codedev-mcp 3.2.0

package/dist/analyzers/dep-vuln.js

@@ -0,0 +1,342 @@
+/**
+ * Dependency Vulnerability Scanner
+ * Cross-references package lock files (package-lock.json, yarn.lock, pnpm-lock.yaml,
+ * Cargo.lock, Pipfile.lock, go.sum) against known vulnerability patterns.
+ * Checks for outdated packages, known-vulnerable version ranges, and security advisories.
+ */
+import { readFile } from 'node:fs/promises';
+import path from 'node:path';
+// Known patterns for vulnerable packages / versions (static heuristic-based)
+const KNOWN_VULN_PATTERNS = [
+    // npm ecosystem
+    { name: /^lodash$/, maxSafe: '4.17.21', severity: 'high', reason: 'Prototype pollution (CVE-2021-23337)' },
+    { name: /^minimist$/, maxSafe: '1.2.6', severity: 'high', reason: 'Prototype pollution (CVE-2021-44906)' },
+    { name: /^node-fetch$/, maxSafe: '2.6.7', severity: 'high', reason: 'Exposure of sensitive info (CVE-2022-0235)' },
+    { name: /^axios$/, maxSafe: '1.6.0', severity: 'medium', reason: 'SSRF vulnerability in versions < 1.6.0' },
+    {
+        name: /^jsonwebtoken$/,
+        maxSafe: '9.0.0',
+        severity: 'high',
+        reason: 'Insecure token verification (CVE-2022-23529)',
+    },
+    {
+        name: /^express$/,
+        maxSafe: '4.19.2',
+        severity: 'medium',
+        reason: 'Open redirect vulnerability in older versions',
+    },
+    {
+        name: /^tar$/,
+        maxSafe: '6.1.12',
+        severity: 'high',
+        reason: 'Arbitrary file creation/overwrite (CVE-2021-37712)',
+    },
+    { name: /^semver$/, maxSafe: '7.5.2', severity: 'medium', reason: 'ReDoS vulnerability (CVE-2022-25883)' },
+    { name: /^xml2js$/, maxSafe: '0.5.0', severity: 'high', reason: 'Prototype pollution (CVE-2023-0842)' },
+    { name: /^got$/, maxSafe: '11.8.5', severity: 'medium', reason: 'Open redirect (CVE-2022-33987)' },
+    { name: /^moment$/, maxSafe: '999.0.0', severity: 'low', reason: 'Deprecated — use date-fns or dayjs instead' },
+    { name: /^request$/, maxSafe: '999.0.0', severity: 'low', reason: 'Deprecated and unmaintained' },
+    {
+        name: /^event-stream$/,
+        maxSafe: '999.0.0',
+        severity: 'critical',
+        reason: 'Known malicious versions (flatmap-stream incident)',
+    },
+    { name: /^ua-parser-js$/, maxSafe: '0.7.33', severity: 'critical', reason: 'Supply chain attack (CVE-2021-27292)' },
+    { name: /^colors$/, maxSafe: '1.4.0', severity: 'high', reason: 'Sabotaged by maintainer in v1.4.1+' },
+    { name: /^faker$/, maxSafe: '5.5.3', severity: 'high', reason: 'Sabotaged by maintainer in v6+' },
+    // Python ecosystem
+    { name: /^pyyaml$/i, maxSafe: '6.0', severity: 'high', reason: 'Arbitrary code execution via yaml.load' },
+    { name: /^django$/i, maxSafe: '4.2.0', severity: 'medium', reason: 'Multiple security fixes in 4.2+' },
+    { name: /^flask$/i, maxSafe: '2.3.0', severity: 'low', reason: 'Security improvements in 2.3+' },
+    {
+        name: /^pillow$/i,
+        maxSafe: '10.0.0',
+        severity: 'high',
+        reason: 'Buffer overflow vulnerabilities in older versions',
+    },
+    { name: /^cryptography$/i, maxSafe: '41.0.0', severity: 'high', reason: 'Multiple CVEs in older versions' },
+    { name: /^urllib3$/i, maxSafe: '2.0.0', severity: 'medium', reason: 'Cookie leaking, CRLF injection in < 2.0' },
+    // Rust ecosystem
+    { name: /^hyper$/, maxSafe: '0.14.23', severity: 'high', reason: 'HTTP request smuggling (RUSTSEC-2023-0034)' },
+    { name: /^regex$/, maxSafe: '1.8.0', severity: 'medium', reason: 'ReDoS in older versions' },
+];
+/**
+ * Simple semver comparison (major.minor.patch). Returns true if a < b.
+ * @param a - First version string
+ * @param b - Second version string
+ * @returns True if version a is less than version b
+ */
+function semverLessThan(a, b) {
+    const parse = (v) => v
+        .replace(/^[~^>=<]+/, '')
+        .split('.')
+        .map((n) => parseInt(n, 10) || 0);
+    const pa = parse(a);
+    const pb = parse(b);
+    for (let i = 0; i < 3; i++) {
+        if ((pa[i] || 0) < (pb[i] || 0))
+            return true;
+        if ((pa[i] || 0) > (pb[i] || 0))
+            return false;
+    }
+    return false;
+}
+/**
+ * Parse package-lock.json or package.json dependencies.
+ * @param content - The raw file content
+ * @returns Array of dependency name/version pairs
+ */
+function parseNpmLock(content) {
+    const deps = [];
+    try {
+        const data = JSON.parse(content);
+        // package-lock.json v2/v3
+        if (data.packages) {
+            for (const [pkgPath, info] of Object.entries(data.packages)) {
+                const d = info;
+                if (pkgPath && d.version) {
+                    const name = pkgPath.replace(/^node_modules\//, '').replace(/.*node_modules\//, '');
+                    if (name)
+                        deps.push({ name, version: d.version });
+                }
+            }
+        }
+        // package-lock.json v1
+        else if (data.dependencies) {
+            for (const [name, info] of Object.entries(data.dependencies)) {
+                const d = info;
+                if (d.version)
+                    deps.push({ name, version: d.version });
+            }
+        }
+        // package.json (fallback, ranges only)
+        else if (data.name && (data.dependencies || data.devDependencies)) {
+            for (const [name, ver] of Object.entries({ ...(data.dependencies || {}), ...(data.devDependencies || {}) })) {
+                deps.push({ name, version: String(ver) });
+            }
+        }
+    }
+    catch {
+        /* skip */
+    }
+    return deps;
+}
+/**
+ * Parse Cargo.lock.
+ * @param content - The raw Cargo.lock content
+ * @returns Array of dependency name/version pairs
+ */
+function parseCargoLock(content) {
+    const deps = [];
+    const pkgRegex = /\[\[package\]\]\s*\nname\s*=\s*"([^"]+)"\s*\nversion\s*=\s*"([^"]+)"/g;
+    let match;
+    while ((match = pkgRegex.exec(content)) !== null) {
+        deps.push({ name: match[1], version: match[2] });
+    }
+    return deps;
+}
+/**
+ * Parse Pipfile.lock or requirements.txt.
+ * @param content - The raw file content
+ * @param file - The file path to determine format
+ * @returns Array of dependency name/version pairs
+ */
+function parsePythonDeps(content, file) {
+    const deps = [];
+    if (file.endsWith('.lock')) {
+        try {
+            const data = JSON.parse(content);
+            for (const section of ['default', 'develop']) {
+                const pkgs = data[section] || {};
+                for (const [name, info] of Object.entries(pkgs)) {
+                    const d = info;
+                    if (d.version)
+                        deps.push({ name, version: d.version.replace(/^==/, '') });
+                }
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    else {
+        // requirements.txt
+        for (const line of content.split('\n')) {
+            const match = line.trim().match(/^([a-zA-Z0-9_-]+)\s*[=<>!~]+\s*([0-9.]+)/);
+            if (match)
+                deps.push({ name: match[1], version: match[2] });
+        }
+    }
+    return deps;
+}
+/**
+ * Parse go.sum.
+ * @param content - The raw go.sum content
+ * @returns Array of dependency name/version pairs
+ */
+function parseGoSum(content) {
+    const deps = [];
+    const seen = new Set();
+    for (const line of content.split('\n')) {
+        const match = line.match(/^(\S+)\s+v([0-9.]+)/);
+        if (match && !seen.has(match[1])) {
+            seen.add(match[1]);
+            deps.push({ name: match[1], version: match[2] });
+        }
+    }
+    return deps;
+}
+/**
+ * Main vulnerability scan function.
+ * @param cwd - The working directory to scan
+ * @returns Vulnerability scan results with findings and summary
+ */
+export async function scanDependencyVulns(cwd) {
+    const vulnerabilities = [];
+    const lockFiles = [];
+    const ecosystems = new Set();
+    let totalDeps = 0;
+    let outdatedCount = 0;
+    // Scan npm lock files
+    for (const lockFile of ['package-lock.json', 'yarn.lock', 'pnpm-lock.yaml']) {
+        try {
+            const content = await readFile(path.join(cwd, lockFile), 'utf-8');
+            lockFiles.push(lockFile);
+            ecosystems.add('npm');
+            // Only parse JSON lock files for now
+            if (lockFile === 'package-lock.json') {
+                const deps = parseNpmLock(content);
+                totalDeps += deps.length;
+                for (const dep of deps) {
+                    for (const pattern of KNOWN_VULN_PATTERNS) {
+                        if (pattern.name.test(dep.name) && pattern.maxSafe && semverLessThan(dep.version, pattern.maxSafe)) {
+                            vulnerabilities.push({
+                                name: dep.name,
+                                version: dep.version,
+                                severity: pattern.severity,
+                                reason: pattern.reason,
+                                file: lockFile,
+                                ecosystem: 'npm',
+                                recommendation: `Upgrade to >= ${pattern.maxSafe}`,
+                            });
+                            if (pattern.severity !== 'info')
+                                outdatedCount++;
+                        }
+                    }
+                }
+            }
+        }
+        catch {
+            /* file doesn't exist */
+        }
+    }
+    // Scan package.json if no lock file found
+    if (!lockFiles.some((f) => f.includes('lock'))) {
+        try {
+            const content = await readFile(path.join(cwd, 'package.json'), 'utf-8');
+            lockFiles.push('package.json');
+            ecosystems.add('npm');
+            const deps = parseNpmLock(content);
+            totalDeps += deps.length;
+            for (const dep of deps) {
+                for (const pattern of KNOWN_VULN_PATTERNS) {
+                    if (pattern.name.test(dep.name) && pattern.maxSafe && semverLessThan(dep.version, pattern.maxSafe)) {
+                        vulnerabilities.push({
+                            name: dep.name,
+                            version: dep.version,
+                            severity: pattern.severity,
+                            reason: pattern.reason,
+                            file: 'package.json',
+                            ecosystem: 'npm',
+                            recommendation: `Upgrade to >= ${pattern.maxSafe}`,
+                        });
+                    }
+                }
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    // Scan Cargo.lock
+    try {
+        const content = await readFile(path.join(cwd, 'Cargo.lock'), 'utf-8');
+        lockFiles.push('Cargo.lock');
+        ecosystems.add('cargo');
+        const deps = parseCargoLock(content);
+        totalDeps += deps.length;
+        for (const dep of deps) {
+            for (const pattern of KNOWN_VULN_PATTERNS) {
+                if (pattern.name.test(dep.name) && pattern.maxSafe && semverLessThan(dep.version, pattern.maxSafe)) {
+                    vulnerabilities.push({
+                        name: dep.name,
+                        version: dep.version,
+                        severity: pattern.severity,
+                        reason: pattern.reason,
+                        file: 'Cargo.lock',
+                        ecosystem: 'cargo',
+                        recommendation: `Upgrade to >= ${pattern.maxSafe}`,
+                    });
+                }
+            }
+        }
+    }
+    catch {
+        /* skip */
+    }
+    // Scan Python deps
+    for (const pyFile of ['Pipfile.lock', 'requirements.txt', 'requirements-dev.txt']) {
+        try {
+            const content = await readFile(path.join(cwd, pyFile), 'utf-8');
+            lockFiles.push(pyFile);
+            ecosystems.add('pip');
+            const deps = parsePythonDeps(content, pyFile);
+            totalDeps += deps.length;
+            for (const dep of deps) {
+                for (const pattern of KNOWN_VULN_PATTERNS) {
+                    if (pattern.name.test(dep.name) && pattern.maxSafe && semverLessThan(dep.version, pattern.maxSafe)) {
+                        vulnerabilities.push({
+                            name: dep.name,
+                            version: dep.version,
+                            severity: pattern.severity,
+                            reason: pattern.reason,
+                            file: pyFile,
+                            ecosystem: 'pip',
+                            recommendation: `Upgrade to >= ${pattern.maxSafe}`,
+                        });
+                    }
+                }
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    // Scan go.sum
+    try {
+        const content = await readFile(path.join(cwd, 'go.sum'), 'utf-8');
+        lockFiles.push('go.sum');
+        ecosystems.add('go');
+        const deps = parseGoSum(content);
+        totalDeps += deps.length;
+    }
+    catch {
+        /* skip */
+    }
+    // Sort by severity
+    const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+    vulnerabilities.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+    const summary = { critical: 0, high: 0, medium: 0, low: 0, info: 0 };
+    for (const v of vulnerabilities)
+        summary[v.severity]++;
+    return {
+        vulnerabilities,
+        totalDeps,
+        outdatedCount,
+        ecosystems: Array.from(ecosystems),
+        lockFiles,
+        summary,
+    };
+}
+//# sourceMappingURL=dep-vuln.js.map

package/dist/analyzers/dep-vuln.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dep-vuln.js","sourceRoot":"","sources":["../../src/analyzers/dep-vuln.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,IAAI,MAAM,WAAW,CAAC;AAqB7B,6EAA6E;AAC7E,MAAM,mBAAmB,GACvB;IACE,gBAAgB;IAChB,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAC1G,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAC1G,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,4CAA4C,EAAE;IAClH,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,wCAAwC,EAAE;IAC3G;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,8CAA8C;KACvD;IACD;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,QAAQ;QACjB,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,+CAA+C;KACxD;IACD;QACE,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,QAAQ;QACjB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,oDAAoD;KAC7D;IACD,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,sCAAsC,EAAE;IAC1G,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,qCAAqC,EAAE;IACvG,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,gCAAgC,EAAE;IAClG,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE;IAC/G,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE;IACjG;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,oDAAoD;KAC7D;IACD,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,sCAAsC,EAAE;IACnH,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,oCAAoC,EAAE;IACtG,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,gCAAgC,EAAE;IACjG,mBAAmB;IACnB,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,wCAAwC,EAAE;IACzG,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,iCAAiC,EAAE;IACtG,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE;IAChG;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,QAAQ;QACjB,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,mDAAmD;KAC5D;IACD,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,iCAAiC,EAAE;IAC3G,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,yCAAyC,EAAE;IAC/G,iBAAiB;IACjB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,4CAA4C,EAAE;IAC/G,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,yBAAyB,EAAE;CAC7F,CAAC;AAEJ;;;;;GAKG;AACH,SAAS,cAAc,CAAC,CAAS,EAAE,CAAS;IAC1C,MAAM,KAAK,GAAG,CAAC,CAAS,EAAE,EAAE,CAC1B,CAAC;SACE,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;SACxB,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CAAC,OAAe;IACnC,MAAM,IAAI,GAAwC,EAAE,CAAC;IACrD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEjC,0BAA0B;QAC1B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5D,MAAM,CAAC,GAAG,IAA+B,CAAC;gBAC1C,IAAI,OAAO,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;oBACzB,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;oBACpF,IAAI,IAAI;wBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAiB,EAAE,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;QACD,uBAAuB;aAClB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC7D,MAAM,CAAC,GAAG,IAA+B,CAAC;gBAC1C,IAAI,CAAC,CAAC,OAAO;oBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAiB,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QACD,uCAAuC;aAClC,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAClE,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC5G,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,UAAU;IACZ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,IAAI,GAAwC,EAAE,CAAC;IACrD,MAAM,QAAQ,GAAG,uEAAuE,CAAC;IACzF,IAAI,KAAK,CAAC;IACV,OAAO,CAAC,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,IAAY;IACpD,MAAM,IAAI,GAAwC,EAAE,CAAC;IAErD,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACjC,KAAK,MAAM,OAAO,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,CAAC;gBAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjC,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChD,MAAM,CAAC,GAAG,IAA+B,CAAC;oBAC1C,IAAI,CAAC,CAAC,OAAO;wBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAG,CAAC,CAAC,OAAkB,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;gBACxF,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC5E,IAAI,KAAK;gBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,UAAU,CAAC,OAAe;IACjC,MAAM,IAAI,GAAwC,EAAE,CAAC;IACrD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QAChD,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAW;IACnD,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,sBAAsB;IACtB,KAAK,MAAM,QAAQ,IAAI,CAAC,mBAAmB,EAAE,WAAW,EAAE,gBAAgB,CAAC,EAAE,CAAC;QAC5E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;YAClE,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAEtB,qCAAqC;YACrC,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;gBACrC,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;gBACnC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC;gBAEzB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;wBAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;4BACnG,eAAe,CAAC,IAAI,CAAC;gCACnB,IAAI,EAAE,GAAG,CAAC,IAAI;gCACd,OAAO,EAAE,GAAG,CAAC,OAAO;gCACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;gCAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gCACtB,IAAI,EAAE,QAAQ;gCACd,SAAS,EAAE,KAAK;gCAChB,cAAc,EAAE,iBAAiB,OAAO,CAAC,OAAO,EAAE;6BACnD,CAAC,CAAC;4BACH,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM;gCAAE,aAAa,EAAE,CAAC;wBACnD,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC;YACxE,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC/B,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YACnC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC;YACzB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;oBAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;wBACnG,eAAe,CAAC,IAAI,CAAC;4BACnB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,OAAO,EAAE,GAAG,CAAC,OAAO;4BACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,IAAI,EAAE,cAAc;4BACpB,SAAS,EAAE,KAAK;4BAChB,cAAc,EAAE,iBAAiB,OAAO,CAAC,OAAO,EAAE;yBACnD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,EAAE,OAAO,CAAC,CAAC;QACtE,SAAS,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC7B,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACxB,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QACrC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC;QACzB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;gBAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;oBACnG,eAAe,CAAC,IAAI,CAAC;wBACnB,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,GAAG,CAAC,OAAO;wBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;wBACtB,IAAI,EAAE,YAAY;wBAClB,SAAS,EAAE,OAAO;wBAClB,cAAc,EAAE,iBAAiB,OAAO,CAAC,OAAO,EAAE;qBACnD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,UAAU;IACZ,CAAC;IAED,mBAAmB;IACnB,KAAK,MAAM,MAAM,IAAI,CAAC,cAAc,EAAE,kBAAkB,EAAE,sBAAsB,CAAC,EAAE,CAAC;QAClF,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC;YAChE,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC;YACzB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;oBAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;wBACnG,eAAe,CAAC,IAAI,CAAC;4BACnB,IAAI,EAAE,GAAG,CAAC,IAAI;4BACd,OAAO,EAAE,GAAG,CAAC,OAAO;4BACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ;4BAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,IAAI,EAAE,MAAM;4BACZ,SAAS,EAAE,KAAK;4BAChB,cAAc,EAAE,iBAAiB,OAAO,CAAC,OAAO,EAAE;yBACnD,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IAED,cAAc;IACd,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;QAClE,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACrB,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QACjC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,UAAU;IACZ,CAAC;IAED,mBAAmB;IACnB,MAAM,aAAa,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACnG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEtF,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACrE,KAAK,MAAM,CAAC,IAAI,eAAe;QAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;IAEvD,OAAO;QACL,eAAe;QACf,SAAS;QACT,aAAa;QACb,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;QAClC,SAAS;QACT,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/analyzers/docs.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Documentation extraction from source code.
+ * Parses JSDoc, Python docstrings, Rustdoc, Javadoc, Go doc comments.
+ * Links documentation to symbols for "show docs for X" queries.
+ */
+export interface DocEntry {
+    symbol: string;
+    /** The type of symbol: function, class, method, etc. */
+    symbolType: string;
+    file: string;
+    line: number;
+    doc: string;
+    params?: {
+        name: string;
+        type?: string;
+        description: string;
+    }[];
+    returns?: {
+        type?: string;
+        description: string;
+    };
+    examples?: string[];
+    tags?: {
+        tag: string;
+        value: string;
+    }[];
+    deprecated?: boolean;
+}
+/**
+ * Extract all documentation from a file.
+ * @param filePath - Path to the source file
+ * @param language - Programming language of the file
+ * @returns Array of documentation entries found in the file
+ */
+export declare function extractDocs(filePath: string, language: string): Promise<DocEntry[]>;
+/**
+ * Find undocumented public symbols in a file.
+ * @param filePath - Path to the source file
+ * @param language - Programming language of the file
+ * @returns Array of undocumented symbols with line numbers
+ */
+export declare function findUndocumented(filePath: string, language: string): Promise<{
+    symbol: string;
+    line: number;
+    type: string;
+}[]>;
+//# sourceMappingURL=docs.d.ts.map

package/dist/analyzers/docs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"docs.d.ts","sourceRoot":"","sources":["../../src/analyzers/docs.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,wDAAwD;IACxD,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAChE,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IACjD,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,IAAI,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACxC,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC,CA0BzF;AAibD;;;;;GAKG;AACH,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,EAAE,CAAC,CA4B3D"}