api-tests-coverage 1.0.16 → 1.0.18

package/dist/src/languages/javascript/assertionResolver.js

@@ -66,8 +66,8 @@ function tryExtractAssertion(callNode) {
             if (!subject)
                 return null;
             const methodName = (_j = (_h = (_g = callee.property) === null || _g === void 0 ? void 0 : _g.name) === null || _h === void 0 ? void 0 : _h.toLowerCase()) !== null && _j !== void 0 ? _j : '';
-            const assertionType = classifyAssertionMethod(methodName);
-            const { variable } = classifyExpectSubject(subject);
+            const { variable, assertionType: subjectType } = classifyExpectSubject(subject);
+            const assertionType = classifyAssertionMethod(methodName, subjectType);
             return { assertionType, subjectVariable: variable, line: (_l = (_k = callNode.loc) === null || _k === void 0 ? void 0 : _k.start) === null || _l === void 0 ? void 0 : _l.line };
         }
     }
@@ -132,13 +132,15 @@ function classifyExpectSubject(subject) {
     }
     return { variable: undefined, assertionType: 'body-field' };
 }
-function classifyAssertionMethod(methodName) {
+function classifyAssertionMethod(methodName, subjectType) {
     if (methodName === 'tobe' ||
         methodName === 'toequal' ||
         methodName === 'tostrictequal' ||
         methodName === 'tobetruthy' ||
         methodName === 'tobefalsy') {
-        return 'status-code'; // Could be either, default to status-code
+        // These methods are ambiguous — use subject context to decide.
+        // Only classify as status-code when the subject involves status.
+        return subjectType === 'status-code' ? 'status-code' : 'body-field';
     }
     if (methodName === 'tohaveproperty' || methodName === 'tocontain' || methodName === 'tomatch') {
         return 'body-field';

package/dist/src/languages/javascript/hapiDetector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hapiDetector.d.ts","sourceRoot":"","sources":["../../../../src/languages/javascript/hapiDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,UAAU,GAAG,UAAU,GAAG,KAAK,CAAC;CACvC;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAkBD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,CAuFlF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CAmBtF"}
+{"version":3,"file":"hapiDetector.d.ts","sourceRoot":"","sources":["../../../../src/languages/javascript/hapiDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,UAAU,GAAG,UAAU,GAAG,KAAK,CAAC;CACvC;AAED,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAkBD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,CA6HlF;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,aAAa,EAAE,CAmBtF"}

package/dist/src/languages/javascript/hapiDetector.js

@@ -30,7 +30,7 @@ const BOOM_STATUS_MAP = {
  * Detect HapiJS route definitions from source text.
  */
 function detectHapiRoutes(sourceText, filePath) {
-    var _a, _b;
+    var _a, _b, _c, _d;
     const routes = [];
     const lines = sourceText.split('\n');
     for (let i = 0; i < lines.length; i++) {
@@ -55,7 +55,7 @@ function detectHapiRoutes(sourceText, filePath) {
             if (authSimple) {
                 auth = { strategy: authSimple[1], mode: 'required' };
             }
-            // auth: { mode: 'try' } or auth: { mode: 'optional' }
+            // auth: { mode: 'try' } or auth: { mode: 'optional' } — single-line case
             const authMode = nearLine.match(/(?:auth|mode)\s*:\s*[{]?\s*mode\s*:\s*['"](\w+)['"]/);
             if (authMode) {
                 auth = {
@@ -63,6 +63,19 @@ function detectHapiRoutes(sourceText, filePath) {
                     mode: authMode[1] === 'try' || authMode[1] === 'optional' ? 'optional' : 'required',
                 };
             }
+            else if (/auth\s*:\s*\{/.test(nearLine) || /auth\s*\{/.test(nearLine)) {
+                // Multi-line auth object: scan the next 5 lines for mode: 'try' / 'optional'
+                for (let m = j + 1; m < Math.min(j + 6, lines.length); m++) {
+                    const modeMatch = lines[m].match(/mode\s*:\s*['"](\w+)['"]/);
+                    if (modeMatch) {
+                        auth = {
+                            strategy: auth === null || auth === void 0 ? void 0 : auth.strategy,
+                            mode: modeMatch[1] === 'try' || modeMatch[1] === 'optional' ? 'optional' : 'required',
+                        };
+                        break;
+                    }
+                }
+            }
             // auth: false
             if (/auth\s*:\s*false/.test(nearLine)) {
                 auth = undefined; // Public route
@@ -74,8 +87,9 @@ function detectHapiRoutes(sourceText, filePath) {
                 // Scan validation block
                 for (let k = j; k < Math.min(j + 15, lines.length); k++) {
                     const valLine = lines[k];
-                    // query: { ... }
+                    // query: { ... } — extract Joi fields from same line and subsequent lines
                     if (/query\s*:/.test(valLine)) {
+                        // Same-line extraction
                         const paramMatch = valLine.match(/(\w+)\s*:\s*Joi\./g);
                         if (paramMatch) {
                             for (const pm of paramMatch) {
@@ -84,17 +98,46 @@ function detectHapiRoutes(sourceText, filePath) {
                                     queryParams.push(name);
                             }
                         }
+                        // Multi-line extraction: scan subsequent lines for fieldName: Joi. patterns
+                        for (let q = k + 1; q < Math.min(k + 16, lines.length); q++) {
+                            const subLine = lines[q];
+                            if (/}\s*[),]/.test(subLine) || /]\s*,/.test(subLine))
+                                break;
+                            const fieldMatch = subLine.match(/(\w+)\s*:\s*Joi\./g);
+                            if (fieldMatch) {
+                                for (const fm of fieldMatch) {
+                                    const name = (_b = fm.match(/(\w+)\s*:/)) === null || _b === void 0 ? void 0 : _b[1];
+                                    if (name && !queryParams.includes(name))
+                                        queryParams.push(name);
+                                }
+                            }
+                        }
                     }
-                    // payload: { ... }
+                    // payload: { ... } — extract Joi fields from same line and subsequent lines
                     if (/payload\s*:/.test(valLine)) {
+                        // Same-line extraction
                         const paramMatch = valLine.match(/(\w+)\s*:\s*Joi\./g);
                         if (paramMatch) {
                             for (const pm of paramMatch) {
-                                const name = (_b = pm.match(/(\w+)\s*:/)) === null || _b === void 0 ? void 0 : _b[1];
+                                const name = (_c = pm.match(/(\w+)\s*:/)) === null || _c === void 0 ? void 0 : _c[1];
                                 if (name)
                                     payloadParams.push(name);
                             }
                         }
+                        // Multi-line extraction: scan subsequent lines for fieldName: Joi. patterns
+                        for (let q = k + 1; q < Math.min(k + 16, lines.length); q++) {
+                            const subLine = lines[q];
+                            if (/}\s*[),]/.test(subLine) || /]\s*,/.test(subLine))
+                                break;
+                            const fieldMatch = subLine.match(/(\w+)\s*:\s*Joi\./g);
+                            if (fieldMatch) {
+                                for (const fm of fieldMatch) {
+                                    const name = (_d = fm.match(/(\w+)\s*:/)) === null || _d === void 0 ? void 0 : _d[1];
+                                    if (name && !payloadParams.includes(name))
+                                        payloadParams.push(name);
+                                }
+                            }
+                        }
                     }
                 }
                 if (queryParams.length > 0 || payloadParams.length > 0) {

package/dist/src/languages/javascript/vueDetector.d.ts

@@ -9,6 +9,8 @@
  */
 export interface VueApiCall {
     actionName?: string;
+    /** Resolved string value when actionName is a constant (e.g., FETCH_ARTICLES → 'fetchArticles') */
+    resolvedName?: string;
     method: string;
     urlPattern: string;
     baseUrl?: string;

package/dist/src/languages/javascript/vueDetector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vueDetector.d.ts","sourceRoot":"","sources":["../../../../src/languages/javascript/vueDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,UAAU;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAO/F;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,EAAE,CA4CpF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE,CAkBzF"}
+{"version":3,"file":"vueDetector.d.ts","sourceRoot":"","sources":["../../../../src/languages/javascript/vueDetector.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,UAAU;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mGAAmG;IACnG,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAO/F;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,EAAE,CAoEpF;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,EAAE,CAkBzF"}

package/dist/src/languages/javascript/vueDetector.js

@@ -29,7 +29,20 @@ function detectAxiosBaseUrl(sourceText, filePath) {
 function detectVuexActions(sourceText, filePath) {
     const calls = [];
     const lines = sourceText.split('\n');
+    // Pass 1: Build a map of constant name → string value.
+    // Matches patterns like:
+    //   const FETCH_ARTICLES = 'fetchArticles'
+    //   export const FETCH_ARTICLES = "fetchArticles"
+    const constantMap = new Map();
+    for (const line of lines) {
+        const constMatch = line.match(/(?:export\s+)?const\s+([A-Z_][A-Z0-9_]*)\s*=\s*['"]([^'"]+)['"]/);
+        if (constMatch) {
+            constantMap.set(constMatch[1], constMatch[2]);
+        }
+    }
+    // Pass 2: Detect action definitions and their API calls.
     let currentAction = '';
+    let currentResolvedName;
     for (let i = 0; i < lines.length; i++) {
         const line = lines[i];
         // Vuex action definition: [ACTION_NAME]({ commit }, payload) {
@@ -37,6 +50,13 @@ function detectVuexActions(sourceText, filePath) {
         const actionMatch = line.match(/(?:\[(\w+)\]|(\w+))\s*\(\s*\{\s*(?:commit|dispatch|state|getters|rootState)/);
         if (actionMatch) {
             currentAction = actionMatch[1] || actionMatch[2] || '';
+            // If using bracket syntax with a constant, resolve to its string value
+            if (actionMatch[1] && constantMap.has(actionMatch[1])) {
+                currentResolvedName = constantMap.get(actionMatch[1]);
+            }
+            else {
+                currentResolvedName = undefined;
+            }
             continue;
         }
         // ApiService.get/post/put/delete('resource')
@@ -44,6 +64,7 @@ function detectVuexActions(sourceText, filePath) {
         if (apiServiceMatch) {
             calls.push({
                 actionName: currentAction || undefined,
+                resolvedName: currentResolvedName,
                 method: apiServiceMatch[1].toUpperCase(),
                 urlPattern: apiServiceMatch[2],
                 sourceFile: filePath,
@@ -56,6 +77,7 @@ function detectVuexActions(sourceText, filePath) {
         if (axiosMatch) {
             calls.push({
                 actionName: currentAction || undefined,
+                resolvedName: currentResolvedName,
                 method: axiosMatch[1].toUpperCase(),
                 urlPattern: axiosMatch[2],
                 sourceFile: filePath,

package/dist/src/languages/python/index.d.ts

@@ -10,7 +10,7 @@ export declare class PythonAnalyzer implements LanguageAnalyzer {
     extractHttpInteractions(model: SemanticModel, _ctx: AnalysisContext): ResolvedHttpInteraction[];
     extractAssertions(model: SemanticModel): SemanticAssertion[];
     extractBusinessRuleRefs(model: SemanticModel): BusinessRuleRef[];
-    extractFlowRefs(_model: SemanticModel): FlowRef[];
+    extractFlowRefs(model: SemanticModel): FlowRef[];
 }
 /**
  * Classify JWT/auth security from decorator information.

package/dist/src/languages/python/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/languages/python/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EAIb,uBAAuB,EACvB,iBAAiB,EACjB,eAAe,EACf,OAAO,EACP,eAAe,EAEf,aAAa,EAEb,sBAAsB,EACvB,MAAM,oBAAoB,CAAC;AAkC5B,qBAAa,cAAe,YAAW,gBAAgB;IACrD,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAY;IAEhD,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,gBAAgB;IAc1D,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,eAAe,GAAG,aAAa;IA6BtF,uBAAuB,CAAC,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,eAAe,GAAG,uBAAuB,EAAE;IAwB/F,iBAAiB,CAAC,KAAK,EAAE,aAAa,GAAG,iBAAiB,EAAE;IAG5D,uBAAuB,CAAC,KAAK,EAAE,aAAa,GAAG,eAAe,EAAE;IAGhE,eAAe,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,EAAE;CAGlD;AA2WD;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,aAAa,EAAE,GAAG,sBAAsB,GAAG,SAAS,CAarG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/languages/python/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,KAAK,EACV,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EAIb,uBAAuB,EACvB,iBAAiB,EACjB,eAAe,EACf,OAAO,EACP,eAAe,EAEf,aAAa,EAEb,sBAAsB,EACvB,MAAM,oBAAoB,CAAC;AAmC5B,qBAAa,cAAe,YAAW,gBAAgB;IACrD,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAY;IAEhD,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,gBAAgB;IAc1D,kBAAkB,CAAC,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,eAAe,GAAG,aAAa;IA4CtF,uBAAuB,CAAC,KAAK,EAAE,aAAa,EAAE,IAAI,EAAE,eAAe,GAAG,uBAAuB,EAAE;IAwB/F,iBAAiB,CAAC,KAAK,EAAE,aAAa,GAAG,iBAAiB,EAAE;IAG5D,uBAAuB,CAAC,KAAK,EAAE,aAAa,GAAG,eAAe,EAAE;IAGhE,eAAe,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,EAAE;CAqBjD;AA2WD;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,aAAa,EAAE,GAAG,sBAAsB,GAAG,SAAS,CAarG"}

package/dist/src/languages/python/index.js

@@ -8,6 +8,7 @@ exports.classifyFlaskSecurity = classifyFlaskSecurity;
 const parserRegistry_1 = require("../../ast/parserRegistry");
 const treeSitterUtils_1 = require("../shared/treeSitterUtils");
 const resolvePaths_1 = require("../../coverage/deep-analysis/resolvePaths");
+const testPatternDetector_1 = require("./testPatternDetector");
 // ─── Parser ───────────────────────────────────────────────────────────────────
 let cachedParser = undefined;
 let parserLoaded = false;
@@ -45,7 +46,7 @@ class PythonAnalyzer {
         }
     }
     buildSemanticModel(parsed, _context) {
-        var _a, _b;
+        var _a, _b, _c, _d;
         const root = (_b = (_a = parsed.ast) === null || _a === void 0 ? void 0 : _a.rootNode) !== null && _b !== void 0 ? _b : parsed.ast;
         if (!root)
             return emptyModel(parsed.filePath);
@@ -56,6 +57,20 @@ class PythonAnalyzer {
         // Feature 27: Flask/FastAPI pattern detection
         const decoratorStacks = extractFlaskDecoratorStacks(root, parsed.filePath);
         const routeRegistrations = extractFlaskRouteRegistrations(root, parsed.filePath);
+        // Feature 27: webtest API call detection
+        const sourceText = (_d = (_c = root.text) !== null && _c !== void 0 ? _c : parsed.content) !== null && _d !== void 0 ? _d : '';
+        const webtestCalls = (0, testPatternDetector_1.detectWebtestCalls)(sourceText, parsed.filePath);
+        if (webtestCalls.length > 0) {
+            const httpCalls = (0, testPatternDetector_1.webtestCallsToHttpCalls)(webtestCalls);
+            // Merge webtest HTTP calls into the functions map under a synthetic entry
+            const webtestFunc = {
+                name: '__webtest_calls__',
+                parameters: [],
+                bodyHttpCalls: httpCalls,
+                calledFunctions: [],
+            };
+            functions.set('__webtest_calls__', webtestFunc);
+        }
         return {
             filePath: parsed.filePath,
             language: 'python',
@@ -103,8 +118,23 @@ class PythonAnalyzer {
     extractBusinessRuleRefs(model) {
         return model.businessRuleRefs;
     }
-    extractFlowRefs(_model) {
-        return [];
+    extractFlowRefs(model) {
+        // Feature 27: Resolve pytest fixture chains
+        const refs = [...model.flowRefs];
+        // Use function parameter names to discover fixture dependencies
+        // In pytest, function parameters that aren't built-in fixtures are fixture references
+        const builtinFixtures = new Set([
+            'request', 'tmp_path', 'tmpdir', 'capsys', 'capfd', 'monkeypatch',
+            'pytestconfig', 'recwarn', 'caplog', 'cache', 'self',
+        ]);
+        for (const [funcName, func] of model.functions) {
+            for (const param of func.parameters) {
+                if (param && !builtinFixtures.has(param)) {
+                    refs.push({ flowId: `fixture:${param}`, source: 'tag' });
+                }
+            }
+        }
+        return refs;
     }
 }
 exports.PythonAnalyzer = PythonAnalyzer;

package/dist/src/pipeline/confidence.d.ts

@@ -65,6 +65,11 @@ export declare function hasPartialResolution(graph: CoverageKnowledgeGraph, path
 /**
  * Build a ConfidenceEvidence object from a coverage path in the graph.
  * Inspects the nodes and their source stages to determine what evidence exists.
+ *
+ * Optional `iastConfirmed` and `dastConfirmed` flags allow the caller to
+ * inject runtime confirmation state that may not be discoverable by walking
+ * `pathNodeIds` alone (e.g. when IAST/DAST nodes are not directly on the
+ * endpoint→test path in the graph).
  */
-export declare function buildConfidenceEvidence(graph: CoverageKnowledgeGraph, pathNodeIds: string[], isStaticOnlyMode: boolean): ConfidenceEvidence;
+export declare function buildConfidenceEvidence(graph: CoverageKnowledgeGraph, pathNodeIds: string[], isStaticOnlyMode: boolean, iastConfirmed?: boolean, dastConfirmed?: boolean): ConfidenceEvidence;
 //# sourceMappingURL=confidence.d.ts.map

package/dist/src/pipeline/confidence.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"confidence.d.ts","sourceRoot":"","sources":["../../../src/pipeline/confidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAa,MAAM,SAAS,CAAC;AACjF,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAYtD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,kBAAkB,CAwBtF;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,kBAAkB,EAC7B,QAAQ,EAAE,kBAAkB,GAC3B,kBAAkB,CAoBpB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,kBAAkB,CAGlF;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,kBAAkB,EAC3B,QAAQ,EAAE,kBAAkB,GAC3B,kBAAkB,CAIpB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,CAAC,EAAE,kBAAkB,EACrB,CAAC,EAAE,kBAAkB,GACpB,MAAM,CAER;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,kBAAkB,EAAE,GAAG,kBAAkB,CAS9E;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,sBAAsB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAMT;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,sBAAsB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAMT;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,sBAAsB,EAC7B,WAAW,EAAE,MAAM,EAAE,EACrB,gBAAgB,EAAE,OAAO,GACxB,kBAAkB,CA6CpB"}
+{"version":3,"file":"confidence.d.ts","sourceRoot":"","sources":["../../../src/pipeline/confidence.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAa,MAAM,SAAS,CAAC;AACjF,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAYtD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,kBAAkB,CAwBtF;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,kBAAkB,EAC7B,QAAQ,EAAE,kBAAkB,GAC3B,kBAAkB,CAoBpB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,kBAAkB,GAAG,kBAAkB,CAGlF;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,kBAAkB,EAC3B,QAAQ,EAAE,kBAAkB,GAC3B,kBAAkB,CAIpB;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,CAAC,EAAE,kBAAkB,EACrB,CAAC,EAAE,kBAAkB,GACpB,MAAM,CAER;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,kBAAkB,EAAE,GAAG,kBAAkB,CAS9E;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,sBAAsB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAMT;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,sBAAsB,EAC7B,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAMT;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,sBAAsB,EAC7B,WAAW,EAAE,MAAM,EAAE,EACrB,gBAAgB,EAAE,OAAO,EACzB,aAAa,CAAC,EAAE,OAAO,EACvB,aAAa,CAAC,EAAE,OAAO,GACtB,kBAAkB,CA6CpB"}

package/dist/src/pipeline/confidence.js

@@ -151,8 +151,13 @@ function hasPartialResolution(graph, pathNodeIds) {
 /**
  * Build a ConfidenceEvidence object from a coverage path in the graph.
  * Inspects the nodes and their source stages to determine what evidence exists.
+ *
+ * Optional `iastConfirmed` and `dastConfirmed` flags allow the caller to
+ * inject runtime confirmation state that may not be discoverable by walking
+ * `pathNodeIds` alone (e.g. when IAST/DAST nodes are not directly on the
+ * endpoint→test path in the graph).
  */
-function buildConfidenceEvidence(graph, pathNodeIds, isStaticOnlyMode) {
+function buildConfidenceEvidence(graph, pathNodeIds, isStaticOnlyMode, iastConfirmed, dastConfirmed) {
     var _a, _b;
     const sourceStages = new Set();
     let hasIastConfirmation = false;
@@ -187,8 +192,8 @@ function buildConfidenceEvidence(graph, pathNodeIds, isStaticOnlyMode) {
     }
     return {
         sourceStages: Array.from(sourceStages),
-        hasIastConfirmation,
-        hasDastConfirmation,
+        hasIastConfirmation: hasIastConfirmation || (iastConfirmed !== null && iastConfirmed !== void 0 ? iastConfirmed : false),
+        hasDastConfirmation: hasDastConfirmation || (dastConfirmed !== null && dastConfirmed !== void 0 ? dastConfirmed : false),
         hasAssertionConfirmation,
         hasMockBoundary,
         hasPartialResolution: hasPartial,

package/dist/src/pipeline/graph.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graph.d.ts","sourceRoot":"","sources":["../../../src/pipeline/graph.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,SAAS,EACV,MAAM,SAAS,CAAC;AAEjB,qBAAa,sBAAsB;IACjC,OAAO,CAAC,KAAK,CAAqC;IAClD,OAAO,CAAC,KAAK,CAAqC;IAIlD,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI;IAI9B,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI1C,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI5B,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI/B,cAAc,CAAC,IAAI,EAAE,aAAa,GAAG,SAAS,EAAE;IAIhD,eAAe,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS,EAAE;IAI9C,WAAW,IAAI,SAAS,EAAE;IAI1B,IAAI,SAAS,IAAI,MAAM,CAEtB;IAID,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI;IAI9B,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI1C,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI5B,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI/B,mDAAmD;IACnD,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE;IAIzC,8CAA8C;IAC9C,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE;IAIvC,sEAAsE;IACtE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE;IAQ9D,wCAAwC;IACxC,cAAc,CAAC,IAAI,EAAE,aAAa,GAAG,SAAS,EAAE;IAIhD,WAAW,IAAI,SAAS,EAAE;IAI1B,IAAI,SAAS,IAAI,MAAM,CAEtB;IAID;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,aAAa,EAAE,GAAG,SAAS,EAAE;IA4B5E;;;OAGG;IACH,iBAAiB,CACf,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,aAAa,GACtB,OAAO;IAiCV;;;OAGG;IACH,KAAK,CAAC,KAAK,EAAE,sBAAsB,GAAG,YAAY,EAAE;IAwCpD,cAAc,IAAI;QAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAAC,KAAK,EAAE,SAAS,EAAE,CAAA;KAAE;IAO5D,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAAC,KAAK,EAAE,SAAS,EAAE,CAAA;KAAE,GAAG,sBAAsB;IAajG,KAAK,IAAI,IAAI;CAId"}
+{"version":3,"file":"graph.d.ts","sourceRoot":"","sources":["../../../src/pipeline/graph.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,SAAS,EACV,MAAM,SAAS,CAAC;AAEjB,qBAAa,sBAAsB;IACjC,OAAO,CAAC,KAAK,CAAqC;IAClD,OAAO,CAAC,KAAK,CAAqC;IAIlD,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI;IAI9B,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI1C,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI5B,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAa/B,cAAc,CAAC,IAAI,EAAE,aAAa,GAAG,SAAS,EAAE;IAIhD,eAAe,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS,EAAE;IAI9C,WAAW,IAAI,SAAS,EAAE;IAI1B,IAAI,SAAS,IAAI,MAAM,CAEtB;IAID,OAAO,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI;IAI9B,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAI1C,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI5B,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO;IAI/B,mDAAmD;IACnD,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE;IAIzC,8CAA8C;IAC9C,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,EAAE;IAIvC,sEAAsE;IACtE,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,SAAS,EAAE;IAQ9D,wCAAwC;IACxC,cAAc,CAAC,IAAI,EAAE,aAAa,GAAG,SAAS,EAAE;IAIhD,WAAW,IAAI,SAAS,EAAE;IAI1B,IAAI,SAAS,IAAI,MAAM,CAEtB;IAID;;;OAGG;IACH,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,aAAa,EAAE,GAAG,SAAS,EAAE;IA4B5E;;;OAGG;IACH,iBAAiB,CACf,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,aAAa,GACtB,OAAO;IAmCV;;;OAGG;IACH,KAAK,CAAC,KAAK,EAAE,sBAAsB,GAAG,YAAY,EAAE;IAwCpD,cAAc,IAAI;QAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAAC,KAAK,EAAE,SAAS,EAAE,CAAA;KAAE;IAO5D,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAAC,KAAK,EAAE,SAAS,EAAE,CAAA;KAAE,GAAG,sBAAsB;IAajG,KAAK,IAAI,IAAI;CAId"}

package/dist/src/pipeline/graph.js

@@ -23,7 +23,16 @@ class CoverageKnowledgeGraph {
         return this.nodes.has(id);
     }
     removeNode(id) {
-        return this.nodes.delete(id);
+        const deleted = this.nodes.delete(id);
+        if (deleted) {
+            // Remove all edges that reference this node to avoid dangling edges
+            for (const [edgeId, edge] of this.edges) {
+                if (edge.sourceNodeId === id || edge.targetNodeId === id) {
+                    this.edges.delete(edgeId);
+                }
+            }
+        }
+        return deleted;
     }
     getNodesByType(type) {
         return Array.from(this.nodes.values()).filter((n) => n.type === type);
@@ -112,9 +121,11 @@ class CoverageKnowledgeGraph {
         while (queue.length > 0) {
             const path = queue.shift();
             const currentId = path[path.length - 1];
-            if (visited.has(currentId))
+            // Don't skip endId — we need to check every path that arrives at it
+            if (currentId !== endId && visited.has(currentId))
                 continue;
-            visited.add(currentId);
+            if (currentId !== endId)
+                visited.add(currentId);
             if (currentId === endId) {
                 // Check interior nodes (not start or end)
                 for (let i = 1; i < path.length - 1; i++) {
@@ -122,7 +133,8 @@ class CoverageKnowledgeGraph {
                     if ((node === null || node === void 0 ? void 0 : node.type) === nodeType)
                         return true;
                 }
-                return false;
+                // Don't return false here — other paths may still contain the node type
+                continue;
             }
             const outEdges = this.getEdgesFrom(currentId);
             for (const edge of outEdges) {

package/dist/src/pipeline/stages/ast/astStage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"astStage.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/ast/astStage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE3E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAmB9C,qBAAa,QAAS,YAAW,aAAa,CAAC,cAAc,CAAC;IAC5D,QAAQ,CAAC,IAAI,EAAG,KAAK,CAAU;IAC/B,QAAQ,CAAC,QAAQ,SAAS;IAEpB,OAAO,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;CAoLjE"}
+{"version":3,"file":"astStage.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/ast/astStage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE3E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AA2B9C,qBAAa,QAAS,YAAW,aAAa,CAAC,cAAc,CAAC;IAC5D,QAAQ,CAAC,IAAI,EAAG,KAAK,CAAU;IAC/B,QAAQ,CAAC,QAAQ,SAAS;IAEpB,OAAO,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;CAoNjE"}

package/dist/src/pipeline/stages/ast/astStage.js

@@ -53,6 +53,14 @@ const graphBuilder_1 = require("./graphBuilder");
 const fileClassifier_1 = require("../../../discovery/fileClassifier");
 const projectDiscovery_1 = require("../../../discovery/projectDiscovery");
 const parserRegistry_1 = require("../../../ast/parserRegistry");
+const rulesEnforcer_1 = require("./rulesEnforcer");
+const optionalAuthUnifier_1 = require("./optionalAuthUnifier");
+const expressRouterResolver_1 = require("./resolvers/expressRouterResolver");
+const flaskBlueprintResolver_1 = require("./resolvers/flaskBlueprintResolver");
+const angularInjectionResolver_1 = require("./resolvers/angularInjectionResolver");
+const vuexActionResolver_1 = require("./resolvers/vuexActionResolver");
+const mybatisResolver_1 = require("./resolvers/mybatisResolver");
+const dddLayerResolver_1 = require("./resolvers/dddLayerResolver");
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 class AstStage {
@@ -71,7 +79,8 @@ class AstStage {
         const scaOutput = context.stageOutputs.get('sca');
         // Build analysis context
         const analysisContext = (0, astAnalysisOrchestrator_1.buildAnalysisContext)(context.config.astConfig);
-        // Discover all files
+        // Discover all files — XML, GraphQL, and PHP files are included in serviceFiles
+        // via SERVICE_CODE_EXTS in fileClassifier.ts (RULE-SA05, SA06)
         const artifacts = (0, projectDiscovery_1.discoverProject)({ rootDir: context.projectRoot });
         const allSourceFiles = [
             ...artifacts.testFiles,
@@ -131,8 +140,33 @@ class AstStage {
         }
         // Phase 2: Build cross-file symbol table
         const crossFileTable = (0, crossFileResolver_1.buildCrossFileSymbolTable)(models, context.projectRoot);
-        // Phase 2b: Run cross-file resolution pass (Feature 27)
+        // Phase 2b: Register and run cross-file resolvers (Feature 27)
+        // Clear any stale registrations from prior runs, then register all 6 resolvers
+        (0, crossFileResolutionPass_1.clearCrossFileResolvers)();
+        (0, crossFileResolutionPass_1.registerCrossFileResolver)(new expressRouterResolver_1.ExpressRouterResolver());
+        (0, crossFileResolutionPass_1.registerCrossFileResolver)(new flaskBlueprintResolver_1.FlaskBlueprintResolver());
+        (0, crossFileResolutionPass_1.registerCrossFileResolver)(new angularInjectionResolver_1.AngularInjectionResolver());
+        (0, crossFileResolutionPass_1.registerCrossFileResolver)(new vuexActionResolver_1.VuexActionResolver());
+        (0, crossFileResolutionPass_1.registerCrossFileResolver)(new mybatisResolver_1.MyBatisResolver());
+        (0, crossFileResolutionPass_1.registerCrossFileResolver)(new dddLayerResolver_1.DddLayerResolver());
         const crossFileResolutionResult = (0, crossFileResolutionPass_1.runCrossFileResolution)(crossFileTable, context.projectRoot, artifacts.apiFrameworks, allSourceFiles);
+        // Phase 2c: Detect auth coverage gaps (Feature 27)
+        // Collect all endpoints with their security classifications for gap analysis
+        const endpointsForAuthGaps = [];
+        for (const [filePath, model] of crossFileTable.models) {
+            if (!model.routeRegistrations)
+                continue;
+            for (const reg of model.routeRegistrations) {
+                endpointsForAuthGaps.push({
+                    path: reg.path,
+                    security: reg.security,
+                    sourceFile: filePath,
+                });
+            }
+        }
+        const authCoverageGaps = (0, optionalAuthUnifier_1.detectAuthCoverageGaps)(endpointsForAuthGaps, new Set());
+        // Phase 2d: Enforce structure-agnostic rules (Feature 27)
+        const rulesResult = (0, rulesEnforcer_1.enforceStructureAgnosticRules)(crossFileTable, context.projectRoot);
         // Phase 3: Run abstract layer traversal for test files
         const traversalResults = new Map();
         const depthCap = context.config.traversalDepthCap;
@@ -204,6 +238,10 @@ class AstStage {
                 graphEdgesAdded: edges.length,
                 crossFileResolversRun: crossFileResolutionResult.resolverResults.length,
                 crossFileEntriesAdded: crossFileResolutionResult.totalEntriesAdded,
+                rulesChecked: rulesResult.rulesChecked,
+                rulesPassed: rulesResult.rulesPassed,
+                ruleViolations: rulesResult.violations.length,
+                authCoverageGaps: authCoverageGaps.length,
             },
         };
         context.diagnostics.set('ast', diagnostics);
@@ -238,7 +276,13 @@ function detectLanguage(filePath, scaOutput) {
         '.kts': 'kotlin',
         '.py': 'python',
         '.rb': 'ruby',
+        '.php': 'php',
         '.feature': 'cucumber',
     };
+    // Handle GraphQL schema files and XML as special-case languages
+    if (ext === '.graphqls' || ext === '.graphql')
+        return 'graphql';
+    if (ext === '.xml')
+        return 'xml';
     return extensionMap[ext];
 }

package/dist/src/pipeline/stages/ast/baseUrlComposer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"baseUrlComposer.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/ast/baseUrlComposer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH;;;GAGG;AACH,wBAAgB,UAAU,CAAC,GAAG,QAAQ,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,GAAG,MAAM,CAStE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAkBlD;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAQxD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE;IACL,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,GACA,MAAM,CAUR"}
+{"version":3,"file":"baseUrlComposer.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/ast/baseUrlComposer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH;;;GAGG;AACH,wBAAgB,UAAU,CAAC,GAAG,QAAQ,EAAE,CAAC,MAAM,GAAG,SAAS,CAAC,EAAE,GAAG,MAAM,CAyBtE;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAkBlD;AAED;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAQxD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE;IACL,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,GACA,MAAM,CAUR"}

package/dist/src/pipeline/stages/ast/baseUrlComposer.js

@@ -24,10 +24,24 @@ exports.composeFrameworkUrl = composeFrameworkUrl;
  */
 function composeUrl(...segments) {
     const parts = segments
-        .filter((s) => typeof s === 'string' && s.length > 0)
-        .map((s) => s.replace(/^\/+|\/+$/g, ''));
-    const joined = parts.join('/');
-    const normalized = '/' + joined.replace(/\/+/g, '/');
+        .filter((s) => typeof s === 'string' && s.length > 0);
+    if (parts.length === 0)
+        return '/';
+    // Detect protocol in the first segment (e.g. http://, https://)
+    const protocolMatch = parts[0].match(/^(\w+:\/\/)/);
+    let protocol = '';
+    if (protocolMatch) {
+        protocol = protocolMatch[1];
+        parts[0] = parts[0].slice(protocol.length);
+    }
+    const stripped = parts.map((s) => s.replace(/^\/+|\/+$/g, ''));
+    const joined = stripped.join('/');
+    const deduped = joined.replace(/\/+/g, '/');
+    if (protocol) {
+        const normalized = protocol + deduped;
+        return normalized.replace(/\/+$/, '') || protocol;
+    }
+    const normalized = '/' + deduped;
     return normalized === '/' ? '/' : normalized.replace(/\/+$/, '');
 }
 /**

package/dist/src/pipeline/stages/ast/crossFileResolver.js

@@ -107,12 +107,31 @@ function resolveSymbolCrossFile(symbolName, fromFile, table) {
     }
     return undefined;
 }
+/** Built-in objects that should never be treated as import module names */
+const BUILTIN_OBJECTS = new Set([
+    'console', 'math', 'json', 'object', 'array', 'promise', 'date',
+    'string', 'number', 'boolean', 'symbol', 'regexp', 'error', 'map',
+    'set', 'weakmap', 'weakset', 'proxy', 'reflect', 'intl',
+    'arraybuffer', 'sharedarraybuffer', 'atomics', 'dataview',
+    'this', 'self', 'super', 'window', 'document', 'process',
+    'global', 'globalthis', 'module', 'exports', 'require',
+    '__dirname', '__filename',
+]);
 /**
  * Extract import declarations from a semantic model.
  * This is a heuristic extraction — real import extraction would come from the AST.
  */
 function extractImportsFromModel(filePath, model, projectRoot) {
     const imports = [];
+    // Build a set of known identifiers from the model (constants and local variables)
+    // These are the names that could plausibly be import aliases
+    const knownIdentifiers = new Set();
+    for (const [name] of model.constants) {
+        knownIdentifiers.add(name);
+    }
+    for (const [name] of model.localVariables) {
+        knownIdentifiers.add(name);
+    }
     // Use functions' calledFunctions to infer cross-file references
     for (const [, func] of model.functions) {
         for (const calledName of func.calledFunctions) {
@@ -120,6 +139,16 @@ function extractImportsFromModel(filePath, model, projectRoot) {
             const dotIndex = calledName.indexOf('.');
             if (dotIndex > 0) {
                 const modulePart = calledName.substring(0, dotIndex);
+                // Skip common built-in objects that are never import sources
+                if (BUILTIN_OBJECTS.has(modulePart.toLowerCase())) {
+                    continue;
+                }
+                // Only treat as an import if the prefix matches a known identifier
+                // (constant or local variable) in this file, which is how import
+                // aliases typically appear in the semantic model
+                if (!knownIdentifiers.has(modulePart)) {
+                    continue;
+                }
                 const resolvedPath = (0, importResolver_1.resolveImportPath)(`./${modulePart}`, filePath, projectRoot, model.language);
                 if (resolvedPath) {
                     imports.push({

package/dist/src/pipeline/stages/ast/graphBuilder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"graphBuilder.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/ast/graphBuilder.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAoB,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AACtG,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAIrE;;GAEG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,EAClC,cAAc,EAAE,oBAAoB,EACpC,gBAAgB,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,EAC9C,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,GACnD;IAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IAAC,KAAK,EAAE,SAAS,EAAE,CAAA;CAAE,CAsN5C"}
+{"version":3,"file":"graphBuilder.d.ts","sourceRoot":"","sources":["../../../../../src/pipeline/stages/ast/graphBuilder.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAoB,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AACtG,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAiB,MAAM,aAAa,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAIrE;;GAEG;AACH,wBAAgB,aAAa,CAC3B,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,EAClC,cAAc,EAAE,oBAAoB,EACpC,gBAAgB,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,EAC9C,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,uBAAuB,EAAE,CAAC,GACnD;IAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IAAC,KAAK,EAAE,SAAS,EAAE,CAAA;CAAE,CA4S5C"}