auditor-lambda 0.3.40 → 0.3.41

package/dist/extractors/browserExtension.d.ts

@@ -1,7 +1,5 @@
 import type { Lens, RepoManifest } from "../types.js";
-import type { FileDisposition } from "../types/disposition.js";
-import type { GraphBundle, GraphEdge } from "../types/graph.js";
-import type { SurfaceRecord } from "../types/surfaces.js";
+import type { FileDisposition, GraphBundle, GraphEdge, SurfaceRecord } from "@audit-tools/shared";
 export declare const BROWSER_EXTENSION_HEURISTIC_NOTE = "Chrome extension manifest and HTML asset references were resolved deterministically from local paths; verify unusual dynamic registration manually.";
 export declare function isBrowserExtensionManifestPath(path: string): boolean;
 export declare function extractChromeExtensionManifestEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];

package/dist/extractors/browserExtension.js

@@ -1,5 +1,5 @@
 import { posix } from "node:path";
-import { isAuditExcludedStatus } from "./disposition.js";
+import { buildDispositionMap, isAuditExcludedStatus } from "./disposition.js";
 import { graphEdge, normalizeGraphPath, resolveCandidate, } from "./graphPathUtils.js";
 export const BROWSER_EXTENSION_HEURISTIC_NOTE = "Chrome extension manifest and HTML asset references were resolved deterministically from local paths; verify unusual dynamic registration manually.";
 const CHROME_EXTENSION_BACKGROUND_EDGE = "chrome-extension-background-link";
@@ -334,7 +334,7 @@ export function buildBrowserExtensionSurfacesFromGraph(graphBundle, disposition)
     const references = Array.isArray(graphBundle?.graphs.references)
         ? graphBundle.graphs.references
         : [];
-    const dispositionMap = new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
+    const dispositionMap = buildDispositionMap(disposition);
     const surfaces = [];
     const seen = new Set();
     for (const edge of references) {

package/dist/extractors/designAssessment.d.ts

@@ -1,8 +1,6 @@
 import type { UnitManifest } from "../types.js";
+import type { GraphBundle, CriticalFlowManifest, RiskRegister } from "@audit-tools/shared";
 import type { DesignAssessment } from "../types/designAssessment.js";
-import type { GraphBundle } from "../types/graph.js";
-import type { CriticalFlowManifest } from "../types/flows.js";
-import type { RiskRegister } from "../types/risk.js";
 export declare function buildDesignAssessment(params: {
     unitManifest: UnitManifest;
     graphBundle: GraphBundle;

package/dist/extractors/disposition.d.ts

@@ -1,8 +1,9 @@
 import type { RepoManifest } from "../types.js";
-import type { FileDisposition, FileDispositionStatus } from "../types/disposition.js";
+import type { FileDisposition, FileDispositionStatus } from "@audit-tools/shared";
 /**
  * Applies shared path heuristics to mark files that should be excluded or
  * down-scoped before audit planning begins.
  */
 export declare function buildFileDisposition(repoManifest: RepoManifest): FileDisposition;
+export declare function buildDispositionMap(disposition?: FileDisposition): Map<string, FileDispositionStatus>;
 export declare function isAuditExcludedStatus(status: FileDispositionStatus): boolean;

package/dist/extractors/disposition.js

@@ -75,6 +75,9 @@ export function buildFileDisposition(repoManifest) {
         files: repoManifest.files.map((file) => inferDisposition(file.path)),
     };
 }
+export function buildDispositionMap(disposition) {
+    return new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
+}
 export function isAuditExcludedStatus(status) {
     return (status === "excluded" ||
         status === "generated" ||

package/dist/extractors/flows.d.ts

@@ -1,7 +1,5 @@
 import type { RepoManifest } from "../types.js";
-import type { FileDisposition } from "../types/disposition.js";
-import type { CriticalFlowManifest } from "../types/flows.js";
-import type { SurfaceManifest } from "../types/surfaces.js";
+import type { FileDisposition, CriticalFlowManifest, SurfaceManifest } from "@audit-tools/shared";
 /**
  * Builds coarse critical-flow coverage from shared path heuristics. These
  * bootstrap flows are intentionally conservative and should be reviewed when a

package/dist/extractors/flows.js

@@ -1,4 +1,4 @@
-import { isAuditExcludedStatus } from "./disposition.js";
+import { buildDispositionMap, isAuditExcludedStatus } from "./disposition.js";
 import { EXTRACTOR_HEURISTIC_NOTE, isAsyncTaskPath, isBillingPath, isIdentityPath, isSecuritySensitivePath, isTestPath, isDataLayerPath, isConcurrencyPath, isInterfacePath, isDeploymentConfigPath, normalizeExtractorPath, } from "./pathPatterns.js";
 function inferConcerns(paths) {
     const concerns = new Set();
@@ -65,7 +65,7 @@ function dedupeFlows(flows) {
  * repo uses unconventional naming or layout conventions.
  */
 export function buildCriticalFlowManifest(repoManifest, surfaceManifest, disposition) {
-    const dispositionMap = new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
+    const dispositionMap = buildDispositionMap(disposition);
     const availablePaths = repoManifest.files
         .map((file) => file.path)
         .filter((path) => {

package/dist/extractors/graph.d.ts

@@ -1,7 +1,6 @@
 import type { RepoManifest } from "../types.js";
-import type { FileDisposition } from "../types/disposition.js";
+import type { FileDisposition, GraphBundle } from "@audit-tools/shared";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
-import type { GraphBundle } from "../types/graph.js";
 export interface BuildGraphBundleOptions {
     fileContents?: Record<string, string>;
     externalAnalyzerResults?: ExternalAnalyzerResults;

package/dist/extractors/graph.js

@@ -1,10 +1,11 @@
 import { readFile } from "node:fs/promises";
 import { isAbsolute, relative, resolve } from "node:path";
 import { posix } from "node:path";
-import { isAuditExcludedStatus } from "./disposition.js";
+import { buildDispositionMap, isAuditExcludedStatus } from "./disposition.js";
 import { extractChromeExtensionManifestEdges, extractHtmlResourceEdges, } from "./browserExtension.js";
 import { extractCargoWorkspaceMemberEdges, extractGoWorkspaceModuleEdges, extractMavenModuleEdges, extractPackageEntrypointEdges, extractPackageScriptEdges, extractPyprojectTestpathLinks, extractTypescriptProjectReferenceEdges, extractWorkspacePackageEdges, extractYamlPathReferenceEdges, isCargoManifestPath, isGoWorkspaceManifestPath, isMavenPomPath, isPyprojectPath, } from "./graphManifestEdges.js";
 import { graphEdge, graphLookupKey, normalizeGraphPath, resolveCandidate, } from "./graphPathUtils.js";
+import { extractPythonImportEdges, isPythonSourcePath, } from "./graphPythonImports.js";
 import { isTestPath, normalizeExtractorPath } from "./pathPatterns.js";
 const MAX_GRAPH_SOURCE_BYTES = 512 * 1024;
 const SOURCE_LANGUAGES = new Set([
@@ -40,8 +41,6 @@ const SOURCE_EXTENSIONS = [
     ".java",
     ".cs",
 ];
-const PYTHON_SOURCE_EXTENSIONS = [".py", ".pyi"];
-const PYTHON_PACKAGE_INDEX_FILES = ["__init__.py", "__init__.pyi"];
 const TYPESCRIPT_TYPE_CONTRACT_EXTENSIONS = [
     ".ts",
     ".tsx",
@@ -339,327 +338,6 @@ function extractImportBindings(fromPath, content, pathLookup) {
     }
     return bindings;
 }
-function isPythonSourcePath(path) {
-    const normalized = normalizeGraphPath(path).toLowerCase();
-    return PYTHON_SOURCE_EXTENSIONS.some((extension) => normalized.endsWith(extension));
-}
-function stripPythonLineComment(line) {
-    let quote;
-    let escaped = false;
-    for (let index = 0; index < line.length; index++) {
-        const char = line[index];
-        if (escaped) {
-            escaped = false;
-            continue;
-        }
-        if (quote) {
-            if (char === "\\") {
-                escaped = true;
-                continue;
-            }
-            if (char === quote) {
-                quote = undefined;
-            }
-            continue;
-        }
-        if (char === "'" || char === '"') {
-            quote = char;
-            continue;
-        }
-        if (char === "#") {
-            return line.slice(0, index);
-        }
-    }
-    return line;
-}
-function pythonParenDelta(line) {
-    let quote;
-    let escaped = false;
-    let delta = 0;
-    for (const char of line) {
-        if (escaped) {
-            escaped = false;
-            continue;
-        }
-        if (quote) {
-            if (char === "\\") {
-                escaped = true;
-                continue;
-            }
-            if (char === quote) {
-                quote = undefined;
-            }
-            continue;
-        }
-        if (char === "'" || char === '"') {
-            quote = char;
-            continue;
-        }
-        if (char === "(") {
-            delta += 1;
-        }
-        else if (char === ")") {
-            delta -= 1;
-        }
-    }
-    return delta;
-}
-function pythonLogicalLines(content) {
-    const logicalLines = [];
-    let pending = "";
-    let parenDepth = 0;
-    for (const rawLine of content.split(/\r?\n/)) {
-        const stripped = stripPythonLineComment(rawLine).trim();
-        if (stripped.length === 0) {
-            continue;
-        }
-        if (pending.length === 0 && !/^(?:import|from)\s+/i.test(stripped)) {
-            continue;
-        }
-        const continued = stripped.endsWith("\\");
-        const line = continued ? stripped.slice(0, -1).trimEnd() : stripped;
-        pending = pending.length > 0 ? `${pending} ${line}` : line;
-        parenDepth += pythonParenDelta(line);
-        if (!continued && parenDepth <= 0) {
-            logicalLines.push(pending.replace(/\s+/g, " ").trim());
-            pending = "";
-            parenDepth = 0;
-        }
-    }
-    if (pending.length > 0) {
-        logicalLines.push(pending.replace(/\s+/g, " ").trim());
-    }
-    return logicalLines;
-}
-function unwrapPythonImportList(value) {
-    let trimmed = value.trim();
-    if (trimmed.startsWith("(") && trimmed.endsWith(")")) {
-        trimmed = trimmed.slice(1, -1).trim();
-    }
-    return trimmed;
-}
-function splitPythonImportList(value) {
-    const items = [];
-    let current = "";
-    let quote;
-    let escaped = false;
-    let parenDepth = 0;
-    for (const char of unwrapPythonImportList(value)) {
-        if (escaped) {
-            current += char;
-            escaped = false;
-            continue;
-        }
-        if (quote) {
-            current += char;
-            if (char === "\\") {
-                escaped = true;
-            }
-            else if (char === quote) {
-                quote = undefined;
-            }
-            continue;
-        }
-        if (char === "'" || char === '"') {
-            current += char;
-            quote = char;
-            continue;
-        }
-        if (char === "(") {
-            parenDepth += 1;
-            current += char;
-            continue;
-        }
-        if (char === ")") {
-            parenDepth -= 1;
-            current += char;
-            continue;
-        }
-        if (char === "," && parenDepth === 0) {
-            const item = current.trim();
-            if (item.length > 0) {
-                items.push(item);
-            }
-            current = "";
-            continue;
-        }
-        current += char;
-    }
-    const item = current.trim();
-    if (item.length > 0) {
-        items.push(item);
-    }
-    return items;
-}
-function stripPythonAlias(value) {
-    return value.replace(/\s+as\s+[A-Za-z_]\w*$/i, "").trim();
-}
-function isPythonIdentifier(value) {
-    return /^[A-Za-z_]\w*$/.test(value);
-}
-function isPythonAbsoluteModuleSpecifier(value) {
-    return /^[A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*$/.test(value);
-}
-function isPythonRelativeModuleSpecifier(value) {
-    return /^\.+(?:[A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)?$/.test(value);
-}
-function isPythonModuleSpecifier(value) {
-    return (isPythonAbsoluteModuleSpecifier(value) ||
-        isPythonRelativeModuleSpecifier(value));
-}
-function pythonModulePath(specifier) {
-    return specifier.split(".").filter(Boolean).join("/");
-}
-function resolvePythonPathCandidate(candidate, pathLookup) {
-    const normalized = normalizeGraphPath(candidate).replace(/\/+$/, "");
-    if (normalized.length === 0 || normalized === "." || normalized === "..") {
-        return undefined;
-    }
-    return resolveCandidate(normalized, pathLookup);
-}
-function pythonPathMatchesModule(path, modulePath) {
-    const normalizedPath = normalizeGraphPath(path).toLowerCase();
-    const normalizedModulePath = normalizeGraphPath(modulePath).toLowerCase();
-    return (PYTHON_SOURCE_EXTENSIONS.some((extension) => {
-        const moduleFile = `${normalizedModulePath}${extension}`;
-        return (normalizedPath === moduleFile ||
-            normalizedPath.endsWith(`/${moduleFile}`));
-    }) ||
-        PYTHON_PACKAGE_INDEX_FILES.some((indexFile) => {
-            const packageFile = posix.join(normalizedModulePath, indexFile);
-            return (normalizedPath === packageFile ||
-                normalizedPath.endsWith(`/${packageFile}`));
-        }));
-}
-function commonDirectoryPrefixLength(left, right) {
-    const leftParts = normalizeGraphPath(left).split("/").filter(Boolean);
-    const rightParts = normalizeGraphPath(right).split("/").filter(Boolean);
-    let count = 0;
-    while (count < leftParts.length &&
-        count < rightParts.length &&
-        leftParts[count].toLowerCase() === rightParts[count].toLowerCase()) {
-        count += 1;
-    }
-    return count;
-}
-function resolvePythonAbsoluteModuleSpecifier(fromPath, specifier, pathLookup) {
-    const modulePath = pythonModulePath(specifier);
-    const direct = resolvePythonPathCandidate(modulePath, pathLookup);
-    if (direct) {
-        return direct;
-    }
-    const matches = [...new Set(pathLookup.values())].filter((path) => isPythonSourcePath(path) && pythonPathMatchesModule(path, modulePath));
-    if (matches.length === 1) {
-        return matches[0];
-    }
-    if (matches.length === 0) {
-        return undefined;
-    }
-    const fromDir = posix.dirname(normalizeGraphPath(fromPath));
-    const scored = matches
-        .map((target) => ({
-        target,
-        score: commonDirectoryPrefixLength(fromDir, posix.dirname(normalizeGraphPath(target))),
-    }))
-        .sort((a, b) => b.score - a.score || a.target.localeCompare(b.target));
-    const bestScore = scored[0]?.score ?? 0;
-    const bestMatches = scored.filter((item) => item.score === bestScore);
-    if (bestScore > 0 && bestMatches.length === 1) {
-        return bestMatches[0].target;
-    }
-    const srcMatches = matches.filter((target) => normalizeGraphPath(target).toLowerCase().startsWith("src/"));
-    return srcMatches.length === 1 ? srcMatches[0] : undefined;
-}
-function resolvePythonRelativeModuleSpecifier(fromPath, specifier, pathLookup) {
-    const match = /^(\.+)(.*)$/.exec(specifier);
-    if (!match) {
-        return undefined;
-    }
-    const level = match[1].length;
-    const remainder = match[2] ?? "";
-    let baseDir = posix.dirname(normalizeGraphPath(fromPath));
-    for (let index = 1; index < level; index++) {
-        const next = posix.dirname(baseDir);
-        if (next === baseDir) {
-            return undefined;
-        }
-        baseDir = next;
-    }
-    const modulePath = pythonModulePath(remainder);
-    const candidate = modulePath.length > 0 ? posix.join(baseDir, modulePath) : baseDir;
-    return resolvePythonPathCandidate(candidate, pathLookup);
-}
-function resolvePythonModuleSpecifier(fromPath, specifier, pathLookup) {
-    if (isPythonRelativeModuleSpecifier(specifier)) {
-        return resolvePythonRelativeModuleSpecifier(fromPath, specifier, pathLookup);
-    }
-    if (isPythonAbsoluteModuleSpecifier(specifier)) {
-        return resolvePythonAbsoluteModuleSpecifier(fromPath, specifier, pathLookup);
-    }
-    return undefined;
-}
-function appendPythonImportedSpecifier(moduleSpecifier, importedName) {
-    return moduleSpecifier.endsWith(".")
-        ? `${moduleSpecifier}${importedName}`
-        : `${moduleSpecifier}.${importedName}`;
-}
-function addPythonImportEdge(edges, fromPath, target, kind, specifier) {
-    if (!target || target === fromPath) {
-        return;
-    }
-    edges.push(graphEdge({
-        from: fromPath,
-        to: target,
-        kind,
-        confidence: IMPORT_EDGE_CONFIDENCE,
-        reason: `Resolved Python import specifier '${specifier}'.`,
-    }));
-}
-function extractPythonImportEdges(fromPath, content, pathLookup) {
-    if (!isPythonSourcePath(fromPath)) {
-        return [];
-    }
-    const edges = [];
-    for (const line of pythonLogicalLines(content)) {
-        const importMatch = /^import\s+(.+)$/i.exec(line);
-        if (importMatch) {
-            for (const rawSpecifier of splitPythonImportList(importMatch[1] ?? "")) {
-                const specifier = stripPythonAlias(rawSpecifier);
-                if (!isPythonAbsoluteModuleSpecifier(specifier)) {
-                    continue;
-                }
-                addPythonImportEdge(edges, fromPath, resolvePythonModuleSpecifier(fromPath, specifier, pathLookup), "python-import", specifier);
-            }
-            continue;
-        }
-        const fromImportMatch = /^from\s+([.\w]+)\s+import\s+(.+)$/i.exec(line);
-        if (!fromImportMatch) {
-            continue;
-        }
-        const moduleSpecifier = fromImportMatch[1] ?? "";
-        if (!isPythonModuleSpecifier(moduleSpecifier)) {
-            continue;
-        }
-        const importedNames = splitPythonImportList(fromImportMatch[2] ?? "")
-            .map(stripPythonAlias)
-            .filter((name) => name !== "*" && isPythonIdentifier(name));
-        const submoduleTargets = importedNames
-            .map((name) => appendPythonImportedSpecifier(moduleSpecifier, name))
-            .map((specifier) => ({
-            specifier,
-            target: resolvePythonModuleSpecifier(fromPath, specifier, pathLookup),
-        }))
-            .filter((item) => item.target);
-        if (submoduleTargets.length > 0) {
-            for (const { specifier, target } of submoduleTargets) {
-                addPythonImportEdge(edges, fromPath, target, "python-from-import", specifier);
-            }
-            continue;
-        }
-        addPythonImportEdge(edges, fromPath, resolvePythonModuleSpecifier(fromPath, moduleSpecifier, pathLookup), "python-from-import", moduleSpecifier);
-    }
-    return edges;
-}
 function extractImportEdges(fromPath, content, pathLookup) {
     const edges = [];
     for (const { pattern, kind } of IMPORT_PATTERNS) {
@@ -1239,7 +917,7 @@ function extractPytestConftestLinks(pathLookup) {
 }
 export async function buildGraphBundleFromFs(repoManifest, root, disposition, options = {}) {
     const rootPath = resolve(root);
-    const dispositionMap = new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
+    const dispositionMap = buildDispositionMap(disposition);
     const fileContents = {};
     await Promise.all(repoManifest.files.map(async (file) => {
         const status = dispositionMap.get(file.path);
@@ -1267,7 +945,7 @@ export function buildGraphBundle(repoManifest, disposition, options = {}) {
     const calls = [];
     const references = [];
     const routes = [];
-    const dispositionMap = new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
+    const dispositionMap = buildDispositionMap(disposition);
     const pathLookup = buildPathLookup(repoManifest, dispositionMap);
     for (const file of repoManifest.files) {
         const status = dispositionMap.get(file.path);

package/dist/extractors/graphManifestEdges.d.ts

@@ -1,4 +1,4 @@
-import type { GraphEdge } from "../types/graph.js";
+import type { GraphEdge } from "@audit-tools/shared";
 export declare function extractPackageEntrypointEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
 export declare function extractPackageScriptEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
 export declare function isGoWorkspaceManifestPath(path: string): boolean;

package/dist/extractors/graphPathUtils.d.ts

@@ -1,4 +1,4 @@
-import type { GraphEdge } from "../types/graph.js";
+import type { GraphEdge } from "@audit-tools/shared";
 export declare function normalizeGraphPath(path: string): string;
 export declare function graphLookupKey(path: string): string;
 export declare function resolveCandidate(candidate: string, pathLookup: Map<string, string>): string | undefined;

package/dist/extractors/graphPythonImports.d.ts

@@ -0,0 +1,3 @@
+import type { GraphEdge } from "@audit-tools/shared";
+export declare function isPythonSourcePath(path: string): boolean;
+export declare function extractPythonImportEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];