npm - kuzushi - Versions diffs - 0.2.0 → 0.9.2 - Mend

kuzushi 0.2.0 → 0.9.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/README.md +2 -0
package/dist/agent-runtime/claude.js +15 -3
package/dist/agent-runtime/claude.js.map +1 -1
package/dist/agents/tasks/code-config-detect.js +3 -0
package/dist/agents/tasks/code-config-detect.js.map +1 -1
package/dist/agents/tasks/command-injection.js +10 -8
package/dist/agents/tasks/command-injection.js.map +1 -1
package/dist/agents/tasks/context-enricher.js +2 -0
package/dist/agents/tasks/context-enricher.js.map +1 -1
package/dist/agents/tasks/deserialization-detection.js +4 -1
package/dist/agents/tasks/deserialization-detection.js.map +1 -1
package/dist/agents/tasks/graphql-security.js +4 -1
package/dist/agents/tasks/graphql-security.js.map +1 -1
package/dist/agents/tasks/nosql-injection.js +6 -3
package/dist/agents/tasks/nosql-injection.js.map +1 -1
package/dist/agents/tasks/prototype-pollution.js +4 -1
package/dist/agents/tasks/prototype-pollution.js.map +1 -1
package/dist/agents/tasks/race-condition.js +4 -1
package/dist/agents/tasks/race-condition.js.map +1 -1
package/dist/agents/tasks/secrets-crypto-detect.js +3 -0
package/dist/agents/tasks/secrets-crypto-detect.js.map +1 -1
package/dist/agents/tasks/sharp-edges-detect.js +5 -0
package/dist/agents/tasks/sharp-edges-detect.js.map +1 -1
package/dist/agents/tasks/ssrf-detection.js +6 -1
package/dist/agents/tasks/ssrf-detection.js.map +1 -1
package/dist/agents/tasks/supply-chain.js +4 -1
package/dist/agents/tasks/supply-chain.js.map +1 -1
package/dist/agents/tasks/template-injection.js +6 -3
package/dist/agents/tasks/template-injection.js.map +1 -1
package/dist/agents/tasks/threat-modeling/randori-adapter.js +19 -2
package/dist/agents/tasks/threat-modeling/randori-adapter.js.map +1 -1
package/dist/agents/tasks/threat-modeling/randori-artifacts.js +69 -13
package/dist/agents/tasks/threat-modeling/randori-artifacts.js.map +1 -1
package/dist/agents/tasks/threat-modeling/randori.js +70 -30
package/dist/agents/tasks/threat-modeling/randori.js.map +1 -1
package/dist/agents/tasks/xxe-detection.js +4 -1
package/dist/agents/tasks/xxe-detection.js.map +1 -1
package/dist/cli/commands/scan.js +35 -5
package/dist/cli/commands/scan.js.map +1 -1
package/dist/cli.js +2 -1
package/dist/cli.js.map +1 -1
package/dist/migrations/024_rename_scanner_to_task_id.d.ts +13 -0
package/dist/migrations/024_rename_scanner_to_task_id.js +25 -0
package/dist/migrations/024_rename_scanner_to_task_id.js.map +1 -0
package/dist/migrations/index.js +2 -0
package/dist/migrations/index.js.map +1 -1
package/dist/migrations/runner.js +7 -0
package/dist/migrations/runner.js.map +1 -1
package/dist/prompts/language-tuning.d.ts +38 -0
package/dist/prompts/language-tuning.js +225 -0
package/dist/prompts/language-tuning.js.map +1 -0
package/dist/prompts/languages/c-cpp.d.ts +2 -0
package/dist/prompts/languages/c-cpp.js +276 -0
package/dist/prompts/languages/c-cpp.js.map +1 -0
package/dist/prompts/languages/go.d.ts +2 -0
package/dist/prompts/languages/go.js +252 -0
package/dist/prompts/languages/go.js.map +1 -0
package/dist/prompts/languages/index.d.ts +6 -0
package/dist/prompts/languages/index.js +44 -0
package/dist/prompts/languages/index.js.map +1 -0
package/dist/prompts/languages/java-kotlin.d.ts +2 -0
package/dist/prompts/languages/java-kotlin.js +495 -0
package/dist/prompts/languages/java-kotlin.js.map +1 -0
package/dist/prompts/languages/javascript-typescript.d.ts +2 -0
package/dist/prompts/languages/javascript-typescript.js +421 -0
package/dist/prompts/languages/javascript-typescript.js.map +1 -0
package/dist/prompts/languages/php.d.ts +2 -0
package/dist/prompts/languages/php.js +277 -0
package/dist/prompts/languages/php.js.map +1 -0
package/dist/prompts/languages/python.d.ts +2 -0
package/dist/prompts/languages/python.js +283 -0
package/dist/prompts/languages/python.js.map +1 -0
package/dist/prompts/languages/ruby.d.ts +2 -0
package/dist/prompts/languages/ruby.js +219 -0
package/dist/prompts/languages/ruby.js.map +1 -0
package/dist/prompts/languages/rust.d.ts +2 -0
package/dist/prompts/languages/rust.js +149 -0
package/dist/prompts/languages/rust.js.map +1 -0
package/dist/prompts/languages/types.d.ts +79 -0
package/dist/prompts/languages/types.js +9 -0
package/dist/prompts/languages/types.js.map +1 -0
package/dist/scanners/run-agentic.d.ts +2 -2
package/dist/scanners/run-agentic.js +11 -3
package/dist/scanners/run-agentic.js.map +1 -1
package/dist/store.js +4 -0
package/dist/store.js.map +1 -1
package/package.json +1 -1

package/dist/prompts/language-tuning.js ADDED Viewed

@@ -0,0 +1,225 @@
+/**
+ * Language-specific prompt tuning — composition layer.
+ *
+ * Detection tasks call these functions to get prompt sections
+ * tailored to the detected languages in the target repo.
+ */
+import { getLanguageProfiles } from "./languages/index.js";
+// ---------------------------------------------------------------------------
+// Task ID -> canonical vuln class mapping
+// ---------------------------------------------------------------------------
+const TASK_TO_VULN_CLASS = {
+    // Detection tasks
+    "command-injection": "command-injection",
+    "ssrf-detection": "ssrf",
+    "deserialization-detection": "deserialization",
+    "xxe-detection": "xxe",
+    "template-injection": "template-injection",
+    "race-condition": "race-condition",
+    "prototype-pollution": "prototype-pollution",
+    "secrets-crypto-detect": "crypto-misuse",
+    "code-config-detect": "security-misconfig",
+    "nosql-injection": "nosql-injection",
+    "auth-logic-detect": "auth-bypass",
+    "graphql-security": "graphql",
+    "supply-chain": "supply-chain",
+    // Agentic scanner gets a merged view of all classes
+    agentic: [
+        "command-injection",
+        "ssrf",
+        "deserialization",
+        "xxe",
+        "template-injection",
+        "auth-bypass",
+        "sqli",
+        "xss",
+    ],
+};
+/**
+ * Generate a language-specific prompt section with sinks, safe patterns,
+ * and framework guidance for a detection task.
+ *
+ * Returns empty string if no language profiles match.
+ */
+export function languageTuningModule(opts) {
+    const entries = resolveEntries(opts);
+    if (entries.length === 0)
+        return "";
+    const sections = ["## Language-Specific Guidance\n"];
+    for (const { profile, content } of entries) {
+        sections.push(`### ${profile.languageId}\n`);
+        // Sinks
+        if (content.sinks.length > 0) {
+            sections.push("**Dangerous sinks:**");
+            for (const s of content.sinks) {
+                const shell = s.shellInvoking === true
+                    ? " [SHELL]"
+                    : s.shellInvoking === false
+                        ? " [NO-SHELL]"
+                        : "";
+                sections.push(`- \`${s.api}\`${shell}: ${s.risk}`);
+            }
+            sections.push("");
+        }
+        // Safe patterns
+        if (content.safePatterns.length > 0) {
+            sections.push("**Safe patterns (do NOT flag):**");
+            for (const sp of content.safePatterns) {
+                sections.push(`- \`${sp.api}\`: ${sp.why}`);
+            }
+            sections.push("");
+        }
+        // Framework guidance (filtered to detected frameworks)
+        const fwSections = formatFrameworkGuidance(content.frameworkGuidance, opts.frameworks);
+        if (fwSections) {
+            sections.push(fwSections);
+        }
+    }
+    return sections.join("\n");
+}
+/**
+ * Get language-matched few-shot examples for a task.
+ */
+export function languageFewShotsModule(opts) {
+    const entries = resolveEntries(opts);
+    if (entries.length === 0)
+        return "";
+    const shots = [];
+    for (const { profile, content } of entries) {
+        for (const shot of content.fewShots) {
+            shots.push({ lang: profile.languageId, shot });
+        }
+    }
+    if (shots.length === 0)
+        return "";
+    const lines = ["## Few-shot examples\n"];
+    for (const { lang, shot } of shots.slice(0, 4)) {
+        lines.push(`**${lang} — ${shot.scenario}:**`);
+        lines.push("```");
+        lines.push(shot.vulnerableCode);
+        lines.push("```");
+        lines.push(`Why: ${shot.explanation}\n`);
+    }
+    return lines.join("\n");
+}
+/**
+ * Get language-specific investigation methodology.
+ */
+export function languageInvestigationModule(opts) {
+    const entries = resolveEntries(opts);
+    if (entries.length === 0)
+        return "";
+    const lines = ["## Language-specific investigation\n"];
+    for (const { profile, content } of entries) {
+        const hints = content.investigationHints;
+        if (hints.instructions.length === 0 &&
+            hints.grepPatterns.length === 0 &&
+            hints.fileHints.length === 0) {
+            continue;
+        }
+        lines.push(`### ${profile.languageId}\n`);
+        if (hints.grepPatterns.length > 0) {
+            lines.push(`Grep for: ${hints.grepPatterns.map((p) => `\`${p}\``).join(", ")}`);
+        }
+        if (hints.fileHints.length > 0) {
+            lines.push(`Check files: ${hints.fileHints.join(", ")}`);
+        }
+        for (const inst of hints.instructions) {
+            lines.push(`- ${inst}`);
+        }
+        lines.push("");
+    }
+    return lines.join("\n");
+}
+/**
+ * Get combined anti-hallucination constraints from language profiles.
+ */
+export function languageAntiHallucinationExtras(opts) {
+    const entries = resolveEntries(opts);
+    const extras = [];
+    for (const { profile, content } of entries) {
+        if (content.antiHallucinationExtra) {
+            for (const line of content.antiHallucinationExtra) {
+                extras.push(`[${profile.languageId}] ${line}`);
+            }
+        }
+    }
+    // Also add language-wide constraints
+    if (opts.repoContext?.languages.length) {
+        const profiles = getLanguageProfiles(opts.repoContext.languages);
+        for (const p of profiles) {
+            for (const line of p.generalAntiHallucination) {
+                if (!extras.includes(`[${p.languageId}] ${line}`)) {
+                    extras.push(`[${p.languageId}] ${line}`);
+                }
+            }
+        }
+    }
+    return extras;
+}
+/**
+ * Get language-specific general search hints (for context-enricher).
+ */
+export function languageGeneralHintsModule(repoContext) {
+    if (!repoContext?.languages.length)
+        return "";
+    const profiles = getLanguageProfiles(repoContext.languages);
+    if (profiles.length === 0)
+        return "";
+    const lines = ["## Language-specific search guidance\n"];
+    for (const p of profiles) {
+        if (p.generalHints.instructions.length === 0)
+            continue;
+        lines.push(`**${p.languageId}:**`);
+        for (const inst of p.generalHints.instructions) {
+            lines.push(`- ${inst}`);
+        }
+        if (p.generalHints.fileHints.length > 0) {
+            lines.push(`- Key files: ${p.generalHints.fileHints.join(", ")}`);
+        }
+        lines.push("");
+    }
+    return lines.join("\n");
+}
+function resolveEntries(opts) {
+    if (!opts.repoContext?.languages.length)
+        return [];
+    const vulnClassIds = TASK_TO_VULN_CLASS[opts.taskId];
+    if (!vulnClassIds)
+        return [];
+    const classes = Array.isArray(vulnClassIds) ? vulnClassIds : [vulnClassIds];
+    const profiles = getLanguageProfiles(opts.repoContext.languages);
+    const entries = [];
+    for (const profile of profiles) {
+        for (const cls of classes) {
+            const content = profile.vulnClasses[cls];
+            if (content) {
+                entries.push({ profile, content });
+            }
+        }
+    }
+    return entries;
+}
+function formatFrameworkGuidance(guidance, detectedFrameworks) {
+    if (!guidance?.length || !detectedFrameworks?.length)
+        return "";
+    const relevant = guidance.filter((fg) => detectedFrameworks.some((f) => f.toLowerCase().includes(fg.framework.toLowerCase())));
+    if (relevant.length === 0)
+        return "";
+    const lines = ["**Framework guidance:**"];
+    for (const fg of relevant) {
+        lines.push(`- **${fg.framework}**:`);
+        if (fg.defaults.length > 0) {
+            lines.push(`  - Defaults: ${fg.defaults.join("; ")}`);
+        }
+        if (fg.pitfalls.length > 0) {
+            lines.push(`  - Pitfalls: ${fg.pitfalls.join("; ")}`);
+        }
+        if (fg.configChecks.length > 0) {
+            lines.push(`  - Check: ${fg.configChecks.join("; ")}`);
+        }
+    }
+    lines.push("");
+    return lines.join("\n");
+}
+//# sourceMappingURL=language-tuning.js.map

package/dist/prompts/language-tuning.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"language-tuning.js","sourceRoot":"","sources":["../../src/prompts/language-tuning.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAE3D,8EAA8E;AAC9E,0CAA0C;AAC1C,8EAA8E;AAE9E,MAAM,kBAAkB,GAAsC;IAC5D,kBAAkB;IAClB,mBAAmB,EAAE,mBAAmB;IACxC,gBAAgB,EAAE,MAAM;IACxB,2BAA2B,EAAE,iBAAiB;IAC9C,eAAe,EAAE,KAAK;IACtB,oBAAoB,EAAE,oBAAoB;IAC1C,gBAAgB,EAAE,gBAAgB;IAClC,qBAAqB,EAAE,qBAAqB;IAC5C,uBAAuB,EAAE,eAAe;IACxC,oBAAoB,EAAE,oBAAoB;IAC1C,iBAAiB,EAAE,iBAAiB;IACpC,mBAAmB,EAAE,aAAa;IAClC,kBAAkB,EAAE,SAAS;IAC7B,cAAc,EAAE,cAAc;IAC9B,oDAAoD;IACpD,OAAO,EAAE;QACP,mBAAmB;QACnB,MAAM;QACN,iBAAiB;QACjB,KAAK;QACL,oBAAoB;QACpB,aAAa;QACb,MAAM;QACN,KAAK;KACN;CACF,CAAC;AAeF;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAAwB;IAC3D,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,MAAM,QAAQ,GAAa,CAAC,iCAAiC,CAAC,CAAC;IAE/D,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,OAAO,EAAE,CAAC;QAC3C,QAAQ,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC;QAE7C,QAAQ;QACR,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,QAAQ,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACtC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAC9B,MAAM,KAAK,GACT,CAAC,CAAC,aAAa,KAAK,IAAI;oBACtB,CAAC,CAAC,UAAU;oBACZ,CAAC,CAAC,CAAC,CAAC,aAAa,KAAK,KAAK;wBACzB,CAAC,CAAC,aAAa;wBACf,CAAC,CAAC,EAAE,CAAC;gBACX,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,KAAK,KAAK,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACrD,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpB,CAAC;QAED,gBAAgB;QAChB,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,QAAQ,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAClD,KAAK,MAAM,EAAE,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACtC,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;YAC9C,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpB,CAAC;QAED,uDAAuD;QACvD,MAAM,UAAU,GAAG,uBAAuB,CACxC,OAAO,CAAC,iBAAiB,EACzB,IAAI,CAAC,UAAU,CAChB,CAAC;QACF,IAAI,UAAU,EAAE,CAAC;YACf,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAwB;IAC7D,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,MAAM,KAAK,GAAmD,EAAE,CAAC;IACjE,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,OAAO,EAAE,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACpC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElC,MAAM,KAAK,GAAa,CAAC,wBAAwB,CAAC,CAAC;IACnD,KAAK,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,MAAM,IAAI,CAAC,QAAQ,KAAK,CAAC,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAAwB;IAClE,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,MAAM,KAAK,GAAa,CAAC,sCAAsC,CAAC,CAAC;IAEjE,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,OAAO,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,kBAAkB,CAAC;QACzC,IACE,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;YAC/B,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;YAC/B,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAC5B,CAAC;YACD,SAAS;QACX,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC;QAC1C,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CACR,aAAa,KAAK,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpE,CAAC;QACJ,CAAC;QACD,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,gBAAgB,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC1B,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAC7C,IAAwB;IAExB,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,OAAO,EAAE,CAAC;QAC3C,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;YACnC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;gBAClD,MAAM,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,IAAI,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,MAAM,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACjE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,wBAAwB,EAAE,CAAC;gBAC9C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC,EAAE,CAAC;oBAClD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC,CAAC;gBAC3C,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,WAAoC;IAEpC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAE9C,MAAM,QAAQ,GAAG,mBAAmB,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAErC,MAAM,KAAK,GAAa,CAAC,wCAAwC,CAAC,CAAC;IACnE,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,YAAY,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACvD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC;QACnC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC;YAC/C,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC1B,CAAC;QACD,IAAI,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAWD,SAAS,cAAc,CAAC,IAAwB;IAC9C,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAEnD,MAAM,YAAY,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACrD,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAE7B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IAC5E,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACjE,MAAM,OAAO,GAAoB,EAAE,CAAC;IAEpC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YACzC,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,uBAAuB,CAC9B,QAAyC,EACzC,kBAAwC;IAExC,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC,kBAAkB,EAAE,MAAM;QAAE,OAAO,EAAE,CAAC;IAEhE,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CACtC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC5B,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CACrD,CACF,CAAC;IACF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAErC,MAAM,KAAK,GAAa,CAAC,yBAAyB,CAAC,CAAC;IACpD,KAAK,MAAM,EAAE,IAAI,QAAQ,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,SAAS,KAAK,CAAC,CAAC;QACrC,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,EAAE,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/prompts/languages/c-cpp.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { LanguageProfile } from "./types.js";
2	+ export declare const cCppProfile: LanguageProfile;

package/dist/prompts/languages/c-cpp.js ADDED Viewed

@@ -0,0 +1,276 @@
+export const cCppProfile = {
+    languageId: "C/C++",
+    aliases: ["c", "cpp", "cxx", "c++", "cc"],
+    generalHints: {
+        grepPatterns: [
+            "#define.*_SIZE",
+            "#define.*_LEN",
+            "#define.*MAX",
+            "#define.*BUF",
+            "memcpy\\(",
+            "memmove\\(",
+            "malloc\\(",
+            "free\\(",
+        ],
+        fileHints: [
+            "Header files (.h) for buffer size constants and struct layouts",
+            "Makefile / CMakeLists.txt for compiler flags (-fstack-protector, ASAN)",
+            "configure.ac for feature flags that toggle code paths",
+        ],
+        instructions: [
+            "Always grep for #define values that set buffer sizes and resolve them to numeric values before judging bounds checks",
+            "Check struct layouts for packed attributes and padding that affect sizeof calculations",
+            "Look for compiler-specific extensions (__attribute__, __builtin_) that affect safety guarantees",
+        ],
+    },
+    generalAntiHallucination: [
+        "A named constant is NOT a verified bound — grep for its #define and resolve the numeric value",
+        "Do NOT assume a function is safe based on its name; verify the implementation",
+        "sizeof(struct) may differ from sum of fields due to alignment padding",
+    ],
+    vulnClasses: {
+        "buffer-overflow": {
+            sinks: [
+                { api: "memcpy(dst, src, len)", risk: "Copies len bytes without checking dst capacity", cwes: ["CWE-120", "CWE-787"] },
+                { api: "memmove(dst, src, len)", risk: "Same risk as memcpy — no bounds check on dst", cwes: ["CWE-120"] },
+                { api: "strcpy(dst, src)", risk: "Copies until NUL with no length limit", cwes: ["CWE-120"] },
+                { api: "strcat(dst, src)", risk: "Appends without checking remaining dst capacity", cwes: ["CWE-120"] },
+                { api: "sprintf(buf, fmt, ...)", risk: "Formats into buf with no size limit", cwes: ["CWE-120"] },
+                { api: "gets(buf)", risk: "Reads from stdin until newline with no buffer limit", cwes: ["CWE-120"] },
+                { api: "sscanf with %s", risk: "Reads unbounded string into fixed buffer", cwes: ["CWE-120"] },
+                { api: "read/recv into fixed buffer", risk: "Network/file reads with attacker-controlled length", cwes: ["CWE-120"] },
+            ],
+            safePatterns: [
+                { api: "strncpy(dst, src, sizeof(dst))", why: "Bounded copy — but check for NUL termination" },
+                { api: "snprintf(buf, sizeof(buf), ...)", why: "Bounded format — safe if size arg is correct" },
+                { api: "strlcpy/strlcat", why: "BSD bounded string functions (if available)" },
+                { api: "memcpy with static src and known len", why: "Hardcoded lengths with no attacker control are safe" },
+            ],
+            investigationHints: {
+                grepPatterns: [
+                    "memcpy\\(",
+                    "strcpy\\(",
+                    "sprintf\\(",
+                    "strcat\\(",
+                    "gets\\(",
+                    "#define.*_SIZE",
+                    "#define.*_LEN",
+                    "#define.*_MAX",
+                    "#define.*BUF",
+                ],
+                fileHints: [
+                    "Packet parsing functions (parse_, handle_, process_)",
+                    "Header files for buffer size #defines and struct definitions",
+                    "Network/protocol handling code",
+                ],
+                instructions: [
+                    "For every memcpy/memmove: identify the destination buffer size (grep for its #define), identify the source of the length argument, and check if len <= dst_size is enforced",
+                    "Check if attacker-controlled length fields from packet headers or protocol messages reach copy operations",
+                    "Look for signed/unsigned comparison mismatches in length checks (int vs size_t)",
+                    "Check stack-allocated buffers in functions that parse untrusted input",
+                    "Inspect struct fields used as buffer sizes — are they validated after deserialization?",
+                ],
+            },
+            fewShots: [
+                {
+                    scenario: "Network packet parsing with unchecked length",
+                    vulnerableCode: "uint16_t opt_len = ntohs(hdr->length);\nchar buf[256];\nmemcpy(buf, hdr->data, opt_len);",
+                    explanation: "Attacker controls hdr->length via network packet. opt_len can exceed 256 (buf size). No bounds check before memcpy — stack buffer overflow.",
+                },
+                {
+                    scenario: "XDR deserialization with signed/unsigned mismatch",
+                    vulnerableCode: "int len = xdr_getint(xdr);\nif (len > MAX_NAME) return -1;\nchar name[MAX_NAME];\nmemcpy(name, xdr_getbytes(xdr), len);",
+                    explanation: "len is signed int. A negative value passes the > MAX_NAME check but wraps to a huge unsigned value in memcpy's size_t parameter — massive overflow.",
+                },
+            ],
+            antiHallucinationExtra: [
+                "A size check like 'if (len > BUF_SIZE)' is NOT sufficient if len is signed — negative values pass the check",
+                "memcpy with hardcoded lengths and no attacker-controlled path is NOT a vulnerability",
+                "sizeof(ptr) returns pointer size (4/8), not the allocation size — check for this mistake",
+            ],
+        },
+        "integer-overflow": {
+            sinks: [
+                { api: "malloc(n * size)", risk: "Multiplication can wrap to small value, leading to undersized allocation", cwes: ["CWE-190"] },
+                { api: "len1 + len2 used as allocation size", risk: "Addition overflow wraps to small value", cwes: ["CWE-190"] },
+                { api: "signed int used as array index or size", risk: "Negative values bypass upper-bound checks", cwes: ["CWE-190", "CWE-681"] },
+                { api: "ntohs/ntohl results used in arithmetic", risk: "Network-controlled values in size calculations", cwes: ["CWE-190"] },
+            ],
+            safePatterns: [
+                { api: "calloc(n, size)", why: "calloc checks for overflow internally on most implementations" },
+                { api: "Explicit overflow check before arithmetic", why: "if (a > SIZE_MAX / b) return error" },
+            ],
+            investigationHints: {
+                grepPatterns: [
+                    "malloc\\(.*\\*",
+                    "realloc\\(",
+                    "ntohs\\(",
+                    "ntohl\\(",
+                    "\\(int\\)",
+                    "\\(unsigned\\)",
+                ],
+                fileHints: [
+                    "Memory allocation wrappers",
+                    "Protocol deserialization code",
+                    "Image/media parsing (width * height * bpp patterns)",
+                ],
+                instructions: [
+                    "Look for multiplication in malloc/realloc arguments where both operands come from untrusted input",
+                    "Check for narrowing casts (uint32_t -> uint16_t, size_t -> int) before size comparisons",
+                    "Trace ntohs/ntohl results through arithmetic to allocation or copy calls",
+                ],
+            },
+            fewShots: [
+                {
+                    scenario: "Image dimension multiplication overflow",
+                    vulnerableCode: "uint32_t width = read_u32(input);\nuint32_t height = read_u32(input);\nchar *pixels = malloc(width * height * 4);\nmemcpy(pixels, data, width * height * 4);",
+                    explanation: "width * height * 4 can overflow uint32_t, wrapping to a small value. malloc allocates too little, memcpy overflows the heap buffer.",
+                },
+            ],
+            antiHallucinationExtra: [
+                "calloc(n, size) typically checks for overflow internally — verify before flagging",
+                "Overflow in dead code paths or with hardcoded safe values is NOT exploitable",
+            ],
+        },
+        "use-after-free": {
+            sinks: [
+                { api: "free(ptr); ... use(ptr)", risk: "Accessing freed memory — attacker may control reallocated content", cwes: ["CWE-416"] },
+                { api: "realloc may return different ptr", risk: "Old pointer becomes dangling if realloc moves the allocation", cwes: ["CWE-416"] },
+                { api: "Double free", risk: "Freeing same pointer twice corrupts allocator metadata", cwes: ["CWE-415"] },
+            ],
+            safePatterns: [
+                { api: "ptr = NULL after free", why: "Prevents use-after-free if subsequent code checks for NULL" },
+                { api: "Reference counting with atomic ops", why: "Prevents premature free in concurrent code" },
+            ],
+            investigationHints: {
+                grepPatterns: ["free\\(", "realloc\\(", "->.*=.*NULL"],
+                fileHints: [
+                    "Object lifecycle management code",
+                    "Error handling paths (goto cleanup patterns)",
+                    "Callback/event handler registration",
+                ],
+                instructions: [
+                    "Look for error paths where free is called but the function continues to use the pointer",
+                    "Check callback registrations — is the callback's context freed before the callback fires?",
+                    "In goto-cleanup patterns, verify that the cleanup sequence matches the allocation order",
+                    "Check for race conditions between free and use in multi-threaded code",
+                ],
+            },
+            fewShots: [
+                {
+                    scenario: "Error path use-after-free",
+                    vulnerableCode: "buf = malloc(size);\nif (parse(buf, input) < 0) {\n    free(buf);\n    log_error(\"parse failed for %s\", buf->name);\n    return -1;\n}",
+                    explanation: "On parse failure, buf is freed but then dereferenced in the log_error call to access buf->name.",
+                },
+            ],
+            antiHallucinationExtra: [
+                "A free followed by return (with no intervening use) is NOT a use-after-free",
+                "Static analysis may flag theoretical UAF that requires specific thread interleaving — assess reachability",
+            ],
+        },
+        "format-string": {
+            sinks: [
+                { api: "printf(user_str)", risk: "User-controlled format string enables read/write of stack memory", cwes: ["CWE-134"] },
+                { api: "fprintf(f, user_str)", risk: "Same as printf — format string from untrusted source", cwes: ["CWE-134"] },
+                { api: "syslog(priority, user_str)", risk: "Format string via syslog", cwes: ["CWE-134"] },
+                { api: "snprintf(buf, size, user_str)", risk: "Bounded output but format string still attacker-controlled", cwes: ["CWE-134"] },
+            ],
+            safePatterns: [
+                { api: 'printf("%s", user_str)', why: "User string passed as argument, not format — safe" },
+                { api: "Hardcoded format string with user args", why: "Format is constant, only arguments vary" },
+            ],
+            investigationHints: {
+                grepPatterns: [
+                    "printf\\(",
+                    "fprintf\\(",
+                    "syslog\\(",
+                    "snprintf\\(",
+                    "sprintf\\(",
+                ],
+                fileHints: ["Logging functions", "Error message handlers", "Debug output code"],
+                instructions: [
+                    "Check if the first argument to printf-family functions is a variable (not a string literal)",
+                    "Trace the variable back — does it come from user input, network data, or file content?",
+                    "Custom logging wrappers may forward to printf internally — check their implementation",
+                ],
+            },
+            fewShots: [
+                {
+                    scenario: "SNMP error handler format string",
+                    vulnerableCode: 'char *community = snmp_get_community(pdu);\nsnprintf(errbuf, sizeof(errbuf), community);',
+                    explanation: "community string comes from network SNMP packet and is used as format string in snprintf. Attacker sends %x%x%x%n to read/write stack.",
+                },
+            ],
+            antiHallucinationExtra: [
+                "printf(\"%s\", var) is SAFE — the format string is the literal \"%s\", not the variable",
+                "Do NOT flag printf with hardcoded format strings and user data as arguments",
+            ],
+        },
+        "type-confusion": {
+            sinks: [
+                { api: "Tagged union access without type check", risk: "Accessing wrong union member reads garbage or attacker-controlled data", cwes: ["CWE-843"] },
+                { api: "void* cast without validation", risk: "Casting to wrong concrete type", cwes: ["CWE-843"] },
+                { api: "Variant/discriminated type access", risk: "Missing discriminator check before accessing type-specific fields", cwes: ["CWE-843"] },
+            ],
+            safePatterns: [
+                { api: "switch(tag) with all cases", why: "Exhaustive tag check before union access" },
+                { api: "assert(obj->type == EXPECTED) before cast", why: "Runtime type validation" },
+            ],
+            investigationHints: {
+                grepPatterns: ["union\\s+\\{", "\\.type\\s*==", "->type\\s*==", "\\(struct\\s+\\w+\\s*\\*\\)"],
+                fileHints: [
+                    "ASN.1 / TLV parsing code",
+                    "Protocol message handlers with type-dispatched processing",
+                    "Variant/tagged-union type definitions in headers",
+                ],
+                instructions: [
+                    "Find union types and their discriminator fields, then check every access site for discriminator validation",
+                    "Look for void* parameters cast to concrete types — is the type guaranteed by the caller contract?",
+                    "In TLV/ASN.1 parsers, check that the type tag is validated before accessing type-specific content",
+                ],
+            },
+            fewShots: [
+                {
+                    scenario: "ASN.1 value access without tag check",
+                    vulnerableCode: "ASN1_VALUE *val = asn1_parse(input);\nint len = val->value.str_val->length;",
+                    explanation: "val could be INTEGER, BOOLEAN, or STRING type. Accessing str_val without checking val->type reads memory from the wrong union member if val is not a string.",
+                },
+            ],
+            antiHallucinationExtra: [
+                "If a switch/case exhaustively handles all type tags before union access, it is safe",
+                "Internal functions where the caller always passes the correct type (verified by code inspection) are lower risk",
+            ],
+        },
+        "command-injection": {
+            sinks: [
+                { api: "system(cmd)", risk: "Passes cmd to /bin/sh -c for full shell interpretation", shellInvoking: true, cwes: ["CWE-78"] },
+                { api: "popen(cmd, mode)", risk: "Shell interpretation of cmd string", shellInvoking: true, cwes: ["CWE-78"] },
+                { api: "execlp/execvp with shell wrapper", risk: "If first arg is a shell and command is user-controlled", shellInvoking: true, cwes: ["CWE-78"] },
+            ],
+            safePatterns: [
+                { api: "execve with argument array", why: "No shell interpretation when using direct exec with argv" },
+                { api: "Hardcoded command string", why: "No attacker-controlled input in the command" },
+            ],
+            investigationHints: {
+                grepPatterns: ["system\\(", "popen\\(", "execlp\\(", "execvp\\("],
+                fileHints: ["Build scripts and helper utilities", "CGI/web handler code"],
+                instructions: [
+                    "Check if user-controlled data (environment variables, HTTP parameters, file content) reaches system/popen",
+                    "Look for string concatenation or sprintf building command strings with untrusted data",
+                ],
+            },
+            fewShots: [
+                {
+                    scenario: "CGI handler building shell command",
+                    vulnerableCode: 'char cmd[512];\nsnprintf(cmd, sizeof(cmd), "convert %s output.png", filename);\nsystem(cmd);',
+                    explanation: "filename comes from user upload/request. Attacker sends 'img.png; rm -rf /' — shell interprets the semicolon as command separator.",
+                },
+            ],
+            antiHallucinationExtra: [
+                "execve/execv with a fixed argv array and no shell is NOT vulnerable to metacharacter injection",
+                "system() with a fully hardcoded string and no user input is NOT a vulnerability",
+            ],
+        },
+    },
+};
+//# sourceMappingURL=c-cpp.js.map

package/dist/prompts/languages/c-cpp.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"c-cpp.js","sourceRoot":"","sources":["../../../src/prompts/languages/c-cpp.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,WAAW,GAAoB;IAC1C,UAAU,EAAE,OAAO;IACnB,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC;IACzC,YAAY,EAAE;QACZ,YAAY,EAAE;YACZ,gBAAgB;YAChB,eAAe;YACf,cAAc;YACd,cAAc;YACd,WAAW;YACX,YAAY;YACZ,WAAW;YACX,SAAS;SACV;QACD,SAAS,EAAE;YACT,gEAAgE;YAChE,wEAAwE;YACxE,uDAAuD;SACxD;QACD,YAAY,EAAE;YACZ,sHAAsH;YACtH,wFAAwF;YACxF,iGAAiG;SAClG;KACF;IACD,wBAAwB,EAAE;QACxB,+FAA+F;QAC/F,+EAA+E;QAC/E,uEAAuE;KACxE;IACD,WAAW,EAAE;QACX,iBAAiB,EAAE;YACjB,KAAK,EAAE;gBACL,EAAE,GAAG,EAAE,uBAAuB,EAAE,IAAI,EAAE,gDAAgD,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE;gBACtH,EAAE,GAAG,EAAE,wBAAwB,EAAE,IAAI,EAAE,8CAA8C,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBAC1G,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,uCAAuC,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBAC7F,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,iDAAiD,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACvG,EAAE,GAAG,EAAE,wBAAwB,EAAE,IAAI,EAAE,qCAAqC,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACjG,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,qDAAqD,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACpG,EAAE,GAAG,EAAE,gBAAgB,EAAE,IAAI,EAAE,0CAA0C,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBAC9F,EAAE,GAAG,EAAE,6BAA6B,EAAE,IAAI,EAAE,oDAAoD,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;aACtH;YACD,YAAY,EAAE;gBACZ,EAAE,GAAG,EAAE,gCAAgC,EAAE,GAAG,EAAE,8CAA8C,EAAE;gBAC9F,EAAE,GAAG,EAAE,iCAAiC,EAAE,GAAG,EAAE,8CAA8C,EAAE;gBAC/F,EAAE,GAAG,EAAE,iBAAiB,EAAE,GAAG,EAAE,6CAA6C,EAAE;gBAC9E,EAAE,GAAG,EAAE,sCAAsC,EAAE,GAAG,EAAE,qDAAqD,EAAE;aAC5G;YACD,kBAAkB,EAAE;gBAClB,YAAY,EAAE;oBACZ,WAAW;oBACX,WAAW;oBACX,YAAY;oBACZ,WAAW;oBACX,SAAS;oBACT,gBAAgB;oBAChB,eAAe;oBACf,eAAe;oBACf,cAAc;iBACf;gBACD,SAAS,EAAE;oBACT,sDAAsD;oBACtD,8DAA8D;oBAC9D,gCAAgC;iBACjC;gBACD,YAAY,EAAE;oBACZ,6KAA6K;oBAC7K,2GAA2G;oBAC3G,iFAAiF;oBACjF,uEAAuE;oBACvE,wFAAwF;iBACzF;aACF;YACD,QAAQ,EAAE;gBACR;oBACE,QAAQ,EAAE,8CAA8C;oBACxD,cAAc,EAAE,0FAA0F;oBAC1G,WAAW,EAAE,6IAA6I;iBAC3J;gBACD;oBACE,QAAQ,EAAE,mDAAmD;oBAC7D,cAAc,EAAE,yHAAyH;oBACzI,WAAW,EAAE,qJAAqJ;iBACnK;aACF;YACD,sBAAsB,EAAE;gBACtB,6GAA6G;gBAC7G,sFAAsF;gBACtF,0FAA0F;aAC3F;SACF;QACD,kBAAkB,EAAE;YAClB,KAAK,EAAE;gBACL,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,0EAA0E,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBAChI,EAAE,GAAG,EAAE,qCAAqC,EAAE,IAAI,EAAE,wCAAwC,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACjH,EAAE,GAAG,EAAE,wCAAwC,EAAE,IAAI,EAAE,2CAA2C,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE;gBAClI,EAAE,GAAG,EAAE,wCAAwC,EAAE,IAAI,EAAE,gDAAgD,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;aAC7H;YACD,YAAY,EAAE;gBACZ,EAAE,GAAG,EAAE,iBAAiB,EAAE,GAAG,EAAE,+DAA+D,EAAE;gBAChG,EAAE,GAAG,EAAE,2CAA2C,EAAE,GAAG,EAAE,oCAAoC,EAAE;aAChG;YACD,kBAAkB,EAAE;gBAClB,YAAY,EAAE;oBACZ,gBAAgB;oBAChB,YAAY;oBACZ,UAAU;oBACV,UAAU;oBACV,WAAW;oBACX,gBAAgB;iBACjB;gBACD,SAAS,EAAE;oBACT,4BAA4B;oBAC5B,+BAA+B;oBAC/B,qDAAqD;iBACtD;gBACD,YAAY,EAAE;oBACZ,mGAAmG;oBACnG,yFAAyF;oBACzF,0EAA0E;iBAC3E;aACF;YACD,QAAQ,EAAE;gBACR;oBACE,QAAQ,EAAE,yCAAyC;oBACnD,cAAc,EAAE,8JAA8J;oBAC9K,WAAW,EAAE,qIAAqI;iBACnJ;aACF;YACD,sBAAsB,EAAE;gBACtB,mFAAmF;gBACnF,8EAA8E;aAC/E;SACF;QACD,gBAAgB,EAAE;YAChB,KAAK,EAAE;gBACL,EAAE,GAAG,EAAE,yBAAyB,EAAE,IAAI,EAAE,mEAAmE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBAChI,EAAE,GAAG,EAAE,kCAAkC,EAAE,IAAI,EAAE,8DAA8D,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACpI,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,wDAAwD,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;aAC1G;YACD,YAAY,EAAE;gBACZ,EAAE,GAAG,EAAE,uBAAuB,EAAE,GAAG,EAAE,4DAA4D,EAAE;gBACnG,EAAE,GAAG,EAAE,oCAAoC,EAAE,GAAG,EAAE,4CAA4C,EAAE;aACjG;YACD,kBAAkB,EAAE;gBAClB,YAAY,EAAE,CAAC,SAAS,EAAE,YAAY,EAAE,aAAa,CAAC;gBACtD,SAAS,EAAE;oBACT,kCAAkC;oBAClC,8CAA8C;oBAC9C,qCAAqC;iBACtC;gBACD,YAAY,EAAE;oBACZ,yFAAyF;oBACzF,2FAA2F;oBAC3F,yFAAyF;oBACzF,uEAAuE;iBACxE;aACF;YACD,QAAQ,EAAE;gBACR;oBACE,QAAQ,EAAE,2BAA2B;oBACrC,cAAc,EAAE,0IAA0I;oBAC1J,WAAW,EAAE,iGAAiG;iBAC/G;aACF;YACD,sBAAsB,EAAE;gBACtB,6EAA6E;gBAC7E,2GAA2G;aAC5G;SACF;QACD,eAAe,EAAE;YACf,KAAK,EAAE;gBACL,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,kEAAkE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACxH,EAAE,GAAG,EAAE,sBAAsB,EAAE,IAAI,EAAE,sDAAsD,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBAChH,EAAE,GAAG,EAAE,4BAA4B,EAAE,IAAI,EAAE,0BAA0B,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBAC1F,EAAE,GAAG,EAAE,+BAA+B,EAAE,IAAI,EAAE,4DAA4D,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;aAChI;YACD,YAAY,EAAE;gBACZ,EAAE,GAAG,EAAE,wBAAwB,EAAE,GAAG,EAAE,mDAAmD,EAAE;gBAC3F,EAAE,GAAG,EAAE,wCAAwC,EAAE,GAAG,EAAE,yCAAyC,EAAE;aAClG;YACD,kBAAkB,EAAE;gBAClB,YAAY,EAAE;oBACZ,WAAW;oBACX,YAAY;oBACZ,WAAW;oBACX,aAAa;oBACb,YAAY;iBACb;gBACD,SAAS,EAAE,CAAC,mBAAmB,EAAE,wBAAwB,EAAE,mBAAmB,CAAC;gBAC/E,YAAY,EAAE;oBACZ,6FAA6F;oBAC7F,wFAAwF;oBACxF,uFAAuF;iBACxF;aACF;YACD,QAAQ,EAAE;gBACR;oBACE,QAAQ,EAAE,kCAAkC;oBAC5C,cAAc,EAAE,0FAA0F;oBAC1G,WAAW,EAAE,wIAAwI;iBACtJ;aACF;YACD,sBAAsB,EAAE;gBACtB,yFAAyF;gBACzF,6EAA6E;aAC9E;SACF;QACD,gBAAgB,EAAE;YAChB,KAAK,EAAE;gBACL,EAAE,GAAG,EAAE,wCAAwC,EAAE,IAAI,EAAE,wEAAwE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACpJ,EAAE,GAAG,EAAE,+BAA+B,EAAE,IAAI,EAAE,gCAAgC,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;gBACnG,EAAE,GAAG,EAAE,mCAAmC,EAAE,IAAI,EAAE,mEAAmE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE;aAC3I;YACD,YAAY,EAAE;gBACZ,EAAE,GAAG,EAAE,4BAA4B,EAAE,GAAG,EAAE,0CAA0C,EAAE;gBACtF,EAAE,GAAG,EAAE,2CAA2C,EAAE,GAAG,EAAE,yBAAyB,EAAE;aACrF;YACD,kBAAkB,EAAE;gBAClB,YAAY,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,cAAc,EAAE,6BAA6B,CAAC;gBAC9F,SAAS,EAAE;oBACT,0BAA0B;oBAC1B,2DAA2D;oBAC3D,kDAAkD;iBACnD;gBACD,YAAY,EAAE;oBACZ,4GAA4G;oBAC5G,mGAAmG;oBACnG,mGAAmG;iBACpG;aACF;YACD,QAAQ,EAAE;gBACR;oBACE,QAAQ,EAAE,sCAAsC;oBAChD,cAAc,EAAE,6EAA6E;oBAC7F,WAAW,EAAE,8JAA8J;iBAC5K;aACF;YACD,sBAAsB,EAAE;gBACtB,qFAAqF;gBACrF,iHAAiH;aAClH;SACF;QACD,mBAAmB,EAAE;YACnB,KAAK,EAAE;gBACL,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,wDAAwD,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;gBAC7H,EAAE,GAAG,EAAE,kBAAkB,EAAE,IAAI,EAAE,oCAAoC,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;gBAC9G,EAAE,GAAG,EAAE,kCAAkC,EAAE,IAAI,EAAE,wDAAwD,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE;aACnJ;YACD,YAAY,EAAE;gBACZ,EAAE,GAAG,EAAE,4BAA4B,EAAE,GAAG,EAAE,0DAA0D,EAAE;gBACtG,EAAE,GAAG,EAAE,0BAA0B,EAAE,GAAG,EAAE,6CAA6C,EAAE;aACxF;YACD,kBAAkB,EAAE;gBAClB,YAAY,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,CAAC;gBACjE,SAAS,EAAE,CAAC,oCAAoC,EAAE,sBAAsB,CAAC;gBACzE,YAAY,EAAE;oBACZ,2GAA2G;oBAC3G,uFAAuF;iBACxF;aACF;YACD,QAAQ,EAAE;gBACR;oBACE,QAAQ,EAAE,oCAAoC;oBAC9C,cAAc,EAAE,8FAA8F;oBAC9G,WAAW,EAAE,oIAAoI;iBAClJ;aACF;YACD,sBAAsB,EAAE;gBACtB,gGAAgG;gBAChG,iFAAiF;aAClF;SACF;KACF;CACF,CAAC"}

package/dist/prompts/languages/go.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { LanguageProfile } from "./types.js";
2	+ export declare const goProfile: LanguageProfile;