectType: "Codeunit" | "Page" | "Report";
+	/** Page.RunModal vs Page.Run. */
+	modal?: boolean;
+}
+
+export interface HttpExtra {
+	kind: "http";
+	method: "Send" | "Get" | "Post" | "Put" | "Delete" | "Patch";
+	/** Phase 6 taint reads this. */
+	bodyArgSource?: ValueSource;
+}
+
+export interface EventExtra {
+	kind: "event";
+	eventClass: "Integration" | "Business" | "Internal" | "Trigger";
+	/** When op === "publish": whether the publisher passes IncludeSender. */
+	includeSender?: boolean;
+}
+
+export interface StorageExtra {
+	kind: "storage";
+	keyArgSource?: ValueSource;
+	/** For store-write. */
+	valueArgSource?: ValueSource;
+	scope?: "User" | "Company" | "Module" | "unknown";
+}
+
+/**
+ * Normalized capability fact — the canonical form for every capability
+ * claim the engine makes. Replaces the v1 boolean lattice
+ * (touchesDb/commits/writesTables/publishesEvents). Booleans / lists are
+ * derived views at consumption time.
+ *
+ * Two key dimensions:
+ *  - Semantic capability key (consumers compare on this):
+ *    (subject, op, resourceKind, resourceId, literalValueOf(resourceArgSource), confidence, provenance)
+ *  - Evidence key (witness reconstruction):
+ *    (witnessOperationId, witnessCallsiteId, via, sourceAnchor)
+ *
+ * Invariants:
+ *  - `provenance === "direct"` → `via === "self"`
+ *  - `provenance === "inherited"` → `via !== "self"` AND `witnessCallsiteId !== undefined`
+ *  - `confidence === "static"` only when `resourceId` is fully determined
+ *    AND `resourceArgSource` (if present) is a literal/enum/constant chain
+ *    resolvable to a literal.
+ */
+export interface CapabilityFact {
+	subject: RoutineId;
+	op: CapabilityOp;
+	resourceKind: CapabilityResourceKind;
+	/** Concrete stable target when known. Never a "static"/"dynamic"
+	 *  sentinel string — unresolved-ness is captured by `confidence` and
+	 *  `coverage`. */
+	resourceId?: TableId | EventId | ObjectId;
+	/** Normalized argument identity when the argument IS the resource (HTTP
+	 *  URL, storage key, telemetry event name, file path, static dispatch
+	 *  object id). When `resourceArgSource.kind === "literal"`, the literal
+	 *  value is part of the semantic capability key. */
+	resourceArgSource?: ValueSource;
+	confidence: CapabilityConfidence;
+	provenance: CapabilityProvenance;
+	via: CapabilityVia;
+	/** Direct facts always carry witnessOperationId or witnessCallsiteId.
+	 *  Inherited facts always carry witnessCallsiteId (the first-hop
+	 *  callsite from `subject`). */
+	witnessOperationId?: OperationId;
+	witnessCallsiteId?: CallsiteId;
+	extra?: CapabilityExtra;
+}

package/src/model/coverage.ts

@@ -0,0 +1,85 @@
+import type { RoutineId } from "./ids.ts";
+import type { StableRoutineId } from "./stable-identity.ts";
+
+/**
+ * Three-valued lattice for capability-cone coverage. Per the capability-stack
+ * roadmap §3.7, this is a first-class substrate concept: every fingerprint /
+ * diff / policy verdict carries a coverage annotation. G6 admission gate
+ * enforces that the annotation reaches the output surface.
+ */
+export type CoverageStatus = "complete" | "partial" | "unknown";
+
+/**
+ * Why a capability cone is partial or unknown. Sorted, deduped in
+ * `CoverageRecord.reasons` for determinism.
+ */
+export type CoverageReason =
+	| "opaque-dependency" // routine reachable through a symbol-only dep with no parseable body
+	| "parse-incomplete" // routine body had a parse error; structural extraction was partial
+	| "unresolved-call" // callsite couldn't be resolved to a target routine
+	| "object-run-unresolved" // dispatch target unknown (dynamic id, no resolved entrypoint)
+	| "event-subscriber-unknown" // event publisher reaches into a dependency cone we couldn't enumerate
+	| "missing-dep-package" // declared dependency package not available
+	| "grammar-unsupported" // AL shape outside tree-sitter-al's current grammar
+	| "extraction-failed"; // family extractor reported a diagnostic for this node
+
+/**
+ * Per-routine coverage record. Computed by the Phase 0b coverage composer
+ * alongside capability fact composition; populated on `RoutineSummary` in
+ * Phase 0b (Phase 0a only declares the type).
+ *
+ * `directStatus` covers the routine's own DIRECT extraction.
+ * `inheritedStatus` covers the routine's INHERITED capability cone
+ * (the reachable closure via call / event-dispatch / object-run edges).
+ *
+ * Aggregated per-app and global coverage views are derived; not stored.
+ */
+export interface CoverageRecord {
+	subject: RoutineId;
+	directStatus: CoverageStatus;
+	inheritedStatus: CoverageStatus;
+	reasons: CoverageReason[];
+	/** Stable IDs of the specific opaque/unresolved targets that contributed
+	 *  to the partial/unknown status. Drives "which dep is missing" diagnostics
+	 *  and the fingerprint dump's coverage explanation lines. */
+	unknownTargets: string[];
+}
+
+/**
+ * Coverage record specialized for fingerprint dump output (one per root
+ * routine). Stored in `CapabilitySnapshot` (Phase 0c) and rendered in the
+ * fingerprint CLI per-family coverage line (Phase 1).
+ *
+ * `perFamily` answers "for each capability family this fingerprint reports
+ * on, is the cone complete?" — the HTTP cone may be complete even when the
+ * storage cone is partial.
+ */
+export interface FingerprintCoverage {
+	routine: StableRoutineId;
+	status: CoverageStatus;
+	reasons: CoverageReason[];
+	unknownTargets: string[];
+	perFamily: Record<CapabilityResourceKindForCoverage, CoverageStatus>;
+}
+
+/**
+ * The set of resource kinds a `FingerprintCoverage.perFamily` map keys on.
+ * Kept as a separate type alias so future additions to
+ * `CapabilityResourceKind` (in `capability.ts`) can be reflected here in
+ * lockstep. Phase 0a duplicates the literal union; Phase 1 may collapse it
+ * into a generic `Record<CapabilityResourceKind, CoverageStatus>` if all
+ * kinds are coverage-relevant.
+ */
+export type CapabilityResourceKindForCoverage =
+	| "table"
+	| "event"
+	| "codeunit"
+	| "page"
+	| "report"
+	| "http"
+	| "telemetry"
+	| "isolated-storage"
+	| "file"
+	| "transaction"
+	| "ui"
+	| "background";