devlensio 0.2.0

package/dist/graph/buildLookup.d.ts

@@ -0,0 +1,10 @@
+import type { CodeNode } from "../types.js";
+export interface LookupMaps {
+    nodesByName: Map<string, CodeNode[]>;
+    nodesByFile: Map<string, CodeNode[]>;
+    fileNodesByPath: Map<string, CodeNode>;
+    storeNodes: CodeNode[];
+    thirdPartyNodesByName: Map<string, CodeNode>;
+    thirdPartyImportAliases: Map<string, Map<string, string>>;
+}
+export declare function buildLookupMaps(codeNodes: CodeNode[]): LookupMaps;

package/dist/graph/buildLookup.js

@@ -0,0 +1,32 @@
+export function buildLookupMaps(codeNodes) {
+    const nodesByName = new Map();
+    const nodesByFile = new Map();
+    const fileNodesByPath = new Map();
+    const storeNodes = [];
+    const thirdPartyNodesByName = new Map();
+    const thirdPartyImportAliases = new Map();
+    for (const node of codeNodes) {
+        if (node.type === "THIRD_PARTY") {
+            thirdPartyNodesByName.set(node.name, node);
+            continue;
+        }
+        // FILE nodes go into their own dedicated map — kept separate so other
+        // detectors (guards, call edges, etc.) only see function/component nodes
+        if (["FILE", "TEST", "STORY"].includes(node.type)) {
+            fileNodesByPath.set(node.filePath, node);
+            continue;
+        }
+        if (!nodesByName.has(node.name)) {
+            nodesByName.set(node.name, []);
+        }
+        nodesByName.get(node.name).push(node);
+        if (!nodesByFile.has(node.filePath)) {
+            nodesByFile.set(node.filePath, []);
+        }
+        nodesByFile.get(node.filePath).push(node);
+        if (node.type === "STATE_STORE") {
+            storeNodes.push(node);
+        }
+    }
+    return { nodesByName, nodesByFile, fileNodesByPath, storeNodes, thirdPartyNodesByName, thirdPartyImportAliases };
+}

package/dist/graph/edges/callEdges.d.ts

@@ -0,0 +1,7 @@
+import type { CodeEdge, CodeNode } from "../../types.js";
+import type { LookupMaps } from "../buildLookup.js";
+export interface CallEdgeResult {
+    edges: CodeEdge[];
+    newThirdPartyNodes: CodeNode[];
+}
+export declare function detectCallEdges(nodes: CodeNode[], lookupMp: LookupMaps): CallEdgeResult;

package/dist/graph/edges/callEdges.js

@@ -0,0 +1,145 @@
+import { closestByPath } from "./utils.js";
+export function detectCallEdges(nodes, lookupMp) {
+    const edges = [];
+    // Dedup for THIRD_PARTY CALLS edges — one per (caller, target) pair
+    const createdThirdPartyEdges = new Set();
+    // Accumulate resolved calls per node — written back to metadata after edge loop
+    const resolvedCallsMap = new Map();
+    // Lazily-created method nodes for default/namespace import member-access calls
+    const createdMethodNodes = new Map();
+    for (const node of nodes) {
+        // Only functions, hooks, and components make direct calls
+        if (node.type !== "FUNCTION" &&
+            node.type !== "HOOK" &&
+            node.type !== "COMPONENT")
+            continue;
+        const calls = node.metadata.calls;
+        const uses = node.metadata.uses;
+        const hookCalls = node.metadata.hookCalls;
+        const dependencies = node.metadata.dependencies;
+        const hooks = node.metadata.hooks;
+        // Primary call list determines the edge type
+        const primaryNames = calls ?? uses;
+        const edgeType = calls ? "CALLS" : "USES";
+        // Hook / dependency names are checked for third-party edges only —
+        // local hook-to-hook edges are already handled by hookEdges.ts.
+        const hookNames = [
+            ...(hookCalls ?? []),
+            ...(dependencies ?? []),
+            ...(hooks ?? []),
+        ];
+        const hasPrimary = primaryNames && primaryNames.length > 0;
+        const hasHooks = hookNames.length > 0;
+        if (!hasPrimary && !hasHooks)
+            continue;
+        // ── Primary names: both third-party and local edges ──────────────
+        for (const calledName of (primaryNames ?? [])) {
+            // ── Third-party guard ─────────────────────────────────────────
+            // The alias map is keyed by node.filePath (relative) and populated
+            // by importEdges.ts (which runs first).
+            const fileAliasMap = lookupMp.thirdPartyImportAliases.get(node.filePath);
+            if (fileAliasMap) {
+                const rootName = calledName.split(".")[0];
+                let tpNodeId = fileAliasMap.get(calledName) ?? fileAliasMap.get(rootName);
+                if (tpNodeId) {
+                    // When the alias resolved to a package node (default/namespace import)
+                    // AND the calledName is a member-access expression like "axios.get",
+                    // create a more granular per-method node.
+                    const isPackageNode = !tpNodeId.includes("::");
+                    const hasMemberAccess = calledName.includes(".");
+                    if (isPackageNode && hasMemberAccess) {
+                        const methodSuffix = calledName.slice(rootName.length + 1); // "get" from "axios.get"
+                        const methodNodeId = `${tpNodeId}::${methodSuffix}`;
+                        if (!createdMethodNodes.has(methodNodeId)) {
+                            const pkgName = tpNodeId.replace(/^\[npm\]\//, "");
+                            const pkgNode = lookupMp.thirdPartyNodesByName.get(pkgName);
+                            createdMethodNodes.set(methodNodeId, {
+                                id: methodNodeId,
+                                name: `${pkgName}.${methodSuffix}`,
+                                type: "THIRD_PARTY",
+                                filePath: tpNodeId,
+                                startLine: 0,
+                                endLine: 0,
+                                rawCode: undefined,
+                                codeHash: undefined,
+                                metadata: {
+                                    isThirdParty: true,
+                                    packageVersion: pkgNode?.metadata.packageVersion ?? "unknown",
+                                    category: pkgNode?.metadata.category ?? "unknown",
+                                    parentPackageId: tpNodeId,
+                                    methodName: methodSuffix,
+                                },
+                            });
+                        }
+                        // Cache in the alias map so subsequent lookups for the same
+                        // expression skip re-creation.
+                        fileAliasMap.set(calledName, methodNodeId);
+                        tpNodeId = methodNodeId;
+                    }
+                    const edgeKey = `${node.id}→${tpNodeId}:CALLS`;
+                    if (!createdThirdPartyEdges.has(edgeKey)) {
+                        createdThirdPartyEdges.add(edgeKey);
+                        edges.push({
+                            from: node.id,
+                            to: tpNodeId,
+                            type: "CALLS",
+                            metadata: { calledName, isThirdParty: true },
+                        });
+                    }
+                    continue;
+                }
+            }
+            // Skip non-third-party member-access calls (console.log, Math.round, etc.)
+            if (calledName.includes("."))
+                continue;
+            // ── Local node lookup ─────────────────────────────────────────
+            const targets = lookupMp.nodesByName.get(calledName);
+            if (!targets || targets.length === 0)
+                continue;
+            const target = targets.length === 1
+                ? targets[0]
+                : closestByPath(targets, node.filePath);
+            if (target.id === node.id)
+                continue; // skip self-reference
+            edges.push({
+                from: node.id,
+                to: target.id,
+                type: edgeType,
+                metadata: { calledName },
+            });
+            if (!resolvedCallsMap.has(node.id))
+                resolvedCallsMap.set(node.id, []);
+            const existing = resolvedCallsMap.get(node.id);
+            if (!existing.some(r => r.nodeId === target.id)) {
+                existing.push({ name: calledName, nodeId: target.id });
+            }
+        }
+        // ── Hook / dependency names: third-party edges only ──────────────
+        if (hookNames.length > 0) {
+            const fileAliasMap = lookupMp.thirdPartyImportAliases.get(node.filePath);
+            if (fileAliasMap) {
+                for (const hookName of hookNames) {
+                    const rootName = hookName.split(".")[0];
+                    const tpNodeId = fileAliasMap.get(hookName) ?? fileAliasMap.get(rootName);
+                    if (!tpNodeId)
+                        continue;
+                    const edgeKey = `${node.id}→${tpNodeId}:CALLS`;
+                    if (!createdThirdPartyEdges.has(edgeKey)) {
+                        createdThirdPartyEdges.add(edgeKey);
+                        edges.push({
+                            from: node.id,
+                            to: tpNodeId,
+                            type: "CALLS",
+                            metadata: { calledName: hookName, isThirdParty: true },
+                        });
+                    }
+                }
+            }
+        }
+    }
+    // Write resolved calls back onto nodes
+    for (const node of nodes) {
+        node.metadata.resolvedCalls = resolvedCallsMap.get(node.id) ?? [];
+    }
+    return { edges, newThirdPartyNodes: [...createdMethodNodes.values()] };
+}

package/dist/graph/edges/eventEdges.d.ts

@@ -0,0 +1,7 @@
+import type { CodeNode, CodeEdge } from "../../types.js";
+import type { LookupMaps } from "../buildLookup.js";
+export interface EventEdgeResult {
+    edges: CodeEdge[];
+    ghostNodes: CodeNode[];
+}
+export declare function detectEventEdges(lookup: LookupMaps, repoPath: string): EventEdgeResult;

package/dist/graph/edges/eventEdges.js

@@ -0,0 +1,203 @@
+import { Project, SyntaxKind } from "ts-morph";
+import path from "path";
+import fs from "fs";
+// Patterns that indicate an event is being emitted
+const EMITTER_PATTERNS = [
+    "dispatchEvent",
+    ".emit",
+];
+// Patterns that indicate an event is being listened to
+const LISTENER_PATTERNS = [
+    "addEventListener",
+    ".on",
+    ".once",
+];
+// Recursively walk directory and add files to project
+function addFilesRecursively(dir, project) {
+    const IGNORE_DIRS = [
+        "node_modules", "dist", "build",
+        ".next", "coverage", ".git",
+    ];
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (IGNORE_DIRS.includes(entry.name))
+                continue;
+            addFilesRecursively(fullPath, project);
+        }
+        else if (entry.isFile()) {
+            if (!/\.(ts|tsx|js|jsx)$/.test(entry.name))
+                continue;
+            if (/\.(test|spec)\.(ts|tsx|js|jsx)$/.test(entry.name))
+                continue;
+            if (/\.d\.ts$/.test(entry.name))
+                continue;
+            project.addSourceFileAtPath(fullPath);
+        }
+    }
+}
+// Creates a ghost node for an event
+function createGhostNode(eventName) {
+    return {
+        id: `ghost::event:${eventName}`,
+        name: `event:${eventName}`,
+        type: "GHOST",
+        filePath: "",
+        startLine: 0,
+        endLine: 0,
+        metadata: {
+            ghostType: "event",
+            eventName,
+        },
+    };
+}
+// Extracts event name from a dispatchEvent call
+// window.dispatchEvent(new CustomEvent('payment-complete'))
+// We need to go one level deeper into CustomEvent arguments
+function extractDispatchEventName(call) {
+    const args = call.getArguments?.();
+    if (!args || args.length === 0)
+        return null;
+    const firstArg = args[0];
+    const firstArgText = firstArg.getText();
+    // Must be new CustomEvent('...')
+    if (!firstArgText.startsWith("new CustomEvent"))
+        return null;
+    // Get arguments of CustomEvent constructor
+    const newExpression = firstArg.asKind(SyntaxKind.NewExpression);
+    if (!newExpression)
+        return null;
+    const customEventArgs = newExpression.getArguments();
+    if (customEventArgs.length === 0)
+        return null;
+    const eventNameArg = customEventArgs[0].getText();
+    // Remove surrounding quotes
+    return eventNameArg.replace(/^['"`]|['"`]$/g, "");
+}
+// Extracts event name from emit/addEventListener/on/once calls
+// eventEmitter.emit('payment-complete', data)
+// window.addEventListener('payment-complete', handler)
+// First argument is always the event name
+function extractEventName(call) {
+    const args = call.getArguments?.();
+    if (!args || args.length === 0)
+        return null;
+    const firstArg = args[0].getText();
+    // Must be a string literal
+    if (!firstArg.startsWith("'") &&
+        !firstArg.startsWith('"') &&
+        !firstArg.startsWith("`"))
+        return null;
+    return firstArg.replace(/^['"`]|['"`]$/g, "");
+}
+// Walks up the AST from a node to find the containing function name
+// Returns the function name or null if not found
+function findContainingFunctionName(node) {
+    let current = node.getParent();
+    while (current) {
+        // Check if current node is any kind of function
+        if (current.getKind() === SyntaxKind.FunctionDeclaration ||
+            current.getKind() === SyntaxKind.FunctionExpression ||
+            current.getKind() === SyntaxKind.ArrowFunction ||
+            current.getKind() === SyntaxKind.MethodDeclaration) {
+            // Try to get the name
+            const asFuncDecl = current.asKind(SyntaxKind.FunctionDeclaration);
+            if (asFuncDecl)
+                return asFuncDecl.getName() ?? null;
+            const asMethod = current.asKind(SyntaxKind.MethodDeclaration);
+            if (asMethod)
+                return asMethod.getName() ?? null;
+            // For arrow functions and function expressions
+            // the name comes from the variable they are assigned to
+            const parent = current.getParent();
+            if (parent?.getKind() === SyntaxKind.VariableDeclaration) {
+                return parent.getName?.() ?? null;
+            }
+            return null;
+        }
+        current = current.getParent();
+    }
+    return null;
+}
+//MAIN FUNCTION
+export function detectEventEdges(lookup, repoPath) {
+    const edges = [];
+    const ghostNodes = [];
+    // Track ghost nodes by event name to avoid duplicates
+    const ghostsByEventName = new Map();
+    const project = new Project({
+        compilerOptions: {
+            allowJs: true,
+            checkJs: false,
+            jsx: 4,
+            strict: false,
+        },
+        skipAddingFilesFromTsConfig: true,
+    });
+    addFilesRecursively(repoPath, project);
+    for (const file of project.getSourceFiles()) {
+        const callExpressions = file.getDescendantsOfKind(SyntaxKind.CallExpression);
+        for (const call of callExpressions) {
+            const expressionText = call.getExpression().getText();
+            // ─── Determine if emitter or listener ─────────────────────────────────
+            const isEmitter = EMITTER_PATTERNS.some((p) => expressionText.includes(p));
+            const isListener = LISTENER_PATTERNS.some((p) => expressionText.includes(p));
+            if (!isEmitter && !isListener)
+                continue;
+            // ─── Extract event name ────────────────────────────────────────────────
+            let eventName = null;
+            if (expressionText.includes("dispatchEvent")) {
+                // dispatchEvent wraps CustomEvent — need to go deeper
+                eventName = extractDispatchEventName(call);
+            }
+            else {
+                // emit / addEventListener / on / once — first arg is event name
+                eventName = extractEventName(call);
+            }
+            if (!eventName)
+                continue;
+            // ─── Find containing function ──────────────────────────────────────────
+            const containingName = findContainingFunctionName(call);
+            if (!containingName)
+                continue;
+            // Look up containing function in our extracted nodes
+            const containingNodes = lookup.nodesByName.get(containingName);
+            if (!containingNodes || containingNodes.length === 0)
+                continue;
+            // Use first match — same name in multiple files is rare for event handlers
+            const containingNode = containingNodes[0];
+            // ─── Get or create ghost node ──────────────────────────────────────────
+            let ghostNode = ghostsByEventName.get(eventName);
+            if (!ghostNode) {
+                ghostNode = createGhostNode(eventName);
+                ghostsByEventName.set(eventName, ghostNode);
+                ghostNodes.push(ghostNode);
+            }
+            // ─── Create edge ───────────────────────────────────────────────────────
+            if (isEmitter) {
+                edges.push({
+                    from: containingNode.id,
+                    to: ghostNode.id,
+                    type: "EMITS",
+                    metadata: { eventName },
+                });
+            }
+            if (isListener) {
+                edges.push({
+                    from: ghostNode.id,
+                    to: containingNode.id,
+                    type: "LISTENS",
+                    metadata: { eventName },
+                });
+            }
+        }
+    }
+    return { edges, ghostNodes };
+}

package/dist/graph/edges/guardEdges.d.ts

@@ -0,0 +1,3 @@
+import type { CodeNode, CodeEdge, RouteNode, BackendRouteNode, ProjectFingerprint } from "../../types.js";
+import type { LookupMaps } from "../buildLookup.js";
+export declare function detectGuardEdges(nodes: CodeNode[], lookup: LookupMaps, routeNodes: (RouteNode | BackendRouteNode)[], repoPath: string, fingerprint: ProjectFingerprint): CodeEdge[];

package/dist/graph/edges/guardEdges.js

@@ -0,0 +1,232 @@
+import { Project, SyntaxKind } from "ts-morph";
+import path from "path";
+import fs from "fs";
+// Recursively walk directory and add files to project
+function addFilesRecursively(dir, project) {
+    const IGNORE_DIRS = [
+        "node_modules", "dist", "build",
+        ".next", "coverage", ".git",
+    ];
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+            if (IGNORE_DIRS.includes(entry.name))
+                continue;
+            addFilesRecursively(fullPath, project);
+        }
+        else if (entry.isFile()) {
+            if (!/\.(ts|tsx|js|jsx)$/.test(entry.name))
+                continue;
+            if (/\.(test|spec)\.(ts|tsx|js|jsx)$/.test(entry.name))
+                continue;
+            if (/\.d\.ts$/.test(entry.name))
+                continue;
+            project.addSourceFileAtPath(fullPath);
+        }
+    }
+}
+// Cleans a Next.js matcher pattern to a base path for matching
+// "/dashboard/:path*" → "/dashboard"
+// "/admin"            → "/admin"
+function cleanMatcherPattern(pattern) {
+    return pattern
+        .replace(/\/:path\*/g, "") // remove /:path*
+        .replace(/\/:[^/]+/g, "") // remove any :param segments
+        .replace(/\*/g, "") // remove wildcards
+        .replace(/\/$/, "") // remove trailing slash
+        || "/"; // fallback to root
+}
+// Checks if a route path is protected by a guard pattern
+function routeMatchesPattern(routePath, guardPattern) {
+    if (guardPattern === "/")
+        return true; // guards all routes
+    return routePath === guardPattern || routePath.startsWith(guardPattern + "/");
+}
+// ─── Next.js Guard Detection ──────────────────────────────────────────────────
+function detectNextjsGuards(lookup, routeNodes, repoPath, project) {
+    const edges = [];
+    // Find middleware file — could be at root or inside src/
+    const possiblePaths = [
+        path.join(repoPath, "middleware.ts"),
+        path.join(repoPath, "middleware.js"),
+        path.join(repoPath, "src", "middleware.ts"),
+        path.join(repoPath, "src", "middleware.js"),
+    ];
+    const middlewarePath = possiblePaths.find((p) => fs.existsSync(p));
+    if (!middlewarePath)
+        return edges;
+    // Find the middleware node in our extracted nodes.
+    // nodesByFile is now keyed by relative forward-slash paths (same as node.filePath).
+    const relativeMiddlewarePath = path.relative(repoPath, middlewarePath).replace(/\\/g, "/");
+    const middlewareNodes = lookup.nodesByFile.get(relativeMiddlewarePath);
+    if (!middlewareNodes || middlewareNodes.length === 0)
+        return edges;
+    // Use the first node from middleware file as the source
+    const middlewareNode = middlewareNodes[0];
+    // Open middleware file with ts-morph
+    const sourceFile = project.getSourceFile(middlewarePath);
+    if (!sourceFile)
+        return edges;
+    // Find the config variable declaration
+    // export const config = { matcher: [...] }
+    const configVariable = sourceFile
+        .getVariableDeclarations()
+        .find((v) => v.getName() === "config");
+    if (!configVariable)
+        return edges;
+    const initializer = configVariable.getInitializer();
+    if (!initializer)
+        return edges;
+    // Find the matcher array inside config object
+    const objLiteral = initializer.asKind(SyntaxKind.ObjectLiteralExpression);
+    if (!objLiteral)
+        return edges;
+    for (const prop of objLiteral.getProperties()) {
+        const propName = prop.getName?.();
+        if (propName !== "matcher")
+            continue;
+        const propInitializer = prop.getInitializer?.();
+        if (!propInitializer)
+            continue;
+        // matcher can be a single string or an array
+        // matcher: '/dashboard'
+        // matcher: ['/dashboard', '/admin']
+        const patterns = [];
+        if (propInitializer.getKind() === SyntaxKind.StringLiteral) {
+            // Single string pattern
+            patterns.push(propInitializer.getText().replace(/^['"`]|['"`]$/g, ""));
+        }
+        else if (propInitializer.getKind() === SyntaxKind.ArrayLiteralExpression) {
+            // Array of patterns
+            const arrayLiteral = propInitializer.asKind(SyntaxKind.ArrayLiteralExpression);
+            if (!arrayLiteral)
+                continue;
+            for (const element of arrayLiteral.getElements()) {
+                const text = element.getText().replace(/^['"`]|['"`]$/g, "");
+                patterns.push(text);
+            }
+        }
+        // For each pattern find matching route nodes
+        for (const pattern of patterns) {
+            const basePath = cleanMatcherPattern(pattern);
+            for (const routeNode of routeNodes) {
+                if (routeNode.type === "MIDDLEWARE")
+                    continue;
+                if (routeMatchesPattern(routeNode.urlPath, basePath)) {
+                    edges.push({
+                        from: middlewareNode.id,
+                        to: routeNode.urlPath,
+                        type: "GUARDS",
+                        metadata: {
+                            pattern,
+                            guardedPath: routeNode.urlPath,
+                        },
+                    });
+                }
+            }
+        }
+    }
+    return edges;
+}
+// ─── Express/Fastify/Koa Guard Detection ──────────────────────────────────────
+function detectBackendGuards(lookup, routeNodes, project) {
+    const edges = [];
+    // Only look at backend route nodes
+    const backendRoutes = routeNodes.filter((r) => r.type === "BACKEND_ROUTE");
+    for (const file of project.getSourceFiles()) {
+        const callExpressions = file.getDescendantsOfKind(SyntaxKind.CallExpression);
+        for (const call of callExpressions) {
+            const expressionText = call.getExpression().getText();
+            // Only look for app.use() / router.use() calls
+            if (!expressionText.endsWith(".use"))
+                continue;
+            const args = call.getArguments();
+            if (args.length === 0)
+                continue;
+            let guardPath = "/"; // default — guards all routes
+            let middlewareName;
+            if (args.length === 1) {
+                // app.use(middlewareName) — no path, guards all routes
+                const argText = args[0].getText();
+                if (!argText.includes("=>") &&
+                    !argText.includes("function") &&
+                    /^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(argText)) {
+                    middlewareName = argText;
+                }
+            }
+            else if (args.length >= 2) {
+                // app.use('/admin', middlewareName)
+                const firstArgText = args[0].getText();
+                // First arg must be a string path
+                if (firstArgText.startsWith("'") ||
+                    firstArgText.startsWith('"') ||
+                    firstArgText.startsWith("`")) {
+                    guardPath = firstArgText.replace(/^['"`]|['"`]$/g, "");
+                    // Last arg is the middleware function
+                    const lastArgText = args[args.length - 1].getText();
+                    if (!lastArgText.includes("=>") &&
+                        !lastArgText.includes("function") &&
+                        /^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(lastArgText)) {
+                        middlewareName = lastArgText;
+                    }
+                }
+            }
+            if (!middlewareName)
+                continue;
+            // Look up middleware in our extracted nodes
+            const middlewareNodes = lookup.nodesByName.get(middlewareName);
+            if (!middlewareNodes || middlewareNodes.length === 0)
+                continue;
+            const middlewareNode = middlewareNodes[0];
+            // Find matching backend routes
+            for (const route of backendRoutes) {
+                if (routeMatchesPattern(route.urlPath, guardPath)) {
+                    edges.push({
+                        from: middlewareNode.id,
+                        to: route.urlPath,
+                        type: "GUARDS",
+                        metadata: {
+                            guardedPath: route.urlPath,
+                            httpMethod: route.httpMethod,
+                        },
+                    });
+                }
+            }
+        }
+    }
+    return edges;
+}
+// ─── Main Export ──────────────────────────────────────────────────────────────
+export function detectGuardEdges(nodes, lookup, routeNodes, repoPath, fingerprint) {
+    const project = new Project({
+        compilerOptions: {
+            allowJs: true,
+            checkJs: false,
+            jsx: 4,
+            strict: false,
+        },
+        skipAddingFilesFromTsConfig: true,
+    });
+    addFilesRecursively(repoPath, project);
+    const edges = [];
+    // Next.js — middleware.ts with matcher config
+    if (fingerprint.framework === "nextjs" ||
+        fingerprint.projectType === "fullstack") {
+        edges.push(...detectNextjsGuards(lookup, routeNodes, repoPath, project));
+    }
+    // Express / Fastify / Koa — app.use() calls
+    if (fingerprint.framework === "express" ||
+        fingerprint.framework === "fastify" ||
+        fingerprint.framework === "koa" ||
+        fingerprint.projectType === "fullstack") {
+        edges.push(...detectBackendGuards(lookup, routeNodes, project));
+    }
+    return edges;
+}

package/dist/graph/edges/hookEdges.d.ts

@@ -0,0 +1,3 @@
+import type { CodeEdge, CodeNode } from "../../types.js";
+import type { LookupMaps } from "../buildLookup.js";
+export declare function detectHookEdges(nodes: CodeNode[], lookup: LookupMaps): CodeEdge[];