npm - codesift-mcp - Versions diffs - 0.4.0 → 0.5.3 - Mend

codesift-mcp 0.4.0 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (204) hide show

package/README.md +94 -25
package/dist/cli/help.d.ts.map +1 -1
package/dist/cli/help.js +8 -6
package/dist/cli/help.js.map +1 -1
package/dist/cli/platform.d.ts.map +1 -1
package/dist/cli/platform.js +12 -14
package/dist/cli/platform.js.map +1 -1
package/dist/cli/setup.d.ts +1 -1
package/dist/cli/setup.d.ts.map +1 -1
package/dist/cli/setup.js +30 -6
package/dist/cli/setup.js.map +1 -1
package/dist/formatters.d.ts +2 -2
package/dist/formatters.d.ts.map +1 -1
package/dist/formatters.js +23 -0
package/dist/formatters.js.map +1 -1
package/dist/instructions.d.ts +1 -1
package/dist/instructions.d.ts.map +1 -1
package/dist/instructions.js +21 -21
package/dist/parser/extractors/php.d.ts.map +1 -1
package/dist/parser/extractors/php.js +37 -29
package/dist/parser/extractors/php.js.map +1 -1
package/dist/parser/extractors/typescript.d.ts.map +1 -1
package/dist/parser/extractors/typescript.js +43 -0
package/dist/parser/extractors/typescript.js.map +1 -1
package/dist/parser/parse-cache.d.ts +39 -0
package/dist/parser/parse-cache.d.ts.map +1 -0
package/dist/parser/parse-cache.js +87 -0
package/dist/parser/parse-cache.js.map +1 -0
package/dist/parser/parser-manager.d.ts +1 -1
package/dist/parser/parser-manager.d.ts.map +1 -1
package/dist/parser/parser-manager.js +14 -5
package/dist/parser/parser-manager.js.map +1 -1
package/dist/parser/stub-languages.d.ts +2 -0
package/dist/parser/stub-languages.d.ts.map +1 -0
package/dist/parser/stub-languages.js +5 -0
package/dist/parser/stub-languages.js.map +1 -0
package/dist/register-tool-loaders.d.ts +130 -0
package/dist/register-tool-loaders.d.ts.map +1 -0
package/dist/register-tool-loaders.js +212 -0
package/dist/register-tool-loaders.js.map +1 -0
package/dist/register-tools.d.ts +2 -2
package/dist/register-tools.d.ts.map +1 -1
package/dist/register-tools.js +355 -634
package/dist/register-tools.js.map +1 -1
package/dist/search/tool-ranker.d.ts +90 -0
package/dist/search/tool-ranker.d.ts.map +1 -0
package/dist/search/tool-ranker.js +420 -0
package/dist/search/tool-ranker.js.map +1 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +23 -14
package/dist/server.js.map +1 -1
package/dist/storage/usage-tracker.d.ts.map +1 -1
package/dist/storage/usage-tracker.js +4 -1
package/dist/storage/usage-tracker.js.map +1 -1
package/dist/tools/astro-actions.d.ts +54 -0
package/dist/tools/astro-actions.d.ts.map +1 -0
package/dist/tools/astro-actions.js +561 -0
package/dist/tools/astro-actions.js.map +1 -0
package/dist/tools/astro-audit.d.ts +87 -0
package/dist/tools/astro-audit.d.ts.map +1 -0
package/dist/tools/astro-audit.js +345 -0
package/dist/tools/astro-audit.js.map +1 -0
package/dist/tools/astro-content-collections.d.ts +44 -0
package/dist/tools/astro-content-collections.d.ts.map +1 -0
package/dist/tools/astro-content-collections.js +630 -0
package/dist/tools/astro-content-collections.js.map +1 -0
package/dist/tools/astro-islands.d.ts +3 -1
package/dist/tools/astro-islands.d.ts.map +1 -1
package/dist/tools/astro-islands.js +19 -4
package/dist/tools/astro-islands.js.map +1 -1
package/dist/tools/astro-migration.d.ts +31 -0
package/dist/tools/astro-migration.d.ts.map +1 -0
package/dist/tools/astro-migration.js +378 -0
package/dist/tools/astro-migration.js.map +1 -0
package/dist/tools/async-correctness.d.ts +26 -0
package/dist/tools/async-correctness.d.ts.map +1 -0
package/dist/tools/async-correctness.js +166 -0
package/dist/tools/async-correctness.js.map +1 -0
package/dist/tools/django-view-security-tools.d.ts +32 -0
package/dist/tools/django-view-security-tools.d.ts.map +1 -0
package/dist/tools/django-view-security-tools.js +184 -0
package/dist/tools/django-view-security-tools.js.map +1 -0
package/dist/tools/fastapi-depends.d.ts +63 -0
package/dist/tools/fastapi-depends.d.ts.map +1 -0
package/dist/tools/fastapi-depends.js +191 -0
package/dist/tools/fastapi-depends.js.map +1 -0
package/dist/tools/hono-analyze-app.js +1 -9
package/dist/tools/hono-analyze-app.js.map +1 -1
package/dist/tools/hono-api-contract.d.ts.map +1 -1
package/dist/tools/hono-api-contract.js +41 -9
package/dist/tools/hono-api-contract.js.map +1 -1
package/dist/tools/hono-context-flow.js +1 -9
package/dist/tools/hono-context-flow.js.map +1 -1
package/dist/tools/hono-dead-routes.d.ts.map +1 -1
package/dist/tools/hono-dead-routes.js +2 -9
package/dist/tools/hono-dead-routes.js.map +1 -1
package/dist/tools/hono-entry-resolver.d.ts +27 -0
package/dist/tools/hono-entry-resolver.d.ts.map +1 -0
package/dist/tools/hono-entry-resolver.js +31 -0
package/dist/tools/hono-entry-resolver.js.map +1 -0
package/dist/tools/hono-inline-analyze.js +1 -9
package/dist/tools/hono-inline-analyze.js.map +1 -1
package/dist/tools/hono-middleware-chain.d.ts +24 -6
package/dist/tools/hono-middleware-chain.d.ts.map +1 -1
package/dist/tools/hono-middleware-chain.js +77 -40
package/dist/tools/hono-middleware-chain.js.map +1 -1
package/dist/tools/hono-modules.js +1 -9
package/dist/tools/hono-modules.js.map +1 -1
package/dist/tools/hono-response-types.js +1 -9
package/dist/tools/hono-response-types.js.map +1 -1
package/dist/tools/hono-rpc-types.js +1 -9
package/dist/tools/hono-rpc-types.js.map +1 -1
package/dist/tools/hono-security.d.ts +14 -4
package/dist/tools/hono-security.d.ts.map +1 -1
package/dist/tools/hono-security.js +185 -14
package/dist/tools/hono-security.js.map +1 -1
package/dist/tools/hono-visualize.js +1 -9
package/dist/tools/hono-visualize.js.map +1 -1
package/dist/tools/nest-ext-tools.d.ts +115 -0
package/dist/tools/nest-ext-tools.d.ts.map +1 -1
package/dist/tools/nest-ext-tools.js +393 -0
package/dist/tools/nest-ext-tools.js.map +1 -1
package/dist/tools/nest-tools.d.ts +27 -0
package/dist/tools/nest-tools.d.ts.map +1 -1
package/dist/tools/nest-tools.js +137 -37
package/dist/tools/nest-tools.js.map +1 -1
package/dist/tools/nextjs-component-readers.d.ts +101 -0
package/dist/tools/nextjs-component-readers.d.ts.map +1 -0
package/dist/tools/nextjs-component-readers.js +287 -0
package/dist/tools/nextjs-component-readers.js.map +1 -0
package/dist/tools/nextjs-component-tools.d.ts +8 -78
package/dist/tools/nextjs-component-tools.d.ts.map +1 -1
package/dist/tools/nextjs-component-tools.js +9 -257
package/dist/tools/nextjs-component-tools.js.map +1 -1
package/dist/tools/nextjs-framework-audit-tools.d.ts +24 -1
package/dist/tools/nextjs-framework-audit-tools.d.ts.map +1 -1
package/dist/tools/nextjs-framework-audit-tools.js +184 -1
package/dist/tools/nextjs-framework-audit-tools.js.map +1 -1
package/dist/tools/nextjs-route-readers.d.ts +81 -0
package/dist/tools/nextjs-route-readers.d.ts.map +1 -0
package/dist/tools/nextjs-route-readers.js +340 -0
package/dist/tools/nextjs-route-readers.js.map +1 -0
package/dist/tools/nextjs-route-tools.d.ts +7 -71
package/dist/tools/nextjs-route-tools.d.ts.map +1 -1
package/dist/tools/nextjs-route-tools.js +9 -327
package/dist/tools/nextjs-route-tools.js.map +1 -1
package/dist/tools/pattern-tools.d.ts.map +1 -1
package/dist/tools/pattern-tools.js +92 -2
package/dist/tools/pattern-tools.js.map +1 -1
package/dist/tools/php-tools.d.ts +14 -5
package/dist/tools/php-tools.d.ts.map +1 -1
package/dist/tools/php-tools.js +166 -64
package/dist/tools/php-tools.js.map +1 -1
package/dist/tools/plan-turn-tools.d.ts +89 -0
package/dist/tools/plan-turn-tools.d.ts.map +1 -0
package/dist/tools/plan-turn-tools.js +508 -0
package/dist/tools/plan-turn-tools.js.map +1 -0
package/dist/tools/project-tools.d.ts +1 -1
package/dist/tools/project-tools.js +1 -1
package/dist/tools/project-tools.js.map +1 -1
package/dist/tools/pydantic-models.d.ts +46 -0
package/dist/tools/pydantic-models.d.ts.map +1 -0
package/dist/tools/pydantic-models.js +249 -0
package/dist/tools/pydantic-models.js.map +1 -0
package/dist/tools/python-audit.d.ts +40 -0
package/dist/tools/python-audit.d.ts.map +1 -0
package/dist/tools/python-audit.js +244 -0
package/dist/tools/python-audit.js.map +1 -0
package/dist/tools/python-constants-tools.d.ts +44 -0
package/dist/tools/python-constants-tools.d.ts.map +1 -0
package/dist/tools/python-constants-tools.js +525 -0
package/dist/tools/python-constants-tools.js.map +1 -0
package/dist/tools/react-tools.d.ts +46 -1
package/dist/tools/react-tools.d.ts.map +1 -1
package/dist/tools/react-tools.js +126 -1
package/dist/tools/react-tools.js.map +1 -1
package/dist/tools/review-diff-tools.d.ts +5 -0
package/dist/tools/review-diff-tools.d.ts.map +1 -1
package/dist/tools/review-diff-tools.js +109 -3
package/dist/tools/review-diff-tools.js.map +1 -1
package/dist/tools/search-tools.d.ts +3 -2
package/dist/tools/search-tools.d.ts.map +1 -1
package/dist/tools/search-tools.js +16 -3
package/dist/tools/search-tools.js.map +1 -1
package/dist/tools/sql-tools.d.ts +40 -0
package/dist/tools/sql-tools.d.ts.map +1 -1
package/dist/tools/sql-tools.js +123 -0
package/dist/tools/sql-tools.js.map +1 -1
package/dist/tools/symbol-tools.d.ts.map +1 -1
package/dist/tools/symbol-tools.js +7 -10
package/dist/tools/symbol-tools.js.map +1 -1
package/dist/tools/taint-tools.d.ts +43 -0
package/dist/tools/taint-tools.d.ts.map +1 -0
package/dist/tools/taint-tools.js +922 -0
package/dist/tools/taint-tools.js.map +1 -0
package/dist/utils/import-graph.d.ts +6 -0
package/dist/utils/import-graph.d.ts.map +1 -1
package/dist/utils/import-graph.js +43 -7
package/dist/utils/import-graph.js.map +1 -1
package/package.json +3 -3
package/rules/codesift.md +51 -13
package/rules/codesift.mdc +51 -13
package/rules/codex.md +51 -13
package/rules/gemini.md +51 -13

package/dist/tools/async-correctness.js ADDED Viewed

@@ -0,0 +1,166 @@
+/**
+ * analyze_async_correctness — detect async/await bugs in Python code.
+ *
+ * Finds 8 common asyncio pitfalls that cause production issues but are
+ * silent at test time:
+ *
+ *   1. blocking-requests      — requests.get() inside async def (use httpx)
+ *   2. blocking-sleep         — time.sleep() in async def (use asyncio.sleep)
+ *   3. blocking-io            — open()/read() in async (use aiofiles)
+ *   4. sync-db-in-async       — sync SQLAlchemy/Django ORM in async view
+ *   5. missing-await          — coroutine expression used as regular value
+ *   6. async-without-await    — async def with no await (probably unnecessary)
+ *   7. blocking-subprocess    — subprocess.run/call in async (use asyncio.subprocess)
+ *   8. globalscope-task       — asyncio.create_task without storing ref (GC loss)
+ *
+ * Uses symbol graph: walks each async function's source text for the
+ * patterns above. Returns file/line/symbol/pattern/suggested fix.
+ */
+import { getCodeIndex } from "./index-tools.js";
+const CHECKS = [
+    {
+        rule: "blocking-requests",
+        severity: "error",
+        regex: /\brequests\.(get|post|put|delete|patch|head|options|request)\s*\(/,
+        message: "requests library is synchronous — blocks the event loop",
+        fix: "Use httpx.AsyncClient: async with httpx.AsyncClient() as client: await client.get(url)",
+    },
+    {
+        rule: "blocking-sleep",
+        severity: "error",
+        regex: /\btime\.sleep\s*\(/,
+        message: "time.sleep() blocks the event loop, freezes all concurrent tasks",
+        fix: "Use await asyncio.sleep(seconds) instead",
+    },
+    {
+        rule: "blocking-io",
+        severity: "warning",
+        regex: /(?<!async\s)\bopen\s*\([^)]*\)(?!\s*async)/,
+        message: "open() and file I/O block the event loop on slow disks",
+        fix: "Use aiofiles.open() for async file I/O, or run_in_executor for heavy I/O",
+    },
+    {
+        rule: "sync-db-in-async",
+        severity: "error",
+        regex: /\b(?:session|db)\.(query|execute|commit|flush|add)\s*\(/,
+        message: "Synchronous SQLAlchemy session blocks the event loop",
+        fix: "Use AsyncSession: await session.execute(stmt), async with session.begin()",
+    },
+    {
+        rule: "sync-orm-django",
+        severity: "error",
+        regex: /\.objects\.(?:get|filter|all|count|exists|create|update|delete)\s*\(/,
+        message: "Synchronous Django ORM blocks the event loop in async views",
+        fix: "Use async ORM methods (.aget(), .acount(), .aall()) or wrap with sync_to_async",
+    },
+    {
+        rule: "blocking-subprocess",
+        severity: "error",
+        regex: /\bsubprocess\.(run|call|check_output|check_call|Popen)\s*\(/,
+        message: "subprocess is synchronous — blocks the event loop",
+        fix: "Use asyncio.create_subprocess_exec() or asyncio.create_subprocess_shell()",
+    },
+    {
+        rule: "globalscope-task",
+        severity: "warning",
+        regex: /(?<!=\s)\basyncio\.create_task\s*\(/,
+        message: "asyncio.create_task() without storing the returned Task — may be garbage collected before completion",
+        fix: "Store in a set: tasks.add(asyncio.create_task(...)); tasks.discard on done",
+    },
+];
+/**
+ * Check for async def with no await in body — possibly unnecessary async.
+ * Handled separately from the CHECKS array because it requires symbol-level
+ * analysis (not just a regex on source).
+ */
+function isAsyncWithoutAwait(sym) {
+    if (!sym.is_async)
+        return false;
+    const source = sym.source ?? "";
+    // Strip docstring to avoid false positive on "await" in doc
+    const withoutDocstring = source.replace(/"""[\s\S]*?"""/g, "").replace(/'''[\s\S]*?'''/g, "");
+    // If the function body has no await, async with, or async for, flag it
+    return !/\bawait\b/.test(withoutDocstring)
+        && !/\basync\s+with\b/.test(withoutDocstring)
+        && !/\basync\s+for\b/.test(withoutDocstring)
+        && !/\byield\b/.test(withoutDocstring); // async generators need yield
+}
+/**
+ * Analyze async correctness across all async Python functions.
+ */
+export async function analyzeAsyncCorrectness(repo, options) {
+    const index = await getCodeIndex(repo);
+    if (!index)
+        throw new Error(`Repository "${repo}" not found.`);
+    const filePattern = options?.file_pattern;
+    const enabled = new Set(options?.rules ?? [
+        ...CHECKS.map((c) => c.rule),
+        "async-without-await",
+    ]);
+    const maxResults = options?.max_results ?? 200;
+    const findings = [];
+    let asyncFunctionCount = 0;
+    for (const sym of index.symbols) {
+        if (findings.length >= maxResults)
+            break;
+        if (!sym.file.endsWith(".py"))
+            continue;
+        if (filePattern && !sym.file.includes(filePattern))
+            continue;
+        if (!sym.is_async)
+            continue;
+        asyncFunctionCount++;
+        const source = sym.source ?? "";
+        // async-without-await check
+        if (enabled.has("async-without-await") && isAsyncWithoutAwait(sym)) {
+            findings.push({
+                rule: "async-without-await",
+                severity: "info",
+                file: sym.file,
+                line: sym.start_line,
+                symbol: sym.name,
+                symbol_kind: sym.kind,
+                match: `async def ${sym.name}`,
+                message: "async def with no await in body — may be unnecessarily async",
+                fix: "Remove async if not needed, or add real await operations",
+            });
+        }
+        // Pattern-based checks
+        for (const check of CHECKS) {
+            if (!enabled.has(check.rule))
+                continue;
+            check.regex.lastIndex = 0;
+            const m = check.regex.exec(source);
+            if (!m)
+                continue;
+            // Compute line offset within the symbol
+            const lineOffset = source.slice(0, m.index).split("\n").length - 1;
+            // Extract the matching line
+            const lineStart = source.lastIndexOf("\n", m.index) + 1;
+            const lineEnd = source.indexOf("\n", m.index);
+            const matchLine = source.slice(lineStart, lineEnd === -1 ? undefined : lineEnd).trim();
+            findings.push({
+                rule: check.rule,
+                severity: check.severity,
+                file: sym.file,
+                line: sym.start_line + lineOffset,
+                symbol: sym.name,
+                symbol_kind: sym.kind,
+                match: matchLine.slice(0, 200),
+                message: check.message,
+                fix: check.fix,
+            });
+        }
+    }
+    const by_rule = {};
+    for (const f of findings) {
+        by_rule[f.rule] = (by_rule[f.rule] ?? 0) + 1;
+    }
+    return {
+        findings,
+        total: findings.length,
+        by_rule,
+        async_functions_scanned: asyncFunctionCount,
+    };
+}
+//# sourceMappingURL=async-correctness.js.map

package/dist/tools/async-correctness.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"async-correctness.js","sourceRoot":"","sources":["../../src/tools/async-correctness.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AA8BhD,MAAM,MAAM,GAAY;IACtB;QACE,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,mEAAmE;QAC1E,OAAO,EAAE,yDAAyD;QAClE,GAAG,EAAE,wFAAwF;KAC9F;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,oBAAoB;QAC3B,OAAO,EAAE,kEAAkE;QAC3E,GAAG,EAAE,0CAA0C;KAChD;IACD;QACE,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,4CAA4C;QACnD,OAAO,EAAE,wDAAwD;QACjE,GAAG,EAAE,0EAA0E;KAChF;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,yDAAyD;QAChE,OAAO,EAAE,sDAAsD;QAC/D,GAAG,EAAE,2EAA2E;KACjF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,sEAAsE;QAC7E,OAAO,EAAE,6DAA6D;QACtE,GAAG,EAAE,gFAAgF;KACtF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,6DAA6D;QACpE,OAAO,EAAE,mDAAmD;QAC5D,GAAG,EAAE,2EAA2E;KACjF;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,qCAAqC;QAC5C,OAAO,EAAE,sGAAsG;QAC/G,GAAG,EAAE,4EAA4E;KAClF;CACF,CAAC;AAEF;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,GAAe;IAC1C,IAAI,CAAC,GAAG,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAChC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;IAChC,4DAA4D;IAC5D,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;IAC9F,uEAAuE;IACvE,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC;WACrC,CAAC,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC;WAC1C,CAAC,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC;WACzC,CAAC,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,8BAA8B;AAC1E,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAY,EACZ,OAIC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,cAAc,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,OAAO,EAAE,YAAY,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,OAAO,EAAE,KAAK,IAAI;QAChB,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5B,qBAAqB;KACtB,CACF,CAAC;IACF,MAAM,UAAU,GAAG,OAAO,EAAE,WAAW,IAAI,GAAG,CAAC;IAE/C,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAE3B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAChC,IAAI,QAAQ,CAAC,MAAM,IAAI,UAAU;YAAE,MAAM;QACzC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,SAAS;QACxC,IAAI,WAAW,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,SAAS;QAC7D,IAAI,CAAC,GAAG,CAAC,QAAQ;YAAE,SAAS;QAE5B,kBAAkB,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;QAEhC,4BAA4B;QAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;YACnE,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,qBAAqB;gBAC3B,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,UAAU;gBACpB,MAAM,EAAE,GAAG,CAAC,IAAI;gBAChB,WAAW,EAAE,GAAG,CAAC,IAAI;gBACrB,KAAK,EAAE,aAAa,GAAG,CAAC,IAAI,EAAE;gBAC9B,OAAO,EAAE,8DAA8D;gBACvE,GAAG,EAAE,0DAA0D;aAChE,CAAC,CAAC;QACL,CAAC;QAED,uBAAuB;QACvB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAS;YACvC,KAAK,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAC1B,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,IAAI,CAAC,CAAC;gBAAE,SAAS;YAEjB,wCAAwC;YACxC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;YACnE,4BAA4B;YAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;YAC9C,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAEvF,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,IAAI,EAAE,GAAG,CAAC,UAAU,GAAG,UAAU;gBACjC,MAAM,EAAE,GAAG,CAAC,IAAI;gBAChB,WAAW,EAAE,GAAG,CAAC,IAAI;gBACrB,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;gBAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,GAAG,EAAE,KAAK,CAAC,GAAG;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO;QACL,QAAQ;QACR,KAAK,EAAE,QAAQ,CAAC,MAAM;QACtB,OAAO;QACP,uBAAuB,EAAE,kBAAkB;KAC5C,CAAC;AACJ,CAAC"}

package/dist/tools/django-view-security-tools.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import type { CodeSymbol } from "../types.js";
+export interface DjangoViewSecurityAssessment {
+    symbol_name: string;
+    symbol_kind: CodeSymbol["kind"];
+    file: string;
+    line: number;
+    route_path?: string;
+    view_type: "function" | "class" | "method";
+    decorators: string[];
+    mixins: string[];
+    auth_guards: string[];
+    csrf_exempt: boolean;
+    effective_auth_required: boolean;
+    csrf_protected: boolean;
+    authentication_middleware: boolean;
+    session_middleware: boolean;
+    security_middleware: boolean;
+    notes: string[];
+    confidence: "high" | "medium" | "low";
+}
+export interface DjangoViewSecurityResult {
+    assessments: DjangoViewSecurityAssessment[];
+    settings_files: string[];
+    middleware: string[];
+}
+export declare function effectiveDjangoViewSecurity(repo: string, options: {
+    path?: string;
+    symbol_name?: string;
+    file_pattern?: string;
+    settings_file?: string;
+}): Promise<DjangoViewSecurityResult>;
+//# sourceMappingURL=django-view-security-tools.d.ts.map

package/dist/tools/django-view-security-tools.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"django-view-security-tools.d.ts","sourceRoot":"","sources":["../../src/tools/django-view-security-tools.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAa,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzD,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,UAAU,GAAG,OAAO,GAAG,QAAQ,CAAC;IAC3C,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,uBAAuB,EAAE,OAAO,CAAC;IACjC,cAAc,EAAE,OAAO,CAAC;IACxB,yBAAyB,EAAE,OAAO,CAAC;IACnC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;CACvC;AAED,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,4BAA4B,EAAE,CAAC;IAC5C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AA8KD,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE;IACP,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GACA,OAAO,CAAC,wBAAwB,CAAC,CA+BnC"}

package/dist/tools/django-view-security-tools.js ADDED Viewed

@@ -0,0 +1,184 @@
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { getCodeIndex } from "./index-tools.js";
+import { traceRoute } from "./route-tools.js";
+const AUTH_DECORATORS = [
+    "login_required",
+    "permission_required",
+    "user_passes_test",
+    "staff_member_required",
+    "superuser_required",
+];
+const AUTH_MIXINS = [
+    "LoginRequiredMixin",
+    "PermissionRequiredMixin",
+    "UserPassesTestMixin",
+    "AccessMixin",
+];
+function hasDecorator(decorators, name) {
+    return decorators.some((decorator) => {
+        const normalized = decorator.trim().replace(/^@/, "");
+        return normalized === name || normalized.startsWith(`${name}(`);
+    });
+}
+function collectAuthGuards(decorators, mixins) {
+    const guards = new Set();
+    for (const decorator of AUTH_DECORATORS) {
+        if (hasDecorator(decorators, decorator))
+            guards.add(decorator);
+    }
+    for (const mixin of AUTH_MIXINS) {
+        if (mixins.includes(mixin))
+            guards.add(mixin);
+    }
+    return [...guards];
+}
+function getSettingsFiles(index, explicitSettingsFile) {
+    if (explicitSettingsFile)
+        return [explicitSettingsFile];
+    return index.files
+        .filter((file) => file.path.endsWith(".py"))
+        .filter((file) => /\/settings\.py$|\/settings\/[\w_]+\.py$/.test(file.path))
+        .map((file) => file.path);
+}
+async function collectMiddleware(index, settingsFiles) {
+    const middlewares = new Set();
+    for (const filePath of settingsFiles) {
+        let source;
+        try {
+            source = await readFile(join(index.root, filePath), "utf-8");
+        }
+        catch {
+            continue;
+        }
+        const match = source.match(/MIDDLEWARE\s*=\s*\[([\s\S]*?)\]/);
+        if (!match?.[1])
+            continue;
+        const entries = match[1]
+            .split(",")
+            .map((value) => value.trim().replace(/['"]/g, ""))
+            .filter((value) => value.length > 0);
+        for (const entry of entries) {
+            middlewares.add(entry);
+        }
+    }
+    return [...middlewares];
+}
+function classifyViewType(symbol) {
+    if (symbol.kind === "class")
+        return "class";
+    if (symbol.kind === "method")
+        return "method";
+    return "function";
+}
+function buildNotes(authGuards, csrfExempt, middleware) {
+    const notes = [];
+    const authMiddleware = middleware.some((entry) => entry.endsWith("AuthenticationMiddleware"));
+    const csrfMiddleware = middleware.some((entry) => entry.endsWith("CsrfViewMiddleware"));
+    if (authGuards.length === 0) {
+        if (authMiddleware) {
+            notes.push("No auth decorator or mixin detected; AuthenticationMiddleware alone does not restrict access.");
+        }
+        else {
+            notes.push("No auth decorator or mixin detected, and AuthenticationMiddleware was not found in settings.");
+        }
+    }
+    if (csrfExempt) {
+        notes.push("View is explicitly marked csrf_exempt.");
+    }
+    else if (!csrfMiddleware) {
+        notes.push("CsrfViewMiddleware was not found in settings, so CSRF protection may be absent globally.");
+    }
+    return notes;
+}
+function buildAssessment(symbol, parentSymbol, middleware, routePath) {
+    const decorators = [...(parentSymbol?.decorators ?? []), ...(symbol.decorators ?? [])];
+    const mixins = symbol.kind === "class"
+        ? [...(symbol.extends ?? [])]
+        : [...(parentSymbol?.extends ?? [])];
+    const authGuards = collectAuthGuards(decorators, mixins);
+    const csrfExempt = hasDecorator(decorators, "csrf_exempt");
+    const authenticationMiddleware = middleware.some((entry) => entry.endsWith("AuthenticationMiddleware"));
+    const sessionMiddleware = middleware.some((entry) => entry.endsWith("SessionMiddleware"));
+    const securityMiddleware = middleware.some((entry) => entry.endsWith("SecurityMiddleware"));
+    const csrfProtected = !csrfExempt && middleware.some((entry) => entry.endsWith("CsrfViewMiddleware"));
+    const notes = buildNotes(authGuards, csrfExempt, middleware);
+    const assessment = {
+        symbol_name: symbol.name,
+        symbol_kind: symbol.kind,
+        file: symbol.file,
+        line: symbol.start_line,
+        view_type: classifyViewType(symbol),
+        decorators,
+        mixins,
+        auth_guards: authGuards,
+        csrf_exempt: csrfExempt,
+        effective_auth_required: authGuards.length > 0,
+        csrf_protected: csrfProtected,
+        authentication_middleware: authenticationMiddleware,
+        session_middleware: sessionMiddleware,
+        security_middleware: securityMiddleware,
+        notes,
+        confidence: parentSymbol || routePath ? "high" : "medium",
+    };
+    if (routePath !== undefined) {
+        assessment.route_path = routePath;
+    }
+    return assessment;
+}
+function dedupeAssessments(assessments) {
+    const seen = new Set();
+    const result = [];
+    for (const assessment of assessments) {
+        const key = `${assessment.file}:${assessment.line}:${assessment.symbol_name}`;
+        if (seen.has(key))
+            continue;
+        seen.add(key);
+        result.push(assessment);
+    }
+    return result;
+}
+function findParentSymbol(index, symbol) {
+    if (!symbol.parent)
+        return undefined;
+    return index.symbols.find((candidate) => candidate.id === symbol.parent);
+}
+async function resolveSymbolsFromPath(index, path) {
+    const trace = await traceRoute(index.repo, path);
+    if (!trace || typeof trace !== "object" || !("handlers" in trace))
+        return [];
+    const handlers = trace.handlers;
+    return handlers
+        .filter((handler) => handler.framework === "django")
+        .map((handler) => index.symbols.find((symbol) => symbol.file === handler.symbol.file &&
+        symbol.name === handler.symbol.name &&
+        symbol.start_line === handler.symbol.start_line))
+        .filter((symbol) => symbol !== undefined);
+}
+export async function effectiveDjangoViewSecurity(repo, options) {
+    const index = await getCodeIndex(repo);
+    if (!index)
+        throw new Error(`Repository "${repo}" not found.`);
+    if (!options.path && !options.symbol_name) {
+        throw new Error("Provide either path or symbol_name.");
+    }
+    const settingsFiles = getSettingsFiles(index, options.settings_file);
+    const middleware = await collectMiddleware(index, settingsFiles);
+    let symbols = [];
+    if (options.path) {
+        symbols = await resolveSymbolsFromPath(index, options.path);
+    }
+    else if (options.symbol_name) {
+        symbols = index.symbols.filter((symbol) => symbol.file.endsWith(".py")
+            && symbol.name === options.symbol_name
+            && (symbol.kind === "function" || symbol.kind === "class" || symbol.kind === "method")
+            && (!options.file_pattern || symbol.file.includes(options.file_pattern)));
+    }
+    const assessments = dedupeAssessments(symbols.map((symbol) => buildAssessment(symbol, findParentSymbol(index, symbol), middleware, options.path)));
+    return {
+        assessments,
+        settings_files: settingsFiles,
+        middleware,
+    };
+}
+//# sourceMappingURL=django-view-security-tools.js.map

package/dist/tools/django-view-security-tools.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"django-view-security-tools.js","sourceRoot":"","sources":["../../src/tools/django-view-security-tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AA4B9C,MAAM,eAAe,GAAG;IACtB,gBAAgB;IAChB,qBAAqB;IACrB,kBAAkB;IAClB,uBAAuB;IACvB,oBAAoB;CACrB,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB,oBAAoB;IACpB,yBAAyB;IACzB,qBAAqB;IACrB,aAAa;CACd,CAAC;AAEF,SAAS,YAAY,CAAC,UAAoB,EAAE,IAAY;IACtD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QACnC,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACtD,OAAO,UAAU,KAAK,IAAI,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,iBAAiB,CAAC,UAAoB,EAAE,MAAgB;IAC/D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,KAAK,MAAM,SAAS,IAAI,eAAe,EAAE,CAAC;QACxC,IAAI,YAAY,CAAC,UAAU,EAAE,SAAS,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAgB,EAAE,oBAA6B;IACvE,IAAI,oBAAoB;QAAE,OAAO,CAAC,oBAAoB,CAAC,CAAC;IACxD,OAAO,KAAK,CAAC,KAAK;SACf,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;SAC3C,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SAC3E,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,KAAgB,EAAE,aAAuB;IACxE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;QACrC,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAAE,SAAS;QAE1B,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC;aACrB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;aACjD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACvC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,WAAW,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAkB;IAC1C,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9C,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,UAAU,CACjB,UAAoB,EACpB,UAAmB,EACnB,UAAoB;IAEpB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC,CAAC;IAC9F,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAExF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC,+FAA+F,CAAC,CAAC;QAC9G,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,8FAA8F,CAAC,CAAC;QAC7G,CAAC;IACH,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,0FAA0F,CAAC,CAAC;IACzG,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CACtB,MAAkB,EAClB,YAAoC,EACpC,UAAoB,EACpB,SAAkB;IAElB,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC;IACvF,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,KAAK,OAAO;QACpC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IACvC,MAAM,UAAU,GAAG,iBAAiB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAC3D,MAAM,wBAAwB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAC,CAAC;IACxG,MAAM,iBAAiB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC1F,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAC5F,MAAM,aAAa,GAAG,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACtG,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAE7D,MAAM,UAAU,GAAiC;QAC/C,WAAW,EAAE,MAAM,CAAC,IAAI;QACxB,WAAW,EAAE,MAAM,CAAC,IAAI;QACxB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,IAAI,EAAE,MAAM,CAAC,UAAU;QACvB,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;QACnC,UAAU;QACV,MAAM;QACN,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,UAAU;QACvB,uBAAuB,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;QAC9C,cAAc,EAAE,aAAa;QAC7B,yBAAyB,EAAE,wBAAwB;QACnD,kBAAkB,EAAE,iBAAiB;QACrC,mBAAmB,EAAE,kBAAkB;QACvC,KAAK;QACL,UAAU,EAAE,YAAY,IAAI,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;KAC1D,CAAC;IACF,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;QAC5B,UAAU,CAAC,UAAU,GAAG,SAAS,CAAC;IACpC,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAA2C;IACpE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAmC,EAAE,CAAC;IAClD,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,GAAG,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC;QAC9E,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAgB,EAAE,MAAkB;IAC5D,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,KAAK,MAAM,CAAC,MAAM,CAAC,CAAC;AAC3E,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,KAAgB,EAAE,IAAY;IAClE,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACjD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,UAAU,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE7E,MAAM,QAAQ,GAAI,KAAiH,CAAC,QAAQ,CAAC;IAC7I,OAAO,QAAQ;SACZ,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC;SACnD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAClC,CAAC,MAAM,EAAE,EAAE,CACT,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,IAAI;QACnC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,IAAI;QACnC,MAAM,CAAC,UAAU,KAAK,OAAO,CAAC,MAAM,CAAC,UAAU,CAClD,CAAC;SACD,MAAM,CAAC,CAAC,MAAM,EAAwB,EAAE,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,IAAY,EACZ,OAKC;IAED,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,eAAe,IAAI,cAAc,CAAC,CAAC;IAC/D,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,MAAM,iBAAiB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;IAEjE,IAAI,OAAO,GAAiB,EAAE,CAAC;IAC/B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,GAAG,MAAM,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9D,CAAC;SAAM,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,EAAE,CACxC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;eACxB,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,WAAW;eACnC,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,CAAC;eACnF,CAAC,CAAC,OAAO,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAC3D,eAAe,CAAC,MAAM,EAAE,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CACnF,CAAC,CAAC;IAEH,OAAO;QACL,WAAW;QACX,cAAc,EAAE,aAAa;QAC7B,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/tools/fastapi-depends.d.ts ADDED Viewed

@@ -0,0 +1,63 @@
+export interface DependsCallSite {
+    /** Name of the dependency function (e.g. "get_db") */
+    name: string;
+    /** Raw Depends() expression, e.g. "Depends(get_db)" or "Security(oauth2_scheme, scopes=['admin'])" */
+    expression: string;
+    /** Whether this is a Security() call (auth dependency) */
+    is_security: boolean;
+    /** Security scopes if present */
+    scopes: string[];
+}
+export interface DependsNode {
+    /** Dependency function name */
+    name: string;
+    /** File where the dependency is defined, if resolvable */
+    file?: string;
+    /** Line where the dependency is defined */
+    line?: number;
+    /** Sub-dependencies this dep itself uses */
+    depends_on: DependsNode[];
+    /** Is this a yield-based dependency (FastAPI cleanup pattern)? */
+    is_yield: boolean;
+    /** Is this a Security() dep? */
+    is_security: boolean;
+    /** Security scopes if present */
+    scopes: string[];
+    /** Depth in the tree (0 = directly attached to endpoint) */
+    depth: number;
+}
+export interface FastAPIEndpointDeps {
+    /** Endpoint function symbol name */
+    endpoint: string;
+    /** File path */
+    file: string;
+    /** Line */
+    line: number;
+    /** HTTP method and path, e.g. "GET /users/{id}" */
+    route?: string;
+    /** Full dependency tree rooted at this endpoint */
+    depends: DependsNode[];
+    /** All unique dep names used (flattened) */
+    all_deps: string[];
+    /** Are any Security() deps in the chain? */
+    has_auth: boolean;
+}
+export interface FastAPIDependsResult {
+    endpoints: FastAPIEndpointDeps[];
+    total_endpoints: number;
+    total_unique_deps: number;
+    endpoints_without_auth: string[];
+    shared_deps: Array<{
+        name: string;
+        used_by: number;
+    }>;
+}
+/**
+ * Trace FastAPI Depends() chains for all endpoints in the repository.
+ */
+export declare function traceFastAPIDepends(repo: string, options?: {
+    file_pattern?: string;
+    endpoint?: string;
+    max_depth?: number;
+}): Promise<FastAPIDependsResult>;
+//# sourceMappingURL=fastapi-depends.d.ts.map

package/dist/tools/fastapi-depends.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fastapi-depends.d.ts","sourceRoot":"","sources":["../../src/tools/fastapi-depends.ts"],"names":[],"mappings":"AAmBA,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,IAAI,EAAE,MAAM,CAAC;IACb,sGAAsG;IACtG,UAAU,EAAE,MAAM,CAAC;IACnB,0DAA0D;IAC1D,WAAW,EAAE,OAAO,CAAC;IACrB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,UAAU,EAAE,WAAW,EAAE,CAAC;IAC1B,kEAAkE;IAClE,QAAQ,EAAE,OAAO,CAAC;IAClB,gCAAgC;IAChC,WAAW,EAAE,OAAO,CAAC;IACrB,iCAAiC;IACjC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,4DAA4D;IAC5D,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,oCAAoC;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW;IACX,IAAI,EAAE,MAAM,CAAC;IACb,mDAAmD;IACnD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mDAAmD;IACnD,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,4CAA4C;IAC5C,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,4CAA4C;IAC5C,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,mBAAmB,EAAE,CAAC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,WAAW,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACvD;AAWD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;IACR,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,OAAO,CAAC,oBAAoB,CAAC,CA6F/B"}

package/dist/tools/fastapi-depends.js ADDED Viewed

@@ -0,0 +1,191 @@
+/**
+ * trace_fastapi_depends — FastAPI dependency injection graph.
+ *
+ * Traces `Depends(X)` and `Security(X)` chains recursively from route
+ * handlers through the dependency tree. Answers "what runs before my
+ * endpoint executes?" — auth, DB sessions, request parsing, etc.
+ *
+ * Detects:
+ *   - Direct Depends() in function signatures
+ *   - Nested Depends() (dep A uses dep B that uses dep C)
+ *   - Security() (OAuth2, API key, scopes)
+ *   - yield dependencies (resource cleanup via context managers)
+ *   - global_dependencies in APIRouter/app
+ *
+ * Unique differentiator — no other MCP server traces FastAPI DI.
+ */
+import { getCodeIndex } from "./index-tools.js";
+/** Match Depends(foo) or Depends(foo, use_cache=False) */
+const DEPENDS_RE = /\b(Security|Depends)\s*\(\s*([\w.]+)(?:\s*,([^)]*))?\)/g;
+/** Match scopes=["admin", "read"] inside a Security() call */
+const SCOPES_RE = /scopes\s*=\s*\[([^\]]*)\]/;
+/** Match FastAPI route decorator */
+const ROUTE_DECORATOR_RE = /@\w+\.(get|post|put|delete|patch|options|head)\s*\(\s*['"]([^'"]*)['"]/;
+const MAX_DEPTH = 5;
+/**
+ * Trace FastAPI Depends() chains for all endpoints in the repository.
+ */
+export async function traceFastAPIDepends(repo, options) {
+    const index = await getCodeIndex(repo);
+    if (!index)
+        throw new Error(`Repository "${repo}" not found.`);
+    const filePattern = options?.file_pattern;
+    const endpointFilter = options?.endpoint;
+    const maxDepth = options?.max_depth ?? MAX_DEPTH;
+    // Build a lookup: function name → symbol (for resolving dep references)
+    const symbolByName = new Map();
+    for (const sym of index.symbols) {
+        if (!sym.file.endsWith(".py"))
+            continue;
+        if (sym.kind !== "function" && sym.kind !== "method")
+            continue;
+        if (!symbolByName.has(sym.name)) {
+            symbolByName.set(sym.name, sym);
+        }
+    }
+    // Find FastAPI endpoints — functions with @app.get/@router.get etc.
+    const endpoints = [];
+    const sharedDeps = new Map();
+    for (const sym of index.symbols) {
+        if (!sym.file.endsWith(".py"))
+            continue;
+        if (sym.kind !== "function" && sym.kind !== "method")
+            continue;
+        if (filePattern && !sym.file.includes(filePattern))
+            continue;
+        if (endpointFilter && sym.name !== endpointFilter)
+            continue;
+        if (!sym.decorators || sym.decorators.length === 0)
+            continue;
+        // Check if any decorator matches FastAPI route pattern
+        let route;
+        for (const dec of sym.decorators) {
+            const m = dec.match(ROUTE_DECORATOR_RE);
+            if (m) {
+                route = `${m[1].toUpperCase()} ${m[2]}`;
+                break;
+            }
+        }
+        if (!route)
+            continue;
+        // Extract direct Depends() from the function signature (stored in source)
+        const callSites = extractDependsFromSource(sym.source ?? "");
+        const directDeps = callSites.map((cs) => resolveDepNode(cs, symbolByName, new Set([sym.name]), 0, maxDepth));
+        // Flatten all_deps
+        const allDeps = new Set();
+        function collectDeps(nodes) {
+            for (const n of nodes) {
+                allDeps.add(n.name);
+                collectDeps(n.depends_on);
+            }
+        }
+        collectDeps(directDeps);
+        // Check if any dep in the chain is Security
+        const hasAuth = hasSecurityInTree(directDeps);
+        // Track shared dep usage counts
+        for (const dep of allDeps) {
+            sharedDeps.set(dep, (sharedDeps.get(dep) ?? 0) + 1);
+        }
+        const ep = {
+            endpoint: sym.name,
+            file: sym.file,
+            line: sym.start_line,
+            depends: directDeps,
+            all_deps: [...allDeps].sort(),
+            has_auth: hasAuth,
+        };
+        if (route)
+            ep.route = route;
+        endpoints.push(ep);
+    }
+    // Shared deps: only include those used by 2+ endpoints
+    const sharedList = [...sharedDeps.entries()]
+        .filter(([, count]) => count >= 2)
+        .map(([name, count]) => ({ name, used_by: count }))
+        .sort((a, b) => b.used_by - a.used_by);
+    const endpointsWithoutAuth = endpoints
+        .filter((e) => !e.has_auth)
+        .map((e) => `${e.route ?? e.endpoint} (${e.file}:${e.line})`);
+    return {
+        endpoints,
+        total_endpoints: endpoints.length,
+        total_unique_deps: sharedDeps.size,
+        endpoints_without_auth: endpointsWithoutAuth,
+        shared_deps: sharedList,
+    };
+}
+/**
+ * Extract Depends() call sites from a function's source text.
+ * Returns call sites in the order they appear in the parameter list.
+ */
+function extractDependsFromSource(source) {
+    const sites = [];
+    DEPENDS_RE.lastIndex = 0;
+    let m;
+    while ((m = DEPENDS_RE.exec(source)) !== null) {
+        const kind = m[1];
+        const name = m[2];
+        const extra = m[3] ?? "";
+        const isSecurity = kind === "Security";
+        const scopes = [];
+        if (isSecurity) {
+            const scopeMatch = extra.match(SCOPES_RE);
+            if (scopeMatch) {
+                for (const s of scopeMatch[1].split(",")) {
+                    const trimmed = s.trim().replace(/^['"]|['"]$/g, "");
+                    if (trimmed)
+                        scopes.push(trimmed);
+                }
+            }
+        }
+        sites.push({
+            name,
+            expression: m[0],
+            is_security: isSecurity,
+            scopes,
+        });
+    }
+    return sites;
+}
+/**
+ * Resolve a dep call site to a DependsNode, recursively extracting sub-deps.
+ */
+function resolveDepNode(site, symbolByName, visited, depth, maxDepth) {
+    const sym = symbolByName.get(site.name);
+    const node = {
+        name: site.name,
+        depends_on: [],
+        is_yield: false,
+        is_security: site.is_security,
+        scopes: site.scopes,
+        depth,
+    };
+    if (sym) {
+        node.file = sym.file;
+        node.line = sym.start_line;
+        // Detect yield dependency (FastAPI resource cleanup pattern)
+        if (sym.source && /\byield\b/.test(sym.source)) {
+            node.is_yield = true;
+        }
+    }
+    // Stop recursing if: too deep, already visited (cycle), or symbol missing
+    if (depth >= maxDepth || visited.has(site.name) || !sym) {
+        return node;
+    }
+    // Recurse: extract Depends() from this dep's source
+    const subVisited = new Set(visited);
+    subVisited.add(site.name);
+    const subSites = extractDependsFromSource(sym.source ?? "");
+    node.depends_on = subSites.map((sub) => resolveDepNode(sub, symbolByName, subVisited, depth + 1, maxDepth));
+    return node;
+}
+function hasSecurityInTree(nodes) {
+    for (const n of nodes) {
+        if (n.is_security)
+            return true;
+        if (hasSecurityInTree(n.depends_on))
+            return true;
+    }
+    return false;
+}
+//# sourceMappingURL=fastapi-depends.js.map