npm - driftdetect-core - Versions diffs - 0.4.1 → 0.4.2 - Mend

driftdetect-core 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (237) hide show

package/dist/boundaries/boundary-scanner.d.ts +76 -0
package/dist/boundaries/boundary-scanner.d.ts.map +1 -0
package/dist/boundaries/boundary-scanner.js +801 -0
package/dist/boundaries/boundary-scanner.js.map +1 -0
package/dist/boundaries/data-access-learner.d.ts +126 -0
package/dist/boundaries/data-access-learner.d.ts.map +1 -0
package/dist/boundaries/data-access-learner.js +486 -0
package/dist/boundaries/data-access-learner.js.map +1 -0
package/dist/boundaries/index.d.ts +6 -0
package/dist/boundaries/index.d.ts.map +1 -1
package/dist/boundaries/index.js +6 -0
package/dist/boundaries/index.js.map +1 -1
package/dist/boundaries/security-prioritizer.d.ts +118 -0
package/dist/boundaries/security-prioritizer.d.ts.map +1 -0
package/dist/boundaries/security-prioritizer.js +316 -0
package/dist/boundaries/security-prioritizer.js.map +1 -0
package/dist/call-graph/analysis/coverage-analyzer.d.ts +201 -0
package/dist/call-graph/analysis/coverage-analyzer.d.ts.map +1 -0
package/dist/call-graph/analysis/coverage-analyzer.js +553 -0
package/dist/call-graph/analysis/coverage-analyzer.js.map +1 -0
package/dist/call-graph/analysis/dead-code-detector.d.ts +145 -0
package/dist/call-graph/analysis/dead-code-detector.d.ts.map +1 -0
package/dist/call-graph/analysis/dead-code-detector.js +391 -0
package/dist/call-graph/analysis/dead-code-detector.js.map +1 -0
package/dist/call-graph/analysis/graph-builder.d.ts +142 -0
package/dist/call-graph/analysis/graph-builder.d.ts.map +1 -0
package/dist/call-graph/analysis/graph-builder.js +624 -0
package/dist/call-graph/analysis/graph-builder.js.map +1 -0
package/dist/call-graph/analysis/impact-analyzer.d.ts +150 -0
package/dist/call-graph/analysis/impact-analyzer.d.ts.map +1 -0
package/dist/call-graph/analysis/impact-analyzer.js +329 -0
package/dist/call-graph/analysis/impact-analyzer.js.map +1 -0
package/dist/call-graph/analysis/index.d.ts +11 -0
package/dist/call-graph/analysis/index.d.ts.map +1 -0
package/dist/call-graph/analysis/index.js +9 -0
package/dist/call-graph/analysis/index.js.map +1 -0
package/dist/call-graph/analysis/path-finder.d.ts +117 -0
package/dist/call-graph/analysis/path-finder.d.ts.map +1 -0
package/dist/call-graph/analysis/path-finder.js +360 -0
package/dist/call-graph/analysis/path-finder.js.map +1 -0
package/dist/call-graph/analysis/reachability.d.ts +56 -0
package/dist/call-graph/analysis/reachability.d.ts.map +1 -0
package/dist/call-graph/analysis/reachability.js +357 -0
package/dist/call-graph/analysis/reachability.js.map +1 -0
package/dist/call-graph/demo.d.ts +11 -0
package/dist/call-graph/demo.d.ts.map +1 -0
package/dist/call-graph/demo.js +339 -0
package/dist/call-graph/demo.js.map +1 -0
package/dist/call-graph/enrichment/enrichment-engine.d.ts +126 -0
package/dist/call-graph/enrichment/enrichment-engine.d.ts.map +1 -0
package/dist/call-graph/enrichment/enrichment-engine.js +760 -0
package/dist/call-graph/enrichment/enrichment-engine.js.map +1 -0
package/dist/call-graph/enrichment/impact-scorer.d.ts +59 -0
package/dist/call-graph/enrichment/impact-scorer.d.ts.map +1 -0
package/dist/call-graph/enrichment/impact-scorer.js +328 -0
package/dist/call-graph/enrichment/impact-scorer.js.map +1 -0
package/dist/call-graph/enrichment/index.d.ts +12 -0
package/dist/call-graph/enrichment/index.d.ts.map +1 -0
package/dist/call-graph/enrichment/index.js +15 -0
package/dist/call-graph/enrichment/index.js.map +1 -0
package/dist/call-graph/enrichment/remediation-generator.d.ts +41 -0
package/dist/call-graph/enrichment/remediation-generator.d.ts.map +1 -0
package/dist/call-graph/enrichment/remediation-generator.js +609 -0
package/dist/call-graph/enrichment/remediation-generator.js.map +1 -0
package/dist/call-graph/enrichment/sensitivity-classifier.d.ts +71 -0
package/dist/call-graph/enrichment/sensitivity-classifier.d.ts.map +1 -0
package/dist/call-graph/enrichment/sensitivity-classifier.js +454 -0
package/dist/call-graph/enrichment/sensitivity-classifier.js.map +1 -0
package/dist/call-graph/enrichment/types.d.ts +402 -0
package/dist/call-graph/enrichment/types.d.ts.map +1 -0
package/dist/call-graph/enrichment/types.js +9 -0
package/dist/call-graph/enrichment/types.js.map +1 -0
package/dist/call-graph/extractors/base-extractor.d.ts +112 -0
package/dist/call-graph/extractors/base-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/base-extractor.js +140 -0
package/dist/call-graph/extractors/base-extractor.js.map +1 -0
package/dist/call-graph/extractors/csharp-data-access-extractor.d.ts +76 -0
package/dist/call-graph/extractors/csharp-data-access-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/csharp-data-access-extractor.js +387 -0
package/dist/call-graph/extractors/csharp-data-access-extractor.js.map +1 -0
package/dist/call-graph/extractors/csharp-extractor.d.ts +87 -0
package/dist/call-graph/extractors/csharp-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/csharp-extractor.js +470 -0
package/dist/call-graph/extractors/csharp-extractor.js.map +1 -0
package/dist/call-graph/extractors/data-access-extractor.d.ts +76 -0
package/dist/call-graph/extractors/data-access-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/data-access-extractor.js +234 -0
package/dist/call-graph/extractors/data-access-extractor.js.map +1 -0
package/dist/call-graph/extractors/index.d.ts +26 -0
package/dist/call-graph/extractors/index.d.ts.map +1 -0
package/dist/call-graph/extractors/index.js +36 -0
package/dist/call-graph/extractors/index.js.map +1 -0
package/dist/call-graph/extractors/java-data-access-extractor.d.ts +101 -0
package/dist/call-graph/extractors/java-data-access-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/java-data-access-extractor.js +611 -0
package/dist/call-graph/extractors/java-data-access-extractor.js.map +1 -0
package/dist/call-graph/extractors/java-extractor.d.ts +87 -0
package/dist/call-graph/extractors/java-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/java-extractor.js +510 -0
package/dist/call-graph/extractors/java-extractor.js.map +1 -0
package/dist/call-graph/extractors/php-data-access-extractor.d.ts +93 -0
package/dist/call-graph/extractors/php-data-access-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/php-data-access-extractor.js +589 -0
package/dist/call-graph/extractors/php-data-access-extractor.js.map +1 -0
package/dist/call-graph/extractors/php-extractor.d.ts +104 -0
package/dist/call-graph/extractors/php-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/php-extractor.js +619 -0
package/dist/call-graph/extractors/php-extractor.js.map +1 -0
package/dist/call-graph/extractors/python-data-access-extractor.d.ts +90 -0
package/dist/call-graph/extractors/python-data-access-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/python-data-access-extractor.js +537 -0
package/dist/call-graph/extractors/python-data-access-extractor.js.map +1 -0
package/dist/call-graph/extractors/python-extractor.d.ts +98 -0
package/dist/call-graph/extractors/python-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/python-extractor.js +681 -0
package/dist/call-graph/extractors/python-extractor.js.map +1 -0
package/dist/call-graph/extractors/semantic-data-access-scanner.d.ts +91 -0
package/dist/call-graph/extractors/semantic-data-access-scanner.d.ts.map +1 -0
package/dist/call-graph/extractors/semantic-data-access-scanner.js +498 -0
package/dist/call-graph/extractors/semantic-data-access-scanner.js.map +1 -0
package/dist/call-graph/extractors/typescript-data-access-extractor.d.ts +122 -0
package/dist/call-graph/extractors/typescript-data-access-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/typescript-data-access-extractor.js +788 -0
package/dist/call-graph/extractors/typescript-data-access-extractor.js.map +1 -0
package/dist/call-graph/extractors/typescript-extractor.d.ts +145 -0
package/dist/call-graph/extractors/typescript-extractor.d.ts.map +1 -0
package/dist/call-graph/extractors/typescript-extractor.js +904 -0
package/dist/call-graph/extractors/typescript-extractor.js.map +1 -0
package/dist/call-graph/index.d.ts +127 -0
package/dist/call-graph/index.d.ts.map +1 -0
package/dist/call-graph/index.js +247 -0
package/dist/call-graph/index.js.map +1 -0
package/dist/call-graph/store/call-graph-store.d.ts +70 -0
package/dist/call-graph/store/call-graph-store.d.ts.map +1 -0
package/dist/call-graph/store/call-graph-store.js +210 -0
package/dist/call-graph/store/call-graph-store.js.map +1 -0
package/dist/call-graph/store/index.d.ts +7 -0
package/dist/call-graph/store/index.d.ts.map +1 -0
package/dist/call-graph/store/index.js +7 -0
package/dist/call-graph/store/index.js.map +1 -0
package/dist/call-graph/types.d.ts +376 -0
package/dist/call-graph/types.d.ts.map +1 -0
package/dist/call-graph/types.js +8 -0
package/dist/call-graph/types.js.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +12 -0
package/dist/index.js.map +1 -1
package/dist/lake/callgraph-shard-store.d.ts +168 -0
package/dist/lake/callgraph-shard-store.d.ts.map +1 -0
package/dist/lake/callgraph-shard-store.js +466 -0
package/dist/lake/callgraph-shard-store.js.map +1 -0
package/dist/lake/examples-store.d.ts +127 -0
package/dist/lake/examples-store.d.ts.map +1 -0
package/dist/lake/examples-store.js +389 -0
package/dist/lake/examples-store.js.map +1 -0
package/dist/lake/index-store.d.ts +82 -0
package/dist/lake/index-store.d.ts.map +1 -0
package/dist/lake/index-store.js +359 -0
package/dist/lake/index-store.js.map +1 -0
package/dist/lake/index.d.ts +93 -0
package/dist/lake/index.d.ts.map +1 -0
package/dist/lake/index.js +138 -0
package/dist/lake/index.js.map +1 -0
package/dist/lake/lake.bak/index-store.d.ts +82 -0
package/dist/lake/lake.bak/index-store.d.ts.map +1 -0
package/dist/lake/lake.bak/index-store.js +357 -0
package/dist/lake/lake.bak/index-store.js.map +1 -0
package/dist/lake/lake.bak/index.d.ts +81 -0
package/dist/lake/lake.bak/index.d.ts.map +1 -0
package/dist/lake/lake.bak/index.js +114 -0
package/dist/lake/lake.bak/index.js.map +1 -0
package/dist/lake/lake.bak/manifest-store.d.ts +51 -0
package/dist/lake/lake.bak/manifest-store.d.ts.map +1 -0
package/dist/lake/lake.bak/manifest-store.js +347 -0
package/dist/lake/lake.bak/manifest-store.js.map +1 -0
package/dist/lake/lake.bak/query-engine.d.ts +112 -0
package/dist/lake/lake.bak/query-engine.d.ts.map +1 -0
package/dist/lake/lake.bak/query-engine.js +370 -0
package/dist/lake/lake.bak/query-engine.js.map +1 -0
package/dist/lake/lake.bak/types.d.ts +428 -0
package/dist/lake/lake.bak/types.d.ts.map +1 -0
package/dist/lake/lake.bak/types.js +46 -0
package/dist/lake/lake.bak/types.js.map +1 -0
package/dist/lake/lake.bak/view-materializer.d.ts +70 -0
package/dist/lake/lake.bak/view-materializer.d.ts.map +1 -0
package/dist/lake/lake.bak/view-materializer.js +314 -0
package/dist/lake/lake.bak/view-materializer.js.map +1 -0
package/dist/lake/lake.bak/view-store.d.ts +57 -0
package/dist/lake/lake.bak/view-store.d.ts.map +1 -0
package/dist/lake/lake.bak/view-store.js +348 -0
package/dist/lake/lake.bak/view-store.js.map +1 -0
package/dist/lake/manifest-store.d.ts +51 -0
package/dist/lake/manifest-store.d.ts.map +1 -0
package/dist/lake/manifest-store.js +348 -0
package/dist/lake/manifest-store.js.map +1 -0
package/dist/lake/pattern-shard-store.d.ts +87 -0
package/dist/lake/pattern-shard-store.d.ts.map +1 -0
package/dist/lake/pattern-shard-store.js +347 -0
package/dist/lake/pattern-shard-store.js.map +1 -0
package/dist/lake/query-engine.d.ts +124 -0
package/dist/lake/query-engine.d.ts.map +1 -0
package/dist/lake/query-engine.js +453 -0
package/dist/lake/query-engine.js.map +1 -0
package/dist/lake/security-shard-store.d.ts +156 -0
package/dist/lake/security-shard-store.d.ts.map +1 -0
package/dist/lake/security-shard-store.js +498 -0
package/dist/lake/security-shard-store.js.map +1 -0
package/dist/lake/types.d.ts +428 -0
package/dist/lake/types.d.ts.map +1 -0
package/dist/lake/types.js +46 -0
package/dist/lake/types.js.map +1 -0
package/dist/lake/view-materializer.d.ts +70 -0
package/dist/lake/view-materializer.d.ts.map +1 -0
package/dist/lake/view-materializer.js +314 -0
package/dist/lake/view-materializer.js.map +1 -0
package/dist/lake/view-store.d.ts +57 -0
package/dist/lake/view-store.d.ts.map +1 -0
package/dist/lake/view-store.js +348 -0
package/dist/lake/view-store.js.map +1 -0
package/dist/parsers/tree-sitter/index.d.ts +1 -0
package/dist/parsers/tree-sitter/index.d.ts.map +1 -1
package/dist/parsers/tree-sitter/index.js +4 -0
package/dist/parsers/tree-sitter/index.js.map +1 -1
package/dist/parsers/tree-sitter/typescript-loader.d.ts +58 -0
package/dist/parsers/tree-sitter/typescript-loader.d.ts.map +1 -0
package/dist/parsers/tree-sitter/typescript-loader.js +250 -0
package/dist/parsers/tree-sitter/typescript-loader.js.map +1 -0
package/dist/store/project-config.d.ts +154 -0
package/dist/store/project-config.d.ts.map +1 -0
package/dist/store/project-config.js +235 -0
package/dist/store/project-config.js.map +1 -0
package/dist/store/project-registry.d.ts +241 -0
package/dist/store/project-registry.d.ts.map +1 -0
package/dist/store/project-registry.js +557 -0
package/dist/store/project-registry.js.map +1 -0
package/package.json +4 -2

package/dist/call-graph/demo.js ADDED Viewed

@@ -0,0 +1,339 @@
+#!/usr/bin/env node
+/**
+ * Call Graph Demo Script
+ *
+ * Demonstrates the call-graph system's capabilities on a real Python codebase.
+ * Shows: extraction, graph building, reachability analysis, and data flow mapping.
+ *
+ * Run: node drift/packages/core/dist/call-graph/demo.js
+ */
+import { PythonCallGraphExtractor } from './extractors/python-extractor.js';
+import { GraphBuilder } from './analysis/graph-builder.js';
+import { ReachabilityEngine } from './analysis/reachability.js';
+// ANSI colors for pretty output
+const colors = {
+    reset: '\x1b[0m',
+    bright: '\x1b[1m',
+    dim: '\x1b[2m',
+    green: '\x1b[32m',
+    yellow: '\x1b[33m',
+    blue: '\x1b[34m',
+    magenta: '\x1b[35m',
+    cyan: '\x1b[36m',
+    red: '\x1b[31m',
+};
+function log(msg, color = colors.reset) {
+    console.log(`${color}${msg}${colors.reset}`);
+}
+function header(title) {
+    console.log('\n' + '═'.repeat(70));
+    log(`  ${title}`, colors.bright + colors.cyan);
+    console.log('═'.repeat(70));
+}
+function subheader(title) {
+    console.log('\n' + '─'.repeat(50));
+    log(`  ${title}`, colors.yellow);
+    console.log('─'.repeat(50));
+}
+// ============================================================================
+// Demo Data - Simulating what the Python extractor finds
+// ============================================================================
+/**
+ * Demo: Extract from real Python files
+ */
+function demoExtraction() {
+    header('🔍 STEP 1: EXTRACTION - What the system discovers');
+    const extractor = new PythonCallGraphExtractor();
+    // Sample Python code from account_service.py
+    const accountServiceCode = `
+class AccountService:
+    """Helper for account and membership lookups."""
+    def __init__(self):
+        self.client = get_supabase_service_client()
+    def get_primary_account_id(self, user_id: str) -> str:
+        result = self.client.table("users").select("primary_account_id").eq("id", user_id).execute()
+        if not result.data:
+            raise ValueError(f"User {user_id} has no profile record")
+        return result.data[0].get("primary_account_id")
+    def ensure_active_member(self, account_id: str, user_id: str) -> bool:
+        membership = self.client.table("account_members").select("role").eq("account_id", account_id).execute()
+        return bool(membership.data)
+    def set_clock_pin(self, user_id: str, pin: str) -> str:
+        pin_hash, salt_hex = self._derive_pin_hash(pin)
+        self.client.table("users").update({"clock_pin_hash": pin_hash}).eq("id", user_id).execute()
+        return timestamp
+    def lookup_user_by_pin(self, pin: str):
+        result = self.client.table("users").select("id, clock_pin_hash, clock_pin_salt").eq("clock_pin_lookup", lookup_hash).execute()
+        return result.data[0] if result.data else None
+`;
+    const authRoutesCode = `
+from fastapi import APIRouter, Depends
+from services.account_service import AccountService
+router = APIRouter()
+@router.post("/register")
+async def register_user(user_data: UserRegister, response: Response):
+    auth_response = supabase.auth.sign_up({"email": user_data.email, "password": user_data.password})
+    account_service = AccountService()
+    account_id, account_role = account_service.activate_invitation_by_token(invite_token, user_id=user_id, email=user.email)
+    jwt_token = create_jwt_token(user_id, account_id, account_role)
+    return {"user": {"id": user.id, "email": user.email}}
+@router.post("/login")
+async def login_user(credentials: UserLogin, response: Response):
+    auth_response = supabase.auth.sign_in_with_password({"email": credentials.email, "password": credentials.password})
+    account_service = AccountService()
+    account_id = account_service.get_primary_account_id(user_id)
+    return {"user": {"id": user.id}}
+@router.get("/me")
+async def get_current_user_profile(user_id: str = Depends(get_current_user)):
+    user_profile = service_client.table("users").select("subscription_tier").eq("id", user_id).execute()
+    return UserResponse(id=user.id, email=user.email)
+`;
+    // Extract from account_service.py
+    subheader('Extracting: services/account_service.py');
+    const accountResult = extractor.extract(accountServiceCode, 'services/account_service.py');
+    log(`\n📦 Classes found: ${accountResult.classes.length}`, colors.green);
+    for (const cls of accountResult.classes) {
+        log(`   • ${cls.name} (lines ${cls.startLine}-${cls.endLine})`, colors.dim);
+        log(`     Methods: ${cls.methods.join(', ')}`, colors.dim);
+    }
+    log(`\n📋 Functions/Methods found: ${accountResult.functions.length}`, colors.green);
+    for (const func of accountResult.functions) {
+        const type = func.isConstructor ? '🔧 constructor' : func.isMethod ? '📎 method' : '📌 function';
+        log(`   ${type} ${func.qualifiedName}`, colors.dim);
+        log(`     Line ${func.startLine}, params: [${func.parameters.map(p => p.name).join(', ')}]`, colors.dim);
+    }
+    log(`\n📞 Calls discovered: ${accountResult.calls.length}`, colors.green);
+    const uniqueCalls = [...new Set(accountResult.calls.map(c => c.fullExpression))];
+    for (const call of uniqueCalls.slice(0, 10)) {
+        log(`   • ${call}`, colors.dim);
+    }
+    if (uniqueCalls.length > 10) {
+        log(`   ... and ${uniqueCalls.length - 10} more`, colors.dim);
+    }
+    // Extract from auth.py
+    subheader('Extracting: api/routes/auth.py');
+    const authResult = extractor.extract(authRoutesCode, 'api/routes/auth.py');
+    log(`\n📋 Functions found: ${authResult.functions.length}`, colors.green);
+    for (const func of authResult.functions) {
+        const decorators = func.decorators.length > 0 ? ` ${func.decorators[0]}` : '';
+        log(`   📌 ${func.name}${decorators}`, colors.dim);
+    }
+    log(`\n📥 Imports found: ${authResult.imports.length}`, colors.green);
+    for (const imp of authResult.imports) {
+        const names = imp.names.map(n => n.imported).join(', ');
+        log(`   • from ${imp.source} import ${names}`, colors.dim);
+    }
+    return { accountResult, authResult };
+}
+/**
+ * Demo: Build the call graph
+ */
+function demoBuildGraph(extractions) {
+    header('🏗️  STEP 2: GRAPH BUILDING - Connecting the dots');
+    const builder = new GraphBuilder({
+        projectRoot: '/project',
+        includeUnresolved: true,
+        minConfidence: 0.5,
+    });
+    // Add extractions
+    builder.addFile(extractions.accountResult);
+    builder.addFile(extractions.authResult);
+    // Simulate data access points (what the boundaries module would provide)
+    const dataAccessPoints = [
+        { id: 'dap-1', file: 'services/account_service.py', line: 10, column: 0, table: 'users', fields: ['primary_account_id'], operation: 'read', confidence: 0.95, context: 'self.client.table("users").select(...)', isRawSql: false },
+        { id: 'dap-2', file: 'services/account_service.py', line: 15, column: 0, table: 'account_members', fields: ['role'], operation: 'read', confidence: 0.95, context: 'self.client.table("account_members").select(...)', isRawSql: false },
+        { id: 'dap-3', file: 'services/account_service.py', line: 20, column: 0, table: 'users', fields: ['clock_pin_hash'], operation: 'write', confidence: 0.95, context: 'self.client.table("users").update(...)', isRawSql: false },
+        { id: 'dap-4', file: 'services/account_service.py', line: 25, column: 0, table: 'users', fields: ['id', 'clock_pin_hash', 'clock_pin_salt'], operation: 'read', confidence: 0.95, context: 'self.client.table("users").select(...)', isRawSql: false },
+        { id: 'dap-5', file: 'api/routes/auth.py', line: 15, column: 0, table: 'users', fields: ['subscription_tier'], operation: 'read', confidence: 0.9, context: 'service_client.table("users").select(...)', isRawSql: false },
+    ];
+    builder.addDataAccess('services/account_service.py', dataAccessPoints.filter(d => d.file.includes('account_service')));
+    builder.addDataAccess('api/routes/auth.py', dataAccessPoints.filter(d => d.file.includes('auth')));
+    const graph = builder.build();
+    subheader('Graph Statistics');
+    log(`\n📊 Total functions: ${graph.stats.totalFunctions}`, colors.green);
+    log(`📊 Total call sites: ${graph.stats.totalCallSites}`, colors.green);
+    log(`📊 Resolved calls: ${graph.stats.resolvedCallSites} (${Math.round(graph.stats.resolvedCallSites / graph.stats.totalCallSites * 100)}%)`, colors.green);
+    log(`📊 Data accessors: ${graph.stats.totalDataAccessors}`, colors.green);
+    subheader('Entry Points (API Routes)');
+    for (const entryId of graph.entryPoints) {
+        const func = graph.functions.get(entryId);
+        if (func) {
+            log(`   🚪 ${func.qualifiedName} @ ${func.file}:${func.startLine}`, colors.magenta);
+        }
+    }
+    subheader('Data Accessors (Functions that touch the database)');
+    for (const accessorId of graph.dataAccessors) {
+        const func = graph.functions.get(accessorId);
+        if (func) {
+            const tables = [...new Set(func.dataAccess.map(d => d.table))];
+            log(`   💾 ${func.qualifiedName} → [${tables.join(', ')}]`, colors.blue);
+        }
+    }
+    subheader('Call Graph Edges (Who calls whom)');
+    let edgeCount = 0;
+    for (const [, func] of graph.functions) {
+        for (const call of func.calls) {
+            if (call.resolved && call.calleeId) {
+                const callee = graph.functions.get(call.calleeId);
+                if (callee) {
+                    log(`   ${func.name} ──→ ${callee.name}`, colors.dim);
+                    edgeCount++;
+                }
+            }
+        }
+    }
+    log(`\n   Total edges: ${edgeCount}`, colors.green);
+    return graph;
+}
+/**
+ * Demo: Reachability analysis
+ */
+function demoReachability(graph) {
+    header('🔎 STEP 3: REACHABILITY ANALYSIS - What data can code access?');
+    const engine = new ReachabilityEngine(graph);
+    subheader('Query: What data can the /login endpoint access?');
+    // Find the login function
+    let loginFunc;
+    for (const [, func] of graph.functions) {
+        if (func.name === 'login_user') {
+            loginFunc = func;
+            break;
+        }
+    }
+    if (loginFunc) {
+        const result = engine.getReachableDataFromFunction(loginFunc.id);
+        log(`\n🎯 Starting from: ${loginFunc.qualifiedName}`, colors.cyan);
+        log(`📍 Location: ${loginFunc.file}:${loginFunc.startLine}`, colors.dim);
+        log(`\n📊 Reachability Results:`, colors.green);
+        log(`   Tables reachable: [${result.tables.join(', ')}]`, colors.yellow);
+        log(`   Functions traversed: ${result.functionsTraversed}`, colors.dim);
+        log(`   Max call depth: ${result.maxDepth}`, colors.dim);
+        if (result.sensitiveFields.length > 0) {
+            log(`\n⚠️  Sensitive Fields Accessible:`, colors.red);
+            for (const sf of result.sensitiveFields) {
+                log(`   🔐 ${sf.field.table}.${sf.field.field} (${sf.field.sensitivityType})`, colors.red);
+                log(`      Access count: ${sf.accessCount}, via ${sf.paths.length} path(s)`, colors.dim);
+            }
+        }
+        if (result.reachableAccess.length > 0) {
+            log(`\n📝 Data Access Points:`, colors.green);
+            for (const access of result.reachableAccess) {
+                const pathStr = access.path.map(p => p.functionName).join(' → ');
+                log(`   ${access.access.table}.${access.access.fields.join(',')} (${access.access.operation})`, colors.blue);
+                log(`      Path: ${pathStr}`, colors.dim);
+            }
+        }
+    }
+    subheader('Inverse Query: Who can access users.clock_pin_hash?');
+    const inverseResult = engine.getCodePathsToData({
+        table: 'users',
+        field: 'clock_pin_hash',
+    });
+    log(`\n🎯 Target: users.clock_pin_hash`, colors.cyan);
+    log(`📊 Results:`, colors.green);
+    log(`   Direct accessors: ${inverseResult.totalAccessors}`, colors.yellow);
+    log(`   Entry points that can reach it: ${inverseResult.entryPoints.length}`, colors.yellow);
+    for (const path of inverseResult.accessPaths) {
+        const entryFunc = graph.functions.get(path.entryPoint);
+        if (entryFunc) {
+            log(`\n   🚪 Entry: ${entryFunc.qualifiedName}`, colors.magenta);
+            const pathStr = path.path.map(p => p.functionName).join(' → ');
+            log(`      Path: ${pathStr}`, colors.dim);
+        }
+    }
+}
+/**
+ * Demo: Security implications
+ */
+function demoSecurityInsights(graph) {
+    header('🛡️  STEP 4: SECURITY INSIGHTS - What the system reveals');
+    // Engine available for additional queries if needed
+    const _engine = new ReachabilityEngine(graph);
+    void _engine; // Suppress unused warning
+    subheader('Sensitive Data Flow Analysis');
+    log(`\nThe call graph reveals:`, colors.green);
+    log(``, colors.reset);
+    log(`1. 🔐 PIN Authentication Flow:`, colors.yellow);
+    log(`   /login → AccountService.get_primary_account_id → users table`, colors.dim);
+    log(`   /register → AccountService.activate_invitation_by_token → account_members`, colors.dim);
+    log(``, colors.reset);
+    log(`2. 💾 Data Access Boundaries:`, colors.yellow);
+    log(`   • AccountService can access: users, account_members`, colors.dim);
+    log(`   • Auth routes can access: users (via AccountService)`, colors.dim);
+    log(``, colors.reset);
+    log(`3. ⚠️  Potential Security Concerns:`, colors.yellow);
+    log(`   • clock_pin_hash accessible from public API endpoints`, colors.dim);
+    log(`   • Multiple paths to sensitive user data`, colors.dim);
+    log(``, colors.reset);
+    log(`4. 📈 Blast Radius:`, colors.yellow);
+    log(`   • A bug in AccountService affects: /login, /register, /me`, colors.dim);
+    log(`   • users table is accessed by ${graph.dataAccessors.length} functions`, colors.dim);
+    subheader('What This Enables');
+    log(`\n✅ Security Finding Enrichment:`, colors.green);
+    log(`   "Found SQL injection in account_service.py:25"`, colors.dim);
+    log(`   → System adds: "Reachable from /login, /register endpoints"`, colors.cyan);
+    log(`   → System adds: "Can access users.clock_pin_hash (credentials)"`, colors.cyan);
+    log(`   → System adds: "Blast radius: 3 API endpoints, 2 tables"`, colors.cyan);
+    log(``, colors.reset);
+    log(`✅ Impact Scoring:`, colors.green);
+    log(`   → Data sensitivity: HIGH (credentials)`, colors.cyan);
+    log(`   → Exposure: PUBLIC (API endpoints)`, colors.cyan);
+    log(`   → Priority: CRITICAL`, colors.cyan);
+    log(``, colors.reset);
+    log(`✅ Remediation Guidance:`, colors.green);
+    log(`   → "Parameterize query in get_primary_account_id()"`, colors.cyan);
+    log(`   → "Add input validation for user_id parameter"`, colors.cyan);
+    log(`   → "Consider rate limiting on /login endpoint"`, colors.cyan);
+}
+// ============================================================================
+// Main
+// ============================================================================
+function main() {
+    console.log('\n');
+    log('╔══════════════════════════════════════════════════════════════════════╗', colors.bright);
+    log('║                                                                      ║', colors.bright);
+    log('║           DRIFT CALL GRAPH SYSTEM - LIVE DEMONSTRATION              ║', colors.bright);
+    log('║                                                                      ║', colors.bright);
+    log('║   Showing: Python code analysis, graph building, reachability       ║', colors.bright);
+    log('║                                                                      ║', colors.bright);
+    log('╚══════════════════════════════════════════════════════════════════════╝', colors.bright);
+    try {
+        // Step 1: Extract
+        const extractions = demoExtraction();
+        // Step 2: Build graph
+        const graph = demoBuildGraph(extractions);
+        // Step 3: Reachability
+        demoReachability(graph);
+        // Step 4: Security insights
+        demoSecurityInsights(graph);
+        header('✨ SUMMARY');
+        log(`\nThe call-graph system provides:`, colors.green);
+        log(``, colors.reset);
+        log(`  1. 🔍 Automatic extraction of functions, calls, and imports`, colors.cyan);
+        log(`  2. 🏗️  Graph construction with call resolution`, colors.cyan);
+        log(`  3. 🔎 Forward reachability: "What data can this code access?"`, colors.cyan);
+        log(`  4. 🔄 Inverse reachability: "Who can access this data?"`, colors.cyan);
+        log(`  5. 🛡️  Security enrichment: blast radius, sensitivity, priority`, colors.cyan);
+        log(``, colors.reset);
+        log(`This enables AI agents to understand the IMPACT of security findings,`, colors.yellow);
+        log(`not just their location. A finding in a utility function that's called`, colors.yellow);
+        log(`by 50 API endpoints is very different from one in dead code.`, colors.yellow);
+        console.log('\n');
+    }
+    catch (error) {
+        log(`\n❌ Error: ${error}`, colors.red);
+        console.error(error);
+    }
+}
+// Run if executed directly
+main();
+//# sourceMappingURL=demo.js.map

package/dist/call-graph/demo.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"demo.js","sourceRoot":"","sources":["../../src/call-graph/demo.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AAEH,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAIhE,gCAAgC;AAChC,MAAM,MAAM,GAAG;IACb,KAAK,EAAE,SAAS;IAChB,MAAM,EAAE,SAAS;IACjB,GAAG,EAAE,SAAS;IACd,KAAK,EAAE,UAAU;IACjB,MAAM,EAAE,UAAU;IAClB,IAAI,EAAE,UAAU;IAChB,OAAO,EAAE,UAAU;IACnB,IAAI,EAAE,UAAU;IAChB,GAAG,EAAE,UAAU;CAChB,CAAC;AAEF,SAAS,GAAG,CAAC,GAAW,EAAE,KAAK,GAAG,MAAM,CAAC,KAAK;IAC5C,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,GAAG,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,GAAG,CAAC,KAAK,KAAK,EAAE,EAAE,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,GAAG,CAAC,KAAK,KAAK,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,+EAA+E;AAC/E,yDAAyD;AACzD,+EAA+E;AAE/E;;GAEG;AACH,SAAS,cAAc;IACrB,MAAM,CAAC,mDAAmD,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,IAAI,wBAAwB,EAAE,CAAC;IAEjD,6CAA6C;IAC7C,MAAM,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;CAyB5B,CAAC;IAEA,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;CAyBxB,CAAC;IAEA,kCAAkC;IAClC,SAAS,CAAC,yCAAyC,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,SAAS,CAAC,OAAO,CAAC,kBAAkB,EAAE,6BAA6B,CAAC,CAAC;IAE3F,GAAG,CAAC,uBAAuB,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzE,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;QACxC,GAAG,CAAC,QAAQ,GAAG,CAAC,IAAI,WAAW,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,OAAO,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5E,GAAG,CAAC,iBAAiB,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,GAAG,CAAC,iCAAiC,aAAa,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACrF,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC;QACjG,GAAG,CAAC,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACpD,GAAG,CAAC,aAAa,IAAI,CAAC,SAAS,cAAc,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3G,CAAC;IAED,GAAG,CAAC,0BAA0B,aAAa,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1E,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IACjF,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAC5C,GAAG,CAAC,QAAQ,IAAI,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC5B,GAAG,CAAC,cAAc,WAAW,CAAC,MAAM,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAChE,CAAC;IAED,uBAAuB;IACvB,SAAS,CAAC,gCAAgC,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,EAAE,oBAAoB,CAAC,CAAC;IAE3E,GAAG,CAAC,yBAAyB,UAAU,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1E,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9E,GAAG,CAAC,SAAS,IAAI,CAAC,IAAI,GAAG,UAAU,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACrD,CAAC;IAED,GAAG,CAAC,uBAAuB,UAAU,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtE,KAAK,MAAM,GAAG,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,GAAG,CAAC,aAAa,GAAG,CAAC,MAAM,WAAW,KAAK,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,WAAoD;IAC1E,MAAM,CAAC,mDAAmD,CAAC,CAAC;IAE5D,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC;QAC/B,WAAW,EAAE,UAAU;QACvB,iBAAiB,EAAE,IAAI;QACvB,aAAa,EAAE,GAAG;KACnB,CAAC,CAAC;IAEH,kBAAkB;IAClB,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;IAC3C,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAExC,yEAAyE;IACzE,MAAM,gBAAgB,GAAsB;QAC1C,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,oBAAoB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,wCAAwC,EAAE,QAAQ,EAAE,KAAK,EAAE;QAClO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,kDAAkD,EAAE,QAAQ,EAAE,KAAK,EAAE;QACxO,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,wCAAwC,EAAE,QAAQ,EAAE,KAAK,EAAE;QAC/N,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,6BAA6B,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,wCAAwC,EAAE,QAAQ,EAAE,KAAK,EAAE;QACtP,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,mBAAmB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,2CAA2C,EAAE,QAAQ,EAAE,KAAK,EAAE;KAC3N,CAAC;IAEF,OAAO,CAAC,aAAa,CAAC,6BAA6B,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACvH,OAAO,CAAC,aAAa,CAAC,oBAAoB,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAEnG,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAE9B,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAC9B,GAAG,CAAC,yBAAyB,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACzE,GAAG,CAAC,wBAAwB,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACxE,GAAG,CAAC,sBAAsB,KAAK,CAAC,KAAK,CAAC,iBAAiB,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,iBAAiB,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,GAAG,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5J,GAAG,CAAC,sBAAsB,KAAK,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAE1E,SAAS,CAAC,2BAA2B,CAAC,CAAC;IACvC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,IAAI,EAAE,CAAC;YACT,GAAG,CAAC,SAAS,IAAI,CAAC,aAAa,MAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAED,SAAS,CAAC,oDAAoD,CAAC,CAAC;IAChE,KAAK,MAAM,UAAU,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7C,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC/D,GAAG,CAAC,SAAS,IAAI,CAAC,aAAa,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,SAAS,CAAC,mCAAmC,CAAC,CAAC;IAC/C,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,EAAE,IAAI,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACnC,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAClD,IAAI,MAAM,EAAE,CAAC;oBACX,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,QAAQ,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;oBACtD,SAAS,EAAE,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,GAAG,CAAC,qBAAqB,SAAS,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAEpD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,KAAgB;IACxC,MAAM,CAAC,+DAA+D,CAAC,CAAC;IAExE,MAAM,MAAM,GAAG,IAAI,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAE7C,SAAS,CAAC,kDAAkD,CAAC,CAAC;IAE9D,0BAA0B;IAC1B,IAAI,SAAmC,CAAC;IACxC,KAAK,MAAM,CAAC,EAAE,IAAI,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YAC/B,SAAS,GAAG,IAAI,CAAC;YACjB,MAAM;QACR,CAAC;IACH,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,MAAM,CAAC,4BAA4B,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAEjE,GAAG,CAAC,uBAAuB,SAAS,CAAC,aAAa,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACnE,GAAG,CAAC,gBAAgB,SAAS,CAAC,IAAI,IAAI,SAAS,CAAC,SAAS,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAEzE,GAAG,CAAC,4BAA4B,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAChD,GAAG,CAAC,yBAAyB,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACzE,GAAG,CAAC,2BAA2B,MAAM,CAAC,kBAAkB,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACxE,GAAG,CAAC,sBAAsB,MAAM,CAAC,QAAQ,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAEzD,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,GAAG,CAAC,oCAAoC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;YACtD,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;gBACxC,GAAG,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC,KAAK,CAAC,eAAe,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC3F,GAAG,CAAC,uBAAuB,EAAE,CAAC,WAAW,SAAS,EAAE,CAAC,KAAK,CAAC,MAAM,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;YAC3F,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,GAAG,CAAC,0BAA0B,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9C,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACjE,GAAG,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,MAAM,CAAC,SAAS,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC7G,GAAG,CAAC,eAAe,OAAO,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS,CAAC,qDAAqD,CAAC,CAAC;IAEjE,MAAM,aAAa,GAAG,MAAM,CAAC,kBAAkB,CAAC;QAC9C,KAAK,EAAE,OAAO;QACd,KAAK,EAAE,gBAAgB;KACxB,CAAC,CAAC;IAEH,GAAG,CAAC,mCAAmC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACtD,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,GAAG,CAAC,wBAAwB,aAAa,CAAC,cAAc,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3E,GAAG,CAAC,sCAAsC,aAAa,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAE7F,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvD,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,CAAC,kBAAkB,SAAS,CAAC,aAAa,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC/D,GAAG,CAAC,eAAe,OAAO,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,KAAgB;IAC5C,MAAM,CAAC,0DAA0D,CAAC,CAAC;IAEnE,oDAAoD;IACpD,MAAM,OAAO,GAAG,IAAI,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC9C,KAAK,OAAO,CAAC,CAAC,0BAA0B;IAExC,SAAS,CAAC,8BAA8B,CAAC,CAAC;IAE1C,GAAG,CAAC,2BAA2B,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/C,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtB,GAAG,CAAC,gCAAgC,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACrD,GAAG,CAAC,iEAAiE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACnF,GAAG,CAAC,8EAA8E,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAChG,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtB,GAAG,CAAC,+BAA+B,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACpD,GAAG,CAAC,wDAAwD,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1E,GAAG,CAAC,yDAAyD,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAC3E,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtB,GAAG,CAAC,qCAAqC,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1D,GAAG,CAAC,0DAA0D,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5E,GAAG,CAAC,4CAA4C,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9D,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtB,GAAG,CAAC,qBAAqB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,GAAG,CAAC,8DAA8D,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAChF,GAAG,CAAC,mCAAmC,KAAK,CAAC,aAAa,CAAC,MAAM,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IAE3F,SAAS,CAAC,mBAAmB,CAAC,CAAC;IAE/B,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtD,GAAG,CAAC,mDAAmD,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACrE,GAAG,CAAC,gEAAgE,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACnF,GAAG,CAAC,mEAAmE,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACtF,GAAG,CAAC,6DAA6D,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAChF,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtB,GAAG,CAAC,mBAAmB,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACvC,GAAG,CAAC,2CAA2C,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9D,GAAG,CAAC,uCAAuC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1D,GAAG,CAAC,yBAAyB,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5C,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IACtB,GAAG,CAAC,yBAAyB,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,GAAG,CAAC,uDAAuD,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1E,GAAG,CAAC,mDAAmD,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACtE,GAAG,CAAC,kDAAkD,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;AACvE,CAAC;AAED,+EAA+E;AAC/E,OAAO;AACP,+EAA+E;AAE/E,SAAS,IAAI;IACX,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAClB,GAAG,CAAC,0EAA0E,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/F,GAAG,CAAC,0EAA0E,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/F,GAAG,CAAC,yEAAyE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9F,GAAG,CAAC,0EAA0E,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/F,GAAG,CAAC,yEAAyE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC9F,GAAG,CAAC,0EAA0E,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/F,GAAG,CAAC,0EAA0E,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IAE/F,IAAI,CAAC;QACH,kBAAkB;QAClB,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;QAErC,sBAAsB;QACtB,MAAM,KAAK,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;QAE1C,uBAAuB;QACvB,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAExB,4BAA4B;QAC5B,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAE5B,MAAM,CAAC,WAAW,CAAC,CAAC;QACpB,GAAG,CAAC,mCAAmC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACvD,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACtB,GAAG,CAAC,+DAA+D,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAClF,GAAG,CAAC,mDAAmD,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACtE,GAAG,CAAC,iEAAiE,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACpF,GAAG,CAAC,2DAA2D,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9E,GAAG,CAAC,oEAAoE,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACvF,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACtB,GAAG,CAAC,uEAAuE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5F,GAAG,CAAC,wEAAwE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAC7F,GAAG,CAAC,8DAA8D,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEpB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,cAAc,KAAK,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,2BAA2B;AAC3B,IAAI,EAAE,CAAC"}

package/dist/call-graph/enrichment/enrichment-engine.d.ts ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Enrichment Engine
+ *
+ * Enterprise-grade security finding enrichment.
+ * Transforms raw vulnerability findings into actionable intelligence
+ * by connecting them to their actual data impact through call graph analysis.
+ *
+ * @example
+ * ```typescript
+ * const engine = new EnrichmentEngine(callGraph, boundaryStore);
+ *
+ * // Enrich a single finding
+ * const enriched = await engine.enrich(finding);
+ * console.log(enriched.dataImpact.sensitiveFields);
+ * console.log(enriched.priority.tier); // 'P0' | 'P1' | 'P2' | 'P3' | 'P4'
+ *
+ * // Batch enrich with summary
+ * const result = await engine.enrichBatch(findings);
+ * console.log(result.summary.byPriority);
+ * ```
+ */
+import type { CallGraph } from '../types.js';
+import type { DataAccessPoint, SensitiveField } from '../../boundaries/types.js';
+import type { SecurityFinding, EnrichedFinding, EnrichmentOptions, EnrichmentResult } from './types.js';
+/**
+ * Enterprise-grade security finding enrichment engine
+ */
+export declare class EnrichmentEngine {
+    private readonly graph;
+    private readonly reachability;
+    private readonly classifier;
+    private readonly scorer;
+    private readonly remediator;
+    private readonly dataAccessByFile;
+    private readonly sensitiveFields;
+    constructor(graph: CallGraph, dataAccessPoints?: DataAccessPoint[], sensitiveFields?: SensitiveField[]);
+    /**
+     * Enrich a single security finding
+     */
+    enrich(finding: SecurityFinding, options?: EnrichmentOptions): Promise<EnrichedFinding>;
+    /**
+     * Enrich multiple findings with summary statistics
+     */
+    enrichBatch(findings: SecurityFinding[], options?: EnrichmentOptions): Promise<EnrichmentResult>;
+    /**
+     * Analyze data impact for a finding
+     */
+    private analyzeDataImpact;
+    /**
+     * Analyze blast radius for a finding
+     */
+    private analyzeBlastRadius;
+    /**
+     * Find entry points that can reach a function
+     */
+    private findEntryPointsToFunction;
+    /**
+     * Find path between two functions using BFS
+     */
+    private findPath;
+    /**
+     * Find functions affected by a vulnerability
+     */
+    private findAffectedFunctions;
+    /**
+     * Find the function containing a location
+     */
+    private findContainingFunction;
+    /**
+     * Classify entry point type based on decorators and patterns
+     */
+    private classifyEntryPointType;
+    /**
+     * Check if entry point is publicly accessible
+     */
+    private isPublicEntryPoint;
+    /**
+     * Check if entry point requires authentication
+     */
+    private requiresAuthentication;
+    /**
+     * Calculate lines of code in affected functions
+     */
+    private calculateLinesOfCode;
+    /**
+     * Calculate impact score for a single data access
+     */
+    private calculateAccessImpactScore;
+    /**
+     * Build impact rationale string
+     */
+    private buildImpactRationale;
+    /**
+     * Calculate overall confidence in enrichment
+     */
+    private calculateConfidence;
+    /**
+     * Build summary statistics for batch enrichment
+     */
+    private buildSummary;
+    /**
+     * Get base severity score
+     */
+    private getBaseSeverityScore;
+    /**
+     * Get base priority tier from severity
+     */
+    private getBaseTier;
+    /**
+     * Create empty data impact
+     */
+    private createEmptyDataImpact;
+    /**
+     * Create empty blast radius
+     */
+    private createEmptyBlastRadius;
+    /**
+     * Create empty remediation
+     */
+    private createEmptyRemediation;
+}
+/**
+ * Create a new enrichment engine
+ */
+export declare function createEnrichmentEngine(graph: CallGraph, dataAccessPoints?: DataAccessPoint[], sensitiveFields?: SensitiveField[]): EnrichmentEngine;
+//# sourceMappingURL=enrichment-engine.d.ts.map

package/dist/call-graph/enrichment/enrichment-engine.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"enrichment-engine.d.ts","sourceRoot":"","sources":["../../../src/call-graph/enrichment/enrichment-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAA8B,MAAM,aAAa,CAAC;AACzE,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAKjF,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EAQf,iBAAiB,EACjB,gBAAgB,EASjB,MAAM,YAAY,CAAC;AAoCpB;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAY;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAwB;IACnD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAe;IACtC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAuB;IAClD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAiC;IAClE,OAAO,CAAC,QAAQ,CAAC,eAAe,CAA8B;gBAG5D,KAAK,EAAE,SAAS,EAChB,gBAAgB,CAAC,EAAE,eAAe,EAAE,EACpC,eAAe,CAAC,EAAE,cAAc,EAAE;IA4BpC;;OAEG;IACG,MAAM,CACV,OAAO,EAAE,eAAe,EACxB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,eAAe,CAAC;IA4E3B;;OAEG;IACG,WAAW,CACf,QAAQ,EAAE,eAAe,EAAE,EAC3B,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC;IAqD5B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAmHzB;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAyC1B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA0BjC;;OAEG;IACH,OAAO,CAAC,QAAQ;IA+EhB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAgG7B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAiB9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAoB9B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAkB1B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAY9B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAa5B;;OAEG;IACH,OAAO,CAAC,0BAA0B;IAuBlC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAY5B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAqB3B;;OAEG;IACH,OAAO,CAAC,YAAY;IAmDpB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAK5B;;OAEG;IACH,OAAO,CAAC,WAAW;IAOnB;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAa7B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;CAa/B;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,SAAS,EAChB,gBAAgB,CAAC,EAAE,eAAe,EAAE,EACpC,eAAe,CAAC,EAAE,cAAc,EAAE,GACjC,gBAAgB,CAElB"}