ghagga-core 2.8.0 → 2.9.0

package/dist/exploitability/analyzer.js

@@ -296,4 +296,229 @@ export function analyzeExploitability(findings, graph) {
     }
     return findings;
 }
+// ─── Symbol Extraction ────────────────────────────────────────
+/**
+ * Regex patterns to extract imported symbols from a file for a specific package.
+ *
+ * Matches:
+ *   import { merge, get } from 'lodash'
+ *   import { merge, get } from "lodash"
+ *   import defaultExport from 'lodash'
+ *   import * as _ from 'lodash'
+ *   from lodash import merge, get  (Python)
+ *   const { merge } = require('lodash')
+ */
+function buildImportSymbolPatterns(packageName) {
+    // Escape special regex chars in package name (e.g., @angular/core)
+    const escaped = packageName.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    return [
+        // ES named imports: import { x, y } from 'pkg'
+        new RegExp(`import\\s+(?:type\\s+)?\\{([^}]+)\\}\\s+from\\s+['"]${escaped}(?:/[^'"]*)?['"]`, 'g'),
+        // ES default import: import x from 'pkg'
+        new RegExp(`import\\s+(\\w+)\\s+from\\s+['"]${escaped}(?:/[^'"]*)?['"]`, 'g'),
+        // ES namespace import: import * as x from 'pkg'
+        new RegExp(`import\\s+\\*\\s+as\\s+(\\w+)\\s+from\\s+['"]${escaped}(?:/[^'"]*)?['"]`, 'g'),
+        // CommonJS destructured: const { x, y } = require('pkg')
+        new RegExp(`(?:const|let|var)\\s+\\{([^}]+)\\}\\s*=\\s*require\\s*\\(\\s*['"]${escaped}(?:/[^'"]*)?['"]\\s*\\)`, 'g'),
+        // CommonJS default: const x = require('pkg')
+        new RegExp(`(?:const|let|var)\\s+(\\w+)\\s*=\\s*require\\s*\\(\\s*['"]${escaped}(?:/[^'"]*)?['"]\\s*\\)`, 'g'),
+        // Python: from pkg import x, y
+        new RegExp(`from\\s+${escaped}(?:\\.\\w+)*\\s+import\\s+([\\w,\\s]+)`, 'g'),
+    ];
+}
+/**
+ * Extract imported symbol names from file content for a given package.
+ *
+ * @param content - File source content
+ * @param packageName - External package to search for
+ * @returns Array of imported symbol names (deduplicated)
+ */
+export function extractImportedSymbols(content, packageName) {
+    const patterns = buildImportSymbolPatterns(packageName);
+    const symbols = new Set();
+    let isNamespaceImport = false;
+    for (const pattern of patterns) {
+        for (const match of content.matchAll(pattern)) {
+            const captured = match[1];
+            if (!captured)
+                continue;
+            // Check if this is a namespace import (import * as x)
+            if (pattern.source.includes('\\*\\s+as')) {
+                isNamespaceImport = true;
+                symbols.add(captured.trim());
+                continue;
+            }
+            // Parse comma-separated symbol names
+            const names = captured
+                .split(',')
+                .map((s) => s
+                .trim()
+                .replace(/\s+as\s+\w+/g, '')
+                .trim())
+                .filter(Boolean);
+            for (const name of names) {
+                symbols.add(name);
+            }
+        }
+    }
+    return [...symbols].map((s) => (isNamespaceImport && symbols.size === 1 ? `${s}.*` : s));
+}
+// ─── Call Detection ───────────────────────────────────────────
+/**
+ * Detect which of the given symbols are actually called in file content.
+ *
+ * Uses regex to find function-call-like patterns: `symbol(`, `symbol.`, `symbol[`
+ * Excludes matches inside comments (single-line // and multi-line).
+ *
+ * @param content - File source content
+ * @param symbols - Symbol names to search for
+ * @returns Array of symbols that appear to be used (called/accessed)
+ */
+export function detectSymbolCalls(content, symbols) {
+    if (symbols.length === 0)
+        return [];
+    // Strip single-line and multi-line comments to reduce false positives
+    const stripped = content
+        .replace(/\/\/.*$/gm, '')
+        .replace(/\/\*[\s\S]*?\*\//g, '')
+        .replace(/#.*$/gm, ''); // Python comments
+    const called = [];
+    for (const symbol of symbols) {
+        // Handle namespace symbols (e.g., "_.something")
+        if (symbol.endsWith('.*')) {
+            const ns = symbol.slice(0, -2);
+            const nsPattern = new RegExp(`\\b${escapeRegex(ns)}\\s*\\.\\s*\\w+`, 'g');
+            if (nsPattern.test(stripped)) {
+                called.push(symbol);
+            }
+            continue;
+        }
+        // Match: symbol(, symbol., symbol[, symbol`
+        // This catches function calls, method access, property access, template literals
+        const callPattern = new RegExp(`\\b${escapeRegex(symbol)}\\s*[.([:\`]`, 'g');
+        // Also match: symbol as standalone usage (e.g., passed as callback: arr.map(symbol))
+        const refPattern = new RegExp(`[,(]\\s*${escapeRegex(symbol)}\\s*[,)]`, 'g');
+        if (callPattern.test(stripped) || refPattern.test(stripped)) {
+            called.push(symbol);
+        }
+    }
+    return called;
+}
+/**
+ * Escape special regex characters in a string.
+ */
+function escapeRegex(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+// ─── Usage Analysis ───────────────────────────────────────────
+/**
+ * Analyze function-level usage of vulnerable packages in CVE findings.
+ *
+ * For each Trivy CVE finding that has import sites (from exploitability analysis),
+ * reads the importing files, extracts the imported symbols, and checks if those
+ * symbols are actually called.
+ *
+ * Degrades gracefully:
+ * - No graph → skips analysis (no usageLabel set)
+ * - No import sites → labels as not-in-use
+ * - Namespace imports → labels as imported-not-called (can't determine specific usage)
+ *
+ * @param findings - Review findings (already enriched with exploitability)
+ * @param graph - The project's dependency graph (null if unavailable)
+ * @param readFile - Callback to read file content by path
+ * @returns The same findings array with usage fields added to CVE findings
+ */
+export async function analyzeUsage(findings, graph, readFile) {
+    if (!graph)
+        return findings;
+    // Only process findings that already have exploitability analysis
+    const vulnPackages = extractVulnPackages(findings);
+    if (vulnPackages.size === 0)
+        return findings;
+    for (const [packageName, indices] of vulnPackages) {
+        // Skip unparseable packages
+        if (packageName.startsWith('__unparseable_')) {
+            continue;
+        }
+        // Find import sites (reuse from exploitability or recompute)
+        const importSites = tracePackageImports(graph, packageName);
+        if (importSites.length === 0) {
+            const detail = {
+                usageLabel: 'not-in-use',
+                importedSymbols: [],
+                calledSymbols: [],
+                filesScanned: [],
+                reason: 'Package is not imported by any project file',
+            };
+            for (const idx of indices) {
+                const finding = findings[idx];
+                if (finding) {
+                    finding.usageLabel = 'not-in-use';
+                    finding.usageDetail = detail;
+                }
+            }
+            continue;
+        }
+        // Read each import site, extract symbols, check for calls
+        const allImportedSymbols = new Set();
+        const allCalledSymbols = new Set();
+        const filesScanned = [];
+        let hasNamespaceImport = false;
+        for (const site of importSites) {
+            const content = await readFile(site);
+            if (!content)
+                continue;
+            filesScanned.push(site);
+            const symbols = extractImportedSymbols(content, packageName);
+            for (const sym of symbols) {
+                allImportedSymbols.add(sym);
+                if (sym.endsWith('.*')) {
+                    hasNamespaceImport = true;
+                }
+            }
+            const called = detectSymbolCalls(content, symbols);
+            for (const sym of called) {
+                allCalledSymbols.add(sym);
+            }
+        }
+        // Classify
+        const importedSymbols = [...allImportedSymbols];
+        const calledSymbols = [...allCalledSymbols];
+        let usageLabel;
+        let reason;
+        if (calledSymbols.length > 0) {
+            usageLabel = 'in-use';
+            reason = `${calledSymbols.length} symbol(s) from ${packageName} are called: ${calledSymbols.join(', ')}`;
+        }
+        else if (importedSymbols.length === 0) {
+            // Side-effect import (import 'pkg') — no symbols extracted
+            usageLabel = 'imported-not-called';
+            reason = 'Package is imported (side-effect) but no specific symbols are extracted';
+        }
+        else if (hasNamespaceImport) {
+            usageLabel = 'imported-not-called';
+            reason =
+                'Package is imported via namespace (import * as) — specific function usage cannot be determined';
+        }
+        else {
+            usageLabel = 'imported-not-called';
+            reason = `Package symbols imported (${importedSymbols.join(', ')}) but none are called in code`;
+        }
+        const detail = {
+            usageLabel,
+            importedSymbols,
+            calledSymbols,
+            filesScanned,
+            reason,
+        };
+        for (const idx of indices) {
+            const finding = findings[idx];
+            if (finding) {
+                finding.usageLabel = usageLabel;
+                finding.usageDetail = detail;
+            }
+        }
+    }
+    return findings;
+}
 //# sourceMappingURL=analyzer.js.map

package/dist/exploitability/analyzer.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../../src/exploitability/analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH,kEAAkE;AAElE;;;;;;;;GAQG;AACH,MAAM,qBAAqB,GAAG,8BAA8B,CAAC;AAE7D;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAyB;IAC3D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAoB,CAAC;IAE7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,0BAA0B,EAAE,CAAC;YAClF,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,qEAAqE;YACrE,MAAM,GAAG,GAAG,iBAAiB,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,kEAAkE;AAElE;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAsB,EAAE,WAAmB;IAC7E,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC/B,iFAAiF;YACjF,gDAAgD;YAChD,yEAAyE;YACzE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjD,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,WAAW,GAAG,CAAC,EAAE,CAAC;oBAC7D,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC3B,MAAM,CAAC,+BAA+B;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,kEAAkE;AAElE;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,KAAsB;IACpD,sEAAsE;IACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC/B,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,kEAAkE;AAElE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAsB,EACtB,WAAqB,EACrB,WAAqB;IAErB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;IAE3C,sCAAsC;IACtC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvB,CAAC;IAED,oCAAoC;IACpC,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEnB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,OAAO;gBAAE,MAAM;YAEpB,qCAAqC;YACrC,IAAI,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;YAED,yBAAyB;YACzB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;oBACjB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1D,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACzB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,kEAAkE;AAElE;;GAEG;AACH,SAAS,sBAAsB,CAC7B,WAAqB,EACrB,eAA6C;IAE7C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,iBAAiB;YACxB,aAAa,EAAE,EAAE;YACjB,MAAM,EAAE,wDAAwD;SACjE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,KAAK,EAAE,yBAAyB;YAChC,aAAa,EAAE,EAAE;YACjB,MAAM,EAAE,8DAA8D;SACvE,CAAC;IACJ,CAAC;IAED,0DAA0D;IAC1D,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,KAAK,MAAM,WAAW,IAAI,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;QACnD,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;YAC7B,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,KAAK,EAAE,aAAa;YACpB,aAAa,EAAE,CAAC,GAAG,gBAAgB,CAAC;YACpC,MAAM,EAAE,qDAAqD,gBAAgB,CAAC,IAAI,iBAAiB;SACpG,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,yBAAyB;QAChC,aAAa,EAAE,EAAE;QACjB,MAAM,EAAE,kEAAkE;KAC3E,CAAC;AACJ,CAAC;AAED,kEAAkE;AAElE;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAyB,EACzB,KAA6B;IAE7B,sCAAsC;IACtC,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAEnD,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,mEAAmE;IACnE,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,KAAK,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;YAClD,MAAM,SAAS,GAAG,WAAW,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;YACrF,MAAM,MAAM,GAAyB;gBACnC,KAAK,EAAE,yBAAyB;gBAChC,WAAW,EAAE,SAAS;gBACtB,WAAW,EAAE,EAAE;gBACf,aAAa,EAAE,EAAE;gBACjB,MAAM,EAAE,8DAA8D;aACvE,CAAC;YACF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,cAAc,GAAG,yBAAyB,CAAC;oBACnD,OAAO,CAAC,oBAAoB,GAAG,MAAM,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,oDAAoD;IACpD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAE3C,0CAA0C;IAC1C,KAAK,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;QAClD,4BAA4B;QAC5B,IAAI,WAAW,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAyB;gBACnC,KAAK,EAAE,yBAAyB;gBAChC,WAAW,EAAE,SAAS;gBACtB,WAAW,EAAE,EAAE;gBACf,aAAa,EAAE,EAAE;gBACjB,MAAM,EAAE,2CAA2C;aACpD,CAAC;YACF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,cAAc,GAAG,yBAAyB,CAAC;oBACnD,OAAO,CAAC,oBAAoB,GAAG,MAAM,CAAC;gBACxC,CAAC;YACH,CAAC;YACD,SAAS;QACX,CAAC;QAED,gBAAgB;QAChB,MAAM,WAAW,GAAG,mBAAmB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAE5D,qBAAqB;QACrB,IAAI,eAAe,GAAiC,IAAI,CAAC;QACzD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrD,eAAe,GAAG,iBAAiB,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;QACvE,CAAC;QAED,WAAW;QACX,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QAE9F,MAAM,MAAM,GAAyB;YACnC,KAAK;YACL,WAAW;YACX,WAAW;YACX,aAAa;YACb,MAAM;SACP,CAAC;QAEF,yCAAyC;QACzC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,cAAc,GAAG,KAAK,CAAC;gBAC/B,OAAO,CAAC,oBAAoB,GAAG,MAAM,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../../src/exploitability/analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAWH,kEAAkE;AAElE;;;;;;;;GAQG;AACH,MAAM,qBAAqB,GAAG,8BAA8B,CAAC;AAE7D;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAyB;IAC3D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAoB,CAAC;IAE7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,0BAA0B,EAAE,CAAC;YAClF,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,qEAAqE;YACrE,MAAM,GAAG,GAAG,iBAAiB,CAAC,EAAE,CAAC;YACjC,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;QAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChB,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,kEAAkE;AAElE;;;;;;;;;GASG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAsB,EAAE,WAAmB;IAC7E,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC/B,iFAAiF;YACjF,gDAAgD;YAChD,yEAAyE;YACzE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjD,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,WAAW,GAAG,CAAC,EAAE,CAAC;oBAC7D,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC3B,MAAM,CAAC,+BAA+B;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,kEAAkE;AAElE;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,KAAsB;IACpD,sEAAsE;IACtE,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IAEnC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC/B,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,kEAAkE;AAElE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAsB,EACtB,WAAqB,EACrB,WAAqB;IAErB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAoB,CAAC;IAE3C,sCAAsC;IACtC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvB,CAAC;IAED,oCAAoC;IACpC,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEnB,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,OAAO;gBAAE,MAAM;YAEpB,qCAAqC;YACrC,IAAI,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;YAED,yBAAyB;YACzB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC1C,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;oBACjB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC9B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC1D,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACzB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,kEAAkE;AAElE;;GAEG;AACH,SAAS,sBAAsB,CAC7B,WAAqB,EACrB,eAA6C;IAE7C,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,KAAK,EAAE,iBAAiB;YACxB,aAAa,EAAE,EAAE;YACjB,MAAM,EAAE,wDAAwD;SACjE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO;YACL,KAAK,EAAE,yBAAyB;YAChC,aAAa,EAAE,EAAE;YACjB,MAAM,EAAE,8DAA8D;SACvE,CAAC;IACJ,CAAC;IAED,0DAA0D;IAC1D,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,KAAK,MAAM,WAAW,IAAI,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;QACnD,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;YAC7B,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,gBAAgB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO;YACL,KAAK,EAAE,aAAa;YACpB,aAAa,EAAE,CAAC,GAAG,gBAAgB,CAAC;YACpC,MAAM,EAAE,qDAAqD,gBAAgB,CAAC,IAAI,iBAAiB;SACpG,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,yBAAyB;QAChC,aAAa,EAAE,EAAE;QACjB,MAAM,EAAE,kEAAkE;KAC3E,CAAC;AACJ,CAAC;AAED,kEAAkE;AAElE;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAyB,EACzB,KAA6B;IAE7B,sCAAsC;IACtC,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAEnD,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,mEAAmE;IACnE,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,KAAK,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;YAClD,MAAM,SAAS,GAAG,WAAW,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC;YACrF,MAAM,MAAM,GAAyB;gBACnC,KAAK,EAAE,yBAAyB;gBAChC,WAAW,EAAE,SAAS;gBACtB,WAAW,EAAE,EAAE;gBACf,aAAa,EAAE,EAAE;gBACjB,MAAM,EAAE,8DAA8D;aACvE,CAAC;YACF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,cAAc,GAAG,yBAAyB,CAAC;oBACnD,OAAO,CAAC,oBAAoB,GAAG,MAAM,CAAC;gBACxC,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,oDAAoD;IACpD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAE3C,0CAA0C;IAC1C,KAAK,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;QAClD,4BAA4B;QAC5B,IAAI,WAAW,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAyB;gBACnC,KAAK,EAAE,yBAAyB;gBAChC,WAAW,EAAE,SAAS;gBACtB,WAAW,EAAE,EAAE;gBACf,aAAa,EAAE,EAAE;gBACjB,MAAM,EAAE,2CAA2C;aACpD,CAAC;YACF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,cAAc,GAAG,yBAAyB,CAAC;oBACnD,OAAO,CAAC,oBAAoB,GAAG,MAAM,CAAC;gBACxC,CAAC;YACH,CAAC;YACD,SAAS;QACX,CAAC;QAED,gBAAgB;QAChB,MAAM,WAAW,GAAG,mBAAmB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAE5D,qBAAqB;QACrB,IAAI,eAAe,GAAiC,IAAI,CAAC;QACzD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrD,eAAe,GAAG,iBAAiB,CAAC,KAAK,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;QACvE,CAAC;QAED,WAAW;QACX,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;QAE9F,MAAM,MAAM,GAAyB;YACnC,KAAK;YACL,WAAW;YACX,WAAW;YACX,aAAa;YACb,MAAM;SACP,CAAC;QAEF,yCAAyC;QACzC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,cAAc,GAAG,KAAK,CAAC;gBAC/B,OAAO,CAAC,oBAAoB,GAAG,MAAM,CAAC;YACxC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAUD,iEAAiE;AAEjE;;;;;;;;;;GAUG;AACH,SAAS,yBAAyB,CAAC,WAAmB;IACpD,mEAAmE;IACnE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IAEnE,OAAO;QACL,+CAA+C;QAC/C,IAAI,MAAM,CACR,uDAAuD,OAAO,kBAAkB,EAChF,GAAG,CACJ;QACD,yCAAyC;QACzC,IAAI,MAAM,CAAC,mCAAmC,OAAO,kBAAkB,EAAE,GAAG,CAAC;QAC7E,gDAAgD;QAChD,IAAI,MAAM,CAAC,gDAAgD,OAAO,kBAAkB,EAAE,GAAG,CAAC;QAC1F,yDAAyD;QACzD,IAAI,MAAM,CACR,oEAAoE,OAAO,yBAAyB,EACpG,GAAG,CACJ;QACD,6CAA6C;QAC7C,IAAI,MAAM,CACR,6DAA6D,OAAO,yBAAyB,EAC7F,GAAG,CACJ;QACD,+BAA+B;QAC/B,IAAI,MAAM,CAAC,WAAW,OAAO,wCAAwC,EAAE,GAAG,CAAC;KAC5E,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe,EAAE,WAAmB;IACzE,MAAM,QAAQ,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI,CAAC,QAAQ;gBAAE,SAAS;YAExB,sDAAsD;YACtD,IAAI,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,iBAAiB,GAAG,IAAI,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7B,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,MAAM,KAAK,GAAG,QAAQ;iBACnB,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACT,CAAC;iBACE,IAAI,EAAE;iBACN,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;iBAC3B,IAAI,EAAE,CACV;iBACA,MAAM,CAAC,OAAO,CAAC,CAAC;YAEnB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,iBAAiB,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,iEAAiE;AAEjE;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe,EAAE,OAAiB;IAClE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,sEAAsE;IACtE,MAAM,QAAQ,GAAG,OAAO;SACrB,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;SACxB,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC;SAChC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB;IAE5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,iDAAiD;QACjD,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,MAAM,WAAW,CAAC,EAAE,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YAC1E,IAAI,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtB,CAAC;YACD,SAAS;QACX,CAAC;QAED,4CAA4C;QAC5C,iFAAiF;QACjF,MAAM,WAAW,GAAG,IAAI,MAAM,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAC7E,qFAAqF;QACrF,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,WAAW,WAAW,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAE7E,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED,iEAAiE;AAEjE;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAyB,EACzB,KAA6B,EAC7B,QAAoB;IAEpB,IAAI,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAE5B,kEAAkE;IAClE,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,YAAY,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE7C,KAAK,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;QAClD,4BAA4B;QAC5B,IAAI,WAAW,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC7C,SAAS;QACX,CAAC;QAED,6DAA6D;QAC7D,MAAM,WAAW,GAAG,mBAAmB,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAE5D,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAgB;gBAC1B,UAAU,EAAE,YAAY;gBACxB,eAAe,EAAE,EAAE;gBACnB,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,MAAM,EAAE,6CAA6C;aACtD,CAAC;YACF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAC9B,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,UAAU,GAAG,YAAY,CAAC;oBAClC,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC;gBAC/B,CAAC;YACH,CAAC;YACD,SAAS;QACX,CAAC;QAED,0DAA0D;QAC1D,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC7C,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC3C,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrC,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAE7D,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC5B,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,kBAAkB,GAAG,IAAI,CAAC;gBAC5B,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACnD,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;gBACzB,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,WAAW;QACX,MAAM,eAAe,GAAG,CAAC,GAAG,kBAAkB,CAAC,CAAC;QAChD,MAAM,aAAa,GAAG,CAAC,GAAG,gBAAgB,CAAC,CAAC;QAE5C,IAAI,UAAsB,CAAC;QAC3B,IAAI,MAAc,CAAC;QAEnB,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,UAAU,GAAG,QAAQ,CAAC;YACtB,MAAM,GAAG,GAAG,aAAa,CAAC,MAAM,mBAAmB,WAAW,gBAAgB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3G,CAAC;aAAM,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,2DAA2D;YAC3D,UAAU,GAAG,qBAAqB,CAAC;YACnC,MAAM,GAAG,yEAAyE,CAAC;QACrF,CAAC;aAAM,IAAI,kBAAkB,EAAE,CAAC;YAC9B,UAAU,GAAG,qBAAqB,CAAC;YACnC,MAAM;gBACJ,gGAAgG,CAAC;QACrG,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,qBAAqB,CAAC;YACnC,MAAM,GAAG,6BAA6B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,+BAA+B,CAAC;QAClG,CAAC;QAED,MAAM,MAAM,GAAgB;YAC1B,UAAU;YACV,eAAe;YACf,aAAa;YACb,YAAY;YACZ,MAAM;SACP,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9B,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC;gBAChC,OAAO,CAAC,WAAW,GAAG,MAAM,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/exploitability/index.d.ts

@@ -5,6 +5,7 @@
  * Enriches Trivy vulnerability findings with labels indicating
  * whether the vulnerable code path is actually reachable.
  */
-export type { ExploitabilityDetail, ExploitabilityLabel } from './types.js';
-export { analyzeExploitability, checkReachability, extractVulnPackages, findEntryPoints, tracePackageImports, } from './analyzer.js';
+export type { ExploitabilityDetail, ExploitabilityLabel, UsageDetail, UsageLabel, } from './types.js';
+export type { FileReader } from './analyzer.js';
+export { analyzeExploitability, analyzeUsage, checkReachability, detectSymbolCalls, extractImportedSymbols, extractVulnPackages, findEntryPoints, tracePackageImports, } from './analyzer.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/exploitability/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/exploitability/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,YAAY,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAI5E,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,mBAAmB,GACpB,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/exploitability/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,YAAY,EACV,oBAAoB,EACpB,mBAAmB,EACnB,WAAW,EACX,UAAU,GACX,MAAM,YAAY,CAAC;AAIpB,YAAY,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EACL,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,mBAAmB,GACpB,MAAM,eAAe,CAAC"}

package/dist/exploitability/index.js

@@ -5,6 +5,5 @@
  * Enriches Trivy vulnerability findings with labels indicating
  * whether the vulnerable code path is actually reachable.
  */
-// ─── Analyzer ──────────────────────────────────────────────────
-export { analyzeExploitability, checkReachability, extractVulnPackages, findEntryPoints, tracePackageImports, } from './analyzer.js';
+export { analyzeExploitability, analyzeUsage, checkReachability, detectSymbolCalls, extractImportedSymbols, extractVulnPackages, findEntryPoints, tracePackageImports, } from './analyzer.js';
 //# sourceMappingURL=index.js.map

package/dist/exploitability/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/exploitability/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,kEAAkE;AAElE,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,mBAAmB,GACpB,MAAM,eAAe,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/exploitability/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAcH,OAAO,EACL,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,sBAAsB,EACtB,mBAAmB,EACnB,eAAe,EACf,mBAAmB,GACpB,MAAM,eAAe,CAAC"}

package/dist/exploitability/types.d.ts

@@ -29,4 +29,31 @@ export interface ExploitabilityDetail {
     /** Human-readable explanation of the classification */
     reason: string;
 }
+/**
+ * Function-level usage classification for a CVE finding.
+ *
+ * Refines exploitability by checking whether the vulnerable function
+ * is actually called in the project's code:
+ *
+ * - `in-use`: at least one imported symbol from the vulnerable package is called
+ * - `imported-not-called`: package is imported but no vulnerable symbols are called
+ * - `not-in-use`: package is not imported by any project file
+ */
+export type UsageLabel = 'in-use' | 'imported-not-called' | 'not-in-use';
+/**
+ * Detailed usage analysis result for a single CVE finding.
+ * Attached to ReviewFinding alongside ExploitabilityDetail.
+ */
+export interface UsageDetail {
+    /** Usage classification */
+    usageLabel: UsageLabel;
+    /** Symbols imported from the vulnerable package across all import sites */
+    importedSymbols: string[];
+    /** Subset of importedSymbols that are actually called in project code */
+    calledSymbols: string[];
+    /** Files that were scanned for symbol usage */
+    filesScanned: string[];
+    /** Human-readable explanation of the classification */
+    reason: string;
+}
 //# sourceMappingURL=types.d.ts.map

package/dist/exploitability/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/exploitability/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;;;GAMG;AACH,MAAM,MAAM,mBAAmB,GAAG,aAAa,GAAG,yBAAyB,GAAG,iBAAiB,CAAC;AAIhG;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,oCAAoC;IACpC,KAAK,EAAE,mBAAmB,CAAC;IAE3B,oFAAoF;IACpF,WAAW,EAAE,MAAM,CAAC;IAEpB,uDAAuD;IACvD,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,gEAAgE;IAChE,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAC;CAChB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/exploitability/types.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH;;;;;;GAMG;AACH,MAAM,MAAM,mBAAmB,GAAG,aAAa,GAAG,yBAAyB,GAAG,iBAAiB,CAAC;AAIhG;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,oCAAoC;IACpC,KAAK,EAAE,mBAAmB,CAAC;IAE3B,oFAAoF;IACpF,WAAW,EAAE,MAAM,CAAC;IAEpB,uDAAuD;IACvD,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,gEAAgE;IAChE,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAC;CAChB;AAID;;;;;;;;;GASG;AACH,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,qBAAqB,GAAG,YAAY,CAAC;AAEzE;;;GAGG;AACH,MAAM,WAAW,WAAW;IAC1B,2BAA2B;IAC3B,UAAU,EAAE,UAAU,CAAC;IAEvB,2EAA2E;IAC3E,eAAe,EAAE,MAAM,EAAE,CAAC;IAE1B,yEAAyE;IACzE,aAAa,EAAE,MAAM,EAAE,CAAC;IAExB,+CAA+C;IAC/C,YAAY,EAAE,MAAM,EAAE,CAAC;IAEvB,uDAAuD;IACvD,MAAM,EAAE,MAAM,CAAC;CAChB"}

package/dist/fetch-fix.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Fetch & fix — pull review comments from GitHub PRs, batch-resolve
+ * them, and push fixes. Closes the review loop: ghagga finds issues,
+ * fetch-fix resolves them.
+ *
+ * Flow:
+ *   1. Fetch unresolved review comments from a PR
+ *   2. Parse each comment into a structured fix request
+ *   3. Group by file for efficient batch fixing
+ *   4. Apply fixes (via LLM or deterministic rules)
+ *   5. Report what was fixed vs what needs manual attention
+ */
+export interface ReviewComment {
+    id: number;
+    body: string;
+    path: string;
+    line: number | null;
+    author: string;
+    createdAt: string;
+    resolved: boolean;
+}
+export interface FixRequest {
+    commentId: number;
+    file: string;
+    line: number | null;
+    issue: string;
+    suggestedFix: string | null;
+    severity: 'critical' | 'major' | 'minor' | 'nit';
+    autoFixable: boolean;
+}
+export interface FixResult {
+    commentId: number;
+    file: string;
+    status: 'fixed' | 'skipped' | 'manual' | 'error';
+    action: string;
+    error?: string;
+}
+export interface FetchFixReport {
+    prNumber: number;
+    totalComments: number;
+    fixRequests: FixRequest[];
+    results: FixResult[];
+    fixedCount: number;
+    skippedCount: number;
+    manualCount: number;
+}
+export declare function parseCommentSeverity(body: string): FixRequest['severity'];
+export declare function extractSuggestion(body: string): string | null;
+export declare function isAutoFixable(comment: ReviewComment): boolean;
+export declare function parseFixRequest(comment: ReviewComment): FixRequest;
+export declare function groupByFile(requests: FixRequest[]): Map<string, FixRequest[]>;
+export type FixApplier = (file: string, requests: FixRequest[]) => Promise<FixResult[]> | FixResult[];
+/**
+ * Simple auto-fixer: applies GitHub suggestion blocks directly.
+ * Only handles comments with ```suggestion``` blocks.
+ */
+export declare function createAutoFixer(): FixApplier;
+export declare function fetchAndFix(comments: ReviewComment[], applier: FixApplier, prNumber: number): Promise<FetchFixReport>;
+export declare function formatFetchFixReport(report: FetchFixReport): string;
+//# sourceMappingURL=fetch-fix.d.ts.map

package/dist/fetch-fix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch-fix.d.ts","sourceRoot":"","sources":["../src/fetch-fix.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,EAAE,UAAU,GAAG,OAAO,GAAG,OAAO,GAAG,KAAK,CAAC;IACjD,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAeD,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAAC,UAAU,CAAC,CAMzE;AAID,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAG7D;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAG7D;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,aAAa,GAAG,UAAU,CAUlE;AAID,wBAAgB,WAAW,CAAC,QAAQ,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAO7E;AAID,MAAM,MAAM,UAAU,GAAG,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,UAAU,EAAE,KACnB,OAAO,CAAC,SAAS,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC;AAExC;;;GAGG;AACH,wBAAgB,eAAe,IAAI,UAAU,CAmB5C;AAID,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,aAAa,EAAE,EACzB,OAAO,EAAE,UAAU,EACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,CAAC,CA0BzB;AAID,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAgCnE"}

package/dist/fetch-fix.js

@@ -0,0 +1,137 @@
+/**
+ * Fetch & fix — pull review comments from GitHub PRs, batch-resolve
+ * them, and push fixes. Closes the review loop: ghagga finds issues,
+ * fetch-fix resolves them.
+ *
+ * Flow:
+ *   1. Fetch unresolved review comments from a PR
+ *   2. Parse each comment into a structured fix request
+ *   3. Group by file for efficient batch fixing
+ *   4. Apply fixes (via LLM or deterministic rules)
+ *   5. Report what was fixed vs what needs manual attention
+ */
+// ── Comment parsing ──
+const SEVERITY_KEYWORDS = {
+    critical: 'critical',
+    security: 'critical',
+    bug: 'major',
+    error: 'major',
+    warning: 'minor',
+    nit: 'nit',
+    style: 'nit',
+    typo: 'nit',
+};
+export function parseCommentSeverity(body) {
+    const lower = body.toLowerCase();
+    for (const [keyword, severity] of Object.entries(SEVERITY_KEYWORDS)) {
+        if (lower.includes(keyword))
+            return severity;
+    }
+    return 'minor';
+}
+const SUGGESTION_RE = /```suggestion\n([\s\S]*?)```/;
+export function extractSuggestion(body) {
+    const match = SUGGESTION_RE.exec(body);
+    return match ? match[1]?.trim() : null;
+}
+export function isAutoFixable(comment) {
+    // Auto-fixable if there's a GitHub suggestion block
+    return SUGGESTION_RE.test(comment.body);
+}
+export function parseFixRequest(comment) {
+    return {
+        commentId: comment.id,
+        file: comment.path,
+        line: comment.line,
+        issue: comment.body.split('\n')[0]?.slice(0, 200), // first line as summary
+        suggestedFix: extractSuggestion(comment.body),
+        severity: parseCommentSeverity(comment.body),
+        autoFixable: isAutoFixable(comment),
+    };
+}
+// ── Batch grouping ──
+export function groupByFile(requests) {
+    const groups = new Map();
+    for (const req of requests) {
+        if (!groups.has(req.file))
+            groups.set(req.file, []);
+        groups.get(req.file)?.push(req);
+    }
+    return groups;
+}
+/**
+ * Simple auto-fixer: applies GitHub suggestion blocks directly.
+ * Only handles comments with ```suggestion``` blocks.
+ */
+export function createAutoFixer() {
+    return (_file, requests) => {
+        return requests.map((req) => {
+            if (!req.autoFixable || !req.suggestedFix) {
+                return {
+                    commentId: req.commentId,
+                    file: req.file,
+                    status: 'manual',
+                    action: 'No auto-fix available — needs manual resolution',
+                };
+            }
+            return {
+                commentId: req.commentId,
+                file: req.file,
+                status: 'fixed',
+                action: `Applied suggestion: ${req.suggestedFix.slice(0, 100)}`,
+            };
+        });
+    };
+}
+// ── Orchestrator ──
+export async function fetchAndFix(comments, applier, prNumber) {
+    // Filter to unresolved comments only
+    const unresolved = comments.filter((c) => !c.resolved);
+    // Parse into fix requests
+    const fixRequests = unresolved.map(parseFixRequest);
+    // Group by file
+    const grouped = groupByFile(fixRequests);
+    // Apply fixes per file
+    const results = [];
+    for (const [file, requests] of grouped) {
+        const fileResults = await applier(file, requests);
+        results.push(...fileResults);
+    }
+    return {
+        prNumber,
+        totalComments: comments.length,
+        fixRequests,
+        results,
+        fixedCount: results.filter((r) => r.status === 'fixed').length,
+        skippedCount: results.filter((r) => r.status === 'skipped').length,
+        manualCount: results.filter((r) => r.status === 'manual').length,
+    };
+}
+// ── Formatting ──
+export function formatFetchFixReport(report) {
+    const lines = [];
+    lines.push(`## Fetch & Fix Report — PR #${report.prNumber}\n`);
+    lines.push(`**Comments**: ${report.totalComments} | **Fix requests**: ${report.fixRequests.length} | **Fixed**: ${report.fixedCount} | **Manual**: ${report.manualCount}\n`);
+    if (report.results.length === 0) {
+        lines.push('No unresolved comments to fix.\n');
+        return lines.join('\n');
+    }
+    const fixed = report.results.filter((r) => r.status === 'fixed');
+    const manual = report.results.filter((r) => r.status === 'manual');
+    if (fixed.length > 0) {
+        lines.push('### Auto-fixed\n');
+        for (const r of fixed) {
+            lines.push(`- ✅ \`${r.file}\` — ${r.action}`);
+        }
+        lines.push('');
+    }
+    if (manual.length > 0) {
+        lines.push('### Needs manual attention\n');
+        for (const r of manual) {
+            lines.push(`- 🔧 \`${r.file}\` — ${r.action}`);
+        }
+        lines.push('');
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=fetch-fix.js.map

package/dist/fetch-fix.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch-fix.js","sourceRoot":"","sources":["../src/fetch-fix.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AA0CH,wBAAwB;AAExB,MAAM,iBAAiB,GAA2C;IAChE,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,UAAU;IACpB,GAAG,EAAE,OAAO;IACZ,KAAK,EAAE,OAAO;IACd,OAAO,EAAE,OAAO;IAChB,GAAG,EAAE,KAAK;IACV,KAAK,EAAE,KAAK;IACZ,IAAI,EAAE,KAAK;CACZ,CAAC;AAEF,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpE,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,OAAO,QAAQ,CAAC;IAC/C,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,aAAa,GAAG,8BAA8B,CAAC;AAErD,MAAM,UAAU,iBAAiB,CAAC,IAAY;IAC5C,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,OAAsB;IAClD,oDAAoD;IACpD,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAsB;IACpD,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,EAAE;QACrB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,wBAAwB;QAC3E,YAAY,EAAE,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC;QAC7C,QAAQ,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;QAC5C,WAAW,EAAE,aAAa,CAAC,OAAO,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,uBAAuB;AAEvB,MAAM,UAAU,WAAW,CAAC,QAAsB;IAChD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC/C,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AASD;;;GAGG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,CAAC,KAAa,EAAE,QAAsB,EAAe,EAAE;QAC5D,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC1B,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;gBAC1C,OAAO;oBACL,SAAS,EAAE,GAAG,CAAC,SAAS;oBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,MAAM,EAAE,QAAiB;oBACzB,MAAM,EAAE,iDAAiD;iBAC1D,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,SAAS,EAAE,GAAG,CAAC,SAAS;gBACxB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,OAAgB;gBACxB,MAAM,EAAE,uBAAuB,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;aAChE,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED,qBAAqB;AAErB,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAyB,EACzB,OAAmB,EACnB,QAAgB;IAEhB,qCAAqC;IACrC,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAEvD,0BAA0B;IAC1B,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAEpD,gBAAgB;IAChB,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IAEzC,uBAAuB;IACvB,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,OAAO,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO;QACL,QAAQ;QACR,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,WAAW;QACX,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM;QAC9D,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM;QAClE,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,MAAM;KACjE,CAAC;AACJ,CAAC;AAED,mBAAmB;AAEnB,MAAM,UAAU,oBAAoB,CAAC,MAAsB;IACzD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,+BAA+B,MAAM,CAAC,QAAQ,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CACR,iBAAiB,MAAM,CAAC,aAAa,wBAAwB,MAAM,CAAC,WAAW,CAAC,MAAM,iBAAiB,MAAM,CAAC,UAAU,kBAAkB,MAAM,CAAC,WAAW,IAAI,CACjK,CAAC;IAEF,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC;IAEnE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/B,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/flood/index.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Flood / spam PR detection.
+ *
+ * Inspects lightweight PR metadata and returns a FloodResult that tells
+ * the pipeline whether to skip, run a lightweight review, or run a full
+ * review.  No network calls — pure computation.
+ */
+export interface FloodSignal {
+    type: 'bot' | 'mass_prs' | 'empty_description' | 'huge_diff';
+    confidence: number;
+    detail: string;
+}
+export interface FloodResult {
+    isFlood: boolean;
+    signals: FloodSignal[];
+    recommendation: 'skip' | 'lightweight' | 'full';
+}
+/**
+ * Analyse PR metadata and return a FloodResult.
+ *
+ * Decision rules (applied in order, most severe wins):
+ *  1. Bot author        → confidence 1.0, recommendation "skip"
+ *  2. Mass PRs (> 5)    → confidence 0.9, recommendation "lightweight"
+ *  3. Huge diff (> 5 k) → confidence 0.8, recommendation "lightweight"
+ *  4. Empty description with generic title → confidence 0.7, recommendation "lightweight"
+ */
+export declare function detectFlood(input: {
+    authorLogin: string;
+    prTitle: string;
+    prBody: string | null;
+    linesChanged: number;
+    recentPrCount?: number;
+}): FloodResult;
+//# sourceMappingURL=index.d.ts.map

package/dist/flood/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/flood/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,KAAK,GAAG,UAAU,GAAG,mBAAmB,GAAG,WAAW,CAAC;IAC7D,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,cAAc,EAAE,MAAM,GAAG,aAAa,GAAG,MAAM,CAAC;CACjD;AAKD;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,WAAW,CAqDd"}