npm - codesift-mcp - Versions diffs - 0.3.0 → 0.5.0 - Mend

codesift-mcp 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (543) hide show

package/README.md +215 -23
package/dist/cache/hono-cache.d.ts +50 -0
package/dist/cache/hono-cache.d.ts.map +1 -0
package/dist/cache/hono-cache.js +132 -0
package/dist/cache/hono-cache.js.map +1 -0
package/dist/cli/help.d.ts.map +1 -1
package/dist/cli/help.js +8 -6
package/dist/cli/help.js.map +1 -1
package/dist/cli/platform.d.ts.map +1 -1
package/dist/cli/platform.js +12 -14
package/dist/cli/platform.js.map +1 -1
package/dist/cli/setup.d.ts +1 -1
package/dist/cli/setup.d.ts.map +1 -1
package/dist/cli/setup.js +27 -3
package/dist/cli/setup.js.map +1 -1
package/dist/formatters-shortening.d.ts +13 -0
package/dist/formatters-shortening.d.ts.map +1 -1
package/dist/formatters-shortening.js +131 -0
package/dist/formatters-shortening.js.map +1 -1
package/dist/formatters.d.ts +38 -0
package/dist/formatters.d.ts.map +1 -1
package/dist/formatters.js +521 -0
package/dist/formatters.js.map +1 -1
package/dist/instructions.d.ts +1 -1
package/dist/instructions.d.ts.map +1 -1
package/dist/instructions.js +39 -38
package/dist/instructions.js.map +1 -1
package/dist/lsp/lsp-servers.d.ts.map +1 -1
package/dist/lsp/lsp-servers.js +5 -0
package/dist/lsp/lsp-servers.js.map +1 -1
package/dist/lsp/lsp-tools.d.ts.map +1 -1
package/dist/lsp/lsp-tools.js +1 -0
package/dist/lsp/lsp-tools.js.map +1 -1
package/dist/parser/astro-template.d.ts +47 -0
package/dist/parser/astro-template.d.ts.map +1 -0
package/dist/parser/astro-template.js +171 -0
package/dist/parser/astro-template.js.map +1 -0
package/dist/parser/extractors/_shared.d.ts +4 -0
package/dist/parser/extractors/_shared.d.ts.map +1 -1
package/dist/parser/extractors/_shared.js +8 -0
package/dist/parser/extractors/_shared.js.map +1 -1
package/dist/parser/extractors/astro.d.ts +4 -5
package/dist/parser/extractors/astro.d.ts.map +1 -1
package/dist/parser/extractors/astro.js +102 -26
package/dist/parser/extractors/astro.js.map +1 -1
package/dist/parser/extractors/gradle-kts.d.ts +4 -0
package/dist/parser/extractors/gradle-kts.d.ts.map +1 -0
package/dist/parser/extractors/gradle-kts.js +246 -0
package/dist/parser/extractors/gradle-kts.js.map +1 -0
package/dist/parser/extractors/hono-inline-analyzer.d.ts +34 -0
package/dist/parser/extractors/hono-inline-analyzer.d.ts.map +1 -0
package/dist/parser/extractors/hono-inline-analyzer.js +465 -0
package/dist/parser/extractors/hono-inline-analyzer.js.map +1 -0
package/dist/parser/extractors/hono-model.d.ts +196 -0
package/dist/parser/extractors/hono-model.d.ts.map +1 -0
package/dist/parser/extractors/hono-model.js +10 -0
package/dist/parser/extractors/hono-model.js.map +1 -0
package/dist/parser/extractors/hono.d.ts +118 -0
package/dist/parser/extractors/hono.d.ts.map +1 -0
package/dist/parser/extractors/hono.js +1527 -0
package/dist/parser/extractors/hono.js.map +1 -0
package/dist/parser/extractors/kotlin.d.ts +4 -0
package/dist/parser/extractors/kotlin.d.ts.map +1 -0
package/dist/parser/extractors/kotlin.js +521 -0
package/dist/parser/extractors/kotlin.js.map +1 -0
package/dist/parser/extractors/php.d.ts +22 -0
package/dist/parser/extractors/php.d.ts.map +1 -0
package/dist/parser/extractors/php.js +334 -0
package/dist/parser/extractors/php.js.map +1 -0
package/dist/parser/extractors/python.d.ts.map +1 -1
package/dist/parser/extractors/python.js +234 -11
package/dist/parser/extractors/python.js.map +1 -1
package/dist/parser/extractors/sql.d.ts +33 -0
package/dist/parser/extractors/sql.d.ts.map +1 -0
package/dist/parser/extractors/sql.js +506 -0
package/dist/parser/extractors/sql.js.map +1 -0
package/dist/parser/extractors/typescript.d.ts.map +1 -1
package/dist/parser/extractors/typescript.js +209 -3
package/dist/parser/extractors/typescript.js.map +1 -1
package/dist/parser/languages/tree-sitter-javascript.wasm +0 -0
package/dist/parser/languages/tree-sitter-kotlin.wasm +0 -0
package/dist/parser/languages/tree-sitter-php.wasm +0 -0
package/dist/parser/languages/tree-sitter-php_only.wasm +0 -0
package/dist/parser/languages/tree-sitter-python.wasm +0 -0
package/dist/parser/parse-cache.d.ts +39 -0
package/dist/parser/parse-cache.d.ts.map +1 -0
package/dist/parser/parse-cache.js +87 -0
package/dist/parser/parse-cache.js.map +1 -0
package/dist/parser/parser-manager.d.ts +32 -0
package/dist/parser/parser-manager.d.ts.map +1 -1
package/dist/parser/parser-manager.js +93 -3
package/dist/parser/parser-manager.js.map +1 -1
package/dist/parser/symbol-extractor.d.ts.map +1 -1
package/dist/parser/symbol-extractor.js +16 -0
package/dist/parser/symbol-extractor.js.map +1 -1
package/dist/register-tools.d.ts +38 -2
package/dist/register-tools.d.ts.map +1 -1
package/dist/register-tools.js +2444 -195
package/dist/register-tools.js.map +1 -1
package/dist/search/reranker.js +1 -1
package/dist/search/reranker.js.map +1 -1
package/dist/search/tool-ranker.d.ts +90 -0
package/dist/search/tool-ranker.d.ts.map +1 -0
package/dist/search/tool-ranker.js +420 -0
package/dist/search/tool-ranker.js.map +1 -0
package/dist/server-helpers.d.ts.map +1 -1
package/dist/server-helpers.js +11 -0
package/dist/server-helpers.js.map +1 -1
package/dist/server.js +47 -14
package/dist/server.js.map +1 -1
package/dist/storage/index-store.d.ts +15 -1
package/dist/storage/index-store.d.ts.map +1 -1
package/dist/storage/index-store.js +27 -1
package/dist/storage/index-store.js.map +1 -1
package/dist/storage/session-state.d.ts +1 -1
package/dist/storage/session-state.d.ts.map +1 -1
package/dist/storage/session-state.js +6 -4
package/dist/storage/session-state.js.map +1 -1
package/dist/storage/usage-tracker.d.ts.map +1 -1
package/dist/storage/usage-tracker.js +4 -1
package/dist/storage/usage-tracker.js.map +1 -1
package/dist/tools/agent-config-tools.d.ts +24 -0
package/dist/tools/agent-config-tools.d.ts.map +1 -0
package/dist/tools/agent-config-tools.js +119 -0
package/dist/tools/agent-config-tools.js.map +1 -0
package/dist/tools/architecture-tools.d.ts +23 -0
package/dist/tools/architecture-tools.d.ts.map +1 -0
package/dist/tools/architecture-tools.js +140 -0
package/dist/tools/architecture-tools.js.map +1 -0
package/dist/tools/astro-actions.d.ts +54 -0
package/dist/tools/astro-actions.d.ts.map +1 -0
package/dist/tools/astro-actions.js +561 -0
package/dist/tools/astro-actions.js.map +1 -0
package/dist/tools/astro-audit.d.ts +87 -0
package/dist/tools/astro-audit.d.ts.map +1 -0
package/dist/tools/astro-audit.js +345 -0
package/dist/tools/astro-audit.js.map +1 -0
package/dist/tools/astro-config.d.ts +33 -0
package/dist/tools/astro-config.d.ts.map +1 -0
package/dist/tools/astro-config.js +260 -0
package/dist/tools/astro-config.js.map +1 -0
package/dist/tools/astro-content-collections.d.ts +44 -0
package/dist/tools/astro-content-collections.d.ts.map +1 -0
package/dist/tools/astro-content-collections.js +630 -0
package/dist/tools/astro-content-collections.js.map +1 -0
package/dist/tools/astro-islands.d.ts +63 -0
package/dist/tools/astro-islands.d.ts.map +1 -0
package/dist/tools/astro-islands.js +255 -0
package/dist/tools/astro-islands.js.map +1 -0
package/dist/tools/astro-migration.d.ts +31 -0
package/dist/tools/astro-migration.d.ts.map +1 -0
package/dist/tools/astro-migration.js +378 -0
package/dist/tools/astro-migration.js.map +1 -0
package/dist/tools/astro-routes.d.ts +49 -0
package/dist/tools/astro-routes.d.ts.map +1 -0
package/dist/tools/astro-routes.js +119 -0
package/dist/tools/astro-routes.js.map +1 -0
package/dist/tools/async-correctness.d.ts +26 -0
package/dist/tools/async-correctness.d.ts.map +1 -0
package/dist/tools/async-correctness.js +166 -0
package/dist/tools/async-correctness.js.map +1 -0
package/dist/tools/audit-tools.d.ts +38 -0
package/dist/tools/audit-tools.d.ts.map +1 -0
package/dist/tools/audit-tools.js +248 -0
package/dist/tools/audit-tools.js.map +1 -0
package/dist/tools/celery-tools.d.ts +38 -0
package/dist/tools/celery-tools.d.ts.map +1 -0
package/dist/tools/celery-tools.js +154 -0
package/dist/tools/celery-tools.js.map +1 -0
package/dist/tools/clone-tools.js +1 -1
package/dist/tools/clone-tools.js.map +1 -1
package/dist/tools/complexity-tools.d.ts +4 -0
package/dist/tools/complexity-tools.d.ts.map +1 -1
package/dist/tools/complexity-tools.js +78 -4
package/dist/tools/complexity-tools.js.map +1 -1
package/dist/tools/compose-tools.d.ts +60 -0
package/dist/tools/compose-tools.d.ts.map +1 -0
package/dist/tools/compose-tools.js +203 -0
package/dist/tools/compose-tools.js.map +1 -0
package/dist/tools/coupling-tools.d.ts +50 -0
package/dist/tools/coupling-tools.d.ts.map +1 -0
package/dist/tools/coupling-tools.js +262 -0
package/dist/tools/coupling-tools.js.map +1 -0
package/dist/tools/dependency-audit-tools.d.ts +65 -0
package/dist/tools/dependency-audit-tools.d.ts.map +1 -0
package/dist/tools/dependency-audit-tools.js +553 -0
package/dist/tools/dependency-audit-tools.js.map +1 -0
package/dist/tools/django-settings.d.ts +22 -0
package/dist/tools/django-settings.d.ts.map +1 -0
package/dist/tools/django-settings.js +301 -0
package/dist/tools/django-settings.js.map +1 -0
package/dist/tools/django-view-security-tools.d.ts +32 -0
package/dist/tools/django-view-security-tools.d.ts.map +1 -0
package/dist/tools/django-view-security-tools.js +184 -0
package/dist/tools/django-view-security-tools.js.map +1 -0
package/dist/tools/fastapi-depends.d.ts +63 -0
package/dist/tools/fastapi-depends.d.ts.map +1 -0
package/dist/tools/fastapi-depends.js +191 -0
package/dist/tools/fastapi-depends.js.map +1 -0
package/dist/tools/frequency-tools.js +1 -1
package/dist/tools/frequency-tools.js.map +1 -1
package/dist/tools/graph-tools.d.ts +8 -2
package/dist/tools/graph-tools.d.ts.map +1 -1
package/dist/tools/graph-tools.js +44 -3
package/dist/tools/graph-tools.js.map +1 -1
package/dist/tools/hilt-tools.d.ts +55 -0
package/dist/tools/hilt-tools.d.ts.map +1 -0
package/dist/tools/hilt-tools.js +258 -0
package/dist/tools/hilt-tools.js.map +1 -0
package/dist/tools/hono-analyze-app.d.ts +48 -0
package/dist/tools/hono-analyze-app.d.ts.map +1 -0
package/dist/tools/hono-analyze-app.js +94 -0
package/dist/tools/hono-analyze-app.js.map +1 -0
package/dist/tools/hono-api-contract.d.ts +22 -0
package/dist/tools/hono-api-contract.d.ts.map +1 -0
package/dist/tools/hono-api-contract.js +112 -0
package/dist/tools/hono-api-contract.js.map +1 -0
package/dist/tools/hono-conditional-middleware.d.ts +27 -0
package/dist/tools/hono-conditional-middleware.d.ts.map +1 -0
package/dist/tools/hono-conditional-middleware.js +62 -0
package/dist/tools/hono-conditional-middleware.js.map +1 -0
package/dist/tools/hono-context-flow.d.ts +24 -0
package/dist/tools/hono-context-flow.d.ts.map +1 -0
package/dist/tools/hono-context-flow.js +70 -0
package/dist/tools/hono-context-flow.js.map +1 -0
package/dist/tools/hono-dead-routes.d.ts +26 -0
package/dist/tools/hono-dead-routes.d.ts.map +1 -0
package/dist/tools/hono-dead-routes.js +102 -0
package/dist/tools/hono-dead-routes.js.map +1 -0
package/dist/tools/hono-entry-resolver.d.ts +27 -0
package/dist/tools/hono-entry-resolver.d.ts.map +1 -0
package/dist/tools/hono-entry-resolver.js +31 -0
package/dist/tools/hono-entry-resolver.js.map +1 -0
package/dist/tools/hono-env-regression.d.ts +29 -0
package/dist/tools/hono-env-regression.d.ts.map +1 -0
package/dist/tools/hono-env-regression.js +157 -0
package/dist/tools/hono-env-regression.js.map +1 -0
package/dist/tools/hono-inline-analyze.d.ts +31 -0
package/dist/tools/hono-inline-analyze.d.ts.map +1 -0
package/dist/tools/hono-inline-analyze.js +59 -0
package/dist/tools/hono-inline-analyze.js.map +1 -0
package/dist/tools/hono-middleware-chain.d.ts +40 -0
package/dist/tools/hono-middleware-chain.d.ts.map +1 -0
package/dist/tools/hono-middleware-chain.js +121 -0
package/dist/tools/hono-middleware-chain.js.map +1 -0
package/dist/tools/hono-modules.d.ts +22 -0
package/dist/tools/hono-modules.d.ts.map +1 -0
package/dist/tools/hono-modules.js +118 -0
package/dist/tools/hono-modules.js.map +1 -0
package/dist/tools/hono-response-types.d.ts +37 -0
package/dist/tools/hono-response-types.d.ts.map +1 -0
package/dist/tools/hono-response-types.js +76 -0
package/dist/tools/hono-response-types.js.map +1 -0
package/dist/tools/hono-rpc-types.d.ts +21 -0
package/dist/tools/hono-rpc-types.d.ts.map +1 -0
package/dist/tools/hono-rpc-types.js +49 -0
package/dist/tools/hono-rpc-types.js.map +1 -0
package/dist/tools/hono-security.d.ts +31 -0
package/dist/tools/hono-security.d.ts.map +1 -0
package/dist/tools/hono-security.js +269 -0
package/dist/tools/hono-security.js.map +1 -0
package/dist/tools/hono-visualize.d.ts +13 -0
package/dist/tools/hono-visualize.d.ts.map +1 -0
package/dist/tools/hono-visualize.js +64 -0
package/dist/tools/hono-visualize.js.map +1 -0
package/dist/tools/hotspot-tools.d.ts.map +1 -1
package/dist/tools/hotspot-tools.js +9 -7
package/dist/tools/hotspot-tools.js.map +1 -1
package/dist/tools/index-tools.d.ts +17 -0
package/dist/tools/index-tools.d.ts.map +1 -1
package/dist/tools/index-tools.js +210 -10
package/dist/tools/index-tools.js.map +1 -1
package/dist/tools/kotlin-tools.d.ts +142 -0
package/dist/tools/kotlin-tools.d.ts.map +1 -0
package/dist/tools/kotlin-tools.js +572 -0
package/dist/tools/kotlin-tools.js.map +1 -0
package/dist/tools/legacy-hono-conventions.d.ts +14 -0
package/dist/tools/legacy-hono-conventions.d.ts.map +1 -0
package/dist/tools/legacy-hono-conventions.js +152 -0
package/dist/tools/legacy-hono-conventions.js.map +1 -0
package/dist/tools/migration-lint-tools.d.ts +26 -0
package/dist/tools/migration-lint-tools.d.ts.map +1 -0
package/dist/tools/migration-lint-tools.js +247 -0
package/dist/tools/migration-lint-tools.js.map +1 -0
package/dist/tools/model-tools.d.ts +30 -0
package/dist/tools/model-tools.d.ts.map +1 -0
package/dist/tools/model-tools.js +145 -0
package/dist/tools/model-tools.js.map +1 -0
package/dist/tools/nest-ext-tools.d.ts +207 -0
package/dist/tools/nest-ext-tools.d.ts.map +1 -0
package/dist/tools/nest-ext-tools.js +752 -0
package/dist/tools/nest-ext-tools.js.map +1 -0
package/dist/tools/nest-tools.d.ts +198 -0
package/dist/tools/nest-tools.d.ts.map +1 -0
package/dist/tools/nest-tools.js +1142 -0
package/dist/tools/nest-tools.js.map +1 -0
package/dist/tools/nextjs-api-contract-readers.d.ts +14 -0
package/dist/tools/nextjs-api-contract-readers.d.ts.map +1 -0
package/dist/tools/nextjs-api-contract-readers.js +204 -0
package/dist/tools/nextjs-api-contract-readers.js.map +1 -0
package/dist/tools/nextjs-api-contract-tools.d.ts +57 -0
package/dist/tools/nextjs-api-contract-tools.d.ts.map +1 -0
package/dist/tools/nextjs-api-contract-tools.js +144 -0
package/dist/tools/nextjs-api-contract-tools.js.map +1 -0
package/dist/tools/nextjs-boundary-tools.d.ts +39 -0
package/dist/tools/nextjs-boundary-tools.d.ts.map +1 -0
package/dist/tools/nextjs-boundary-tools.js +152 -0
package/dist/tools/nextjs-boundary-tools.js.map +1 -0
package/dist/tools/nextjs-component-readers.d.ts +101 -0
package/dist/tools/nextjs-component-readers.d.ts.map +1 -0
package/dist/tools/nextjs-component-readers.js +287 -0
package/dist/tools/nextjs-component-readers.js.map +1 -0
package/dist/tools/nextjs-component-tools.d.ts +51 -0
package/dist/tools/nextjs-component-tools.d.ts.map +1 -0
package/dist/tools/nextjs-component-tools.js +212 -0
package/dist/tools/nextjs-component-tools.js.map +1 -0
package/dist/tools/nextjs-data-flow-tools.d.ts +42 -0
package/dist/tools/nextjs-data-flow-tools.d.ts.map +1 -0
package/dist/tools/nextjs-data-flow-tools.js +158 -0
package/dist/tools/nextjs-data-flow-tools.js.map +1 -0
package/dist/tools/nextjs-framework-audit-tools.d.ts +60 -0
package/dist/tools/nextjs-framework-audit-tools.d.ts.map +1 -0
package/dist/tools/nextjs-framework-audit-tools.js +394 -0
package/dist/tools/nextjs-framework-audit-tools.js.map +1 -0
package/dist/tools/nextjs-link-tools.d.ts +41 -0
package/dist/tools/nextjs-link-tools.d.ts.map +1 -0
package/dist/tools/nextjs-link-tools.js +157 -0
package/dist/tools/nextjs-link-tools.js.map +1 -0
package/dist/tools/nextjs-metadata-tools.d.ts +74 -0
package/dist/tools/nextjs-metadata-tools.d.ts.map +1 -0
package/dist/tools/nextjs-metadata-tools.js +252 -0
package/dist/tools/nextjs-metadata-tools.js.map +1 -0
package/dist/tools/nextjs-middleware-coverage-tools.d.ts +41 -0
package/dist/tools/nextjs-middleware-coverage-tools.d.ts.map +1 -0
package/dist/tools/nextjs-middleware-coverage-tools.js +88 -0
package/dist/tools/nextjs-middleware-coverage-tools.js.map +1 -0
package/dist/tools/nextjs-route-readers.d.ts +81 -0
package/dist/tools/nextjs-route-readers.d.ts.map +1 -0
package/dist/tools/nextjs-route-readers.js +340 -0
package/dist/tools/nextjs-route-readers.js.map +1 -0
package/dist/tools/nextjs-route-tools.d.ts +36 -0
package/dist/tools/nextjs-route-tools.d.ts.map +1 -0
package/dist/tools/nextjs-route-tools.js +175 -0
package/dist/tools/nextjs-route-tools.js.map +1 -0
package/dist/tools/nextjs-security-readers.d.ts +22 -0
package/dist/tools/nextjs-security-readers.d.ts.map +1 -0
package/dist/tools/nextjs-security-readers.js +318 -0
package/dist/tools/nextjs-security-readers.js.map +1 -0
package/dist/tools/nextjs-security-scoring.d.ts +15 -0
package/dist/tools/nextjs-security-scoring.d.ts.map +1 -0
package/dist/tools/nextjs-security-scoring.js +65 -0
package/dist/tools/nextjs-security-scoring.js.map +1 -0
package/dist/tools/nextjs-security-tools.d.ts +75 -0
package/dist/tools/nextjs-security-tools.d.ts.map +1 -0
package/dist/tools/nextjs-security-tools.js +153 -0
package/dist/tools/nextjs-security-tools.js.map +1 -0
package/dist/tools/nextjs-tools.d.ts +15 -0
package/dist/tools/nextjs-tools.d.ts.map +1 -0
package/dist/tools/nextjs-tools.js +15 -0
package/dist/tools/nextjs-tools.js.map +1 -0
package/dist/tools/outline-tools.d.ts.map +1 -1
package/dist/tools/outline-tools.js +20 -0
package/dist/tools/outline-tools.js.map +1 -1
package/dist/tools/pattern-tools.d.ts +8 -0
package/dist/tools/pattern-tools.d.ts.map +1 -1
package/dist/tools/pattern-tools.js +651 -3
package/dist/tools/pattern-tools.js.map +1 -1
package/dist/tools/perf-tools.d.ts +32 -0
package/dist/tools/perf-tools.d.ts.map +1 -0
package/dist/tools/perf-tools.js +227 -0
package/dist/tools/perf-tools.js.map +1 -0
package/dist/tools/php-tools.d.ts +185 -0
package/dist/tools/php-tools.d.ts.map +1 -0
package/dist/tools/php-tools.js +645 -0
package/dist/tools/php-tools.js.map +1 -0
package/dist/tools/plan-turn-tools.d.ts +89 -0
package/dist/tools/plan-turn-tools.d.ts.map +1 -0
package/dist/tools/plan-turn-tools.js +508 -0
package/dist/tools/plan-turn-tools.js.map +1 -0
package/dist/tools/prisma-schema-tools.d.ts +44 -0
package/dist/tools/prisma-schema-tools.d.ts.map +1 -0
package/dist/tools/prisma-schema-tools.js +358 -0
package/dist/tools/prisma-schema-tools.js.map +1 -0
package/dist/tools/project-tools.d.ts +116 -7
package/dist/tools/project-tools.d.ts.map +1 -1
package/dist/tools/project-tools.js +595 -218
package/dist/tools/project-tools.js.map +1 -1
package/dist/tools/pydantic-models.d.ts +46 -0
package/dist/tools/pydantic-models.d.ts.map +1 -0
package/dist/tools/pydantic-models.js +249 -0
package/dist/tools/pydantic-models.js.map +1 -0
package/dist/tools/pyproject-tools.d.ts +23 -0
package/dist/tools/pyproject-tools.d.ts.map +1 -0
package/dist/tools/pyproject-tools.js +133 -0
package/dist/tools/pyproject-tools.js.map +1 -0
package/dist/tools/pytest-tools.d.ts +20 -0
package/dist/tools/pytest-tools.d.ts.map +1 -0
package/dist/tools/pytest-tools.js +106 -0
package/dist/tools/pytest-tools.js.map +1 -0
package/dist/tools/python-audit.d.ts +40 -0
package/dist/tools/python-audit.d.ts.map +1 -0
package/dist/tools/python-audit.js +244 -0
package/dist/tools/python-audit.js.map +1 -0
package/dist/tools/python-callers.d.ts +28 -0
package/dist/tools/python-callers.d.ts.map +1 -0
package/dist/tools/python-callers.js +110 -0
package/dist/tools/python-callers.js.map +1 -0
package/dist/tools/python-circular-imports.d.ts +19 -0
package/dist/tools/python-circular-imports.d.ts.map +1 -0
package/dist/tools/python-circular-imports.js +126 -0
package/dist/tools/python-circular-imports.js.map +1 -0
package/dist/tools/python-constants-tools.d.ts +44 -0
package/dist/tools/python-constants-tools.d.ts.map +1 -0
package/dist/tools/python-constants-tools.js +525 -0
package/dist/tools/python-constants-tools.js.map +1 -0
package/dist/tools/python-deps-analyzer.d.ts +46 -0
package/dist/tools/python-deps-analyzer.d.ts.map +1 -0
package/dist/tools/python-deps-analyzer.js +227 -0
package/dist/tools/python-deps-analyzer.js.map +1 -0
package/dist/tools/query-tools.d.ts +23 -0
package/dist/tools/query-tools.d.ts.map +1 -0
package/dist/tools/query-tools.js +256 -0
package/dist/tools/query-tools.js.map +1 -0
package/dist/tools/react-tools.d.ts +263 -0
package/dist/tools/react-tools.d.ts.map +1 -0
package/dist/tools/react-tools.js +839 -0
package/dist/tools/react-tools.js.map +1 -0
package/dist/tools/report-tools.js +47 -0
package/dist/tools/report-tools.js.map +1 -1
package/dist/tools/review-diff-tools.d.ts +5 -4
package/dist/tools/review-diff-tools.d.ts.map +1 -1
package/dist/tools/review-diff-tools.js +157 -66
package/dist/tools/review-diff-tools.js.map +1 -1
package/dist/tools/room-tools.d.ts +36 -0
package/dist/tools/room-tools.d.ts.map +1 -0
package/dist/tools/room-tools.js +147 -0
package/dist/tools/room-tools.js.map +1 -0
package/dist/tools/route-tools.d.ts +27 -1
package/dist/tools/route-tools.d.ts.map +1 -1
package/dist/tools/route-tools.js +744 -18
package/dist/tools/route-tools.js.map +1 -1
package/dist/tools/ruff-tools.d.ts +32 -0
package/dist/tools/ruff-tools.d.ts.map +1 -0
package/dist/tools/ruff-tools.js +114 -0
package/dist/tools/ruff-tools.js.map +1 -0
package/dist/tools/search-ranker.d.ts.map +1 -1
package/dist/tools/search-ranker.js +7 -0
package/dist/tools/search-ranker.js.map +1 -1
package/dist/tools/search-tools.d.ts +3 -2
package/dist/tools/search-tools.d.ts.map +1 -1
package/dist/tools/search-tools.js +16 -3
package/dist/tools/search-tools.js.map +1 -1
package/dist/tools/serialization-tools.d.ts +24 -0
package/dist/tools/serialization-tools.d.ts.map +1 -0
package/dist/tools/serialization-tools.js +156 -0
package/dist/tools/serialization-tools.js.map +1 -0
package/dist/tools/sql-tools.d.ts +274 -0
package/dist/tools/sql-tools.d.ts.map +1 -0
package/dist/tools/sql-tools.js +1160 -0
package/dist/tools/sql-tools.js.map +1 -0
package/dist/tools/status-tools.d.ts +10 -0
package/dist/tools/status-tools.d.ts.map +1 -0
package/dist/tools/status-tools.js +32 -0
package/dist/tools/status-tools.js.map +1 -0
package/dist/tools/symbol-tools.d.ts +19 -0
package/dist/tools/symbol-tools.d.ts.map +1 -1
package/dist/tools/symbol-tools.js +75 -4
package/dist/tools/symbol-tools.js.map +1 -1
package/dist/tools/taint-tools.d.ts +43 -0
package/dist/tools/taint-tools.d.ts.map +1 -0
package/dist/tools/taint-tools.js +922 -0
package/dist/tools/taint-tools.js.map +1 -0
package/dist/tools/test-impact-tools.d.ts +29 -0
package/dist/tools/test-impact-tools.d.ts.map +1 -0
package/dist/tools/test-impact-tools.js +156 -0
package/dist/tools/test-impact-tools.js.map +1 -0
package/dist/tools/typecheck-tools.d.ts +39 -0
package/dist/tools/typecheck-tools.d.ts.map +1 -0
package/dist/tools/typecheck-tools.js +191 -0
package/dist/tools/typecheck-tools.js.map +1 -0
package/dist/tools/wiring-tools.d.ts +19 -0
package/dist/tools/wiring-tools.d.ts.map +1 -0
package/dist/tools/wiring-tools.js +147 -0
package/dist/tools/wiring-tools.js.map +1 -0
package/dist/types.d.ts +9 -1
package/dist/types.d.ts.map +1 -1
package/dist/utils/framework-detect.d.ts +18 -2
package/dist/utils/framework-detect.d.ts.map +1 -1
package/dist/utils/framework-detect.js +150 -3
package/dist/utils/framework-detect.js.map +1 -1
package/dist/utils/import-graph.d.ts +42 -0
package/dist/utils/import-graph.d.ts.map +1 -1
package/dist/utils/import-graph.js +248 -9
package/dist/utils/import-graph.js.map +1 -1
package/dist/utils/language-detect.d.ts +21 -0
package/dist/utils/language-detect.d.ts.map +1 -0
package/dist/utils/language-detect.js +183 -0
package/dist/utils/language-detect.js.map +1 -0
package/dist/utils/nextjs-ast-readers.d.ts +44 -0
package/dist/utils/nextjs-ast-readers.d.ts.map +1 -0
package/dist/utils/nextjs-ast-readers.js +341 -0
package/dist/utils/nextjs-ast-readers.js.map +1 -0
package/dist/utils/nextjs-audit-cache.d.ts +51 -0
package/dist/utils/nextjs-audit-cache.d.ts.map +1 -0
package/dist/utils/nextjs-audit-cache.js +116 -0
package/dist/utils/nextjs-audit-cache.js.map +1 -0
package/dist/utils/nextjs-metadata-readers.d.ts +65 -0
package/dist/utils/nextjs-metadata-readers.d.ts.map +1 -0
package/dist/utils/nextjs-metadata-readers.js +447 -0
package/dist/utils/nextjs-metadata-readers.js.map +1 -0
package/dist/utils/nextjs.d.ts +42 -0
package/dist/utils/nextjs.d.ts.map +1 -0
package/dist/utils/nextjs.js +284 -0
package/dist/utils/nextjs.js.map +1 -0
package/dist/utils/python-import-resolver.d.ts +42 -0
package/dist/utils/python-import-resolver.d.ts.map +1 -0
package/dist/utils/python-import-resolver.js +101 -0
package/dist/utils/python-import-resolver.js.map +1 -0
package/dist/utils/python-imports.d.ts +28 -0
package/dist/utils/python-imports.d.ts.map +1 -0
package/dist/utils/python-imports.js +117 -0
package/dist/utils/python-imports.js.map +1 -0
package/dist/utils/react-alias.d.ts +15 -0
package/dist/utils/react-alias.d.ts.map +1 -0
package/dist/utils/react-alias.js +31 -0
package/dist/utils/react-alias.js.map +1 -0
package/dist/utils/test-file.d.ts.map +1 -1
package/dist/utils/test-file.js +7 -0
package/dist/utils/test-file.js.map +1 -1
package/dist/utils/walk.d.ts +22 -0
package/dist/utils/walk.d.ts.map +1 -1
package/dist/utils/walk.js +70 -2
package/dist/utils/walk.js.map +1 -1
package/package.json +4 -3
package/rules/codesift.md +71 -5
package/rules/codesift.mdc +71 -5
package/rules/codex.md +71 -5
package/rules/gemini.md +71 -5
package/src/parser/languages/tree-sitter-javascript.wasm +0 -0
package/src/parser/languages/tree-sitter-kotlin.wasm +0 -0
package/src/parser/languages/tree-sitter-php.wasm +0 -0
package/src/parser/languages/tree-sitter-php_only.wasm +0 -0
package/src/parser/languages/tree-sitter-python.wasm +0 -0

package/dist/tools/taint-tools.js ADDED Viewed

@@ -0,0 +1,922 @@
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { getParser } from "../parser/parser-manager.js";
+import { detectSrcLayout, resolvePythonImport } from "../utils/python-import-resolver.js";
+import { getCodeIndex } from "./index-tools.js";
+const DEFAULT_MAX_DEPTH = 4;
+const DEFAULT_MAX_TRACES = 50;
+const DEFAULT_SOURCE_PATTERNS = [
+    "request.GET",
+    "request.POST",
+    "request.body",
+    "request.data",
+    "request.headers",
+    "request.COOKIES",
+    "request.META",
+];
+const DEFAULT_SINK_PATTERNS = [
+    "redirect",
+    "mark_safe",
+    "cursor.execute",
+    "subprocess",
+    "requests",
+    "httpx",
+    "open",
+    "session-write",
+];
+const KNOWN_SANITIZERS = new Set([
+    "escape",
+    "conditional_escape",
+    "urlquote",
+    "quote",
+    "quote_plus",
+]);
+function clonePath(path) {
+    return {
+        source: { ...path.source },
+        hops: path.hops.map((hop) => ({ ...hop })),
+        heuristic: path.heuristic,
+    };
+}
+function pathKey(path) {
+    return JSON.stringify({
+        source: path.source,
+        hops: path.hops,
+        heuristic: path.heuristic,
+    });
+}
+function dedupePaths(paths) {
+    const seen = new Set();
+    const result = [];
+    for (const path of paths) {
+        const key = pathKey(path);
+        if (seen.has(key))
+            continue;
+        seen.add(key);
+        result.push(path);
+    }
+    return result;
+}
+function cloneEnv(env) {
+    const next = new Map();
+    for (const [name, paths] of env.entries()) {
+        next.set(name, paths.map(clonePath));
+    }
+    return next;
+}
+function mergeEnvs(...envs) {
+    const merged = new Map();
+    for (const env of envs) {
+        for (const [name, paths] of env.entries()) {
+            const existing = merged.get(name) ?? [];
+            merged.set(name, dedupePaths([...existing, ...paths.map(clonePath)]));
+        }
+    }
+    return merged;
+}
+function appendHop(paths, hop, options) {
+    return dedupePaths(paths.map((path) => ({
+        source: { ...path.source },
+        hops: [...path.hops.map((entry) => ({ ...entry })), { ...hop }],
+        heuristic: path.heuristic || Boolean(options?.heuristic),
+    })));
+}
+function computeConfidence(path) {
+    if (path.heuristic)
+        return "medium";
+    if (path.hops.length >= 4)
+        return "medium";
+    return "high";
+}
+function lineForNode(symbol, node) {
+    return symbol.start_line + node.startPosition.row;
+}
+function codeForNode(node) {
+    return node.text.split("\n")[0]?.trim() ?? node.text.trim();
+}
+function getAttributePath(node) {
+    if (!node)
+        return null;
+    if (node.type === "identifier")
+        return node.text;
+    if (node.type === "attribute") {
+        const objectNode = node.childForFieldName("object") ?? node.namedChild(0);
+        const attributeNode = node.childForFieldName("attribute") ?? node.namedChild(1);
+        const objectPath = getAttributePath(objectNode);
+        const attributePath = getAttributePath(attributeNode);
+        if (!objectPath || !attributePath)
+            return null;
+        return `${objectPath}.${attributePath}`;
+    }
+    return null;
+}
+function getCallArguments(argsNode) {
+    if (!argsNode)
+        return [];
+    const args = [];
+    let index = 0;
+    for (const child of argsNode.namedChildren) {
+        if (child.type === "keyword_argument") {
+            const keywordNode = child.namedChildren[0];
+            const valueNode = child.namedChildren[1];
+            if (!valueNode)
+                continue;
+            const arg = {
+                node: valueNode,
+                index,
+            };
+            if (keywordNode?.text)
+                arg.keyword = keywordNode.text;
+            args.push(arg);
+            index += 1;
+            continue;
+        }
+        args.push({
+            node: child,
+            index,
+        });
+        index += 1;
+    }
+    return args;
+}
+function getParameterName(node) {
+    switch (node.type) {
+        case "identifier":
+            return node.text;
+        case "default_parameter":
+        case "typed_parameter":
+        case "typed_default_parameter":
+        case "list_splat_pattern":
+        case "dictionary_splat_pattern":
+            return node.namedChildren[0]?.text ?? null;
+        default:
+            return null;
+    }
+}
+function findFunctionNode(node) {
+    if (node.type === "function_definition" || node.type === "async_function_definition") {
+        return node;
+    }
+    for (const child of node.namedChildren) {
+        const found = findFunctionNode(child);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function createSourcePath(sourceKind, symbol, node) {
+    return {
+        source: {
+            kind: sourceKind,
+            label: node.text,
+            file: symbol.file,
+            line: lineForNode(symbol, node),
+            symbol_name: symbol.name,
+            code: codeForNode(node),
+        },
+        hops: [],
+        heuristic: false,
+    };
+}
+function identifierPaths(env, name) {
+    return (env.get(name) ?? []).map(clonePath);
+}
+function isAllowedPattern(allowed, kind, label) {
+    if (allowed.length === 0)
+        return true;
+    return allowed.some((pattern) => pattern === kind
+        || label === pattern
+        || label.includes(pattern)
+        || kind.includes(pattern));
+}
+function buildSinkDescriptors() {
+    return [
+        {
+            kind: "redirect",
+            matches: (calleeText) => calleeText === "redirect"
+                || calleeText.endsWith(".redirect")
+                || calleeText === "HttpResponseRedirect"
+                || calleeText === "HttpResponsePermanentRedirect",
+            pickArgs: (args) => args[0] ? [args[0]] : [],
+        },
+        {
+            kind: "mark_safe",
+            matches: (calleeText) => calleeText === "mark_safe" || calleeText.endsWith(".mark_safe"),
+            pickArgs: (args) => args[0] ? [args[0]] : [],
+        },
+        {
+            kind: "cursor.execute",
+            matches: (calleeText) => calleeText === "cursor.execute" || calleeText.endsWith(".execute"),
+            pickArgs: (args) => args[0] ? [args[0]] : [],
+        },
+        {
+            kind: "subprocess",
+            matches: (calleeText) => calleeText.startsWith("subprocess.")
+                || calleeText.endsWith(".Popen")
+                || calleeText.endsWith(".run")
+                || calleeText.endsWith(".call")
+                || calleeText.endsWith(".check_call")
+                || calleeText.endsWith(".check_output"),
+            pickArgs: (args) => args[0] ? [args[0]] : [],
+        },
+        {
+            kind: "requests",
+            matches: (calleeText) => calleeText.startsWith("requests.")
+                || calleeText.includes(".requests.")
+                || calleeText.startsWith("httpx.")
+                || calleeText.includes(".httpx."),
+            pickArgs: (args) => {
+                if (args.length === 0)
+                    return [];
+                const urlKeyword = args.find((arg) => arg.keyword === "url");
+                if (urlKeyword)
+                    return [urlKeyword];
+                return args[1] ? [args[1]] : [args[0]];
+            },
+        },
+        {
+            kind: "httpx",
+            matches: (calleeText) => calleeText.startsWith("httpx.")
+                || calleeText.includes(".httpx."),
+            pickArgs: (args) => {
+                if (args.length === 0)
+                    return [];
+                const urlKeyword = args.find((arg) => arg.keyword === "url");
+                if (urlKeyword)
+                    return [urlKeyword];
+                return args[1] ? [args[1]] : [args[0]];
+            },
+        },
+        {
+            kind: "open",
+            matches: (calleeText) => calleeText === "open" || calleeText.endsWith(".open"),
+            pickArgs: (args) => args[0] ? [args[0]] : [],
+        },
+    ];
+}
+function getImportModule(node) {
+    const moduleNode = node.childForFieldName("module_name");
+    if (!moduleNode)
+        return { module: "", level: 0 };
+    if (moduleNode.type === "relative_import") {
+        let level = 0;
+        for (let i = 0; i < moduleNode.childCount; i++) {
+            const child = moduleNode.child(i);
+            if (!child)
+                continue;
+            if (child.type === "import_prefix") {
+                level += (child.text.match(/\./g) ?? []).length;
+            }
+            else if (child.type === ".") {
+                level += 1;
+            }
+        }
+        const dotted = moduleNode.namedChildren.find((child) => child.type === "dotted_name");
+        return { module: dotted?.text ?? "", level };
+    }
+    return { module: moduleNode.text, level: 0 };
+}
+async function loadFileContext(state, filePath) {
+    const cached = state.fileContextCache.get(filePath);
+    if (cached !== undefined)
+        return cached;
+    let source;
+    try {
+        source = await readFile(join(state.index.root, filePath), "utf-8");
+    }
+    catch {
+        state.fileContextCache.set(filePath, null);
+        return null;
+    }
+    const tree = state.pythonParser.parse(source);
+    const files = state.index.files.map((entry) => entry.path);
+    const srcLayout = detectSrcLayout(files);
+    const imports = new Map();
+    for (const node of tree.rootNode.namedChildren) {
+        if (node.type !== "import_from_statement")
+            continue;
+        const { module, level } = getImportModule(node);
+        const resolvedFile = resolvePythonImport({ module, level }, filePath, files, srcLayout);
+        if (!resolvedFile)
+            continue;
+        for (const child of node.namedChildren) {
+            if (child.type === "aliased_import") {
+                const importedNode = child.namedChildren[0];
+                const aliasNode = child.namedChildren[1];
+                if (importedNode && aliasNode) {
+                    imports.set(aliasNode.text, {
+                        imported_name: importedNode.text,
+                        source_file: resolvedFile,
+                        line: node.startPosition.row + 1,
+                    });
+                }
+                continue;
+            }
+            if (child.type === "dotted_name") {
+                const importedName = child.text;
+                const localName = importedName.split(".").pop() ?? importedName;
+                imports.set(localName, {
+                    imported_name: importedName,
+                    source_file: resolvedFile,
+                    line: node.startPosition.row + 1,
+                });
+            }
+        }
+    }
+    const context = { imports };
+    state.fileContextCache.set(filePath, context);
+    return context;
+}
+function hasPotentialSource(symbol) {
+    return symbol.source?.includes("request.") ?? false;
+}
+function hasPotentialSink(symbol) {
+    const source = symbol.source ?? "";
+    return source.includes("mark_safe")
+        || source.includes("redirect(")
+        || source.includes(".execute(")
+        || source.includes("subprocess.")
+        || source.includes("requests.")
+        || source.includes("httpx.")
+        || source.includes("open(")
+        || source.includes("request.session");
+}
+async function loadCallableContext(symbol, state) {
+    const cached = state.callableCache.get(symbol.id);
+    if (cached !== undefined)
+        return cached;
+    if (!symbol.source) {
+        state.callableCache.set(symbol.id, null);
+        return null;
+    }
+    const tree = state.pythonParser.parse(symbol.source);
+    const functionNode = findFunctionNode(tree.rootNode);
+    if (!functionNode) {
+        state.callableCache.set(symbol.id, null);
+        return null;
+    }
+    const paramsNode = functionNode.childForFieldName("parameters");
+    const parameterNames = paramsNode
+        ? paramsNode.namedChildren
+            .map(getParameterName)
+            .filter((name) => Boolean(name))
+        : [];
+    const context = {
+        node: functionNode,
+        parameter_names: parameterNames,
+    };
+    state.callableCache.set(symbol.id, context);
+    return context;
+}
+function resolveSelfMethod(currentSymbol, propertyName, state) {
+    if (!currentSymbol.parent)
+        return null;
+    const methods = state.methodsByParent.get(currentSymbol.parent) ?? [];
+    return methods.find((symbol) => symbol.name === propertyName) ?? null;
+}
+async function resolveHelperTarget(currentSymbol, calleeNode, state) {
+    const calleeText = getAttributePath(calleeNode) ?? calleeNode.text;
+    if (calleeNode.type === "identifier") {
+        const sameFile = (state.symbolsByName.get(calleeText) ?? [])
+            .filter((symbol) => symbol.file === currentSymbol.file
+            && symbol.id !== currentSymbol.id
+            && (symbol.kind === "function" || symbol.kind === "class" || symbol.kind === "method"));
+        if (sameFile.length === 1)
+            return sameFile[0];
+        const fileContext = await loadFileContext(state, currentSymbol.file);
+        const imported = fileContext?.imports.get(calleeText);
+        if (imported) {
+            const importedMatch = (state.symbolsByName.get(imported.imported_name) ?? [])
+                .find((symbol) => symbol.file === imported.source_file);
+            if (importedMatch)
+                return importedMatch;
+        }
+        const unique = (state.symbolsByName.get(calleeText) ?? [])
+            .filter((symbol) => symbol.file.endsWith(".py") && symbol.id !== currentSymbol.id)
+            .filter((symbol) => symbol.kind === "function" || symbol.kind === "method" || symbol.kind === "class");
+        if (unique.length === 1)
+            return unique[0];
+        return null;
+    }
+    if (calleeNode.type === "attribute") {
+        const objectNode = calleeNode.childForFieldName("object") ?? calleeNode.namedChild(0);
+        const propertyNode = calleeNode.childForFieldName("attribute") ?? calleeNode.namedChild(1);
+        const objectName = getAttributePath(objectNode);
+        const propertyName = propertyNode?.text;
+        if ((objectName === "self" || objectName === "cls") && propertyName) {
+            return resolveSelfMethod(currentSymbol, propertyName, state);
+        }
+        const importedModule = objectName ? (await loadFileContext(state, currentSymbol.file))?.imports.get(objectName) : null;
+        if (importedModule && propertyName) {
+            const candidates = state.symbolsByName.get(propertyName) ?? [];
+            const importedMatch = candidates.find((symbol) => symbol.file === importedModule.source_file);
+            if (importedMatch)
+                return importedMatch;
+        }
+    }
+    return null;
+}
+function matchesRequestSource(attributePath) {
+    if (!attributePath)
+        return null;
+    if (attributePath === "request.GET" || attributePath.startsWith("request.GET."))
+        return "request.GET";
+    if (attributePath === "request.POST" || attributePath.startsWith("request.POST."))
+        return "request.POST";
+    if (attributePath === "request.body")
+        return "request.body";
+    if (attributePath === "request.data" || attributePath.startsWith("request.data."))
+        return "request.data";
+    if (attributePath === "request.headers" || attributePath.startsWith("request.headers."))
+        return "request.headers";
+    if (attributePath === "request.COOKIES" || attributePath.startsWith("request.COOKIES."))
+        return "request.COOKIES";
+    if (attributePath === "request.META" || attributePath.startsWith("request.META."))
+        return "request.META";
+    return null;
+}
+function isSessionTarget(node) {
+    if (node.type === "attribute") {
+        const path = getAttributePath(node);
+        return path === "request.session";
+    }
+    if (node.type === "subscript") {
+        const base = node.childForFieldName("value") ?? node.namedChild(0);
+        return getAttributePath(base) === "request.session";
+    }
+    return false;
+}
+function sinkTraceKey(trace) {
+    return JSON.stringify({
+        entry_symbol: trace.entry_symbol,
+        entry_file: trace.entry_file,
+        source: trace.source,
+        sink: trace.sink,
+        hops: trace.hops,
+        heuristic: trace.heuristic,
+    });
+}
+function addTrace(state, entrySymbol, currentSymbol, sinkKind, sinkNode, paths) {
+    if (state.truncated)
+        return;
+    for (const path of paths) {
+        if (state.traces.length >= state.maxTraces) {
+            state.truncated = true;
+            return;
+        }
+        const trace = {
+            entry_symbol: entrySymbol.name,
+            entry_file: entrySymbol.file,
+            source: { ...path.source },
+            sink: {
+                kind: sinkKind,
+                label: sinkNode.text,
+                file: currentSymbol.file,
+                line: lineForNode(currentSymbol, sinkNode),
+                symbol_name: currentSymbol.name,
+                code: codeForNode(sinkNode),
+            },
+            hops: path.hops.map((hop) => ({ ...hop })),
+            confidence: computeConfidence(path),
+            heuristic: path.heuristic,
+        };
+        const key = sinkTraceKey(trace);
+        if (state.traceKeys.has(key))
+            continue;
+        state.traceKeys.add(key);
+        state.traces.push(trace);
+    }
+}
+async function evaluateExpression(node, symbol, env, state, context) {
+    switch (node.type) {
+        case "identifier":
+            return identifierPaths(env, node.text);
+        case "attribute": {
+            const sourceKind = matchesRequestSource(getAttributePath(node));
+            if (sourceKind)
+                return [createSourcePath(sourceKind, symbol, node)];
+            const objectNode = node.childForFieldName("object") ?? node.namedChild(0);
+            if (!objectNode)
+                return [];
+            const basePaths = await evaluateExpression(objectNode, symbol, env, state, context);
+            if (basePaths.length === 0)
+                return [];
+            return appendHop(basePaths, {
+                kind: "attribute",
+                file: symbol.file,
+                line: lineForNode(symbol, node),
+                symbol_name: symbol.name,
+                detail: `attribute access ${node.text}`,
+            });
+        }
+        case "subscript": {
+            const baseNode = node.childForFieldName("value") ?? node.namedChild(0);
+            const sourceKind = matchesRequestSource(getAttributePath(baseNode));
+            if (sourceKind)
+                return [createSourcePath(sourceKind, symbol, node)];
+            const basePaths = baseNode
+                ? await evaluateExpression(baseNode, symbol, env, state, context)
+                : [];
+            if (basePaths.length === 0)
+                return [];
+            return appendHop(basePaths, {
+                kind: "container",
+                file: symbol.file,
+                line: lineForNode(symbol, node),
+                symbol_name: symbol.name,
+                detail: `container access ${node.text}`,
+            });
+        }
+        case "string": {
+            const interpolated = node.namedChildren
+                .filter((child) => child.type === "interpolation")
+                .flatMap((child) => child.namedChildren);
+            if (interpolated.length === 0)
+                return [];
+            const paths = [];
+            for (const child of interpolated) {
+                paths.push(...await evaluateExpression(child, symbol, env, state, context));
+            }
+            if (paths.length === 0)
+                return [];
+            return appendHop(paths, {
+                kind: "container",
+                file: symbol.file,
+                line: lineForNode(symbol, node),
+                symbol_name: symbol.name,
+                detail: `formatted string ${node.text}`,
+            });
+        }
+        case "list":
+        case "tuple":
+        case "dictionary":
+        case "set": {
+            const paths = [];
+            for (const child of node.namedChildren) {
+                if (child.type === "pair") {
+                    const valueNode = child.namedChildren[1];
+                    if (!valueNode)
+                        continue;
+                    paths.push(...await evaluateExpression(valueNode, symbol, env, state, context));
+                }
+                else {
+                    paths.push(...await evaluateExpression(child, symbol, env, state, context));
+                }
+            }
+            if (paths.length === 0)
+                return [];
+            return appendHop(paths, {
+                kind: "container",
+                file: symbol.file,
+                line: lineForNode(symbol, node),
+                symbol_name: symbol.name,
+                detail: `container literal ${node.text}`,
+            });
+        }
+        case "binary_operator":
+        case "boolean_operator":
+        case "comparison_operator": {
+            const paths = [];
+            for (const child of node.namedChildren) {
+                paths.push(...await evaluateExpression(child, symbol, env, state, context));
+            }
+            return dedupePaths(paths);
+        }
+        case "parenthesized_expression":
+            return node.namedChildren[0]
+                ? await evaluateExpression(node.namedChildren[0], symbol, env, state, context)
+                : [];
+        case "conditional_expression": {
+            const paths = [];
+            for (const child of node.namedChildren) {
+                paths.push(...await evaluateExpression(child, symbol, env, state, context));
+            }
+            return dedupePaths(paths);
+        }
+        case "call": {
+            const calleeNode = node.childForFieldName("function") ?? node.namedChild(0);
+            const argsNode = node.childForFieldName("arguments") ?? node.namedChild(1);
+            const callArgs = getCallArguments(argsNode);
+            const calleeText = getAttributePath(calleeNode) ?? calleeNode?.text ?? "";
+            const sourceKind = matchesRequestSource(calleeText);
+            if (sourceKind && calleeText.endsWith(".get")) {
+                return [createSourcePath(sourceKind, symbol, node)];
+            }
+            const evaluatedArgs = await Promise.all(callArgs.map(async (arg) => ({
+                arg,
+                paths: await evaluateExpression(arg.node, symbol, env, state, context),
+            })));
+            for (const descriptor of state.sinkDescriptors) {
+                if (!descriptor.matches(calleeText))
+                    continue;
+                if (!isAllowedPattern(state.defaultSinks, descriptor.kind, calleeText))
+                    continue;
+                const selectedArgs = descriptor.pickArgs(callArgs);
+                const taintedArgs = selectedArgs.flatMap((selected) => evaluatedArgs
+                    .filter((entry) => entry.arg.index === selected.index)
+                    .flatMap((entry) => entry.paths));
+                if (taintedArgs.length > 0) {
+                    addTrace(state, context.entrySymbol, symbol, descriptor.kind, node, dedupePaths(taintedArgs));
+                }
+            }
+            const calleeLeaf = calleeText.split(".").pop() ?? calleeText;
+            if (KNOWN_SANITIZERS.has(calleeLeaf))
+                return [];
+            const taintedInputs = evaluatedArgs
+                .filter((entry) => entry.paths.length > 0)
+                .map((entry) => entry);
+            if (taintedInputs.length === 0)
+                return [];
+            const helperTarget = calleeNode
+                ? await resolveHelperTarget(symbol, calleeNode, state)
+                : null;
+            if (helperTarget && context.depth < state.maxDepth && !context.callStack.includes(helperTarget.id)) {
+                const helperContext = await loadCallableContext(helperTarget, state);
+                if (helperContext) {
+                    const helperEnv = new Map();
+                    for (const entry of taintedInputs) {
+                        const paramName = helperContext.parameter_names[entry.arg.index];
+                        if (!paramName)
+                            continue;
+                        helperEnv.set(paramName, appendHop(entry.paths, {
+                            kind: "call",
+                            file: symbol.file,
+                            line: lineForNode(symbol, node),
+                            symbol_name: symbol.name,
+                            detail: `call ${calleeText} -> parameter ${paramName}`,
+                        }));
+                    }
+                    const helperResult = await analyzeCallableSymbol(helperTarget, helperEnv, state, {
+                        entrySymbol: context.entrySymbol,
+                        depth: context.depth + 1,
+                        callStack: [...context.callStack, helperTarget.id],
+                    });
+                    if (helperResult.return_paths.length > 0) {
+                        return appendHop(helperResult.return_paths, {
+                            kind: "call",
+                            file: symbol.file,
+                            line: lineForNode(symbol, node),
+                            symbol_name: symbol.name,
+                            detail: `return from ${calleeText}`,
+                        });
+                    }
+                    return [];
+                }
+            }
+            return appendHop(taintedInputs.flatMap((entry) => entry.paths), {
+                kind: "call",
+                file: symbol.file,
+                line: lineForNode(symbol, node),
+                symbol_name: symbol.name,
+                detail: `heuristic propagation through ${calleeText}`,
+            }, { heuristic: true });
+        }
+        default:
+            return [];
+    }
+}
+async function analyzeAssignment(assignmentNode, symbol, env, state, context) {
+    const lhs = assignmentNode.childForFieldName("left") ?? assignmentNode.namedChild(0);
+    const rhs = assignmentNode.childForFieldName("right") ?? assignmentNode.namedChild(1);
+    const nextEnv = cloneEnv(env);
+    if (!lhs || !rhs)
+        return nextEnv;
+    const rhsPaths = await evaluateExpression(rhs, symbol, env, state, context);
+    if (rhsPaths.length === 0)
+        return nextEnv;
+    if (lhs.type === "identifier") {
+        nextEnv.set(lhs.text, appendHop(rhsPaths, {
+            kind: "assignment",
+            file: symbol.file,
+            line: lineForNode(symbol, assignmentNode),
+            symbol_name: symbol.name,
+            detail: `${lhs.text} = ${rhs.text}`,
+        }));
+        return nextEnv;
+    }
+    if (isSessionTarget(lhs) && isAllowedPattern(state.defaultSinks, "session-write", lhs.text)) {
+        addTrace(state, context.entrySymbol, symbol, "session-write", assignmentNode, rhsPaths);
+    }
+    return nextEnv;
+}
+async function analyzeConditionalLike(node, symbol, env, state, context) {
+    const conditionNodes = node.namedChildren.filter((child) => child.type !== "block" && child.type !== "else_clause" && child.type !== "elif_clause");
+    for (const condition of conditionNodes) {
+        await evaluateExpression(condition, symbol, env, state, context);
+    }
+    const branchResults = [];
+    let hasElseLike = false;
+    for (const child of node.namedChildren) {
+        if (child.type === "block") {
+            branchResults.push(await analyzeBlock(child, symbol, cloneEnv(env), state, context));
+            continue;
+        }
+        if (child.type === "elif_clause") {
+            hasElseLike = true;
+            branchResults.push(await analyzeConditionalLike(child, symbol, cloneEnv(env), state, context));
+            continue;
+        }
+        if (child.type === "else_clause") {
+            hasElseLike = true;
+            const elseBlock = child.namedChildren.find((grandchild) => grandchild.type === "block");
+            if (elseBlock)
+                branchResults.push(await analyzeBlock(elseBlock, symbol, cloneEnv(env), state, context));
+        }
+    }
+    const baseEnvs = hasElseLike ? [] : [env];
+    return {
+        env: mergeEnvs(...baseEnvs, ...branchResults.map((entry) => entry.env)),
+        return_paths: dedupePaths(branchResults.flatMap((entry) => entry.return_paths)),
+    };
+}
+async function analyzeLoopLike(node, symbol, env, state, context) {
+    for (const child of node.namedChildren) {
+        if (child.type === "block")
+            continue;
+        await evaluateExpression(child, symbol, env, state, context);
+    }
+    const blockResults = [];
+    for (const child of node.namedChildren) {
+        if (child.type !== "block")
+            continue;
+        blockResults.push(await analyzeBlock(child, symbol, cloneEnv(env), state, context));
+    }
+    return {
+        env: mergeEnvs(env, ...blockResults.map((entry) => entry.env)),
+        return_paths: dedupePaths(blockResults.flatMap((entry) => entry.return_paths)),
+    };
+}
+async function analyzeStatement(node, symbol, env, state, context) {
+    switch (node.type) {
+        case "expression_statement": {
+            const inner = node.namedChildren[0];
+            if (!inner)
+                return { env, return_paths: [] };
+            if (inner.type === "assignment") {
+                return {
+                    env: await analyzeAssignment(inner, symbol, env, state, context),
+                    return_paths: [],
+                };
+            }
+            await evaluateExpression(inner, symbol, env, state, context);
+            return { env, return_paths: [] };
+        }
+        case "return_statement": {
+            const valueNode = node.namedChildren[0];
+            if (!valueNode)
+                return { env, return_paths: [] };
+            const valuePaths = await evaluateExpression(valueNode, symbol, env, state, context);
+            if (valuePaths.length === 0)
+                return { env, return_paths: [] };
+            return {
+                env,
+                return_paths: appendHop(valuePaths, {
+                    kind: "return",
+                    file: symbol.file,
+                    line: lineForNode(symbol, node),
+                    symbol_name: symbol.name,
+                    detail: `return ${valueNode.text}`,
+                }),
+            };
+        }
+        case "if_statement":
+        case "elif_clause":
+            return await analyzeConditionalLike(node, symbol, env, state, context);
+        case "for_statement":
+        case "while_statement":
+        case "with_statement":
+        case "try_statement":
+            return await analyzeLoopLike(node, symbol, env, state, context);
+        case "pass_statement":
+        case "break_statement":
+        case "continue_statement":
+            return { env, return_paths: [] };
+        case "function_definition":
+        case "async_function_definition":
+        case "class_definition":
+        case "decorated_definition":
+            return { env, return_paths: [] };
+        default: {
+            for (const child of node.namedChildren) {
+                if (child.type === "block") {
+                    await analyzeBlock(child, symbol, cloneEnv(env), state, context);
+                }
+                else {
+                    await evaluateExpression(child, symbol, env, state, context);
+                }
+            }
+            return { env, return_paths: [] };
+        }
+    }
+}
+async function analyzeBlock(blockNode, symbol, env, state, context) {
+    let currentEnv = cloneEnv(env);
+    let returnPaths = [];
+    for (const child of blockNode.namedChildren) {
+        if (state.truncated)
+            break;
+        const result = await analyzeStatement(child, symbol, currentEnv, state, context);
+        currentEnv = result.env;
+        if (result.return_paths.length > 0) {
+            returnPaths = dedupePaths([...returnPaths, ...result.return_paths]);
+        }
+    }
+    return {
+        env: currentEnv,
+        return_paths: returnPaths,
+    };
+}
+async function analyzeCallableSymbol(symbol, initialEnv, state, context) {
+    const callableContext = await loadCallableContext(symbol, state);
+    if (!callableContext) {
+        return { env: initialEnv, return_paths: [] };
+    }
+    const bodyNode = callableContext.node.childForFieldName("body");
+    if (!bodyNode) {
+        return { env: initialEnv, return_paths: [] };
+    }
+    return await analyzeBlock(bodyNode, symbol, initialEnv, state, context);
+}
+function shouldAnalyzeSymbol(symbol, filePattern) {
+    if (!symbol.file.endsWith(".py"))
+        return false;
+    if (filePattern && !symbol.file.includes(filePattern))
+        return false;
+    if (!symbol.source)
+        return false;
+    if (symbol.kind !== "function" && symbol.kind !== "method")
+        return false;
+    return hasPotentialSource(symbol) || hasPotentialSink(symbol);
+}
+function buildState(index, pythonParser, options) {
+    const symbolsByName = new Map();
+    const methodsByParent = new Map();
+    for (const symbol of index.symbols) {
+        const named = symbolsByName.get(symbol.name) ?? [];
+        named.push(symbol);
+        symbolsByName.set(symbol.name, named);
+        if (symbol.parent && symbol.kind === "method") {
+            const methods = methodsByParent.get(symbol.parent) ?? [];
+            methods.push(symbol);
+            methodsByParent.set(symbol.parent, methods);
+        }
+    }
+    return {
+        index,
+        pythonParser,
+        symbolsByName,
+        methodsByParent,
+        callableCache: new Map(),
+        fileContextCache: new Map(),
+        defaultSources: options?.source_patterns?.length
+            ? [...options.source_patterns]
+            : [...DEFAULT_SOURCE_PATTERNS],
+        defaultSinks: options?.sink_patterns?.length
+            ? [...options.sink_patterns]
+            : [...DEFAULT_SINK_PATTERNS],
+        maxDepth: options?.max_depth ?? DEFAULT_MAX_DEPTH,
+        maxTraces: options?.max_traces ?? DEFAULT_MAX_TRACES,
+        sinkDescriptors: buildSinkDescriptors(),
+        traceKeys: new Set(),
+        traces: [],
+        truncated: false,
+    };
+}
+export async function taintTrace(repo, options) {
+    const framework = options?.framework ?? "python-django";
+    if (framework !== "python-django") {
+        throw new Error(`taint_trace is not implemented for framework "${framework}" yet.`);
+    }
+    const index = await getCodeIndex(repo);
+    if (!index) {
+        throw new Error(`Repository "${repo}" not found.`);
+    }
+    const pythonParser = await getParser("python");
+    if (!pythonParser) {
+        throw new Error("Python parser unavailable");
+    }
+    const state = buildState(index, pythonParser, options);
+    const candidates = index.symbols
+        .filter((symbol) => shouldAnalyzeSymbol(symbol, options?.file_pattern))
+        .sort((a, b) => a.file.localeCompare(b.file) || a.start_line - b.start_line);
+    for (const symbol of candidates) {
+        if (state.truncated)
+            break;
+        await analyzeCallableSymbol(symbol, new Map(), state, {
+            entrySymbol: symbol,
+            depth: 0,
+            callStack: [symbol.id],
+        });
+    }
+    const filtered = state.traces.filter((trace) => isAllowedPattern(state.defaultSources, trace.source.kind, trace.source.label)
+        && isAllowedPattern(state.defaultSinks, trace.sink.kind, trace.sink.label));
+    return {
+        framework,
+        analyzed_symbols: candidates.length,
+        source_patterns: [...state.defaultSources],
+        sink_patterns: [...state.defaultSinks],
+        traces: filtered,
+        truncated: state.truncated,
+    };
+}
+//# sourceMappingURL=taint-tools.js.map