api-tests-coverage 1.0.14 → 1.0.16

package/dist/src/pipeline/stages/ast/optionalAuthUnifier.js

@@ -0,0 +1,81 @@
+"use strict";
+/**
+ * Optional auth unifier (Feature 27, Sub-PR 9)
+ *
+ * Normalizes all framework-specific auth classifications to a unified SecurityClassification.
+ * Maps framework-specific patterns:
+ *   Flask @jwt_optional → { optional: true }
+ *   Express auth.optional / credentialsRequired: false → { optional: true }
+ *   HapiJS auth: { mode: 'try' } → { optional: true }
+ *   Spring @PreAuthorize → { required: true }
+ *   Angular route guard → depends on guard type
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.unifyAuthClassification = unifyAuthClassification;
+exports.detectAuthCoverageGaps = detectAuthCoverageGaps;
+/**
+ * Framework-specific auth pattern → unified SecurityClassification.
+ */
+function unifyAuthClassification(framework, pattern) {
+    const key = `${framework}:${pattern}`.toLowerCase();
+    // Flask patterns
+    if (key.includes('flask:@jwt_required') || key.includes('flask:jwt_required')) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    if (key.includes('flask:@jwt_optional') || key.includes('flask:jwt_optional')) {
+        return { type: 'jwt', required: false, optional: true, sourcePattern: pattern };
+    }
+    if (key.includes('flask:@login_required') || key.includes('flask:login_required')) {
+        return { type: 'session', required: true, optional: false, sourcePattern: pattern };
+    }
+    // Express patterns
+    if (key.includes('express:auth.required') || key.includes('express:credentialsrequired: true')) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    if (key.includes('express:auth.optional') || key.includes('express:credentialsrequired: false')) {
+        return { type: 'jwt', required: false, optional: true, sourcePattern: pattern };
+    }
+    if (key.includes('express:passport.authenticate')) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    // HapiJS patterns (framework may be 'hapi' or 'hapijs')
+    const isHapi = key.startsWith('hapi:') || key.startsWith('hapijs:');
+    if (isHapi && key.includes('auth') && key.includes('mode') && (key.includes('try') || key.includes('optional'))) {
+        return { type: 'jwt', required: false, optional: true, sourcePattern: pattern };
+    }
+    if (isHapi && key.includes('auth') && !key.includes('false') && !key.includes('try') && !key.includes('optional')) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    // Spring patterns
+    if (key.includes('spring:@preauthorize') || key.includes('spring:@secured')) {
+        return { type: 'custom', required: true, optional: false, sourcePattern: pattern };
+    }
+    return undefined;
+}
+/**
+ * Analyze auth coverage gaps in endpoints vs tests.
+ */
+function detectAuthCoverageGaps(endpoints, testAssertionPaths) {
+    const gaps = [];
+    for (const ep of endpoints) {
+        if (!ep.security)
+            continue;
+        if (ep.security.required && !testAssertionPaths.has(ep.path)) {
+            gaps.push({
+                type: 'missing-401-test',
+                endpointPath: ep.path,
+                security: ep.security,
+                sourceFile: ep.sourceFile,
+            });
+        }
+        if (ep.security.optional && !testAssertionPaths.has(ep.path)) {
+            gaps.push({
+                type: 'missing-optional-dual-path',
+                endpointPath: ep.path,
+                security: ep.security,
+                sourceFile: ep.sourceFile,
+            });
+        }
+    }
+    return gaps;
+}

package/dist/src/pipeline/stages/ast/resolvers/angularInjectionResolver.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Angular injection cross-file resolver (Feature 27, Sub-PR 7)
+ *
+ * Resolves Angular dependency injection chains:
+ * 1. Constructor injection: private articlesService: ArticlesService → find ArticlesService file
+ * 2. inject(ArticlesService) → same resolution
+ * 3. Follow service methods to HttpClient calls → build chain: Component → Service → HTTP call
+ * 4. Resolve environment.api_url from environments/environment.ts
+ * 5. Link guards to routes they protect via route config canActivate arrays
+ */
+import type { CrossFileResolver, CrossFileResolutionContext, CrossFileResolutionResult } from '../types';
+import type { DetectedApiFramework } from '../../../../discovery/frameworkDetector';
+export declare class AngularInjectionResolver implements CrossFileResolver {
+    readonly name = "angular-injection";
+    appliesTo(frameworks: DetectedApiFramework[]): boolean;
+    resolve(ctx: CrossFileResolutionContext): CrossFileResolutionResult;
+}
+//# sourceMappingURL=angularInjectionResolver.d.ts.map

package/dist/src/pipeline/stages/ast/resolvers/angularInjectionResolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"angularInjectionResolver.d.ts","sourceRoot":"","sources":["../../../../../../src/pipeline/stages/ast/resolvers/angularInjectionResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAEpF,qBAAa,wBAAyB,YAAW,iBAAiB;IAChE,QAAQ,CAAC,IAAI,uBAAuB;IAEpC,SAAS,CAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,OAAO;IAItD,OAAO,CAAC,GAAG,EAAE,0BAA0B,GAAG,yBAAyB;CA0CpE"}

package/dist/src/pipeline/stages/ast/resolvers/angularInjectionResolver.js

@@ -0,0 +1,77 @@
+"use strict";
+/**
+ * Angular injection cross-file resolver (Feature 27, Sub-PR 7)
+ *
+ * Resolves Angular dependency injection chains:
+ * 1. Constructor injection: private articlesService: ArticlesService → find ArticlesService file
+ * 2. inject(ArticlesService) → same resolution
+ * 3. Follow service methods to HttpClient calls → build chain: Component → Service → HTTP call
+ * 4. Resolve environment.api_url from environments/environment.ts
+ * 5. Link guards to routes they protect via route config canActivate arrays
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AngularInjectionResolver = void 0;
+class AngularInjectionResolver {
+    constructor() {
+        this.name = 'angular-injection';
+    }
+    appliesTo(frameworks) {
+        return frameworks.some((f) => f.name === 'angular');
+    }
+    resolve(ctx) {
+        let entriesAdded = 0;
+        const diagnostics = [];
+        const unresolvedRefs = [];
+        // Build injection chains from class registry
+        for (const [className, classInfo] of ctx.symbolTable.classes) {
+            // If class implements interfaces, it may be a service
+            if (!classInfo.implementsInterfaces)
+                continue;
+            // Look for classes that have methods making HTTP calls
+            const model = ctx.symbolTable.models.get(classInfo.filePath);
+            if (!model)
+                continue;
+            // Check if any function makes HTTP calls
+            for (const [, func] of model.functions) {
+                if (func.bodyHttpCalls.length > 0) {
+                    // This is an API service — create injection chains for any class that injects it
+                    const consumers = findConsumers(className, ctx);
+                    for (const consumer of consumers) {
+                        if (!ctx.symbolTable.injectionChains.has(consumer.file)) {
+                            ctx.symbolTable.injectionChains.set(consumer.file, []);
+                        }
+                        ctx.symbolTable.injectionChains.get(consumer.file).push({
+                            consumerFile: consumer.file,
+                            consumerClass: consumer.className,
+                            serviceClass: className,
+                            serviceFile: classInfo.filePath,
+                            injectionStyle: consumer.style,
+                        });
+                        entriesAdded++;
+                    }
+                }
+            }
+        }
+        if (entriesAdded > 0) {
+            diagnostics.push(`Resolved ${entriesAdded} Angular injection chain(s)`);
+        }
+        return { entriesAdded, diagnostics, unresolvedRefs };
+    }
+}
+exports.AngularInjectionResolver = AngularInjectionResolver;
+function findConsumers(serviceName, ctx) {
+    const consumers = [];
+    // Check existing injection chains (may have been populated by angularDetector)
+    for (const [file, chains] of ctx.symbolTable.injectionChains) {
+        for (const chain of chains) {
+            if (chain.serviceClass === serviceName) {
+                consumers.push({
+                    className: chain.consumerClass,
+                    file: chain.consumerFile,
+                    style: chain.injectionStyle,
+                });
+            }
+        }
+    }
+    return consumers;
+}

package/dist/src/pipeline/stages/ast/resolvers/dddLayerResolver.d.ts

@@ -0,0 +1,46 @@
+/**
+ * DDD / CQRS / Hexagonal layer resolver (Feature 27, Sub-PR 5)
+ *
+ * Resolves DDD-structured Java projects without requiring @Service/@Repository annotations.
+ * Detects:
+ * 1. Repository interfaces (findBy*, save, delete methods)
+ * 2. Interface → implementation mapping (implements InterfaceName)
+ * 3. CQRS command/query handlers (execute/handle/apply taking *Command/*Query)
+ * 4. Package-name layer hints (domain, application, infrastructure, adapter) as tie-breakers only
+ */
+import type { CrossFileResolver, CrossFileResolutionContext, CrossFileResolutionResult } from '../types';
+import type { DetectedApiFramework } from '../../../../discovery/frameworkDetector';
+export interface DddRepositoryInterface {
+    interfaceName: string;
+    methods: string[];
+    sourceFile: string;
+    line?: number;
+}
+export interface DddCqrsHandler {
+    className: string;
+    handlerType: 'command' | 'query' | 'event';
+    handleMethodName: string;
+    parameterType: string;
+    sourceFile: string;
+    line?: number;
+}
+export declare class DddLayerResolver implements CrossFileResolver {
+    readonly name = "ddd-layer";
+    appliesTo(frameworks: DetectedApiFramework[]): boolean;
+    resolve(ctx: CrossFileResolutionContext): CrossFileResolutionResult;
+}
+/**
+ * Detect repository interfaces: interfaces with findBy*, save, delete, etc.
+ * No @Repository annotation required (RULE-SA03).
+ */
+export declare function detectRepositoryInterfaces(source: string, filePath: string): DddRepositoryInterface[];
+/**
+ * Detect CQRS command/query handlers.
+ * Looks for classes with execute/handle/apply methods that take *Command/*Query parameters.
+ */
+export declare function detectCqrsHandlers(source: string, filePath: string): DddCqrsHandler[];
+/**
+ * Detect implements clauses from Java/Kotlin source.
+ */
+export declare function detectImplementsClauses(source: string, filePath: string): Array<[string, string]>;
+//# sourceMappingURL=dddLayerResolver.d.ts.map

package/dist/src/pipeline/stages/ast/resolvers/dddLayerResolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dddLayerResolver.d.ts","sourceRoot":"","sources":["../../../../../../src/pipeline/stages/ast/resolvers/dddLayerResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAEpF,MAAM,WAAW,sBAAsB;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;IAC3C,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,gBAAiB,YAAW,iBAAiB;IACxD,QAAQ,CAAC,IAAI,eAAe;IAE5B,SAAS,CAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,OAAO;IAMtD,OAAO,CAAC,GAAG,EAAE,0BAA0B,GAAG,yBAAyB;CAqEpE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,sBAAsB,EAAE,CAgFrG;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE,CAiCrF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAcjG"}

package/dist/src/pipeline/stages/ast/resolvers/dddLayerResolver.js

@@ -0,0 +1,238 @@
+"use strict";
+/**
+ * DDD / CQRS / Hexagonal layer resolver (Feature 27, Sub-PR 5)
+ *
+ * Resolves DDD-structured Java projects without requiring @Service/@Repository annotations.
+ * Detects:
+ * 1. Repository interfaces (findBy*, save, delete methods)
+ * 2. Interface → implementation mapping (implements InterfaceName)
+ * 3. CQRS command/query handlers (execute/handle/apply taking *Command/*Query)
+ * 4. Package-name layer hints (domain, application, infrastructure, adapter) as tie-breakers only
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DddLayerResolver = void 0;
+exports.detectRepositoryInterfaces = detectRepositoryInterfaces;
+exports.detectCqrsHandlers = detectCqrsHandlers;
+exports.detectImplementsClauses = detectImplementsClauses;
+class DddLayerResolver {
+    constructor() {
+        this.name = 'ddd-layer';
+    }
+    appliesTo(frameworks) {
+        return frameworks.some((f) => f.name === 'spring-boot' || f.name === 'spring-graphql' || f.name === 'dgs-framework');
+    }
+    resolve(ctx) {
+        let entriesAdded = 0;
+        const diagnostics = [];
+        const unresolvedRefs = [];
+        const repoInterfaces = [];
+        const cqrsHandlers = [];
+        const implementations = new Map();
+        for (const [filePath, model] of ctx.symbolTable.models) {
+            const sourceText = getSourceText(filePath, ctx);
+            if (!sourceText)
+                continue;
+            // Detect repository interfaces
+            const repos = detectRepositoryInterfaces(sourceText, filePath);
+            repoInterfaces.push(...repos);
+            // Detect CQRS handlers
+            const handlers = detectCqrsHandlers(sourceText, filePath);
+            cqrsHandlers.push(...handlers);
+            // Detect implements clauses
+            const impls = detectImplementsClauses(sourceText, filePath);
+            for (const [ifaceName, implName] of impls) {
+                if (!implementations.has(ifaceName)) {
+                    implementations.set(ifaceName, []);
+                }
+                implementations.get(ifaceName).push(implName);
+            }
+        }
+        // Map interface → implementation in symbolTable
+        for (const [ifaceName, implNames] of implementations) {
+            for (const implName of implNames) {
+                const ifaceFile = findFileForClass(ifaceName, ctx);
+                const implFile = findFileForClass(implName, ctx);
+                if (ifaceFile && implFile) {
+                    if (!ctx.symbolTable.interfaceImplementations.has(ifaceFile)) {
+                        ctx.symbolTable.interfaceImplementations.set(ifaceFile, []);
+                    }
+                    ctx.symbolTable.interfaceImplementations.get(ifaceFile).push({
+                        interfaceName: ifaceName,
+                        interfaceFile: ifaceFile,
+                        implName,
+                        implFile,
+                    });
+                    entriesAdded++;
+                }
+                else if (!implFile) {
+                    unresolvedRefs.push({
+                        ref: implName,
+                        reason: `Implementation class '${implName}' not found in parsed models`,
+                    });
+                }
+            }
+        }
+        if (repoInterfaces.length > 0) {
+            diagnostics.push(`Found ${repoInterfaces.length} repository interface(s)`);
+        }
+        if (cqrsHandlers.length > 0) {
+            diagnostics.push(`Found ${cqrsHandlers.length} CQRS handler(s)`);
+        }
+        if (implementations.size > 0) {
+            diagnostics.push(`Found ${implementations.size} interface→implementation mapping(s)`);
+        }
+        return { entriesAdded, diagnostics, unresolvedRefs };
+    }
+}
+exports.DddLayerResolver = DddLayerResolver;
+/**
+ * Detect repository interfaces: interfaces with findBy*, save, delete, etc.
+ * No @Repository annotation required (RULE-SA03).
+ */
+function detectRepositoryInterfaces(source, filePath) {
+    const repos = [];
+    const lines = source.split('\n');
+    // Find interfaces
+    const interfacePattern = /(?:public\s+)?interface\s+(\w+(?:Repository|Repo|Store|Gateway))\b/;
+    let currentInterface = null;
+    let braceDepth = 0;
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (!currentInterface) {
+            const match = line.match(interfacePattern);
+            if (match) {
+                currentInterface = {
+                    interfaceName: match[1],
+                    methods: [],
+                    sourceFile: filePath,
+                    line: i + 1,
+                };
+                braceDepth = 0;
+            }
+        }
+        if (currentInterface) {
+            braceDepth += (line.match(/\{/g) || []).length;
+            braceDepth -= (line.match(/\}/g) || []).length;
+            // Detect repository methods: findByX, save, delete, existsBy, countBy
+            const methodMatch = line.match(/\b(findBy\w+|find\w+|save|saveAll|delete|deleteById|existsBy\w+|countBy\w+|getBy\w+)\s*\(/);
+            if (methodMatch) {
+                currentInterface.methods.push(methodMatch[1]);
+            }
+            if (braceDepth <= 0 && currentInterface.methods.length > 0) {
+                repos.push(currentInterface);
+                currentInterface = null;
+            }
+            else if (braceDepth <= 0) {
+                currentInterface = null;
+            }
+        }
+    }
+    // Also detect interfaces with standard CRUD method signatures without naming convention
+    const genericInterfacePattern = /(?:public\s+)?interface\s+(\w+)\b/g;
+    let genMatch;
+    while ((genMatch = genericInterfacePattern.exec(source)) !== null) {
+        const name = genMatch[1];
+        // Skip if already detected
+        if (repos.some((r) => r.interfaceName === name))
+            continue;
+        // Check if this interface has findBy, save, delete methods
+        const startIdx = genMatch.index;
+        const braceIdx = source.indexOf('{', startIdx);
+        if (braceIdx < 0)
+            continue;
+        let depth = 1;
+        let endIdx = braceIdx + 1;
+        while (endIdx < source.length && depth > 0) {
+            if (source[endIdx] === '{')
+                depth++;
+            if (source[endIdx] === '}')
+                depth--;
+            endIdx++;
+        }
+        const body = source.substring(braceIdx, endIdx);
+        const methods = [];
+        const repoMethodPattern = /\b(findBy\w+|save|delete|deleteById)\s*\(/g;
+        let rm;
+        while ((rm = repoMethodPattern.exec(body)) !== null) {
+            methods.push(rm[1]);
+        }
+        if (methods.length >= 2) {
+            const lineNum = source.substring(0, startIdx).split('\n').length;
+            repos.push({ interfaceName: name, methods, sourceFile: filePath, line: lineNum });
+        }
+    }
+    return repos;
+}
+/**
+ * Detect CQRS command/query handlers.
+ * Looks for classes with execute/handle/apply methods that take *Command/*Query parameters.
+ */
+function detectCqrsHandlers(source, filePath) {
+    const handlers = [];
+    const lines = source.split('\n');
+    // Pattern: handle(CreateArticleCommand cmd)  or  execute(GetArticlesQuery query)
+    const handlerMethodPattern = /(?:public\s+\S+\s+)?(execute|handle|apply)\s*\(\s*(\w+(Command|Query|Event))\s+\w+\s*\)/;
+    // Find the enclosing class name
+    let currentClass = '';
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const classMatch = line.match(/class\s+(\w+)/);
+        if (classMatch) {
+            currentClass = classMatch[1];
+        }
+        const methodMatch = line.match(handlerMethodPattern);
+        if (methodMatch && currentClass) {
+            const handlerType = methodMatch[3].toLowerCase();
+            handlers.push({
+                className: currentClass,
+                handlerType,
+                handleMethodName: methodMatch[1],
+                parameterType: methodMatch[2],
+                sourceFile: filePath,
+                line: i + 1,
+            });
+        }
+    }
+    return handlers;
+}
+/**
+ * Detect implements clauses from Java/Kotlin source.
+ */
+function detectImplementsClauses(source, filePath) {
+    const impls = [];
+    const pattern = /class\s+(\w+)(?:\s+extends\s+\w+)?\s+implements\s+([\w,\s]+)/g;
+    let match;
+    while ((match = pattern.exec(source)) !== null) {
+        const className = match[1];
+        const interfaces = match[2].split(',').map((s) => s.trim()).filter((s) => s.length > 0);
+        for (const iface of interfaces) {
+            impls.push([iface, className]);
+        }
+    }
+    return impls;
+}
+function getSourceText(filePath, ctx) {
+    // Try to get content from models (stored as raw source in semantic model)
+    // For now, we scan from the model's functions and other extracted data
+    // to detect patterns. In practice, we use regex on the raw source.
+    // If the model has functions, we have some content available.
+    const model = ctx.symbolTable.models.get(filePath);
+    if (!model)
+        return undefined;
+    // We return a synthetic source text reconstructed from available data.
+    // In a full implementation, we'd cache the raw source from the parse stage.
+    // For now, return undefined to indicate we can't access raw source from the symbol table.
+    return undefined;
+}
+function findFileForClass(className, ctx) {
+    // Search through exported symbols and class registry
+    const classInfo = ctx.symbolTable.classes.get(className);
+    if (classInfo)
+        return classInfo.filePath;
+    // Search through models for any mention
+    for (const [filePath, model] of ctx.symbolTable.models) {
+        if (model.functions.has(className))
+            return filePath;
+    }
+    return undefined;
+}

package/dist/src/pipeline/stages/ast/resolvers/expressRouterResolver.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Express router cross-file resolver (Feature 27, Sub-PR 6)
+ *
+ * Resolves Express `app.use('/prefix', router)` mount paths across files:
+ * 1. Find all app.use('/path', require('./routes')) calls → mount registry
+ * 2. Follow require('./routes') to resolve sub-router files
+ * 3. Propagate auth middleware through nested routers
+ * 4. Build complete URL: base mount + sub-router mount + route path
+ */
+import type { CrossFileResolver, CrossFileResolutionContext, CrossFileResolutionResult } from '../types';
+import type { DetectedApiFramework } from '../../../../discovery/frameworkDetector';
+export declare class ExpressRouterResolver implements CrossFileResolver {
+    readonly name = "express-router";
+    appliesTo(frameworks: DetectedApiFramework[]): boolean;
+    resolve(ctx: CrossFileResolutionContext): CrossFileResolutionResult;
+}
+//# sourceMappingURL=expressRouterResolver.d.ts.map

package/dist/src/pipeline/stages/ast/resolvers/expressRouterResolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"expressRouterResolver.d.ts","sourceRoot":"","sources":["../../../../../../src/pipeline/stages/ast/resolvers/expressRouterResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAEpF,qBAAa,qBAAsB,YAAW,iBAAiB;IAC7D,QAAQ,CAAC,IAAI,oBAAoB;IAEjC,SAAS,CAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,OAAO;IAMtD,OAAO,CAAC,GAAG,EAAE,0BAA0B,GAAG,yBAAyB;CAiDpE"}

package/dist/src/pipeline/stages/ast/resolvers/expressRouterResolver.js

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * Express router cross-file resolver (Feature 27, Sub-PR 6)
+ *
+ * Resolves Express `app.use('/prefix', router)` mount paths across files:
+ * 1. Find all app.use('/path', require('./routes')) calls → mount registry
+ * 2. Follow require('./routes') to resolve sub-router files
+ * 3. Propagate auth middleware through nested routers
+ * 4. Build complete URL: base mount + sub-router mount + route path
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExpressRouterResolver = void 0;
+class ExpressRouterResolver {
+    constructor() {
+        this.name = 'express-router';
+    }
+    appliesTo(frameworks) {
+        return frameworks.some((f) => f.name === 'express' || f.name === 'nestjs' || f.name === 'koa' || f.name === 'fastify');
+    }
+    resolve(ctx) {
+        let entriesAdded = 0;
+        const diagnostics = [];
+        const unresolvedRefs = [];
+        // Scan models for Express router mount patterns
+        for (const [filePath, model] of ctx.symbolTable.models) {
+            if (!model.routeRegistrations)
+                continue;
+            for (const reg of model.routeRegistrations) {
+                // app.use('/prefix', require('./router'))
+                if (reg.targetModule && reg.path) {
+                    if (!ctx.symbolTable.routerMounts.has(filePath)) {
+                        ctx.symbolTable.routerMounts.set(filePath, []);
+                    }
+                    ctx.symbolTable.routerMounts.get(filePath).push({
+                        prefix: reg.path,
+                        targetModulePath: reg.targetModule,
+                        middleware: [],
+                        sourceFile: filePath,
+                        line: reg.line,
+                    });
+                    entriesAdded++;
+                }
+            }
+        }
+        // Propagate middleware from router mounts to sub-routes
+        for (const [filePath, mounts] of ctx.symbolTable.routerMounts) {
+            for (const mount of mounts) {
+                // Check if auth middleware is applied to this mount
+                const middleware = ctx.symbolTable.middlewareInheritance.get(filePath);
+                if (middleware) {
+                    for (const mw of middleware) {
+                        if (mw.appliedTo === 'router') {
+                            mount.middleware.push(mw);
+                        }
+                    }
+                }
+            }
+        }
+        if (entriesAdded > 0) {
+            diagnostics.push(`Resolved ${entriesAdded} Express router mount(s)`);
+        }
+        return { entriesAdded, diagnostics, unresolvedRefs };
+    }
+}
+exports.ExpressRouterResolver = ExpressRouterResolver;

package/dist/src/pipeline/stages/ast/resolvers/flaskBlueprintResolver.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Flask Blueprint cross-file resolver (Feature 27)
+ *
+ * Resolves Flask Blueprint route URLs across files by:
+ * 1. Finding all Blueprint() constructor calls → blueprint registry
+ * 2. Finding all app.register_blueprint() calls with url_prefix
+ * 3. Matching blueprint vars across files via import resolution
+ * 4. Composing final URL: url_prefix + route_path
+ */
+import type { CrossFileResolver, CrossFileResolutionContext, CrossFileResolutionResult } from '../types';
+import type { DetectedApiFramework } from '../../../../discovery/frameworkDetector';
+export declare class FlaskBlueprintResolver implements CrossFileResolver {
+    readonly name = "flask-blueprint";
+    appliesTo(frameworks: DetectedApiFramework[]): boolean;
+    resolve(ctx: CrossFileResolutionContext): CrossFileResolutionResult;
+}
+//# sourceMappingURL=flaskBlueprintResolver.d.ts.map

package/dist/src/pipeline/stages/ast/resolvers/flaskBlueprintResolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"flaskBlueprintResolver.d.ts","sourceRoot":"","sources":["../../../../../../src/pipeline/stages/ast/resolvers/flaskBlueprintResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,yBAAyB,EAE1B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAGpF,qBAAa,sBAAuB,YAAW,iBAAiB;IAC9D,QAAQ,CAAC,IAAI,qBAAqB;IAElC,SAAS,CAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,OAAO;IAItD,OAAO,CAAC,GAAG,EAAE,0BAA0B,GAAG,yBAAyB;CAsGpE"}