codesift-mcp 0.3.0 → 0.5.0

package/dist/tools/django-settings.js

@@ -0,0 +1,301 @@
+/**
+ * analyze_django_settings — Django settings.py security and config audit.
+ *
+ * Scans Django settings modules for 15 known anti-patterns spanning security,
+ * configuration, and deployment readiness. Uses the symbol index to locate
+ * settings files (typically settings.py or settings/<env>.py).
+ */
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { getCodeIndex } from "./index-tools.js";
+const CHECKS = [
+    {
+        rule: "debug-enabled",
+        severity: "critical",
+        message: "DEBUG = True exposes stack traces and sensitive data in production",
+        fix: "Set DEBUG = False in production. Use environment variable: DEBUG = os.environ.get('DEBUG', '').lower() == 'true'",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/^\s*DEBUG\s*=\s*True\b/.test(l))
+                    hits.push({ line: i + 1, match: l.trim() });
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "empty-allowed-hosts",
+        severity: "critical",
+        message: "ALLOWED_HOSTS = [] or missing — Django refuses to start in production",
+        fix: "Set ALLOWED_HOSTS = ['yourdomain.com', 'www.yourdomain.com'] or use env var",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/^\s*ALLOWED_HOSTS\s*=\s*\[\s*\]/.test(l)) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "hardcoded-secret-key",
+        severity: "critical",
+        message: "SECRET_KEY is hardcoded — should come from environment variable",
+        fix: "SECRET_KEY = os.environ['DJANGO_SECRET_KEY']",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                // Match SECRET_KEY = "literal-string" but not os.environ[...] or get_random_secret_key()
+                if (/^\s*SECRET_KEY\s*=\s*["'][^"']+["']/.test(l) && !l.includes("environ") && !l.includes("getenv")) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "weak-secret-key",
+        severity: "high",
+        message: "SECRET_KEY contains known weak value (default/insecure/changeme)",
+        fix: "Generate a new key: python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'",
+        detect: (_source, lines) => {
+            const hits = [];
+            const weak = /SECRET_KEY\s*=\s*["'].*(django-insecure|changeme|secret|default|todo|xxx)/i;
+            lines.forEach((l, i) => {
+                if (weak.test(l))
+                    hits.push({ line: i + 1, match: l.trim() });
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "missing-csrf-middleware",
+        severity: "high",
+        message: "CsrfViewMiddleware not in MIDDLEWARE — CSRF protection disabled",
+        fix: "Add 'django.middleware.csrf.CsrfViewMiddleware' to MIDDLEWARE",
+        detect: (source) => {
+            const mwMatch = source.match(/MIDDLEWARE\s*=\s*\[([\s\S]*?)\]/);
+            if (!mwMatch)
+                return [];
+            if (!mwMatch[1].includes("CsrfViewMiddleware")) {
+                return [{ line: 1, match: "MIDDLEWARE without CsrfViewMiddleware" }];
+            }
+            return [];
+        },
+    },
+    {
+        rule: "missing-security-middleware",
+        severity: "high",
+        message: "SecurityMiddleware not in MIDDLEWARE — missing HTTPS/HSTS/XFO headers",
+        fix: "Add 'django.middleware.security.SecurityMiddleware' as first entry in MIDDLEWARE",
+        detect: (source) => {
+            const mwMatch = source.match(/MIDDLEWARE\s*=\s*\[([\s\S]*?)\]/);
+            if (!mwMatch)
+                return [];
+            if (!mwMatch[1].includes("SecurityMiddleware")) {
+                return [{ line: 1, match: "MIDDLEWARE without SecurityMiddleware" }];
+            }
+            return [];
+        },
+    },
+    {
+        rule: "insecure-cookie",
+        severity: "high",
+        message: "SESSION_COOKIE_SECURE or CSRF_COOKIE_SECURE not set to True — cookies sent over HTTP",
+        fix: "SESSION_COOKIE_SECURE = True; CSRF_COOKIE_SECURE = True (for HTTPS deployments)",
+        detect: (source) => {
+            const hits = [];
+            if (!/SESSION_COOKIE_SECURE\s*=\s*True/.test(source)) {
+                hits.push({ line: 1, match: "SESSION_COOKIE_SECURE not set to True" });
+            }
+            if (!/CSRF_COOKIE_SECURE\s*=\s*True/.test(source)) {
+                hits.push({ line: 1, match: "CSRF_COOKIE_SECURE not set to True" });
+            }
+            return hits;
+        },
+    },
+    {
+        rule: "missing-hsts",
+        severity: "medium",
+        message: "SECURE_HSTS_SECONDS not set — HSTS header missing",
+        fix: "SECURE_HSTS_SECONDS = 31536000  # 1 year",
+        detect: (source) => {
+            if (!/SECURE_HSTS_SECONDS\s*=/.test(source)) {
+                return [{ line: 1, match: "SECURE_HSTS_SECONDS missing" }];
+            }
+            return [];
+        },
+    },
+    {
+        rule: "xframe-missing",
+        severity: "medium",
+        message: "X_FRAME_OPTIONS not set — vulnerable to clickjacking",
+        fix: "X_FRAME_OPTIONS = 'DENY' (or 'SAMEORIGIN' if iframes within your site)",
+        detect: (source) => {
+            if (!/X_FRAME_OPTIONS\s*=/.test(source)) {
+                return [{ line: 1, match: "X_FRAME_OPTIONS missing" }];
+            }
+            return [];
+        },
+    },
+    {
+        rule: "sqlite-in-prod",
+        severity: "medium",
+        message: "DATABASES uses SQLite — not suitable for production with multiple workers",
+        fix: "Use PostgreSQL or MySQL for production. sqlite3 is fine for dev/testing only.",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/ENGINE.*django\.db\.backends\.sqlite3/.test(l)) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "default-db-password",
+        severity: "critical",
+        message: "Database password is hardcoded literal",
+        fix: "Use os.environ['DB_PASSWORD'] instead of a string literal",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/['"]PASSWORD['"]\s*:\s*["'][^"']{1,100}["']/.test(l)
+                    && !l.includes("environ")
+                    && !l.includes("getenv")) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "wildcard-allowed-hosts",
+        severity: "high",
+        message: "ALLOWED_HOSTS = ['*'] accepts any Host header — Host header injection risk",
+        fix: "Specify actual hostnames: ALLOWED_HOSTS = ['example.com', 'www.example.com']",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/ALLOWED_HOSTS\s*=\s*\[\s*['"]\*['"]\s*\]/.test(l)) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "cors-wildcard",
+        severity: "high",
+        message: "CORS_ALLOW_ALL_ORIGINS = True — allows any origin to make requests",
+        fix: "Set CORS_ALLOWED_ORIGINS = ['https://yourdomain.com'] explicitly",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/CORS_ALLOW_ALL_ORIGINS\s*=\s*True/.test(l)) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "email-backend-console",
+        severity: "low",
+        message: "EMAIL_BACKEND is console — emails printed to stdout, not sent",
+        fix: "In production: EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' and configure SMTP settings",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/EMAIL_BACKEND\s*=\s*['"]django\.core\.mail\.backends\.console/.test(l)) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+    {
+        rule: "logging-disabled",
+        severity: "medium",
+        message: "LOGGING_CONFIG = None disables Django's logging configuration",
+        fix: "Remove the LOGGING_CONFIG = None override or configure logging manually",
+        detect: (_source, lines) => {
+            const hits = [];
+            lines.forEach((l, i) => {
+                if (/^\s*LOGGING_CONFIG\s*=\s*None/.test(l)) {
+                    hits.push({ line: i + 1, match: l.trim() });
+                }
+            });
+            return hits;
+        },
+    },
+];
+/**
+ * Analyze Django settings files for security and configuration anti-patterns.
+ */
+export async function analyzeDjangoSettings(repo, options) {
+    const index = await getCodeIndex(repo);
+    if (!index)
+        throw new Error(`Repository "${repo}" not found.`);
+    // Locate settings files
+    let settingsFiles;
+    if (options?.settings_file) {
+        settingsFiles = [options.settings_file];
+    }
+    else {
+        settingsFiles = index.files
+            .filter((f) => {
+            if (!f.path.endsWith(".py"))
+                return false;
+            // Common patterns: settings.py, settings/*.py, config/settings.py, my_app/settings/base.py
+            return /\/settings\.py$|\/settings\/[\w_]+\.py$/.test(f.path);
+        })
+            .map((f) => f.path);
+    }
+    if (settingsFiles.length === 0) {
+        return {
+            files_scanned: [],
+            findings: [],
+            total: 0,
+            by_severity: {},
+        };
+    }
+    const findings = [];
+    for (const filePath of settingsFiles) {
+        let source;
+        try {
+            source = await readFile(join(index.root, filePath), "utf-8");
+        }
+        catch {
+            continue;
+        }
+        const lines = source.split("\n");
+        for (const check of CHECKS) {
+            const hits = check.detect(source, lines);
+            for (const hit of hits) {
+                findings.push({
+                    rule: check.rule,
+                    severity: check.severity,
+                    message: check.message,
+                    file: filePath,
+                    line: hit.line,
+                    match: hit.match,
+                    fix: check.fix,
+                });
+            }
+        }
+    }
+    const by_severity = {};
+    for (const f of findings) {
+        by_severity[f.severity] = (by_severity[f.severity] ?? 0) + 1;
+    }
+    return {
+        files_scanned: settingsFiles,
+        findings,
+        total: findings.length,
+        by_severity,
+    };
+}
+//# sourceMappingURL=django-settings.js.map

package/dist/tools/django-settings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"django-settings.js","sourceRoot":"","sources":["../../src/tools/django-settings.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AA4BhD,MAAM,MAAM,GAAoB;IAC9B;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,oEAAoE;QAC7E,GAAG,EAAE,kHAAkH;QACvH,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC;oBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACpF,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,uEAAuE;QAChF,GAAG,EAAE,6EAA6E;QAClF,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,iCAAiC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9C,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,iEAAiE;QAC1E,GAAG,EAAE,8CAA8C;QACnD,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,yFAAyF;gBACzF,IAAI,qCAAqC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrG,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,kEAAkE;QAC3E,GAAG,EAAE,gIAAgI;QACrI,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,4EAA4E,CAAC;YAC1F,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;oBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,iEAAiE;QAC1E,GAAG,EAAE,+DAA+D;QACpE,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YACjB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAChE,IAAI,CAAC,OAAO;gBAAE,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAChD,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;KACF;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,uEAAuE;QAChF,GAAG,EAAE,kFAAkF;QACvF,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YACjB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAChE,IAAI,CAAC,OAAO;gBAAE,OAAO,EAAE,CAAC;YACxB,IAAI,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBAChD,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;YACvE,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,sFAAsF;QAC/F,GAAG,EAAE,iFAAiF;QACtF,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YACjB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,IAAI,CAAC,kCAAkC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;YACzE,CAAC;YACD,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;YACtE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,mDAAmD;QAC5D,GAAG,EAAE,0CAA0C;QAC/C,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YACjB,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;KACF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,sDAAsD;QAC/D,GAAG,EAAE,wEAAwE;QAC7E,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;YACjB,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;KACF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,2EAA2E;QACpF,GAAG,EAAE,+EAA+E;QACpF,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,uCAAuC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,UAAU;QACpB,OAAO,EAAE,wCAAwC;QACjD,GAAG,EAAE,2DAA2D;QAChE,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,6CAA6C,CAAC,IAAI,CAAC,CAAC,CAAC;uBACpD,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;uBACtB,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3B,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,4EAA4E;QACrF,GAAG,EAAE,8EAA8E;QACnF,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,0CAA0C,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBACvD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,eAAe;QACrB,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,oEAAoE;QAC7E,GAAG,EAAE,kEAAkE;QACvE,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,mCAAmC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAChD,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,+DAA+D;QACxE,GAAG,EAAE,0GAA0G;QAC/G,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,+DAA+D,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5E,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,+DAA+D;QACxE,GAAG,EAAE,yEAAyE;QAC9E,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,IAAI,GAA2C,EAAE,CAAC;YACxD,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;gBACrB,IAAI,+BAA+B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5C,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;KACF;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAAY,EACZ,OAEC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,cAAc,CAAC,CAAC;IAE/D,wBAAwB;IACxB,IAAI,aAAuB,CAAC;IAC5B,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;QAC3B,aAAa,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,aAAa,GAAG,KAAK,CAAC,KAAK;aACxB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACZ,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1C,2FAA2F;YAC3F,OAAO,yCAAyC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC;aACD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAED,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,aAAa,EAAE,EAAE;YACjB,QAAQ,EAAE,EAAE;YACZ,KAAK,EAAE,CAAC;YACR,WAAW,EAAE,EAAE;SAChB,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACzC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,KAAK,EAAE,GAAG,CAAC,KAAK;oBAChB,GAAG,EAAE,KAAK,CAAC,GAAG;iBACf,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,WAAW,GAA2B,EAAE,CAAC;IAC/C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO;QACL,aAAa,EAAE,aAAa;QAC5B,QAAQ;QACR,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,WAAW;KACZ,CAAC;AACJ,CAAC"}

package/dist/tools/django-view-security-tools.d.ts

@@ -0,0 +1,32 @@
+import type { CodeSymbol } from "../types.js";
+export interface DjangoViewSecurityAssessment {
+    symbol_name: string;
+    symbol_kind: CodeSymbol["kind"];
+    file: string;
+    line: number;
+    route_path?: string;
+    view_type: "function" | "class" | "method";
+    decorators: string[];
+    mixins: string[];
+    auth_guards: string[];
+    csrf_exempt: boolean;
+    effective_auth_required: boolean;
+    csrf_protected: boolean;
+    authentication_middleware: boolean;
+    session_middleware: boolean;
+    security_middleware: boolean;
+    notes: string[];
+    confidence: "high" | "medium" | "low";
+}
+export interface DjangoViewSecurityResult {
+    assessments: DjangoViewSecurityAssessment[];
+    settings_files: string[];
+    middleware: string[];
+}
+export declare function effectiveDjangoViewSecurity(repo: string, options: {
+    path?: string;
+    symbol_name?: string;
+    file_pattern?: string;
+    settings_file?: string;
+}): Promise<DjangoViewSecurityResult>;
+//# sourceMappingURL=django-view-security-tools.d.ts.map

package/dist/tools/django-view-security-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"django-view-security-tools.d.ts","sourceRoot":"","sources":["../../src/tools/django-view-security-tools.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAa,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzD,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,UAAU,GAAG,OAAO,GAAG,QAAQ,CAAC;IAC3C,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,uBAAuB,EAAE,OAAO,CAAC;IACjC,cAAc,EAAE,OAAO,CAAC;IACxB,yBAAyB,EAAE,OAAO,CAAC;IACnC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC5C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AA8KD,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE;IACP,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GACA,OAAO,CAAC,wBAAwB,CAAC,CA+BnC"}

package/dist/tools/django-view-security-tools.js

@@ -0,0 +1,184 @@
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { getCodeIndex } from "./index-tools.js";
+import { traceRoute } from "./route-tools.js";
+const AUTH_DECORATORS = [
+    "login_required",
+    "permission_required",
+    "user_passes_test",
+    "staff_member_required",
+    "superuser_required",
+];
+const AUTH_MIXINS = [
+    "LoginRequiredMixin",
+    "PermissionRequiredMixin",
+    "UserPassesTestMixin",
+    "AccessMixin",
+];
+function hasDecorator(decorators, name) {
+    return decorators.some((decorator) => {
+        const normalized = decorator.trim().replace(/^@/, "");
+        return normalized === name || normalized.startsWith(`${name}(`);
+    });
+}
+function collectAuthGuards(decorators, mixins) {
+    const guards = new Set();
+    for (const decorator of AUTH_DECORATORS) {
+        if (hasDecorator(decorators, decorator))
+            guards.add(decorator);
+    }
+    for (const mixin of AUTH_MIXINS) {
+        if (mixins.includes(mixin))
+            guards.add(mixin);
+    }
+    return [...guards];
+}
+function getSettingsFiles(index, explicitSettingsFile) {
+    if (explicitSettingsFile)
+        return [explicitSettingsFile];
+    return index.files
+        .filter((file) => file.path.endsWith(".py"))
+        .filter((file) => /\/settings\.py$|\/settings\/[\w_]+\.py$/.test(file.path))
+        .map((file) => file.path);
+}
+async function collectMiddleware(index, settingsFiles) {
+    const middlewares = new Set();
+    for (const filePath of settingsFiles) {
+        let source;
+        try {
+            source = await readFile(join(index.root, filePath), "utf-8");
+        }
+        catch {
+            continue;
+        }
+        const match = source.match(/MIDDLEWARE\s*=\s*\[([\s\S]*?)\]/);
+        if (!match?.[1])
+            continue;
+        const entries = match[1]
+            .split(",")
+            .map((value) => value.trim().replace(/['"]/g, ""))
+            .filter((value) => value.length > 0);
+        for (const entry of entries) {
+            middlewares.add(entry);
+        }
+    }
+    return [...middlewares];
+}
+function classifyViewType(symbol) {
+    if (symbol.kind === "class")
+        return "class";
+    if (symbol.kind === "method")
+        return "method";
+    return "function";
+}
+function buildNotes(authGuards, csrfExempt, middleware) {
+    const notes = [];
+    const authMiddleware = middleware.some((entry) => entry.endsWith("AuthenticationMiddleware"));
+    const csrfMiddleware = middleware.some((entry) => entry.endsWith("CsrfViewMiddleware"));
+    if (authGuards.length === 0) {
+        if (authMiddleware) {
+            notes.push("No auth decorator or mixin detected; AuthenticationMiddleware alone does not restrict access.");
+        }
+        else {
+            notes.push("No auth decorator or mixin detected, and AuthenticationMiddleware was not found in settings.");
+        }
+    }
+    if (csrfExempt) {
+        notes.push("View is explicitly marked csrf_exempt.");
+    }
+    else if (!csrfMiddleware) {
+        notes.push("CsrfViewMiddleware was not found in settings, so CSRF protection may be absent globally.");
+    }
+    return notes;
+}
+function buildAssessment(symbol, parentSymbol, middleware, routePath) {
+    const decorators = [...(parentSymbol?.decorators ?? []), ...(symbol.decorators ?? [])];
+    const mixins = symbol.kind === "class"
+        ? [...(symbol.extends ?? [])]
+        : [...(parentSymbol?.extends ?? [])];
+    const authGuards = collectAuthGuards(decorators, mixins);
+    const csrfExempt = hasDecorator(decorators, "csrf_exempt");
+    const authenticationMiddleware = middleware.some((entry) => entry.endsWith("AuthenticationMiddleware"));
+    const sessionMiddleware = middleware.some((entry) => entry.endsWith("SessionMiddleware"));
+    const securityMiddleware = middleware.some((entry) => entry.endsWith("SecurityMiddleware"));
+    const csrfProtected = !csrfExempt && middleware.some((entry) => entry.endsWith("CsrfViewMiddleware"));
+    const notes = buildNotes(authGuards, csrfExempt, middleware);
+    const assessment = {
+        symbol_name: symbol.name,
+        symbol_kind: symbol.kind,
+        file: symbol.file,
+        line: symbol.start_line,
+        view_type: classifyViewType(symbol),
+        decorators,
+        mixins,
+        auth_guards: authGuards,
+        csrf_exempt: csrfExempt,
+        effective_auth_required: authGuards.length > 0,
+        csrf_protected: csrfProtected,
+        authentication_middleware: authenticationMiddleware,
+        session_middleware: sessionMiddleware,
+        security_middleware: securityMiddleware,
+        notes,
+        confidence: parentSymbol || routePath ? "high" : "medium",
+    };
+    if (routePath !== undefined) {
+        assessment.route_path = routePath;
+    }
+    return assessment;
+}
+function dedupeAssessments(assessments) {
+    const seen = new Set();
+    const result = [];
+    for (const assessment of assessments) {
+        const key = `${assessment.file}:${assessment.line}:${assessment.symbol_name}`;
+        if (seen.has(key))
+            continue;
+        seen.add(key);
+        result.push(assessment);
+    }
+    return result;
+}
+function findParentSymbol(index, symbol) {
+    if (!symbol.parent)
+        return undefined;
+    return index.symbols.find((candidate) => candidate.id === symbol.parent);
+}
+async function resolveSymbolsFromPath(index, path) {
+    const trace = await traceRoute(index.repo, path);
+    if (!trace || typeof trace !== "object" || !("handlers" in trace))
+        return [];
+    const handlers = trace.handlers;
+    return handlers
+        .filter((handler) => handler.framework === "django")
+        .map((handler) => index.symbols.find((symbol) => symbol.file === handler.symbol.file &&
+        symbol.name === handler.symbol.name &&
+        symbol.start_line === handler.symbol.start_line))
+        .filter((symbol) => symbol !== undefined);
+}
+export async function effectiveDjangoViewSecurity(repo, options) {
+    const index = await getCodeIndex(repo);
+    if (!index)
+        throw new Error(`Repository "${repo}" not found.`);
+    if (!options.path && !options.symbol_name) {
+        throw new Error("Provide either path or symbol_name.");
+    }
+    const settingsFiles = getSettingsFiles(index, options.settings_file);
+    const middleware = await collectMiddleware(index, settingsFiles);
+    let symbols = [];
+    if (options.path) {
+        symbols = await resolveSymbolsFromPath(index, options.path);
+    }
+    else if (options.symbol_name) {
+        symbols = index.symbols.filter((symbol) => symbol.file.endsWith(".py")
+            && symbol.name === options.symbol_name
+            && (symbol.kind === "function" || symbol.kind === "class" || symbol.kind === "method")
+            && (!options.file_pattern || symbol.file.includes(options.file_pattern)));
+    }
+    const assessments = dedupeAssessments(symbols.map((symbol) => buildAssessment(symbol, findParentSymbol(index, symbol), middleware, options.path)));
+    return {
+        assessments,
+        settings_files: settingsFiles,
+        middleware,
+    };
+}
+//# sourceMappingURL=django-view-security-tools.js.map

package/dist/tools/django-view-security-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"django-view-security-tools.js","sourceRoot":"","sources":["../../src/tools/django-view-security-tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AA4B9C,MAAM,eAAe,GAAG;IACtB,gBAAgB;IAChB,qBAAqB;IACrB,kBAAkB;IAClB,uBAAuB;IACvB,oBAAoB;CACrB,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB,oBAAoB;IACpB,yBAAyB;IACzB,qBAAqB;IACrB,aAAa;CACd,CAAC;AAEF,SAAS,YAAY,CAAC,UAAoB,EAAE,IAAY;IACtD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QACnC,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACtD,OAAO,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,UAAoB,EAAE,MAAgB;IAC/D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,KAAK,MAAM,SAAS,IAAI,eAAe,EAAE,CAAC;QACxC,IAAI,YAAY,CAAC,UAAU,EAAE,SAAS,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAgB,EAAE,oBAA6B;IACvE,IAAI,oBAAoB;QAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK;SACf,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;SAC3C,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SAC3E,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,KAAgB,EAAE,aAAuB;IACxE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAAE,SAAS;QAE1B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC;aACrB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;aACjD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,WAAW,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAkB;IAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9C,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,UAAU,CACjB,UAAoB,EACpB,UAAmB,EACnB,UAAoB;IAEpB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC,CAAC;IAC9F,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAExF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,+FAA+F,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,8FAA8F,CAAC,CAAC;QAC7G,CAAC;IACH,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAC;IACzG,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CACtB,MAAkB,EAClB,YAAoC,EACpC,UAAoB,EACpB,SAAkB;IAElB,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC;IACvF,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,KAAK,OAAO;QACpC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IACvC,MAAM,UAAU,GAAG,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAC3D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC,CAAC;IACxG,MAAM,iBAAiB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC1F,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAC5F,MAAM,aAAa,GAAG,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACtG,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAiC;QAC/C,WAAW,EAAE,MAAM,CAAC,IAAI;QACxB,WAAW,EAAE,MAAM,CAAC,IAAI;QACxB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI,EAAE,MAAM,CAAC,UAAU;QACvB,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;QACnC,UAAU;QACV,MAAM;QACN,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,UAAU;QACvB,uBAAuB,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;QAC9C,cAAc,EAAE,aAAa;QAC7B,yBAAyB,EAAE,wBAAwB;QACnD,kBAAkB,EAAE,iBAAiB;QACrC,mBAAmB,EAAE,kBAAkB;QACvC,KAAK;QACL,UAAU,EAAE,YAAY,IAAI,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;KAC1D,CAAC;IACF,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,UAAU,CAAC,UAAU,GAAG,SAAS,CAAC;IACpC,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAA2C;IACpE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAmC,EAAE,CAAC;IAClD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC;QAC9E,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAgB,EAAE,MAAkB;IAC5D,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;AAC3E,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,KAAgB,EAAE,IAAY;IAClE,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE7E,MAAM,QAAQ,GAAI,KAAiH,CAAC,QAAQ,CAAC;IAC7I,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC;SACnD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAClC,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,IAAI;QACnC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,IAAI;QACnC,MAAM,CAAC,UAAU,KAAK,OAAO,CAAC,MAAM,CAAC,UAAU,CAClD,CAAC;SACD,MAAM,CAAC,CAAC,MAAM,EAAwB,EAAE,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,IAAY,EACZ,OAKC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,cAAc,CAAC,CAAC;IAC/D,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IAEjE,IAAI,OAAO,GAAiB,EAAE,CAAC;IAC/B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,GAAG,MAAM,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,CAAC;SAAM,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CACxC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;eACxB,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW;eACnC,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC;eACnF,CAAC,CAAC,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC3D,eAAe,CAAC,MAAM,EAAE,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CACnF,CAAC,CAAC;IAEH,OAAO;QACL,WAAW;QACX,cAAc,EAAE,aAAa;QAC7B,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/tools/fastapi-depends.d.ts

@@ -0,0 +1,63 @@
+export interface DependsCallSite {
+    /** Name of the dependency function (e.g. "get_db") */
+    name: string;
+    /** Raw Depends() expression, e.g. "Depends(get_db)" or "Security(oauth2_scheme, scopes=['admin'])" */
+    expression: string;
+    /** Whether this is a Security() call (auth dependency) */
+    is_security: boolean;
+    /** Security scopes if present */
+    scopes: string[];
+}
+export interface DependsNode {
+    /** Dependency function name */
+    name: string;
+    /** File where the dependency is defined, if resolvable */
+    file?: string;
+    /** Line where the dependency is defined */
+    line?: number;
+    /** Sub-dependencies this dep itself uses */
+    depends_on: DependsNode[];
+    /** Is this a yield-based dependency (FastAPI cleanup pattern)? */
+    is_yield: boolean;
+    /** Is this a Security() dep? */
+    is_security: boolean;
+    /** Security scopes if present */
+    scopes: string[];
+    /** Depth in the tree (0 = directly attached to endpoint) */
+    depth: number;
+}
+export interface FastAPIEndpointDeps {
+    /** Endpoint function symbol name */
+    endpoint: string;
+    /** File path */
+    file: string;
+    /** Line */
+    line: number;
+    /** HTTP method and path, e.g. "GET /users/{id}" */
+    route?: string;
+    /** Full dependency tree rooted at this endpoint */
+    depends: DependsNode[];
+    /** All unique dep names used (flattened) */
+    all_deps: string[];
+    /** Are any Security() deps in the chain? */
+    has_auth: boolean;
+}
+export interface FastAPIDependsResult {
+    endpoints: FastAPIEndpointDeps[];
+    total_endpoints: number;
+    total_unique_deps: number;
+    endpoints_without_auth: string[];
+    shared_deps: Array<{
+        name: string;
+        used_by: number;
+    }>;
+}
+/**
+ * Trace FastAPI Depends() chains for all endpoints in the repository.
+ */
+export declare function traceFastAPIDepends(repo: string, options?: {
+    file_pattern?: string;
+    endpoint?: string;
+    max_depth?: number;
+}): Promise<FastAPIDependsResult>;
+//# sourceMappingURL=fastapi-depends.d.ts.map

package/dist/tools/fastapi-depends.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fastapi-depends.d.ts","sourceRoot":"","sources":["../../src/tools/fastapi-depends.ts"],"names":[],"mappings":"AAmBA,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,IAAI,EAAE,MAAM,CAAC;IACb,sGAAsG;IACtG,UAAU,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,WAAW,EAAE,OAAO,CAAC;IACrB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,UAAU,EAAE,WAAW,EAAE,CAAC;IAC1B,kEAAkE;IAClE,QAAQ,EAAE,OAAO,CAAC;IAClB,gCAAgC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,4DAA4D;IAC5D,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW;IACX,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mDAAmD;IACnD,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,4CAA4C;IAC5C,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,mBAAmB,EAAE,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,WAAW,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACvD;AAWD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;IACR,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,OAAO,CAAC,oBAAoB,CAAC,CA6F/B"}