npm - guardvibe - Versions diffs - 1.1.1 → 1.3.2 - Mend

guardvibe 1.1.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/LICENSE +191 -21
package/README.md +98 -32
package/build/cli.js +0 -0
package/build/data/rules/api-security.d.ts +3 -0
package/build/data/rules/api-security.d.ts.map +1 -0
package/build/data/rules/api-security.js +131 -0
package/build/data/rules/api-security.js.map +1 -0
package/build/data/rules/auth.js +1 -1
package/build/data/rules/auth.js.map +1 -1
package/build/data/rules/core.js +4 -4
package/build/data/rules/core.js.map +1 -1
package/build/data/rules/cve-versions.d.ts.map +1 -1
package/build/data/rules/cve-versions.js +97 -0
package/build/data/rules/cve-versions.js.map +1 -1
package/build/data/rules/database.js +4 -4
package/build/data/rules/database.js.map +1 -1
package/build/data/rules/index.d.ts.map +1 -1
package/build/data/rules/index.js +4 -0
package/build/data/rules/index.js.map +1 -1
package/build/data/rules/modern-stack.d.ts +3 -0
package/build/data/rules/modern-stack.d.ts.map +1 -0
package/build/data/rules/modern-stack.js +414 -0
package/build/data/rules/modern-stack.js.map +1 -0
package/build/data/rules/nextjs.js +1 -1
package/build/data/rules/nextjs.js.map +1 -1
package/build/index.js +20 -1
package/build/index.js.map +1 -1
package/build/tools/check-code.d.ts.map +1 -1
package/build/tools/check-code.js +45 -0
package/build/tools/check-code.js.map +1 -1
package/build/tools/fix-code.d.ts +17 -0
package/build/tools/fix-code.d.ts.map +1 -0
package/build/tools/fix-code.js +142 -0
package/build/tools/fix-code.js.map +1 -0
package/package.json +17 -5

package/build/data/rules/modern-stack.js ADDED Viewed

@@ -0,0 +1,414 @@
+// Security rules for modern vibecoding stack:
+// Zod, file uploads, server-only, webhooks, OAuth, cron,
+// AI SDK, tRPC, Hono, GraphQL
+export const modernStackRules = [
+    // =====================================================
+    // Zod / Validation
+    // =====================================================
+    {
+        id: "VG960",
+        name: "Zod passthrough Allows Mass Assignment",
+        severity: "high",
+        owasp: "API3:2023 Broken Object Property Level Authorization",
+        description: "Using .passthrough() on a Zod schema allows unknown fields to pass through validation. Attackers can inject extra fields (role, isAdmin, price) into the validated object.",
+        pattern: /\.passthrough\s*\(\s*\)[\s\S]{0,300}?(?:create|update|insert|upsert|save|set|assign)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Use .strict() instead of .passthrough(), or use .strip() (default) which removes unknown fields. Only use .passthrough() when you explicitly need to forward unknown fields.",
+        fixCode: '// BAD: allows extra fields\nconst schema = z.object({ name: z.string() }).passthrough();\n\n// GOOD: rejects extra fields\nconst schema = z.object({ name: z.string() }).strict();\n\n// GOOD: strips extra fields (default behavior)\nconst schema = z.object({ name: z.string() });',
+        compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.1"],
+    },
+    {
+        id: "VG961",
+        name: "Input Validation Disabled via z.any() or z.unknown()",
+        severity: "medium",
+        owasp: "API3:2023 Broken Object Property Level Authorization",
+        description: "Using z.any() or z.unknown() for request body/input validation effectively disables validation, allowing any data through.",
+        pattern: /(?:body|input|data|payload|params)\s*[:=]\s*z\.(?:any|unknown)\s*\(\s*\)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Define explicit Zod schemas for all inputs. Use z.object() with specific field types.",
+        fixCode: '// BAD: no validation\nconst schema = z.object({ data: z.any() });\n\n// GOOD: explicit validation\nconst schema = z.object({\n  name: z.string().min(1).max(200),\n  email: z.string().email(),\n});',
+        compliance: ["SOC2:CC7.1"],
+    },
+    // =====================================================
+    // File Upload Validation
+    // =====================================================
+    {
+        id: "VG962",
+        name: "File Upload Without Type Validation",
+        severity: "high",
+        owasp: "A04:2023 Unrestricted Resource Consumption",
+        description: "File upload handler does not validate file type (MIME type or extension). Attackers can upload executable files, scripts, or malicious content.",
+        pattern: /(?:formData\.get|req\.file|upload|multer|busboy|formidable|Files?\s*\[)[\s\S]{0,500}?(?:writeFile|putObject|upload|save|createBucket|put\s*\()(?:(?!mime|type|extension|contentType|allowedTypes|accept|fileFilter|allowedMimeTypes)[\s\S]){0,200}/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Always validate file types against an allowlist before storing. Check both MIME type and extension.",
+        fixCode: '// Validate file type before upload\nconst ALLOWED_TYPES = ["image/jpeg", "image/png", "image/webp"];\nconst file = formData.get("file") as File;\nif (!ALLOWED_TYPES.includes(file.type)) {\n  return new Response("Invalid file type", { status: 400 });\n}\nif (file.size > 5 * 1024 * 1024) {\n  return new Response("File too large", { status: 400 });\n}',
+        compliance: ["SOC2:CC7.1"],
+    },
+    {
+        id: "VG963",
+        name: "File Upload Without Size Limit",
+        severity: "medium",
+        owasp: "A04:2023 Unrestricted Resource Consumption",
+        description: "File upload handler does not enforce a file size limit. Attackers can upload extremely large files to exhaust storage or memory.",
+        pattern: /(?:formData\.get|req\.file|upload)[\s\S]{0,300}?(?:writeFile|putObject|upload|save|put\s*\()(?:(?!size|limit|max|MB|GB|bytes|fileSizeLimit)[\s\S]){0,200}/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Enforce a file size limit before processing uploads. Typical limits: 5MB for images, 50MB for documents.",
+        fixCode: '// Check file size before upload\nconst MAX_SIZE = 5 * 1024 * 1024; // 5MB\nconst file = formData.get("file") as File;\nif (file.size > MAX_SIZE) {\n  return new Response("File too large (max 5MB)", { status: 400 });\n}',
+        compliance: ["SOC2:CC7.1"],
+    },
+    // =====================================================
+    // Server-Only Data Leak Prevention
+    // =====================================================
+    {
+        id: "VG964",
+        name: "Server-Only Module Missing in Sensitive File",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: 'File contains sensitive server-side logic (database queries, secret access) but does not import "server-only". Without this guard, the module can be accidentally imported by a Client Component, leaking server code to the browser bundle.',
+        pattern: /^(?![\s\S]*?(?:['"]server-only['"]|['"]use server['"]|['"]use client['"])[\s\S]*?)[\s\S]*?(?:process\.env\.(?!NEXT_PUBLIC_)\w+(?:_KEY|_SECRET|_TOKEN)|(?:prisma|db|supabase)\.(?:query|from|\$queryRaw))/g,
+        languages: ["javascript", "typescript"],
+        fix: 'Add import "server-only" at the top of files that contain server-side logic.',
+        fixCode: '// Add at the very top of server-only modules\nimport "server-only";\n\n// Now this file cannot be imported by Client Components\nexport async function getSecretData() {\n  const key = process.env.SECRET_KEY;\n  return prisma.user.findMany();\n}',
+        compliance: ["SOC2:CC6.1"],
+    },
+    // =====================================================
+    // Webhook Replay Protection
+    // =====================================================
+    {
+        id: "VG965",
+        name: "Webhook Missing Timestamp/Replay Check",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Webhook handler verifies signature but does not check the event timestamp. Without a timestamp check, attackers can replay old webhook events indefinitely.",
+        pattern: /(?:constructEvent|webhooks\.verify|svix\.verify)\s*\((?:(?!timestamp|age|Date\.now|stale|expired|tolerance|replay|created)[\s\S]){15,}?(?:switch|event\.type|event\.data)/g,
+        languages: ["javascript", "typescript"],
+        fix: "Check the webhook event timestamp and reject events older than 5 minutes to prevent replay attacks.",
+        fixCode: '// After verifying the webhook signature:\nconst eventTime = new Date(event.created * 1000);\nconst now = new Date();\nconst fiveMinutes = 5 * 60 * 1000;\nif (now.getTime() - eventTime.getTime() > fiveMinutes) {\n  return new Response("Event too old", { status: 400 });\n}',
+        compliance: ["SOC2:CC6.6"],
+    },
+    // =====================================================
+    // OAuth / OIDC Security
+    // =====================================================
+    {
+        id: "VG966",
+        name: "OAuth Callback Missing State Parameter",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "OAuth callback does not verify the state parameter. Without state verification, the app is vulnerable to CSRF attacks that can link an attacker's account to the victim.",
+        pattern: /(?:\/callback|\/auth\/callback|oauth\/callback)[\s\S]*?(?:code\s*=|searchParams\.get\s*\(\s*["']code["']\))(?:(?!state|csrfToken|csrf_token|nonce)[\s\S]){0,300}?(?:token|session|exchange)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Always verify the OAuth state parameter against the value stored in the session before exchanging the authorization code.",
+        fixCode: '// Verify state parameter in OAuth callback\nconst code = searchParams.get("code");\nconst state = searchParams.get("state");\nconst savedState = cookies().get("oauth_state")?.value;\n\nif (!state || state !== savedState) {\n  return new Response("Invalid state", { status: 400 });\n}\n// Now exchange code for token...',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG967",
+        name: "OAuth Without PKCE (Proof Key for Code Exchange)",
+        severity: "medium",
+        owasp: "A07:2025 Auth Failures",
+        description: "OAuth authorization request does not include PKCE parameters (code_challenge, code_verifier). Without PKCE, the authorization code can be intercepted and exchanged by an attacker.",
+        pattern: /(?:authorization_endpoint|\/authorize|\/oauth\/authorize)[\s\S]{0,300}?(?:response_type\s*[:=]\s*["']code["']|grant_type\s*[:=]\s*["']authorization_code["'])(?:(?!code_challenge|code_verifier|pkce|PKCE)[\s\S]){0,300}$/gm,
+        languages: ["javascript", "typescript"],
+        fix: "Include PKCE (code_challenge and code_verifier) in all OAuth authorization code flows.",
+        fixCode: '// Generate PKCE parameters\nimport crypto from "node:crypto";\nconst codeVerifier = crypto.randomBytes(32).toString("base64url");\nconst codeChallenge = crypto\n  .createHash("sha256")\n  .update(codeVerifier)\n  .digest("base64url");\n\n// Include in authorization URL\nconst authUrl = `${authEndpoint}?response_type=code&code_challenge=${codeChallenge}&code_challenge_method=S256`;',
+        compliance: ["SOC2:CC6.6"],
+    },
+    // =====================================================
+    // Cron Job Security
+    // =====================================================
+    {
+        id: "VG968",
+        name: "Cron Endpoint Missing CRON_SECRET Verification",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Vercel cron job endpoint does not verify the CRON_SECRET header. Anyone can trigger the cron job by calling the endpoint directly.",
+        pattern: /(?:\/api\/cron|cron)[\s\S]*?export\s+(?:async\s+)?function\s+GET\s*\([^)]*\)\s*\{(?:(?!CRON_SECRET|authorization|Bearer|verifySignature|x-vercel-cron)[\s\S]){10,}?(?:prisma|db|supabase|fetch|sql|resend|stripe)\.\w+/g,
+        languages: ["javascript", "typescript"],
+        fix: "Verify the CRON_SECRET header at the start of every cron endpoint.",
+        fixCode: 'export async function GET(request: Request) {\n  const authHeader = request.headers.get("authorization");\n  if (authHeader !== `Bearer ${process.env.CRON_SECRET}`) {\n    return new Response("Unauthorized", { status: 401 });\n  }\n  // ... cron job logic\n}',
+        compliance: ["SOC2:CC6.6"],
+    },
+    // =====================================================
+    // AI SDK Specific
+    // =====================================================
+    {
+        id: "VG874",
+        name: "OpenAI Client with dangerouslyAllowBrowser",
+        severity: "critical",
+        owasp: "A07:2025 Sensitive Data Exposure",
+        description: "OpenAI client is configured with dangerouslyAllowBrowser: true, which runs in the browser and exposes your API key to anyone. Your API key can be stolen and used to make requests at your expense.",
+        pattern: /dangerouslyAllowBrowser\s*:\s*true/g,
+        languages: ["javascript", "typescript"],
+        fix: "Never run the OpenAI client in the browser. Use an API route or Server Action to proxy AI requests.",
+        fixCode: '// BAD: runs in browser, leaks API key\nconst openai = new OpenAI({ dangerouslyAllowBrowser: true });\n\n// GOOD: use an API route\n// app/api/chat/route.ts (server-side)\nimport OpenAI from "openai";\nconst openai = new OpenAI(); // reads OPENAI_API_KEY from env\n\nexport async function POST(req: Request) {\n  const { prompt } = await req.json();\n  const completion = await openai.chat.completions.create({ ... });\n  return Response.json(completion);\n}',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3"],
+    },
+    {
+        id: "VG875",
+        name: "AI Request Without maxTokens Limit",
+        severity: "medium",
+        owasp: "A04:2023 Unrestricted Resource Consumption",
+        description: "AI generateText/streamText call does not set maxTokens. Without a limit, a single request can generate unlimited tokens, leading to unexpected costs and potential DoS.",
+        pattern: /(?:generateText|streamText)\s*\(\s*\{(?:(?!maxTokens|max_tokens|maxOutputTokens)[\s\S]){20,}?\}\s*\)/g,
+        languages: ["javascript", "typescript"],
+        fix: "Always set maxTokens to limit response length and control costs.",
+        fixCode: 'const result = await generateText({\n  model: "anthropic/claude-sonnet-4.6",\n  maxTokens: 1024, // always set a limit!\n  prompt: userInput,\n});',
+        compliance: ["SOC2:CC7.1"],
+    },
+    {
+        id: "VG876",
+        name: "AI API Key in Client Environment Variable",
+        severity: "critical",
+        owasp: "A07:2025 Sensitive Data Exposure",
+        description: "AI provider API key is set as a NEXT_PUBLIC_ environment variable or used directly in client-side code. This exposes the key to anyone viewing the page source.",
+        pattern: /(?:NEXT_PUBLIC_\w*(?:OPENAI|ANTHROPIC|AI|LLM|GPT|CLAUDE)\w*(?:KEY|TOKEN|SECRET)\s*=|["']use client["'][\s\S]{0,800}?(?:OPENAI_API_KEY|ANTHROPIC_API_KEY|apiKey\s*:\s*process\.env))/gi,
+        languages: ["javascript", "typescript", "shell"],
+        fix: "AI API keys must only be used server-side. Use AI Gateway with OIDC or Server Actions to proxy AI requests.",
+        fixCode: '// Server-side only (API route or Server Action)\nimport { generateText } from "ai";\n\nexport async function POST(req: Request) {\n  // API key is read from env server-side only\n  const result = await generateText({\n    model: "anthropic/claude-sonnet-4.6",\n    prompt: (await req.json()).prompt,\n  });\n  return Response.json({ text: result.text });\n}',
+        compliance: ["SOC2:CC6.1"],
+    },
+    // =====================================================
+    // tRPC Security
+    // =====================================================
+    {
+        id: "VG970",
+        name: "tRPC Public Procedure Accesses Database",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "tRPC publicProcedure accesses the database without authentication. Public procedures are accessible to anyone without authentication.",
+        pattern: /publicProcedure[\s\S]{0,300}?(?:\.query|\.mutation)\s*\([\s\S]{0,500}?(?:prisma|db|supabase|ctx\.db|ctx\.prisma)\.\w+/g,
+        languages: ["javascript", "typescript"],
+        fix: "Use protectedProcedure (or a procedure with auth middleware) for any operation that accesses the database.",
+        fixCode: '// BAD: public access to database\nexport const appRouter = router({\n  getUsers: publicProcedure.query(async ({ ctx }) => {\n    return ctx.db.user.findMany(); // anyone can access!\n  }),\n});\n\n// GOOD: require authentication\nexport const appRouter = router({\n  getUsers: protectedProcedure.query(async ({ ctx }) => {\n    return ctx.db.user.findMany(); // only authenticated users\n  }),\n});',
+        compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG971",
+        name: "tRPC Procedure Missing Input Validation",
+        severity: "high",
+        owasp: "A03:2025 Injection",
+        description: "tRPC mutation or query does not use .input() for validation. Without input validation, user-supplied data goes directly to the handler unvalidated.",
+        pattern: /(?:publicProcedure|protectedProcedure)(?![\s\S]{0,50}?\.input\s*\()[\s\S]{0,30}?\.(?:mutation|query)\s*\(/g,
+        languages: ["javascript", "typescript"],
+        fix: "Always use .input() with a Zod schema to validate tRPC procedure inputs.",
+        fixCode: '// BAD: no input validation\nprotectedProcedure.mutation(async ({ ctx, input }) => { ... });\n\n// GOOD: validate with Zod\nprotectedProcedure\n  .input(z.object({ id: z.string().uuid(), title: z.string().min(1) }))\n  .mutation(async ({ ctx, input }) => {\n    await ctx.db.post.update({ where: { id: input.id }, data: { title: input.title } });\n  });',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    // =====================================================
+    // Hono / Elysia Security
+    // =====================================================
+    {
+        id: "VG972",
+        name: "Hono Route Without Authentication Middleware",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Hono API route accesses database or performs mutations without authentication middleware. Hono routes are publicly accessible by default.",
+        pattern: /app\.(?:get|post|put|delete|patch)\s*\(\s*['"]\/api\/[^'"]+['"]\s*,\s*(?:async\s+)?\(\s*c\s*\)\s*=>[\s\S]{0,500}?(?:prisma|db|supabase|sql|drizzle)\.\w+/g,
+        languages: ["javascript", "typescript"],
+        fix: "Add authentication middleware to Hono routes that access data.",
+        fixCode: '// Add auth middleware\nimport { bearerAuth } from "hono/bearer-auth";\n\napp.use("/api/*", bearerAuth({ token: process.env.API_TOKEN! }));\n\n// Or custom auth\napp.use("/api/*", async (c, next) => {\n  const session = await verifySession(c.req.header("Authorization"));\n  if (!session) return c.json({ error: "Unauthorized" }, 401);\n  c.set("user", session.user);\n  await next();\n});',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG973",
+        name: "Hono CORS Wildcard",
+        severity: "high",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "Hono app uses cors() with wildcard origin, allowing any website to make requests to your API.",
+        pattern: /cors\s*\(\s*\{[\s\S]{0,200}?origin\s*:\s*['"]\*['"]/g,
+        languages: ["javascript", "typescript"],
+        fix: "Set specific allowed origins in Hono CORS configuration.",
+        fixCode: 'import { cors } from "hono/cors";\n\napp.use("/*", cors({\n  origin: ["https://myapp.com", "https://staging.myapp.com"],\n}));',
+        compliance: ["SOC2:CC6.6"],
+    },
+    // =====================================================
+    // GraphQL Security
+    // =====================================================
+    {
+        id: "VG974",
+        name: "GraphQL Introspection Enabled in Production",
+        severity: "medium",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "GraphQL introspection is enabled, exposing the entire schema including internal types, mutations, and field descriptions. Attackers can use this to map your API surface.",
+        pattern: /(?:introspection\s*:\s*true|enableIntrospection|ApolloServer|createYoga|createHandler)\s*\([\s\S]{0,500}?(?:(?!introspection\s*:\s*false)[\s\S]){0,300}\)/g,
+        languages: ["javascript", "typescript"],
+        fix: "Disable introspection in production: introspection: process.env.NODE_ENV !== 'production'",
+        fixCode: '// Disable introspection in production\nconst server = new ApolloServer({\n  typeDefs,\n  resolvers,\n  introspection: process.env.NODE_ENV !== "production",\n});',
+        compliance: ["SOC2:CC6.1"],
+    },
+    {
+        id: "VG975",
+        name: "GraphQL Query Without Depth Limiting",
+        severity: "high",
+        owasp: "A04:2023 Unrestricted Resource Consumption",
+        description: "GraphQL server does not limit query depth. Attackers can send deeply nested queries (e.g., user.posts.author.posts.author...) to cause exponential database load and crash the server.",
+        pattern: /(?:ApolloServer|createYoga|createHandler|graphqlHTTP)\s*\(\s*\{(?:(?!depthLimit|maxDepth|queryDepth|complexityLimit|validationRules)[\s\S]){10,}?\}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Add query depth limiting to prevent deeply nested query attacks.",
+        fixCode: '// Add depth limiting\nimport depthLimit from "graphql-depth-limit";\n\nconst server = new ApolloServer({\n  typeDefs,\n  resolvers,\n  validationRules: [depthLimit(5)], // max 5 levels deep\n});',
+        compliance: ["SOC2:CC7.1"],
+    },
+    {
+        id: "VG976",
+        name: "GraphQL Resolver Without Authorization",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "GraphQL resolver accesses the database without checking user authentication or authorization from the context.",
+        pattern: /(?:Query|Mutation)\s*[:=]\s*\{[\s\S]{0,300}?(?:async\s+)?(?:\w+)\s*[:=]\s*(?:async\s+)?(?:\([^)]*\)|[^=]*=>)\s*[\s\S]{0,200}?(?:prisma|db|supabase|sql)\.\w+(?:(?!context\.user|ctx\.user|context\.userId|ctx\.userId|requireAuth|isAuthenticated)[\s\S]){0,300}?\}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Check authentication in every resolver that accesses data.",
+        fixCode: '// Check auth in resolvers\nconst resolvers = {\n  Query: {\n    users: async (_, args, context) => {\n      if (!context.user) throw new Error("Unauthorized");\n      return prisma.user.findMany();\n    },\n  },\n};',
+        compliance: ["SOC2:CC6.6"],
+    },
+    // =====================================================
+    // CSP (Content Security Policy)
+    // =====================================================
+    {
+        id: "VG977",
+        name: "Missing Content-Security-Policy Header",
+        severity: "high",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "Next.js app does not set a Content-Security-Policy header. CSP is the strongest defense against XSS — without it, injected scripts run freely in your users' browsers.",
+        pattern: /(?:async\s+)?headers\s*\(\s*\)\s*\{(?:(?!Content-Security-Policy)[\s\S]){20,}?\}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Add a Content-Security-Policy header in next.config.ts headers().",
+        fixCode: "// next.config.ts\nasync headers() {\n  return [{\n    source: '/(.*)',\n    headers: [{\n      key: 'Content-Security-Policy',\n      value: \"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:;\"\n    }]\n  }];\n}",
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.7"],
+    },
+    {
+        id: "VG978",
+        name: "CSP Contains unsafe-inline or unsafe-" + "eval",
+        severity: "high",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "Content-Security-Policy uses 'unsafe-inline' or 'unsafe-eval' for script-src. This defeats the purpose of CSP — inline scripts and dynamic code execution will still work, allowing XSS attacks.",
+        pattern: /Content-Security-Policy[\s\S]{0,300}?script-src[\s\S]{0,200}?(?:'unsafe-inline'|'unsafe-eval')/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Remove 'unsafe-inline' and 'unsafe-eval' from script-src. Use nonces or hashes for inline scripts instead.",
+        fixCode: "// Use nonces instead of unsafe-inline\n// script-src 'self' 'nonce-${nonce}';\n// Or use strict-dynamic for modern browsers",
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.7"],
+    },
+    // =====================================================
+    // next/dynamic ssr:false data leak
+    // =====================================================
+    {
+        id: "VG979",
+        name: "Server Data Passed to Client-Only Dynamic Component",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "A next/dynamic component with ssr: false receives props containing sensitive data. The props are serialized into the HTML payload and visible to anyone viewing page source.",
+        pattern: /dynamic\s*\(\s*\(\)\s*=>\s*import\s*\([\s\S]{0,200}?\{\s*ssr\s*:\s*false\s*\}[\s\S]{0,300}?(?:secret|token|apiKey|password|privateKey|internalId|ssn|creditCard)\s*[=:]/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Never pass sensitive data as props to ssr: false components. Fetch sensitive data inside the client component using an API call.",
+        fixCode: '// BAD: server data leaked in HTML payload\nconst Chart = dynamic(() => import("./Chart"), { ssr: false });\n<Chart data={secretData} />\n\n// GOOD: fetch data client-side\nconst Chart = dynamic(() => import("./Chart"), { ssr: false });\n<Chart /> // Chart fetches its own data via API',
+        compliance: ["SOC2:CC6.1"],
+    },
+    // =====================================================
+    // Email Template Injection
+    // =====================================================
+    {
+        id: "VG980",
+        name: "Email HTML Injection via User Input",
+        severity: "high",
+        owasp: "A02:2025 Injection",
+        description: "User input is interpolated directly into an HTML email template without sanitization. Attackers can inject HTML/CSS to create phishing content or redirect links within emails sent from your domain.",
+        pattern: /(?:resend|sendgrid|nodemailer|transporter)[\s\S]{0,500}?html\s*:\s*(?:`[^`]*\$\{(?:.*?(?:name|email|user|input|body|message|comment|title|content))[\s\S]{0,100}?`|['"][^'"]*['"]\s*\+\s*(?:name|email|user|input|body|message|comment|title|content))/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Sanitize user input before embedding in HTML emails. Escape HTML entities manually.",
+        fixCode: '// Escape HTML entities before embedding in email\nfunction escapeHtml(str: string) {\n  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;")\n    .replace(/>/g, "&gt;").replace(/"/g, "&quot;");\n}\n\nawait resend.emails.send({\n  html: `<p>Hello ${escapeHtml(userName)}</p>`,\n});',
+        compliance: ["SOC2:CC7.1"],
+    },
+    // =====================================================
+    // Uploadthing Security
+    // =====================================================
+    {
+        id: "VG981",
+        name: "Uploadthing Missing Auth in Middleware",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Uploadthing file router does not check authentication in the middleware function. Anyone can upload files to your storage.",
+        pattern: /\.middleware\s*\(\s*(?:async\s+)?\(\s*\{?\s*(?:req|request)?\s*\}?\s*\)\s*=>\s*\{?(?:(?!auth\s*\(|getServerSession|currentUser|getUser|session|userId|clerkClient|getToken)[\s\S]){5,}?(?:return|files|metadata)/g,
+        languages: ["javascript", "typescript"],
+        fix: "Always verify authentication in Uploadthing middleware before allowing uploads.",
+        fixCode: 'import { auth } from "@clerk/nextjs/server";\n\n.middleware(async ({ req }) => {\n  const { userId } = await auth();\n  if (!userId) throw new Error("Unauthorized");\n  return { userId };\n})',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG982",
+        name: "Uploadthing Missing File Type/Size Config",
+        severity: "medium",
+        owasp: "A04:2023 Unrestricted Resource Consumption",
+        description: "Uploadthing file route uses f() without specifying file type restrictions or size limits.",
+        pattern: /f\s*\(\s*\{[\s\S]{0,50}?\}\s*\)(?:(?!maxFileSize|maxFileCount|image|pdf|video|audio|text|blob)[\s\S]){5,}?\.middleware/g,
+        languages: ["javascript", "typescript"],
+        fix: "Always specify allowed file types and size limits in Uploadthing route config.",
+        fixCode: '// Specify file type and size limits\nf({ image: { maxFileSize: "4MB", maxFileCount: 5 } })\n// Or for documents:\nf({ pdf: { maxFileSize: "16MB", maxFileCount: 1 } })',
+        compliance: ["SOC2:CC7.1"],
+    },
+    // =====================================================
+    // Turso / LibSQL Security
+    // =====================================================
+    {
+        id: "VG983",
+        name: "Turso Database URL Client Exposure",
+        severity: "critical",
+        owasp: "A07:2025 Sensitive Data Exposure",
+        description: "Turso/LibSQL database URL or auth token is accessed in client-side code or exposed via NEXT_PUBLIC_ prefix.",
+        pattern: /(?:["']use client["'][\s\S]{0,500}?(?:TURSO_DATABASE_URL|TURSO_AUTH_TOKEN|LIBSQL)|NEXT_PUBLIC_\w*(?:TURSO|LIBSQL)\w*(?:URL|TOKEN|AUTH)\s*=)/gi,
+        languages: ["javascript", "typescript", "shell"],
+        fix: "Turso credentials must only be used server-side. Never prefix with NEXT_PUBLIC_.",
+        fixCode: '// Server-side only\nimport { createClient } from "@libsql/client";\n\nconst db = createClient({\n  url: process.env.TURSO_DATABASE_URL!,\n  authToken: process.env.TURSO_AUTH_TOKEN!,\n});',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req2.3"],
+    },
+    {
+        id: "VG984",
+        name: "Turso/LibSQL Raw SQL Interpolation",
+        severity: "critical",
+        owasp: "A02:2025 Injection",
+        description: "Template literal interpolation used in Turso/LibSQL call. This allows SQL injection attacks.",
+        pattern: /(?:db|client|turso|libsql)\.execute\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Use parameterized queries with args array instead of string interpolation.",
+        fixCode: '// GOOD: parameterized query\nawait db.execute({\n  sql: "SELECT * FROM users WHERE id = ?",\n  args: [userId],\n});',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    // =====================================================
+    // Convex Security
+    // =====================================================
+    {
+        id: "VG985",
+        name: "Convex Query/Mutation Without Authentication",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Convex query or mutation accesses data without verifying user identity. Convex functions are callable by any client by default.",
+        pattern: /(?:query|mutation)\s*\(\s*\{[\s\S]{0,300}?handler\s*:\s*(?:async\s+)?\(\s*(?:ctx|context)\s*(?:,\s*args)?\s*\)\s*=>[\s\S]{0,300}?ctx\.db\.(?:get|query|insert|patch|delete|replace)(?:(?!ctx\.auth\.getUserIdentity|identity|userId|user)[\s\S]){0,200}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Check user identity at the start of every Convex function that accesses data.",
+        fixCode: 'export const getMyItems = query({\n  handler: async (ctx) => {\n    const identity = await ctx.auth.getUserIdentity();\n    if (!identity) throw new Error("Unauthorized");\n    return ctx.db.query("items").collect();\n  },\n});',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG986",
+        name: "Convex Internal Function Exposed as Public",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "A function that should be internal (admin, migrate, seed, cleanup) is exported as a public query/mutation instead of internalQuery/internalMutation.",
+        pattern: /export\s+(?:const|default)\s+(?:admin|internal|migrate|seed|cleanup|background|cron|scheduled)\w*\s*=\s*(?:query|mutation)\s*\(/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Use internalQuery/internalMutation for functions that should not be callable from clients.",
+        fixCode: '// Use internalMutation for admin functions\nimport { internalMutation } from "./_generated/server";\nexport const adminDeleteUser = internalMutation({\n  handler: async (ctx, args) => { ... },\n});',
+        compliance: ["SOC2:CC6.6"],
+    },
+    {
+        id: "VG987",
+        name: "Convex HTTP Action Without Auth",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Convex httpAction processes requests without authentication. HTTP actions are publicly accessible endpoints.",
+        pattern: /httpAction\s*\(\s*(?:async\s+)?\(\s*(?:ctx|context)\s*,\s*(?:request|req)\s*\)\s*=>[\s\S]{0,300}?(?:ctx\.runMutation|ctx\.runQuery|ctx\.runAction)(?:(?!auth|token|bearer|verify|signature|secret)[\s\S]){0,200}/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Verify authentication in HTTP actions before processing requests.",
+        fixCode: 'export const webhook = httpAction(async (ctx, request) => {\n  const token = request.headers.get("Authorization")?.replace("Bearer ", "");\n  if (!token) return new Response("Unauthorized", { status: 401 });\n  await ctx.runMutation(...);\n});',
+        compliance: ["SOC2:CC6.6"],
+    },
+];
+//# sourceMappingURL=modern-stack.js.map

package/build/data/rules/modern-stack.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"modern-stack.js","sourceRoot":"","sources":["../../../src/data/rules/modern-stack.ts"],"names":[],"mappings":"AAEA,8CAA8C;AAC9C,yDAAyD;AACzD,8BAA8B;AAC9B,MAAM,CAAC,MAAM,gBAAgB,GAAmB;IAC9C,wDAAwD;IACxD,mBAAmB;IACnB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,sDAAsD;QAC7D,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,wFAAwF;QACjG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8KAA8K;QACnL,OAAO,EACL,wRAAwR;QAC1R,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sDAAsD;QAC5D,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,sDAAsD;QAC7D,WAAW,EACT,4HAA4H;QAC9H,OAAO,EAAE,4EAA4E;QACrF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uFAAuF;QAC5F,OAAO,EACL,uMAAuM;QACzM,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,yBAAyB;IACzB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,qCAAqC;QAC3C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,iJAAiJ;QACnJ,OAAO,EAAE,sPAAsP;QAC/P,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qGAAqG;QAC1G,OAAO,EACL,iWAAiW;QACnW,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,kIAAkI;QACpI,OAAO,EAAE,6JAA6J;QACtK,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,0GAA0G;QAC/G,OAAO,EACL,6NAA6N;QAC/N,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,mCAAmC;IACnC,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8CAA8C;QACpD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8OAA8O;QAChP,OAAO,EAAE,2MAA2M;QACpN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8EAA8E;QACnF,OAAO,EACL,uPAAuP;QACzP,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,4BAA4B;IAC5B,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,6JAA6J;QAC/J,OAAO,EAAE,4KAA4K;QACrL,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qGAAqG;QAC1G,OAAO,EACL,kRAAkR;QACpR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,wBAAwB;IACxB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0KAA0K;QAC5K,OAAO,EAAE,+LAA+L;QACxM,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2HAA2H;QAChI,OAAO,EACL,iUAAiU;QACnU,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kDAAkD;QACxD,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,qLAAqL;QACvL,OAAO,EAAE,6NAA6N;QACtO,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,wFAAwF;QAC7F,OAAO,EACL,kYAAkY;QACpY,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,oBAAoB;IACpB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,gDAAgD;QACtD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,oIAAoI;QACtI,OAAO,EAAE,yNAAyN;QAClO,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oEAAoE;QACzE,OAAO,EACL,oQAAoQ;QACtQ,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,kBAAkB;IAClB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,qMAAqM;QACvM,OAAO,EAAE,qCAAqC;QAC9C,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qGAAqG;QAC1G,OAAO,EACL,4cAA4c;QAC9c,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC7C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oCAAoC;QAC1C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,yKAAyK;QAC3K,OAAO,EAAE,uGAAuG;QAChH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kEAAkE;QACvE,OAAO,EACL,oJAAoJ;QACtJ,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2CAA2C;QACjD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iKAAiK;QACnK,OAAO,EAAE,uLAAuL;QAChM,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,6GAA6G;QAClH,OAAO,EACL,wWAAwW;QAC1W,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,gBAAgB;IAChB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uIAAuI;QACzI,OAAO,EAAE,wHAAwH;QACjI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4GAA4G;QACjH,OAAO,EACL,iZAAiZ;QACnZ,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,qJAAqJ;QACvJ,OAAO,EAAE,4GAA4G;QACrH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,0EAA0E;QAC/E,OAAO,EACL,mWAAmW;QACrW,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IAED,wDAAwD;IACxD,yBAAyB;IACzB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8CAA8C;QACpD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,2IAA2I;QAC7I,OAAO,EAAE,2JAA2J;QACpK,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gEAAgE;QACrE,OAAO,EACL,uYAAuY;QACzY,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,+FAA+F;QACjG,OAAO,EAAE,sDAAsD;QAC/D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,0DAA0D;QAC/D,OAAO,EACL,gIAAgI;QAClI,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,mBAAmB;IACnB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6CAA6C;QACnD,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,2KAA2K;QAC7K,OAAO,EAAE,4JAA4J;QACrK,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2FAA2F;QAChG,OAAO,EACL,oKAAoK;QACtK,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sCAAsC;QAC5C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,wLAAwL;QAC1L,OAAO,EAAE,sJAAsJ;QAC/J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kEAAkE;QACvE,OAAO,EACL,qMAAqM;QACvM,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gHAAgH;QAClH,OAAO,EAAE,sQAAsQ;QAC/Q,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4DAA4D;QACjE,OAAO,EACL,0NAA0N;QAC5N,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,gCAAgC;IAChC,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,wKAAwK;QAC1K,OAAO,EAAE,mFAAmF;QAC5F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,2QAA2Q;QAC7Q,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,uCAAuC,GAAG,MAAM;QACtD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,kMAAkM;QACpM,OAAO,EAAE,kGAAkG;QAC3G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4GAA4G;QACjH,OAAO,EACL,8HAA8H;QAChI,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IAED,wDAAwD;IACxD,mCAAmC;IACnC,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,qDAAqD;QAC3D,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8KAA8K;QAChL,OAAO,EAAE,2KAA2K;QACpL,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kIAAkI;QACvI,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,2BAA2B;IAC3B,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,qCAAqC;QAC3C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uMAAuM;QACzM,OAAO,EAAE,0PAA0P;QACnQ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,8RAA8R;QAChS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,uBAAuB;IACvB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4HAA4H;QAC9H,OAAO,EAAE,mNAAmN;QAC5N,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iMAAiM;QACnM,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2CAA2C;QACjD,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,4CAA4C;QACnD,WAAW,EACT,2FAA2F;QAC7F,OAAO,EAAE,yHAAyH;QAClI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gFAAgF;QACrF,OAAO,EACL,yKAAyK;QAC3K,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,wDAAwD;IACxD,0BAA0B;IAC1B,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oCAAoC;QAC1C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,6GAA6G;QAC/G,OAAO,EAAE,+IAA+I;QACxJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,6LAA6L;QAC/L,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC7C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oCAAoC;QAC1C,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,8FAA8F;QAChG,OAAO,EAAE,iFAAiF;QAC1F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4EAA4E;QACjF,OAAO,EACL,sHAAsH;QACxH,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IAED,wDAAwD;IACxD,kBAAkB;IAClB,wDAAwD;IACxD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8CAA8C;QACpD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,iIAAiI;QACnI,OAAO,EAAE,0PAA0P;QACnQ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,+EAA+E;QACpF,OAAO,EACL,qOAAqO;QACvO,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,sJAAsJ;QACxJ,OAAO,EAAE,mIAAmI;QAC5I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4FAA4F;QACjG,OAAO,EACL,wMAAwM;QAC1M,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8GAA8G;QAChH,OAAO,EAAE,oNAAoN;QAC7N,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,qPAAqP;QACvP,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}

package/build/data/rules/nextjs.js CHANGED Viewed

@@ -66,7 +66,7 @@ export const nextjsRules = [
         severity: "medium",
         owasp: "A05:2025 Security Misconfiguration",
         description: "next.config is missing important security headers (Content-Security-Policy, Strict-Transport-Security, X-Frame-Options).",
-        pattern: /(?:async\s+)?headers\s*\(\s*\)\s*\{[\s\S]*?return\s*\[[\s\S]*?\][\s\S]*?\}/g,
+        pattern: /(?:async\s+)?headers\s*\(\s*\)\s*\{(?:(?!X-Frame-Options|Strict-Transport-Security|Content-Security-Policy)[\s\S]){10,}?\}/g,
         languages: ["javascript", "typescript"],
         fix: "Add security headers in next.config.ts headers() function.",
         fixCode: '// next.config.ts\nasync headers() {\n  return [{\n    source: "/(.*)",\n    headers: [\n      { key: "X-Frame-Options", value: "DENY" },\n      { key: "X-Content-Type-Options", value: "nosniff" },\n      { key: "Strict-Transport-Security", value: "max-age=63072000; includeSubDomains" },\n    ]\n  }];\n}',

package/build/data/rules/nextjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,oEAAoE;QAC7E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sIAAsI;QAC3I,OAAO,EACL,uLAAuL;QACzL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,oJAAoJ;QACtJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,sPAAsP;QACxP,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0IAA0I;QAC5I,OAAO,EACL,+KAA+K;QACjL,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,uMAAuM;QACzM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uHAAuH;QACzH,OAAO,EACL,4GAA4G;QAC9G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gEAAgE;QACrE,OAAO,EACL,kLAAkL;QACpL,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;QAC3G,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,4GAA4G;QAC9G,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0HAA0H;QAC5H,OAAO,EACL,~~6EAA6E~~;QAC/E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4DAA4D;QACjE,OAAO,EACL,mTAAmT;QACrT,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yHAAyH;QAC3H,OAAO,EACL,4JAA4J;QAC9J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,2FAA2F;QAC7F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,yNAAyN;QAC3N,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uLAAuL;QACzL,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,oOAAoO;QACtO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qIAAqI;QACvI,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yIAAyI;QAC3I,OAAO,EACL,0IAA0I;QAC5I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EACL,oRAAoR;QACtR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2LAA2L;QAC7L,OAAO,EACL,6FAA6F;QAC/F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0JAA0J;QAC5J,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qEAAqE;QAC1E,OAAO,EACL,iLAAiL;QACnL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;CACF,CAAC"}
1	+ {"version":3,"file":"nextjs.js","sourceRoot":"","sources":["../../../src/data/rules/nextjs.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,CAAC,MAAM,WAAW,GAAmB;IACzC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4KAA4K;QAC9K,OAAO,EAAE,oEAAoE;QAC7E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sIAAsI;QAC3I,OAAO,EACL,uLAAuL;QACzL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,oJAAoJ;QACtJ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,sPAAsP;QACxP,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0IAA0I;QAC5I,OAAO,EACL,+KAA+K;QACjL,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,mEAAmE;QACxE,OAAO,EACL,uMAAuM;QACzM,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,uHAAuH;QACzH,OAAO,EACL,4GAA4G;QAC9G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gEAAgE;QACrE,OAAO,EACL,kLAAkL;QACpL,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yGAAyG;QAC3G,OAAO,EAAE,yDAAyD;QAClE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,4GAA4G;QAC9G,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yCAAyC;QAC/C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,oCAAoC;QAC3C,WAAW,EACT,0HAA0H;QAC5H,OAAO,EACL,6HAA6H;QAC/H,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4DAA4D;QACjE,OAAO,EACL,mTAAmT;QACrT,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,yHAAyH;QAC3H,OAAO,EACL,4JAA4J;QAC9J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,+GAA+G;QACjH,OAAO,EACL,2FAA2F;QAC7F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,yNAAyN;QAC3N,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,uLAAuL;QACzL,OAAO,EAAE,qDAAqD;QAC9D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,oFAAoF;QACzF,OAAO,EACL,oOAAoO;QACtO,UAAU,EAAE,CAAC,YAAY,EAAE,kBAAkB,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,qIAAqI;QACvI,OAAO,EACL,qFAAqF;QACvF,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+RAA+R;QACjS,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yIAAyI;QAC3I,OAAO,EACL,0IAA0I;QAC5I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,OAAO,EACL,oRAAoR;QACtR,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2LAA2L;QAC7L,OAAO,EACL,6FAA6F;QAC/F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,OAAO,CAAC;QAChD,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,CAAC;KAClE;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,0JAA0J;QAC5J,OAAO,EACL,mGAAmG;QACrG,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qEAAqE;QAC1E,OAAO,EACL,iLAAiL;QACnL,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;CACF,CAAC"}

package/build/index.js CHANGED Viewed

@@ -13,12 +13,13 @@ import { scanStaged } from "./tools/scan-staged.js";
 import { complianceReport } from "./tools/compliance-report.js";
 import { exportSarif } from "./tools/export-sarif.js";
 import { checkPackageHealth } from "./tools/check-package-health.js";
+import { fixCode } from "./tools/fix-code.js";
 import { discoverPlugins } from "./plugins/loader.js";
 import { builtinRules } from "./data/rules/index.js";
 import { loadConfig } from "./utils/config.js";
 const server = new McpServer({
     name: "guardvibe",
-    version: "0.12.0",
+    version: "1.3.2",
 });
 // Tool 1: Analyze code for security vulnerabilities
 server.tool("check_code", "Analyze code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Use this when reviewing or writing code to catch security issues early.", {
@@ -154,6 +155,24 @@ server.tool("check_package_health", "Check npm packages for typosquat risk, main
     const results = await checkPackageHealth(packages, format);
     return { content: [{ type: "text", text: results }] };
 });
+// Tool 12: Auto-fix security vulnerabilities
+server.tool("fix_code", "Analyze code for security vulnerabilities and return fix suggestions with concrete patches. The AI agent can apply these patches to automatically fix issues. Returns structured fix data including before/after code, severity, and line numbers.", {
+    code: z.string().describe("The code snippet to analyze and fix"),
+    language: z
+        .enum(["javascript", "typescript", "python", "go", "dockerfile", "html", "sql", "shell", "yaml", "terraform", "firestore"])
+        .describe("Programming language of the code"),
+    framework: z
+        .string()
+        .optional()
+        .describe("Framework context (e.g. express, nextjs, fastapi, react, django)"),
+    format: z.enum(["markdown", "json"]).default("json").describe("Output format: json (for agent auto-fix) or markdown (human review)"),
+}, async ({ code, language, framework, format }) => {
+    const rules = globalThis.__guardvibe_rules;
+    const results = fixCode(code, language, framework, undefined, format, rules);
+    return {
+        content: [{ type: "text", text: results }],
+    };
+});
 async function main() {
     // Load plugins
     const config = loadConfig(process.cwd());

package/build/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,~~QAAQ~~;~~CAClB~~,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;SAC1H,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IAC9C,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC1F,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;IACvD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1B,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;SAC3B,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,sKAAsK,EACtK;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IACjG,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7C,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACvE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,mLAAmL,EACnL;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IAC/G,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE,EAAE;IAClC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACrD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K;IACE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACnB,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;IACvF,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACjE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,mDAAmD;AACnD,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,8KAA8K,EAC9K;IACE,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IACnH,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7B,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,eAAe;IACf,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAErE,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,KAAK,CAAC,sBAAsB,OAAO,CAAC,MAAM,CAAC,MAAM,eAAe,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvG,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACjC,OAAO,CAAC,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,MAAM,QAAQ,GAAmB,CAAC,GAAG,YAAY,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IAErE,wBAAwB;IACxB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,MAAa,EAClB,KAAK,EAAE,KAAU,EAAE,EAAE;YACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACzC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAChE,CAAC,CACF,CAAC;IACJ,CAAC;IAED,uCAAuC;IACtC,UAAkB,CAAC,iBAAiB,GAAG,QAAQ,CAAC;IAEjD,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,WAAW;IACjB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACT,YAAY,EACZ,0KAA0K,EAC1K;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;IACxD,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;SAC1H,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IAC9C,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC1F,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,CAAC,IAAI,CACT,eAAe,EACf,iKAAiK,EACjK;IACE,KAAK,EAAE,CAAC;SACL,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;QACjE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;KACjD,CAAC,CACH;SACA,QAAQ,CAAC,0CAA0C,CAAC;IACvD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE;IAC1B,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,iFAAiF;AACjF,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,8IAA8I,EAC9I;IACE,KAAK,EAAE,CAAC;SACL,MAAM,EAAE;SACR,QAAQ,CACP,mIAAmI,CACpI;CACJ,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IAClB,MAAM,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACpC,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;KACxC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uDAAuD;AACvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACxE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC9D,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;SAC3B,OAAO,CAAC,KAAK,CAAC;SACd,QAAQ,CAAC,mBAAmB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,IAAI,CACT,oBAAoB,EACpB,sKAAsK,EACtK;IACE,QAAQ,EAAE,CAAC,CAAC,UAAU,CACpB,CAAC,GAAG,EAAE,EAAE;QACN,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,EACD,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CACvB,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CACtE,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;IACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,0EAA0E;AAC1E,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,gMAAgM,EAChM;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACvE,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IACjG,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7C,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACvE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,gEAAgE;AAChE,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,mLAAmL,EACnL;IACE,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IAC/G,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE,EAAE;IAClC,MAAM,OAAO,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IAC9D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6DAA6D;AAC7D,MAAM,CAAC,IAAI,CACT,cAAc,EACd,mKAAmK,EACnK;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;IAC3D,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IACrD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,kDAAkD;AAClD,MAAM,CAAC,IAAI,CACT,aAAa,EACb,+KAA+K,EAC/K;IACE,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACnB,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,mBAAmB,EACnB,wJAAwJ,EACxJ;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC9C,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,sBAAsB,CAAC;IACvF,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IACpC,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACjE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,sDAAsD;AACtD,MAAM,CAAC,IAAI,CACT,cAAc,EACd,uIAAuI,EACvI;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CAC/C,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;IACjB,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,mDAAmD;AACnD,MAAM,CAAC,IAAI,CACT,sBAAsB,EACtB,8KAA8K,EAC9K;IACE,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,2EAA2E,CAAC;IACnH,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,uEAAuE,CAAC;CAC3I,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;IAC7B,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC3D,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;AACxD,CAAC,CACF,CAAC;AAEF,6CAA6C;AAC7C,MAAM,CAAC,IAAI,CACT,UAAU,EACV,oPAAoP,EACpP;IACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;IAChE,QAAQ,EAAE,CAAC;SACR,IAAI,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;SAC1H,QAAQ,CAAC,kCAAkC,CAAC;IAC/C,SAAS,EAAE,CAAC;SACT,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,kEAAkE,CAAC;IAC/E,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,qEAAqE,CAAC;CACrI,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE;IAC9C,MAAM,KAAK,GAAI,UAAkB,CAAC,iBAA+C,CAAC;IAClF,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC7E,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;KAC3C,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,KAAK,UAAU,IAAI;IACjB,eAAe;IACf,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACzC,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAErE,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,KAAK,CAAC,sBAAsB,OAAO,CAAC,MAAM,CAAC,MAAM,eAAe,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvG,CAAC;IACD,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACjC,OAAO,CAAC,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,gCAAgC;IAChC,MAAM,QAAQ,GAAmB,CAAC,GAAG,YAAY,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IAErE,wBAAwB;IACxB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,MAAa,EAClB,KAAK,EAAE,KAAU,EAAE,EAAE;YACnB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACzC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAChE,CAAC,CACF,CAAC;IACJ,CAAC;IAED,uCAAuC;IACtC,UAAkB,CAAC,iBAAiB,GAAG,QAAQ,CAAC;IAEjD,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;AAClE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/tools/check-code.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;~~AAgCD~~,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,OAAO,EAAE,~~CAyCX~~;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAkB/F;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,MAAM,GAAE,UAAU,GAAG,MAAmB,EACxC,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,CAYR"}
1	+ {"version":3,"file":"check-code.d.ts","sourceRoot":"","sources":["../../src/tools/check-code.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAGvE,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAqED,wBAAgB,WAAW,CACzB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,OAAO,EAAE,CAoDX;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAkB/F;AAED,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,MAAM,GAAE,UAAU,GAAG,MAAmB,EACxC,KAAK,CAAC,EAAE,YAAY,EAAE,GACrB,MAAM,CAYR"}