postquant 0.5.0 → 0.7.0

package/dist/scanner/code/ast/patterns/javascript.js

@@ -0,0 +1,113 @@
+/** Generic query matching obj.method(...) calls in JS/TS */
+const METHOD_CALL_QUERY = `
+  (call_expression
+    function: (member_expression
+      object: (identifier) @obj
+      property: (property_identifier) @method)
+    arguments: (arguments) @args)
+`;
+export const javascriptASTPatterns = [
+    {
+        id: 'js-rsa-keygen',
+        language: 'javascript',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'crypto', allowAlias: true },
+        ],
+        methodNames: ['generateKeyPairSync', 'generateKeyPair'],
+        firstArgPattern: /['"]rsa['"]/i,
+        description: "RSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for encryption or ML-DSA (FIPS 204) for signatures',
+    },
+    {
+        id: 'js-ec-keygen',
+        language: 'javascript',
+        category: 'asymmetric-encryption',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'crypto', allowAlias: true },
+        ],
+        methodNames: ['generateKeyPairSync', 'generateKeyPair'],
+        firstArgPattern: /['"]ec['"]/i,
+        description: "EC key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures or ML-KEM (FIPS 203) for key exchange',
+    },
+    {
+        id: 'js-dh-exchange',
+        language: 'javascript',
+        category: 'key-exchange',
+        algorithm: 'DH',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'crypto', allowAlias: true },
+        ],
+        methodNames: ['createDiffieHellman'],
+        description: "Diffie-Hellman key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key exchange',
+    },
+    {
+        id: 'js-ecdh-exchange',
+        language: 'javascript',
+        category: 'key-exchange',
+        algorithm: 'ECDH',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'crypto', allowAlias: true },
+        ],
+        methodNames: ['createECDH'],
+        description: "ECDH key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key exchange',
+    },
+    {
+        id: 'js-md5-hash',
+        language: 'javascript',
+        category: 'weak-hash',
+        algorithm: 'MD5',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'crypto', allowAlias: true },
+        ],
+        methodNames: ['createHash'],
+        firstArgPattern: /['"]md5['"]/i,
+        description: 'MD5 is cryptographically broken and unsuitable for any security use',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+    },
+    {
+        id: 'js-sha1-hash',
+        language: 'javascript',
+        category: 'weak-hash',
+        algorithm: 'SHA-1',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'crypto', allowAlias: true },
+        ],
+        methodNames: ['createHash'],
+        firstArgPattern: /['"]sha-?1['"]/i,
+        description: 'SHA-1 is cryptographically broken with practical collision attacks',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+    },
+    {
+        id: 'js-jwt-sign',
+        language: 'javascript',
+        category: 'digital-signature',
+        algorithm: 'RSA/ECDSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'jsonwebtoken', allowAlias: true },
+        ],
+        methodNames: ['sign'],
+        description: 'JWT signing with RSA/ECDSA algorithms is vulnerable to quantum attacks',
+        migration: 'Migrate to post-quantum JWT algorithms when standardized',
+    },
+];
+//# sourceMappingURL=javascript.js.map

package/dist/scanner/code/ast/patterns/javascript.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"javascript.js","sourceRoot":"","sources":["../../../../../src/scanner/code/ast/patterns/javascript.ts"],"names":[],"mappings":"AAEA,4DAA4D;AAC5D,MAAM,iBAAiB,GAAG;;;;;;CAMzB,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAiB;IACjD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE;SACvC;QACD,WAAW,EAAE,CAAC,qBAAqB,EAAE,iBAAiB,CAAC;QACvD,eAAe,EAAE,cAAc;QAC/B,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,iFAAiF;KAC7F;IACD;QACE,EAAE,EAAE,cAAc;QAClB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE;SACvC;QACD,WAAW,EAAE,CAAC,qBAAqB,EAAE,iBAAiB,CAAC;QACvD,eAAe,EAAE,aAAa;QAC9B,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,mFAAmF;KAC/F;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE;SACvC;QACD,WAAW,EAAE,CAAC,qBAAqB,CAAC;QACpC,WAAW,EAAE,mFAAmF;QAChG,SAAS,EAAE,+CAA+C;KAC3D;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,MAAM;QACjB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE;SACvC;QACD,WAAW,EAAE,CAAC,YAAY,CAAC;QAC3B,WAAW,EAAE,yEAAyE;QACtF,SAAS,EAAE,+CAA+C;KAC3D;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE;SACvC;QACD,WAAW,EAAE,CAAC,YAAY,CAAC;QAC3B,eAAe,EAAE,cAAc;QAC/B,WAAW,EAAE,qEAAqE;QAClF,SAAS,EAAE,yCAAyC;KACrD;IACD;QACE,EAAE,EAAE,cAAc;QAClB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE;SACvC;QACD,WAAW,EAAE,CAAC,YAAY,CAAC;QAC3B,eAAe,EAAE,iBAAiB;QAClC,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,yCAAyC;KACrD;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,YAAY;QACtB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,WAAW;QACtB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,IAAI,EAAE;SAC7C;QACD,WAAW,EAAE,CAAC,MAAM,CAAC;QACrB,WAAW,EAAE,wEAAwE;QACrF,SAAS,EAAE,0DAA0D;KACtE;CACF,CAAC"}

package/dist/scanner/code/ast/patterns/python.d.ts

@@ -0,0 +1,3 @@
+import type { ASTPattern } from './types.js';
+export declare const pythonASTPatterns: ASTPattern[];
+//# sourceMappingURL=python.d.ts.map

package/dist/scanner/code/ast/patterns/python.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"python.d.ts","sourceRoot":"","sources":["../../../../../src/scanner/code/ast/patterns/python.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAW7C,eAAO,MAAM,iBAAiB,EAAE,UAAU,EA2JzC,CAAC"}

package/dist/scanner/code/ast/patterns/python.js

@@ -0,0 +1,165 @@
+/** Generic query matching obj.method(...) calls */
+const METHOD_CALL_QUERY = `
+  (call
+    function: (attribute
+      object: (identifier) @obj
+      attribute: (identifier) @method)
+    arguments: (argument_list) @args)
+`;
+export const pythonASTPatterns = [
+    {
+        id: 'python-rsa-keygen',
+        language: 'python',
+        category: 'asymmetric-encryption',
+        algorithm: 'RSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'cryptography.hazmat.primitives.asymmetric', symbol: 'rsa', allowAlias: true },
+        ],
+        methodNames: ['generate_private_key'],
+        description: "RSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for encryption or ML-DSA (FIPS 204) for signatures',
+    },
+    {
+        id: 'python-rsa-sign',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'RSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'Crypto.PublicKey', symbol: 'RSA', allowAlias: true },
+        ],
+        methodNames: ['generate'],
+        description: "RSA key generation (PyCryptodome) is vulnerable to quantum attacks",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures',
+    },
+    {
+        id: 'python-ec-keygen',
+        language: 'python',
+        category: 'asymmetric-encryption',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'cryptography.hazmat.primitives.asymmetric', symbol: 'ec', allowAlias: true },
+        ],
+        methodNames: ['generate_private_key'],
+        description: "Elliptic curve key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures or ML-KEM (FIPS 203) for key exchange',
+    },
+    {
+        id: 'python-ecdsa-sign',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'ECDSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'Crypto.PublicKey', symbol: 'ECC', allowAlias: true },
+        ],
+        methodNames: ['generate'],
+        description: "ECC key generation (PyCryptodome) is vulnerable to quantum attacks",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures',
+    },
+    {
+        id: 'python-ed25519',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'Ed25519',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'cryptography.hazmat.primitives.asymmetric.ed25519', symbol: 'Ed25519PrivateKey', allowAlias: true },
+        ],
+        methodNames: ['generate'],
+        description: "Ed25519 is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures',
+    },
+    {
+        id: 'python-x25519',
+        language: 'python',
+        category: 'key-exchange',
+        algorithm: 'X25519',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'cryptography.hazmat.primitives.asymmetric.x25519', symbol: 'X25519PrivateKey', allowAlias: true },
+        ],
+        methodNames: ['generate'],
+        description: "X25519 key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key exchange',
+    },
+    {
+        id: 'python-dsa-keygen',
+        language: 'python',
+        category: 'digital-signature',
+        algorithm: 'DSA',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'cryptography.hazmat.primitives.asymmetric', symbol: 'dsa', allowAlias: true },
+        ],
+        methodNames: ['generate_private_key'],
+        description: "DSA key generation is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-DSA (FIPS 204) for signatures',
+    },
+    {
+        id: 'python-dh-keygen',
+        language: 'python',
+        category: 'key-exchange',
+        algorithm: 'DH',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'cryptography.hazmat.primitives.asymmetric', symbol: 'dh', allowAlias: true },
+        ],
+        methodNames: ['generate_parameters'],
+        description: "Diffie-Hellman key exchange is vulnerable to quantum attacks via Shor's algorithm",
+        migration: 'Migrate to ML-KEM (FIPS 203) for key exchange',
+    },
+    {
+        id: 'python-md5',
+        language: 'python',
+        category: 'weak-hash',
+        algorithm: 'MD5',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'hashlib', allowAlias: true },
+        ],
+        methodNames: ['md5'],
+        description: 'MD5 is cryptographically broken and unsuitable for any security use',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+    },
+    {
+        id: 'python-sha1',
+        language: 'python',
+        category: 'weak-hash',
+        algorithm: 'SHA-1',
+        risk: 'critical',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'hashlib', allowAlias: true },
+        ],
+        methodNames: ['sha1'],
+        description: 'SHA-1 is cryptographically broken with practical collision attacks',
+        migration: 'Migrate to SHA-256 or SHA-3 for hashing',
+    },
+    {
+        id: 'python-sha256',
+        language: 'python',
+        category: 'safe-hash',
+        algorithm: 'SHA-256',
+        risk: 'moderate',
+        query: METHOD_CALL_QUERY,
+        requiredImports: [
+            { module: 'hashlib', allowAlias: true },
+        ],
+        methodNames: ['sha256'],
+        description: "SHA-256 has reduced security margin under Grover's algorithm (128-bit effective)",
+        migration: 'Consider SHA-384 or SHA-512 for larger post-quantum security margin',
+    },
+];
+//# sourceMappingURL=python.js.map

package/dist/scanner/code/ast/patterns/python.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"python.js","sourceRoot":"","sources":["../../../../../src/scanner/code/ast/patterns/python.ts"],"names":[],"mappings":"AAEA,mDAAmD;AACnD,MAAM,iBAAiB,GAAG;;;;;;CAMzB,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAiB;IAC7C;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,2CAA2C,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;SACzF;QACD,WAAW,EAAE,CAAC,sBAAsB,CAAC;QACrC,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,iFAAiF;KAC7F;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;SAChE;QACD,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,6CAA6C;KACzD;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,uBAAuB;QACjC,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,2CAA2C,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;SACxF;QACD,WAAW,EAAE,CAAC,sBAAsB,CAAC;QACrC,WAAW,EAAE,qFAAqF;QAClG,SAAS,EAAE,mFAAmF;KAC/F;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;SAChE;QACD,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,6CAA6C;KACzD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,mDAAmD,EAAE,MAAM,EAAE,mBAAmB,EAAE,UAAU,EAAE,IAAI,EAAE;SAC/G;QACD,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,WAAW,EAAE,+DAA+D;QAC5E,SAAS,EAAE,6CAA6C;KACzD;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,QAAQ;QACnB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,kDAAkD,EAAE,MAAM,EAAE,kBAAkB,EAAE,UAAU,EAAE,IAAI,EAAE;SAC7G;QACD,WAAW,EAAE,CAAC,UAAU,CAAC;QACzB,WAAW,EAAE,2EAA2E;QACxF,SAAS,EAAE,+CAA+C;KAC3D;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,2CAA2C,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;SACzF;QACD,WAAW,EAAE,CAAC,sBAAsB,CAAC;QACrC,WAAW,EAAE,0EAA0E;QACvF,SAAS,EAAE,6CAA6C;KACzD;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,2CAA2C,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;SACxF;QACD,WAAW,EAAE,CAAC,qBAAqB,CAAC;QACpC,WAAW,EAAE,mFAAmF;QAChG,SAAS,EAAE,+CAA+C;KAC3D;IACD;QACE,EAAE,EAAE,YAAY;QAChB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,KAAK;QAChB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE;SACxC;QACD,WAAW,EAAE,CAAC,KAAK,CAAC;QACpB,WAAW,EAAE,qEAAqE;QAClF,SAAS,EAAE,yCAAyC;KACrD;IACD;QACE,EAAE,EAAE,aAAa;QACjB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,OAAO;QAClB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE;SACxC;QACD,WAAW,EAAE,CAAC,MAAM,CAAC;QACrB,WAAW,EAAE,oEAAoE;QACjF,SAAS,EAAE,yCAAyC;KACrD;IACD;QACE,EAAE,EAAE,eAAe;QACnB,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,iBAAiB;QACxB,eAAe,EAAE;YACf,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE;SACxC;QACD,WAAW,EAAE,CAAC,QAAQ,CAAC;QACvB,WAAW,EAAE,kFAAkF;QAC/F,SAAS,EAAE,qEAAqE;KACjF;CACF,CAAC"}

package/dist/scanner/code/ast/patterns/types.d.ts

@@ -0,0 +1,23 @@
+import type { Language, CryptoCategory, RiskLevel } from '../../../../types/index.js';
+export interface ImportConstraint {
+    module: string;
+    symbol?: string;
+    allowAlias: boolean;
+}
+export interface ASTPattern {
+    id: string;
+    language: Language;
+    category: CryptoCategory;
+    algorithm: string;
+    risk: RiskLevel;
+    query: string;
+    /** If set, the analyzer checks that @obj resolves to one of these imports */
+    requiredImports?: ImportConstraint[];
+    /** Method names to match against @method capture (case-sensitive) */
+    methodNames?: string[];
+    /** If set, the first argument text must match this regex (for disambiguation) */
+    firstArgPattern?: RegExp;
+    description: string;
+    migration: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/scanner/code/ast/patterns/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../../src/scanner/code/ast/patterns/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAEtF,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,QAAQ,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,6EAA6E;IAC7E,eAAe,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACrC,qEAAqE;IACrE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,iFAAiF;IACjF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/scanner/code/ast/patterns/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/scanner/code/ast/patterns/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../../src/scanner/code/ast/patterns/types.ts"],"names":[],"mappings":""}

package/dist/scanner/code/ast/scope-detector.d.ts

@@ -0,0 +1,8 @@
+import type { Tree } from 'web-tree-sitter';
+import type { ScopeInfo } from '../../../types/index.js';
+/**
+ * Detect the enclosing scope for a given line number in the AST.
+ * Line is 1-indexed to match CodeFinding.line.
+ */
+export declare function detectScope(tree: Tree, line: number, language: 'python' | 'javascript'): ScopeInfo;
+//# sourceMappingURL=scope-detector.d.ts.map

package/dist/scanner/code/ast/scope-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-detector.d.ts","sourceRoot":"","sources":["../../../../src/scanner/code/ast/scope-detector.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAQ,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEzD;;;GAGG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,GAAG,YAAY,GAChC,SAAS,CAgCX"}

package/dist/scanner/code/ast/scope-detector.js

@@ -0,0 +1,116 @@
+/**
+ * Detect the enclosing scope for a given line number in the AST.
+ * Line is 1-indexed to match CodeFinding.line.
+ */
+export function detectScope(tree, line, language) {
+    const row = line - 1; // tree-sitter uses 0-indexed rows
+    const node = tree.rootNode.descendantForPosition({ row, column: 0 });
+    let functionName;
+    let className;
+    let isTestCode = false;
+    let isConditionalPath = false;
+    let current = node;
+    while (current) {
+        if (language === 'python') {
+            checkPythonScope(current, {
+                setFunction: (name) => { if (!functionName)
+                    functionName = name; },
+                setClass: (name) => { if (!className)
+                    className = name; },
+                setTest: () => { isTestCode = true; },
+                setConditional: () => { isConditionalPath = true; },
+            });
+        }
+        else {
+            checkJavaScriptScope(current, {
+                setFunction: (name) => { if (!functionName)
+                    functionName = name; },
+                setClass: (name) => { if (!className)
+                    className = name; },
+                setTest: () => { isTestCode = true; },
+                setConditional: () => { isConditionalPath = true; },
+            });
+        }
+        current = current.parent;
+    }
+    return { functionName, className, isTestCode, isConditionalPath };
+}
+function checkPythonScope(node, cb) {
+    if (node.type === 'function_definition') {
+        const nameNode = node.childForFieldName('name');
+        if (nameNode) {
+            cb.setFunction(nameNode.text);
+            if (nameNode.text.startsWith('test_') || nameNode.text.startsWith('test')) {
+                cb.setTest();
+            }
+        }
+        // Check for pytest decorators on parent decorated_definition
+        const parent = node.parent;
+        if (parent?.type === 'decorated_definition') {
+            for (let i = 0; i < parent.namedChildCount; i++) {
+                const child = parent.namedChild(i);
+                if (child.type === 'decorator' && /pytest\.(fixture|mark)/.test(child.text)) {
+                    cb.setTest();
+                }
+            }
+        }
+    }
+    if (node.type === 'class_definition') {
+        const nameNode = node.childForFieldName('name');
+        if (nameNode) {
+            cb.setClass(nameNode.text);
+            if (nameNode.text.startsWith('Test')) {
+                cb.setTest();
+            }
+        }
+    }
+    if (node.type === 'try_statement') {
+        cb.setConditional();
+    }
+    if (node.type === 'if_statement' || node.type === 'elif_clause' || node.type === 'else_clause') {
+        cb.setConditional();
+    }
+}
+function checkJavaScriptScope(node, cb) {
+    // function declarations
+    if (node.type === 'function_declaration') {
+        const nameNode = node.childForFieldName('name');
+        if (nameNode)
+            cb.setFunction(nameNode.text);
+    }
+    // arrow functions assigned to variables: const X = () => { ... }
+    if (node.type === 'variable_declarator') {
+        const nameNode = node.childForFieldName('name');
+        const valueNode = node.childForFieldName('value');
+        if (nameNode && valueNode?.type === 'arrow_function') {
+            cb.setFunction(nameNode.text);
+        }
+    }
+    // method definitions in classes
+    if (node.type === 'method_definition') {
+        const nameNode = node.childForFieldName('name');
+        if (nameNode)
+            cb.setFunction(nameNode.text);
+    }
+    // class declarations
+    if (node.type === 'class_declaration') {
+        const nameNode = node.childForFieldName('name');
+        if (nameNode)
+            cb.setClass(nameNode.text);
+    }
+    // describe/it/test blocks
+    if (node.type === 'call_expression') {
+        const funcNode = node.childForFieldName('function');
+        if (funcNode && /^(describe|it|test|beforeEach|afterEach|beforeAll|afterAll)$/.test(funcNode.text)) {
+            cb.setTest();
+        }
+    }
+    // try/catch
+    if (node.type === 'try_statement') {
+        cb.setConditional();
+    }
+    if (node.type === 'if_statement') {
+        cb.setConditional();
+    }
+}
+//# sourceMappingURL=scope-detector.js.map

package/dist/scanner/code/ast/scope-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-detector.js","sourceRoot":"","sources":["../../../../src/scanner/code/ast/scope-detector.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,UAAU,WAAW,CACzB,IAAU,EACV,IAAY,EACZ,QAAiC;IAEjC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,kCAAkC;IACxD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;IAErE,IAAI,YAAgC,CAAC;IACrC,IAAI,SAA6B,CAAC;IAClC,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAE9B,IAAI,OAAO,GAAgB,IAAI,CAAC;IAEhC,OAAO,OAAO,EAAE,CAAC;QACf,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,gBAAgB,CAAC,OAAO,EAAE;gBACxB,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,YAAY;oBAAE,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC;gBAClE,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,SAAS;oBAAE,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC;gBACzD,OAAO,EAAE,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC;gBACrC,cAAc,EAAE,GAAG,EAAE,GAAG,iBAAiB,GAAG,IAAI,CAAC,CAAC,CAAC;aACpD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,oBAAoB,CAAC,OAAO,EAAE;gBAC5B,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,YAAY;oBAAE,YAAY,GAAG,IAAI,CAAC,CAAC,CAAC;gBAClE,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,SAAS;oBAAE,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC;gBACzD,OAAO,EAAE,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC;gBACrC,cAAc,EAAE,GAAG,EAAE,GAAG,iBAAiB,GAAG,IAAI,CAAC,CAAC,CAAC;aACpD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,iBAAiB,EAAE,CAAC;AACpE,CAAC;AASD,SAAS,gBAAgB,CAAC,IAAU,EAAE,EAAkB;IACtD,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9B,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1E,EAAE,CAAC,OAAO,EAAE,CAAC;YACf,CAAC;QACH,CAAC;QACD,6DAA6D;QAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC3B,IAAI,MAAM,EAAE,IAAI,KAAK,sBAAsB,EAAE,CAAC;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,CAAC;gBAChD,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC;gBACpC,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5E,EAAE,CAAC,OAAO,EAAE,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC3B,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrC,EAAE,CAAC,OAAO,EAAE,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,EAAE,CAAC,cAAc,EAAE,CAAC;IACtB,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAC/F,EAAE,CAAC,cAAc,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAU,EAAE,EAAkB;IAC1D,wBAAwB;IACxB,IAAI,IAAI,CAAC,IAAI,KAAK,sBAAsB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,QAAQ;YAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,iEAAiE;IACjE,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,QAAQ,IAAI,SAAS,EAAE,IAAI,KAAK,gBAAgB,EAAE,CAAC;YACrD,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,QAAQ;YAAE,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,qBAAqB;IACrB,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,QAAQ;YAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED,0BAA0B;IAC1B,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACpD,IAAI,QAAQ,IAAI,8DAA8D,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACnG,EAAE,CAAC,OAAO,EAAE,CAAC;QACf,CAAC;IACH,CAAC;IAED,YAAY;IACZ,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,EAAE,CAAC,cAAc,EAAE,CAAC;IACtB,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACjC,EAAE,CAAC,cAAc,EAAE,CAAC;IACtB,CAAC;AACH,CAAC"}

package/dist/scanner/code/ast/variable-resolver.d.ts

@@ -0,0 +1,11 @@
+import type { Tree } from 'web-tree-sitter';
+export interface VariableMap {
+    /** Get latest string value of a variable */
+    getString(name: string): string | undefined;
+    /** Get latest number value of a variable */
+    getNumber(name: string): number | undefined;
+    /** Get string value of a variable as it was at a specific line */
+    getStringAtLine(name: string, line: number): string | undefined;
+}
+export declare function resolveVariables(tree: Tree, language: 'python' | 'javascript'): VariableMap;
+//# sourceMappingURL=variable-resolver.d.ts.map

package/dist/scanner/code/ast/variable-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"variable-resolver.d.ts","sourceRoot":"","sources":["../../../../src/scanner/code/ast/variable-resolver.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAQ,MAAM,iBAAiB,CAAC;AAOlD,MAAM,WAAW,WAAW;IAC1B,4CAA4C;IAC5C,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IAC5C,4CAA4C;IAC5C,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IAC5C,kEAAkE;IAClE,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CACjE;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,GAAG,YAAY,GAAG,WAAW,CAiC3F"}

package/dist/scanner/code/ast/variable-resolver.js

@@ -0,0 +1,115 @@
+export function resolveVariables(tree, language) {
+    const entries = new Map();
+    function record(name, value, line) {
+        if (!entries.has(name))
+            entries.set(name, []);
+        entries.get(name).push({ value, line });
+    }
+    walkAssignments(tree.rootNode, language, record);
+    return {
+        getString(name) {
+            const list = entries.get(name);
+            if (!list || list.length === 0)
+                return undefined;
+            const last = list[list.length - 1];
+            return typeof last.value === 'string' ? last.value : undefined;
+        },
+        getNumber(name) {
+            const list = entries.get(name);
+            if (!list || list.length === 0)
+                return undefined;
+            const last = list[list.length - 1];
+            return typeof last.value === 'number' ? last.value : undefined;
+        },
+        getStringAtLine(name, line) {
+            const list = entries.get(name);
+            if (!list)
+                return undefined;
+            let best;
+            for (const entry of list) {
+                if (entry.line <= line)
+                    best = entry;
+            }
+            return best && typeof best.value === 'string' ? best.value : undefined;
+        },
+    };
+}
+function walkAssignments(node, language, record) {
+    if (language === 'python') {
+        walkPythonAssignments(node, record);
+    }
+    else {
+        walkJavaScriptAssignments(node, record);
+    }
+}
+function walkPythonAssignments(node, record) {
+    if (node.type === 'assignment') {
+        const left = node.childForFieldName('left');
+        const right = node.childForFieldName('right');
+        if (left?.type === 'identifier' && right) {
+            const val = extractLiteral(right);
+            if (val !== undefined) {
+                record(left.text, val, left.startPosition.row + 1);
+            }
+        }
+    }
+    for (let i = 0; i < node.childCount; i++) {
+        walkPythonAssignments(node.child(i), record);
+    }
+}
+function walkJavaScriptAssignments(node, record) {
+    // variable_declarator: const/let/var name = value
+    if (node.type === 'variable_declarator') {
+        const nameNode = node.childForFieldName('name');
+        const valueNode = node.childForFieldName('value');
+        if (nameNode?.type === 'identifier' && valueNode) {
+            const val = extractLiteral(valueNode);
+            if (val !== undefined) {
+                record(nameNode.text, val, nameNode.startPosition.row + 1);
+            }
+        }
+    }
+    // assignment_expression: name = value
+    if (node.type === 'assignment_expression') {
+        const left = node.childForFieldName('left');
+        const right = node.childForFieldName('right');
+        if (left?.type === 'identifier' && right) {
+            const val = extractLiteral(right);
+            if (val !== undefined) {
+                record(left.text, val, left.startPosition.row + 1);
+            }
+        }
+    }
+    for (let i = 0; i < node.childCount; i++) {
+        walkJavaScriptAssignments(node.child(i), record);
+    }
+}
+function extractLiteral(node) {
+    // Python: string has string_content child; JS: string has string_fragment child
+    if (node.type === 'string') {
+        for (let i = 0; i < node.namedChildCount; i++) {
+            const child = node.namedChild(i);
+            if (child.type === 'string_content' || child.type === 'string_fragment') {
+                return child.text;
+            }
+        }
+        // Fallback: strip quotes
+        const text = node.text;
+        if ((text.startsWith('"') && text.endsWith('"')) || (text.startsWith("'") && text.endsWith("'"))) {
+            return text.slice(1, -1);
+        }
+        return text;
+    }
+    // Python integer
+    if (node.type === 'integer') {
+        const num = parseInt(node.text, 10);
+        return isNaN(num) ? undefined : num;
+    }
+    // JS number
+    if (node.type === 'number') {
+        const num = parseInt(node.text, 10);
+        return isNaN(num) ? undefined : num;
+    }
+    return undefined;
+}
+//# sourceMappingURL=variable-resolver.js.map

package/dist/scanner/code/ast/variable-resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"variable-resolver.js","sourceRoot":"","sources":["../../../../src/scanner/code/ast/variable-resolver.ts"],"names":[],"mappings":"AAgBA,MAAM,UAAU,gBAAgB,CAAC,IAAU,EAAE,QAAiC;IAC5E,MAAM,OAAO,GAAG,IAAI,GAAG,EAAsB,CAAC;IAE9C,SAAS,MAAM,CAAC,IAAY,EAAE,KAAsB,EAAE,IAAY;QAChE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,eAAe,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEjD,OAAO;QACL,SAAS,CAAC,IAAY;YACpB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,SAAS,CAAC;YACjD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACnC,OAAO,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QACjE,CAAC;QACD,SAAS,CAAC,IAAY;YACpB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,SAAS,CAAC;YACjD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACnC,OAAO,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QACjE,CAAC;QACD,eAAe,CAAC,IAAY,EAAE,IAAY;YACxC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC/B,IAAI,CAAC,IAAI;gBAAE,OAAO,SAAS,CAAC;YAC5B,IAAI,IAA0B,CAAC;YAC/B,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;gBACzB,IAAI,KAAK,CAAC,IAAI,IAAI,IAAI;oBAAE,IAAI,GAAG,KAAK,CAAC;YACvC,CAAC;YACD,OAAO,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QACzE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CACtB,IAAU,EACV,QAAiC,EACjC,MAAoE;IAEpE,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,qBAAqB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,yBAAyB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,IAAU,EACV,MAAoE;IAEpE,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,IAAI,EAAE,IAAI,KAAK,YAAY,IAAI,KAAK,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;YAClC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAED,SAAS,yBAAyB,CAChC,IAAU,EACV,MAAoE;IAEpE,kDAAkD;IAClD,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,QAAQ,EAAE,IAAI,KAAK,YAAY,IAAI,SAAS,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;YACtC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,IAAI,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,IAAI,EAAE,IAAI,KAAK,YAAY,IAAI,KAAK,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;YAClC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,IAAU;IAChC,gFAAgF;IAChF,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAE,CAAC;YAClC,IAAI,KAAK,CAAC,IAAI,KAAK,gBAAgB,IAAI,KAAK,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;gBACxE,OAAO,KAAK,CAAC,IAAI,CAAC;YACpB,CAAC;QACH,CAAC;QACD,yBAAyB;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACjG,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB;IACjB,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC;IACtC,CAAC;IAED,YAAY;IACZ,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC;IACtC,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/scanner/code/discovery.d.ts

@@ -1,4 +1,6 @@
 import type { Language, DiscoveredFile } from '../../types/index.js';
+/** Extension → Language mapping. TypeScript maps to 'javascript'. */
+export declare const EXTENSION_MAP: Record<string, Language>;
 export interface DiscoverOptions {
     /** Glob patterns to exclude */
     ignore?: string[];

package/dist/scanner/code/discovery.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../src/scanner/code/discovery.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AA8CrE,MAAM,WAAW,eAAe;IAC9B,+BAA+B;IAC/B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,4EAA4E;IAC5E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,cAAc,EAAE,CAAC,CAoC3B"}
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../../src/scanner/code/discovery.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAErE,qEAAqE;AACrE,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAqBlD,CAAC;AAsBF,MAAM,WAAW,eAAe;IAC9B,+BAA+B;IAC/B,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,4EAA4E;IAC5E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,0CAA0C;IAC1C,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,cAAc,EAAE,CAAC,CAoC3B"}

package/dist/scanner/code/discovery.js

@@ -1,7 +1,7 @@
 import { readdir, readFile } from 'node:fs/promises';
 import { join, extname, basename } from 'node:path';
 /** Extension → Language mapping. TypeScript maps to 'javascript'. */
-const EXTENSION_MAP = {
+export const EXTENSION_MAP = {
     '.py': 'python',
     '.pyw': 'python',
     '.pyi': 'python',