npm - api-tests-coverage - Versions diffs - 1.0.15 → 1.0.17 - Mend

api-tests-coverage 1.0.15 → 1.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

package/dist/src/pipeline/stages/ast/optionalAuthUnifier.js ADDED Viewed

@@ -0,0 +1,101 @@
+"use strict";
+/**
+ * Optional auth unifier (Feature 27, Sub-PR 9)
+ *
+ * Normalizes all framework-specific auth classifications to a unified SecurityClassification.
+ * Maps framework-specific patterns:
+ *   Flask @jwt_optional → { optional: true }
+ *   Express auth.optional / credentialsRequired: false → { optional: true }
+ *   HapiJS auth: { mode: 'try' } → { optional: true }
+ *   Spring @PreAuthorize → { required: true }
+ *   Slim PHP optionalAuth → { optional: true }, jwt/auth → { required: true }
+ *   Angular canActivate:none → { optional: true } (interceptor-based)
+ *   NestJS @UseGuards → { required: true }
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.unifyAuthClassification = unifyAuthClassification;
+exports.detectAuthCoverageGaps = detectAuthCoverageGaps;
+/**
+ * Framework-specific auth pattern → unified SecurityClassification.
+ */
+function unifyAuthClassification(framework, pattern) {
+    const key = `${framework}:${pattern}`.toLowerCase();
+    // Flask patterns — use word-boundary regex to avoid matching e.g. "@jwt_required_custom"
+    if (/^flask:@?jwt_required\b/.test(key)) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    if (/^flask:@?jwt_optional\b/.test(key)) {
+        return { type: 'jwt', required: false, optional: true, sourcePattern: pattern };
+    }
+    if (/^flask:@?login_required\b/.test(key)) {
+        return { type: 'session', required: true, optional: false, sourcePattern: pattern };
+    }
+    // Express patterns — use word-boundary regex for precise matching
+    if (/^express:auth\.required\b/.test(key) || /^express:credentialsrequired:\s*true\b/.test(key)) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    if (/^express:auth\.optional\b/.test(key) || /^express:credentialsrequired:\s*false\b/.test(key)) {
+        return { type: 'jwt', required: false, optional: true, sourcePattern: pattern };
+    }
+    if (/^express:passport\.authenticate\b/.test(key)) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    // HapiJS patterns (framework may be 'hapi' or 'hapijs')
+    const isHapi = /^hapi(?:js)?:/.test(key);
+    if (isHapi && /\bauth\b/.test(key) && /\bmode\b/.test(key) && (/\btry\b/.test(key) || /\boptional\b/.test(key))) {
+        return { type: 'jwt', required: false, optional: true, sourcePattern: pattern };
+    }
+    if (isHapi && /\bauth\b/.test(key) && !/\bfalse\b/.test(key) && !/\btry\b/.test(key) && !/\boptional\b/.test(key)) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    // Spring patterns — include @RolesAllowed and @WithMockUser
+    if (/^spring:@?preauthorize\b/.test(key) || /^spring:@?secured\b/.test(key) || /^spring:@?rolesallowed\b/.test(key)) {
+        return { type: 'custom', required: true, optional: false, sourcePattern: pattern };
+    }
+    if (/^spring:@?withmockuser\b/.test(key)) {
+        return { type: 'custom', required: true, optional: false, sourcePattern: pattern };
+    }
+    // Slim PHP patterns — slim:optionalAuth is optional, slim:jwt or slim:auth is required
+    if (/^slim:optionalauth\b/.test(key)) {
+        return { type: 'jwt', required: false, optional: true, sourcePattern: pattern };
+    }
+    if (/^slim:(?:jwt|auth)\b/.test(key)) {
+        return { type: 'jwt', required: true, optional: false, sourcePattern: pattern };
+    }
+    // Angular patterns — canActivate:none (no guard) with interceptor tokens is optional
+    if (/^angular:canactivate:none\b/.test(key)) {
+        return { type: 'custom', required: false, optional: true, sourcePattern: pattern };
+    }
+    // NestJS patterns — @UseGuards is required auth
+    if (/^nestjs:@?useguards\b/.test(key)) {
+        return { type: 'custom', required: true, optional: false, sourcePattern: pattern };
+    }
+    return undefined;
+}
+/**
+ * Analyze auth coverage gaps in endpoints vs tests.
+ */
+function detectAuthCoverageGaps(endpoints, testAssertionPaths) {
+    const gaps = [];
+    for (const ep of endpoints) {
+        if (!ep.security)
+            continue;
+        if (ep.security.required && !testAssertionPaths.has(ep.path)) {
+            gaps.push({
+                type: 'missing-401-test',
+                endpointPath: ep.path,
+                security: ep.security,
+                sourceFile: ep.sourceFile,
+            });
+        }
+        if (ep.security.optional && !testAssertionPaths.has(ep.path)) {
+            gaps.push({
+                type: 'missing-optional-dual-path',
+                endpointPath: ep.path,
+                security: ep.security,
+                sourceFile: ep.sourceFile,
+            });
+        }
+    }
+    return gaps;
+}

package/dist/src/pipeline/stages/ast/resolvers/angularInjectionResolver.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Angular injection cross-file resolver (Feature 27, Sub-PR 7)
+ *
+ * Resolves Angular dependency injection chains:
+ * 1. Constructor injection: private articlesService: ArticlesService → find ArticlesService file
+ * 2. inject(ArticlesService) → same resolution
+ * 3. Follow service methods to HttpClient calls → build chain: Component → Service → HTTP call
+ * 4. Resolve environment.api_url from environments/environment.ts
+ * 5. Link guards to routes they protect via route config canActivate arrays
+ */
+import type { CrossFileResolver, CrossFileResolutionContext, CrossFileResolutionResult } from '../types';
+import type { DetectedApiFramework } from '../../../../discovery/frameworkDetector';
+export declare class AngularInjectionResolver implements CrossFileResolver {
+    readonly name = "angular-injection";
+    appliesTo(frameworks: DetectedApiFramework[]): boolean;
+    resolve(ctx: CrossFileResolutionContext): CrossFileResolutionResult;
+}
+//# sourceMappingURL=angularInjectionResolver.d.ts.map

package/dist/src/pipeline/stages/ast/resolvers/angularInjectionResolver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"angularInjectionResolver.d.ts","sourceRoot":"","sources":["../../../../../../src/pipeline/stages/ast/resolvers/angularInjectionResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAEpF,qBAAa,wBAAyB,YAAW,iBAAiB;IAChE,QAAQ,CAAC,IAAI,uBAAuB;IAEpC,SAAS,CAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,OAAO;IAItD,OAAO,CAAC,GAAG,EAAE,0BAA0B,GAAG,yBAAyB;CAyCpE"}

package/dist/src/pipeline/stages/ast/resolvers/angularInjectionResolver.js ADDED Viewed

@@ -0,0 +1,96 @@
+"use strict";
+/**
+ * Angular injection cross-file resolver (Feature 27, Sub-PR 7)
+ *
+ * Resolves Angular dependency injection chains:
+ * 1. Constructor injection: private articlesService: ArticlesService → find ArticlesService file
+ * 2. inject(ArticlesService) → same resolution
+ * 3. Follow service methods to HttpClient calls → build chain: Component → Service → HTTP call
+ * 4. Resolve environment.api_url from environments/environment.ts
+ * 5. Link guards to routes they protect via route config canActivate arrays
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AngularInjectionResolver = void 0;
+class AngularInjectionResolver {
+    constructor() {
+        this.name = 'angular-injection';
+    }
+    appliesTo(frameworks) {
+        return frameworks.some((f) => f.name === 'angular');
+    }
+    resolve(ctx) {
+        let entriesAdded = 0;
+        const diagnostics = [];
+        const unresolvedRefs = [];
+        // Build injection chains from class registry
+        for (const [className, classInfo] of ctx.symbolTable.classes) {
+            // Check any class that has a model — Angular services typically don't implement interfaces
+            // Look for classes that have methods making HTTP calls
+            const model = ctx.symbolTable.models.get(classInfo.filePath);
+            if (!model)
+                continue;
+            // Check if any function makes HTTP calls
+            for (const [, func] of model.functions) {
+                if (func.bodyHttpCalls.length > 0) {
+                    // This is an API service — create injection chains for any class that injects it
+                    const consumers = findConsumers(className, ctx);
+                    for (const consumer of consumers) {
+                        if (!ctx.symbolTable.injectionChains.has(consumer.file)) {
+                            ctx.symbolTable.injectionChains.set(consumer.file, []);
+                        }
+                        ctx.symbolTable.injectionChains.get(consumer.file).push({
+                            consumerFile: consumer.file,
+                            consumerClass: consumer.className,
+                            serviceClass: className,
+                            serviceFile: classInfo.filePath,
+                            injectionStyle: consumer.style,
+                        });
+                        entriesAdded++;
+                    }
+                }
+            }
+        }
+        if (entriesAdded > 0) {
+            diagnostics.push(`Resolved ${entriesAdded} Angular injection chain(s)`);
+        }
+        return { entriesAdded, diagnostics, unresolvedRefs };
+    }
+}
+exports.AngularInjectionResolver = AngularInjectionResolver;
+function findConsumers(serviceName, ctx) {
+    const consumers = [];
+    // Check existing injection chains (may have been populated by angularDetector)
+    for (const [file, chains] of ctx.symbolTable.injectionChains) {
+        for (const chain of chains) {
+            if (chain.serviceClass === serviceName) {
+                consumers.push({
+                    className: chain.consumerClass,
+                    file: chain.consumerFile,
+                    style: chain.injectionStyle,
+                });
+            }
+        }
+    }
+    // Fallback: search class registry for classes that might inject this service
+    // (constructor injection detected by parameter name matching)
+    for (const [className, classInfo] of ctx.symbolTable.classes) {
+        // Skip if already found as a consumer
+        if (consumers.some((c) => c.className === className && c.file === classInfo.filePath))
+            continue;
+        // Check if this class's model has the service name in its calledFunctions
+        const model = ctx.symbolTable.models.get(classInfo.filePath);
+        if (!model)
+            continue;
+        for (const [, func] of model.functions) {
+            if (func.calledFunctions.some((f) => f.includes(serviceName))) {
+                consumers.push({
+                    className,
+                    file: classInfo.filePath,
+                    style: 'constructor',
+                });
+                break;
+            }
+        }
+    }
+    return consumers;
+}

package/dist/src/pipeline/stages/ast/resolvers/dddLayerResolver.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+/**
+ * DDD / CQRS / Hexagonal layer resolver (Feature 27, Sub-PR 5)
+ *
+ * Resolves DDD-structured Java projects without requiring @Service/@Repository annotations.
+ * Detects:
+ * 1. Repository interfaces (findBy*, save, delete methods)
+ * 2. Interface → implementation mapping (implements InterfaceName)
+ * 3. CQRS command/query handlers (execute/handle/apply taking *Command/*Query)
+ * 4. Package-name layer hints (domain, application, infrastructure, adapter) as tie-breakers only
+ */
+import type { CrossFileResolver, CrossFileResolutionContext, CrossFileResolutionResult } from '../types';
+import type { DetectedApiFramework } from '../../../../discovery/frameworkDetector';
+export interface DddRepositoryInterface {
+    interfaceName: string;
+    methods: string[];
+    sourceFile: string;
+    line?: number;
+}
+export interface DddCqrsHandler {
+    className: string;
+    handlerType: 'command' | 'query' | 'event';
+    handleMethodName: string;
+    parameterType: string;
+    sourceFile: string;
+    line?: number;
+}
+export declare class DddLayerResolver implements CrossFileResolver {
+    readonly name = "ddd-layer";
+    appliesTo(frameworks: DetectedApiFramework[]): boolean;
+    resolve(ctx: CrossFileResolutionContext): CrossFileResolutionResult;
+}
+/**
+ * Detect repository interfaces: interfaces with findBy*, save, delete, etc.
+ * No @Repository annotation required (RULE-SA03).
+ */
+export declare function detectRepositoryInterfaces(source: string, filePath: string): DddRepositoryInterface[];
+/**
+ * Detect CQRS command/query handlers.
+ * Looks for classes with execute/handle/apply methods that take *Command/*Query parameters.
+ */
+export declare function detectCqrsHandlers(source: string, filePath: string): DddCqrsHandler[];
+/**
+ * Detect implements clauses from Java/Kotlin source.
+ */
+export declare function detectImplementsClauses(source: string, filePath: string): Array<[string, string]>;
+//# sourceMappingURL=dddLayerResolver.d.ts.map

package/dist/src/pipeline/stages/ast/resolvers/dddLayerResolver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dddLayerResolver.d.ts","sourceRoot":"","sources":["../../../../../../src/pipeline/stages/ast/resolvers/dddLayerResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAEpF,MAAM,WAAW,sBAAsB;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,SAAS,GAAG,OAAO,GAAG,OAAO,CAAC;IAC3C,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,gBAAiB,YAAW,iBAAiB;IACxD,QAAQ,CAAC,IAAI,eAAe;IAE5B,SAAS,CAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,OAAO;IAMtD,OAAO,CAAC,GAAG,EAAE,0BAA0B,GAAG,yBAAyB;CA+JpE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,sBAAsB,EAAE,CAgFrG;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,cAAc,EAAE,CAiCrF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAcjG"}

package/dist/src/pipeline/stages/ast/resolvers/dddLayerResolver.js ADDED Viewed

@@ -0,0 +1,314 @@
+"use strict";
+/**
+ * DDD / CQRS / Hexagonal layer resolver (Feature 27, Sub-PR 5)
+ *
+ * Resolves DDD-structured Java projects without requiring @Service/@Repository annotations.
+ * Detects:
+ * 1. Repository interfaces (findBy*, save, delete methods)
+ * 2. Interface → implementation mapping (implements InterfaceName)
+ * 3. CQRS command/query handlers (execute/handle/apply taking *Command/*Query)
+ * 4. Package-name layer hints (domain, application, infrastructure, adapter) as tie-breakers only
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DddLayerResolver = void 0;
+exports.detectRepositoryInterfaces = detectRepositoryInterfaces;
+exports.detectCqrsHandlers = detectCqrsHandlers;
+exports.detectImplementsClauses = detectImplementsClauses;
+class DddLayerResolver {
+    constructor() {
+        this.name = 'ddd-layer';
+    }
+    appliesTo(frameworks) {
+        return frameworks.some((f) => f.name === 'spring-boot' || f.name === 'spring-graphql' || f.name === 'dgs-framework');
+    }
+    resolve(ctx) {
+        let entriesAdded = 0;
+        const diagnostics = [];
+        const unresolvedRefs = [];
+        const repoInterfaces = [];
+        const cqrsHandlers = [];
+        const implementations = new Map();
+        // ----- Detect from class registry and semantic models -----
+        // 1. Detect repository interfaces from class registry
+        for (const [className, classDecl] of ctx.symbolTable.classes) {
+            const isRepoByName = /(?:Repository|Repo|Store|Gateway)$/.test(className);
+            const repoMethods = classDecl.methods.filter(m => /^(?:findBy\w+|find\w+|save|saveAll|delete|deleteById|existsBy\w+|countBy\w+|getBy\w+)$/.test(m));
+            if (isRepoByName && repoMethods.length > 0) {
+                repoInterfaces.push({
+                    interfaceName: className,
+                    methods: repoMethods,
+                    sourceFile: classDecl.filePath,
+                    line: classDecl.line,
+                });
+            }
+            else if (!isRepoByName && repoMethods.length >= 2) {
+                // Generic interface with enough repository-like methods
+                repoInterfaces.push({
+                    interfaceName: className,
+                    methods: repoMethods,
+                    sourceFile: classDecl.filePath,
+                    line: classDecl.line,
+                });
+            }
+        }
+        // 2. Detect CQRS handlers from class registry + semantic models
+        for (const [className, classDecl] of ctx.symbolTable.classes) {
+            const model = ctx.symbolTable.models.get(classDecl.filePath);
+            if (!model)
+                continue;
+            for (const methodName of classDecl.methods) {
+                if (methodName !== 'execute' && methodName !== 'handle' && methodName !== 'apply')
+                    continue;
+                // Determine handler type from class name or method context
+                let handlerType = 'command';
+                if (/Query/.test(className))
+                    handlerType = 'query';
+                else if (/Event/.test(className))
+                    handlerType = 'event';
+                // Try to get parameter type from the function's annotations or the class name
+                const func = model.functions.get(methodName);
+                let parameterType = `${className.replace(/Handler$/, '')}`;
+                if (func === null || func === void 0 ? void 0 : func.annotations) {
+                    // Check for annotations that hint at the command/query type
+                    for (const ann of func.annotations) {
+                        const typeMatch = ann.match(/(\w+(?:Command|Query|Event))/);
+                        if (typeMatch) {
+                            parameterType = typeMatch[1];
+                            if (/Command$/.test(parameterType))
+                                handlerType = 'command';
+                            else if (/Query$/.test(parameterType))
+                                handlerType = 'query';
+                            else if (/Event$/.test(parameterType))
+                                handlerType = 'event';
+                        }
+                    }
+                }
+                cqrsHandlers.push({
+                    className,
+                    handlerType,
+                    handleMethodName: methodName,
+                    parameterType,
+                    sourceFile: classDecl.filePath,
+                    line: classDecl.line,
+                });
+            }
+        }
+        // 3. Detect implements clauses from class registry (already parsed by tree-sitter)
+        for (const [className, classDecl] of ctx.symbolTable.classes) {
+            if (!classDecl.implementsInterfaces || classDecl.implementsInterfaces.length === 0)
+                continue;
+            for (const iface of classDecl.implementsInterfaces) {
+                if (!implementations.has(iface)) {
+                    implementations.set(iface, []);
+                }
+                implementations.get(iface).push(className);
+            }
+        }
+        // Map interface → implementation in symbolTable
+        for (const [ifaceName, implNames] of implementations) {
+            for (const implName of implNames) {
+                const ifaceFile = findFileForClass(ifaceName, ctx);
+                const implFile = findFileForClass(implName, ctx);
+                if (ifaceFile && implFile) {
+                    if (!ctx.symbolTable.interfaceImplementations.has(ifaceFile)) {
+                        ctx.symbolTable.interfaceImplementations.set(ifaceFile, []);
+                    }
+                    ctx.symbolTable.interfaceImplementations.get(ifaceFile).push({
+                        interfaceName: ifaceName,
+                        interfaceFile: ifaceFile,
+                        implName,
+                        implFile,
+                    });
+                    entriesAdded++;
+                }
+                else if (!implFile) {
+                    unresolvedRefs.push({
+                        ref: implName,
+                        reason: `Implementation class '${implName}' not found in parsed models`,
+                    });
+                }
+            }
+        }
+        // Write repository interfaces into symbolTable (Section 5.3)
+        for (const repo of repoInterfaces) {
+            const key = repo.sourceFile;
+            if (!ctx.symbolTable.interfaceImplementations.has(key)) {
+                ctx.symbolTable.interfaceImplementations.set(key, []);
+            }
+            const existing = ctx.symbolTable.interfaceImplementations.get(key);
+            const alreadyMapped = existing.some(e => e.interfaceName === repo.interfaceName);
+            if (!alreadyMapped) {
+                existing.push({
+                    interfaceName: repo.interfaceName,
+                    interfaceFile: repo.sourceFile,
+                    implName: '',
+                    implFile: '',
+                });
+                entriesAdded++;
+            }
+        }
+        // Write CQRS handlers as service-layer entries into symbolTable (Section 5.2)
+        for (const handler of cqrsHandlers) {
+            const key = handler.sourceFile;
+            if (!ctx.symbolTable.interfaceImplementations.has(key)) {
+                ctx.symbolTable.interfaceImplementations.set(key, []);
+            }
+            ctx.symbolTable.interfaceImplementations.get(key).push({
+                interfaceName: handler.parameterType,
+                interfaceFile: handler.sourceFile,
+                implName: handler.className,
+                implFile: handler.sourceFile,
+            });
+            entriesAdded++;
+        }
+        if (repoInterfaces.length > 0) {
+            diagnostics.push(`Found ${repoInterfaces.length} repository interface(s)`);
+        }
+        if (cqrsHandlers.length > 0) {
+            diagnostics.push(`Found ${cqrsHandlers.length} CQRS handler(s)`);
+        }
+        if (implementations.size > 0) {
+            diagnostics.push(`Found ${implementations.size} interface→implementation mapping(s)`);
+        }
+        return { entriesAdded, diagnostics, unresolvedRefs };
+    }
+}
+exports.DddLayerResolver = DddLayerResolver;
+/**
+ * Detect repository interfaces: interfaces with findBy*, save, delete, etc.
+ * No @Repository annotation required (RULE-SA03).
+ */
+function detectRepositoryInterfaces(source, filePath) {
+    const repos = [];
+    const lines = source.split('\n');
+    // Find interfaces
+    const interfacePattern = /(?:public\s+)?interface\s+(\w+(?:Repository|Repo|Store|Gateway))\b/;
+    let currentInterface = null;
+    let braceDepth = 0;
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        if (!currentInterface) {
+            const match = line.match(interfacePattern);
+            if (match) {
+                currentInterface = {
+                    interfaceName: match[1],
+                    methods: [],
+                    sourceFile: filePath,
+                    line: i + 1,
+                };
+                braceDepth = 0;
+            }
+        }
+        if (currentInterface) {
+            braceDepth += (line.match(/\{/g) || []).length;
+            braceDepth -= (line.match(/\}/g) || []).length;
+            // Detect repository methods: findByX, save, delete, existsBy, countBy
+            const methodMatch = line.match(/\b(findBy\w+|find\w+|save|saveAll|delete|deleteById|existsBy\w+|countBy\w+|getBy\w+)\s*\(/);
+            if (methodMatch) {
+                currentInterface.methods.push(methodMatch[1]);
+            }
+            if (braceDepth <= 0 && currentInterface.methods.length > 0) {
+                repos.push(currentInterface);
+                currentInterface = null;
+            }
+            else if (braceDepth <= 0) {
+                currentInterface = null;
+            }
+        }
+    }
+    // Also detect interfaces with standard CRUD method signatures without naming convention
+    const genericInterfacePattern = /(?:public\s+)?interface\s+(\w+)\b/g;
+    let genMatch;
+    while ((genMatch = genericInterfacePattern.exec(source)) !== null) {
+        const name = genMatch[1];
+        // Skip if already detected
+        if (repos.some((r) => r.interfaceName === name))
+            continue;
+        // Check if this interface has findBy, save, delete methods
+        const startIdx = genMatch.index;
+        const braceIdx = source.indexOf('{', startIdx);
+        if (braceIdx < 0)
+            continue;
+        let depth = 1;
+        let endIdx = braceIdx + 1;
+        while (endIdx < source.length && depth > 0) {
+            if (source[endIdx] === '{')
+                depth++;
+            if (source[endIdx] === '}')
+                depth--;
+            endIdx++;
+        }
+        const body = source.substring(braceIdx, endIdx);
+        const methods = [];
+        const repoMethodPattern = /\b(findBy\w+|save|delete|deleteById)\s*\(/g;
+        let rm;
+        while ((rm = repoMethodPattern.exec(body)) !== null) {
+            methods.push(rm[1]);
+        }
+        if (methods.length >= 2) {
+            const lineNum = source.substring(0, startIdx).split('\n').length;
+            repos.push({ interfaceName: name, methods, sourceFile: filePath, line: lineNum });
+        }
+    }
+    return repos;
+}
+/**
+ * Detect CQRS command/query handlers.
+ * Looks for classes with execute/handle/apply methods that take *Command/*Query parameters.
+ */
+function detectCqrsHandlers(source, filePath) {
+    const handlers = [];
+    const lines = source.split('\n');
+    // Pattern: handle(CreateArticleCommand cmd)  or  execute(GetArticlesQuery query)
+    const handlerMethodPattern = /(?:public\s+\S+\s+)?(execute|handle|apply)\s*\(\s*(\w+(Command|Query|Event))\s+\w+\s*\)/;
+    // Find the enclosing class name
+    let currentClass = '';
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const classMatch = line.match(/class\s+(\w+)/);
+        if (classMatch) {
+            currentClass = classMatch[1];
+        }
+        const methodMatch = line.match(handlerMethodPattern);
+        if (methodMatch && currentClass) {
+            const handlerType = methodMatch[3].toLowerCase();
+            handlers.push({
+                className: currentClass,
+                handlerType,
+                handleMethodName: methodMatch[1],
+                parameterType: methodMatch[2],
+                sourceFile: filePath,
+                line: i + 1,
+            });
+        }
+    }
+    return handlers;
+}
+/**
+ * Detect implements clauses from Java/Kotlin source.
+ */
+function detectImplementsClauses(source, filePath) {
+    const impls = [];
+    const pattern = /class\s+(\w+)(?:\s+extends\s+\w+)?\s+implements\s+([\w,\s]+)/g;
+    let match;
+    while ((match = pattern.exec(source)) !== null) {
+        const className = match[1];
+        const interfaces = match[2].split(',').map((s) => s.trim()).filter((s) => s.length > 0);
+        for (const iface of interfaces) {
+            impls.push([iface, className]);
+        }
+    }
+    return impls;
+}
+function findFileForClass(className, ctx) {
+    // Search through exported symbols and class registry
+    const classInfo = ctx.symbolTable.classes.get(className);
+    if (classInfo)
+        return classInfo.filePath;
+    // Search through models for any mention
+    for (const [filePath, model] of ctx.symbolTable.models) {
+        if (model.functions.has(className))
+            return filePath;
+    }
+    return undefined;
+}

package/dist/src/pipeline/stages/ast/resolvers/expressRouterResolver.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Express router cross-file resolver (Feature 27, Sub-PR 6)
+ *
+ * Resolves Express `app.use('/prefix', router)` mount paths across files:
+ * 1. Find all app.use('/path', require('./routes')) calls → mount registry
+ * 2. Follow require('./routes') to resolve sub-router files
+ * 3. Propagate auth middleware through nested routers
+ * 4. Build complete URL: base mount + sub-router mount + route path
+ */
+import type { CrossFileResolver, CrossFileResolutionContext, CrossFileResolutionResult } from '../types';
+import type { DetectedApiFramework } from '../../../../discovery/frameworkDetector';
+export declare class ExpressRouterResolver implements CrossFileResolver {
+    readonly name = "express-router";
+    appliesTo(frameworks: DetectedApiFramework[]): boolean;
+    resolve(ctx: CrossFileResolutionContext): CrossFileResolutionResult;
+}
+//# sourceMappingURL=expressRouterResolver.d.ts.map

package/dist/src/pipeline/stages/ast/resolvers/expressRouterResolver.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"expressRouterResolver.d.ts","sourceRoot":"","sources":["../../../../../../src/pipeline/stages/ast/resolvers/expressRouterResolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,iBAAiB,EACjB,0BAA0B,EAC1B,yBAAyB,EAC1B,MAAM,UAAU,CAAC;AAClB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAEpF,qBAAa,qBAAsB,YAAW,iBAAiB;IAC7D,QAAQ,CAAC,IAAI,oBAAoB;IAEjC,SAAS,CAAC,UAAU,EAAE,oBAAoB,EAAE,GAAG,OAAO;IAMtD,OAAO,CAAC,GAAG,EAAE,0BAA0B,GAAG,yBAAyB;CAiDpE"}

package/dist/src/pipeline/stages/ast/resolvers/expressRouterResolver.js ADDED Viewed

@@ -0,0 +1,65 @@
+"use strict";
+/**
+ * Express router cross-file resolver (Feature 27, Sub-PR 6)
+ *
+ * Resolves Express `app.use('/prefix', router)` mount paths across files:
+ * 1. Find all app.use('/path', require('./routes')) calls → mount registry
+ * 2. Follow require('./routes') to resolve sub-router files
+ * 3. Propagate auth middleware through nested routers
+ * 4. Build complete URL: base mount + sub-router mount + route path
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExpressRouterResolver = void 0;
+class ExpressRouterResolver {
+    constructor() {
+        this.name = 'express-router';
+    }
+    appliesTo(frameworks) {
+        return frameworks.some((f) => f.name === 'express' || f.name === 'nestjs' || f.name === 'koa' || f.name === 'fastify');
+    }
+    resolve(ctx) {
+        let entriesAdded = 0;
+        const diagnostics = [];
+        const unresolvedRefs = [];
+        // Scan models for Express router mount patterns
+        for (const [filePath, model] of ctx.symbolTable.models) {
+            if (!model.routeRegistrations)
+                continue;
+            for (const reg of model.routeRegistrations) {
+                // app.use('/prefix', require('./router'))
+                if (reg.targetModule && reg.path) {
+                    if (!ctx.symbolTable.routerMounts.has(filePath)) {
+                        ctx.symbolTable.routerMounts.set(filePath, []);
+                    }
+                    ctx.symbolTable.routerMounts.get(filePath).push({
+                        prefix: reg.path,
+                        targetModulePath: reg.targetModule,
+                        middleware: [],
+                        sourceFile: filePath,
+                        line: reg.line,
+                    });
+                    entriesAdded++;
+                }
+            }
+        }
+        // Propagate middleware from router mounts to sub-routes
+        for (const [filePath, mounts] of ctx.symbolTable.routerMounts) {
+            for (const mount of mounts) {
+                // Check if auth middleware is applied to this mount
+                const middleware = ctx.symbolTable.middlewareInheritance.get(filePath);
+                if (middleware) {
+                    for (const mw of middleware) {
+                        if (mw.appliedTo === 'router') {
+                            mount.middleware.push(mw);
+                        }
+                    }
+                }
+            }
+        }
+        if (entriesAdded > 0) {
+            diagnostics.push(`Resolved ${entriesAdded} Express router mount(s)`);
+        }
+        return { entriesAdded, diagnostics, unresolvedRefs };
+    }
+}
+exports.ExpressRouterResolver = ExpressRouterResolver;