ruvector 0.1.80 → 0.1.81

package/dist/analysis/security.js

@@ -0,0 +1,139 @@
+"use strict";
+/**
+ * Security Analysis Module - Consolidated security scanning
+ *
+ * Single source of truth for security patterns and vulnerability detection.
+ * Used by native-worker.ts and parallel-workers.ts
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECURITY_PATTERNS = void 0;
+exports.scanFile = scanFile;
+exports.scanFiles = scanFiles;
+exports.getSeverityScore = getSeverityScore;
+exports.sortBySeverity = sortBySeverity;
+const fs = __importStar(require("fs"));
+/**
+ * Default security patterns for vulnerability detection
+ */
+exports.SECURITY_PATTERNS = [
+    // Critical: Hardcoded secrets
+    { pattern: /password\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-password', severity: 'critical', message: 'Hardcoded password detected', suggestion: 'Use environment variables or secret management' },
+    { pattern: /api[_-]?key\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-apikey', severity: 'critical', message: 'Hardcoded API key detected', suggestion: 'Use environment variables' },
+    { pattern: /secret\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-secret', severity: 'critical', message: 'Hardcoded secret detected', suggestion: 'Use environment variables or secret management' },
+    { pattern: /private[_-]?key\s*=\s*['"][^'"]+['"]/gi, rule: 'no-hardcoded-private-key', severity: 'critical', message: 'Hardcoded private key detected', suggestion: 'Use secure key management' },
+    // High: Code execution risks
+    { pattern: /eval\s*\(/g, rule: 'no-eval', severity: 'high', message: 'Avoid eval() - code injection risk', suggestion: 'Use safer alternatives like JSON.parse()' },
+    { pattern: /exec\s*\(/g, rule: 'no-exec', severity: 'high', message: 'Avoid exec() - command injection risk', suggestion: 'Use execFile or spawn with args array' },
+    { pattern: /Function\s*\(/g, rule: 'no-function-constructor', severity: 'high', message: 'Avoid Function constructor - code injection risk' },
+    { pattern: /child_process.*exec\(/g, rule: 'no-shell-exec', severity: 'high', message: 'Shell execution detected', suggestion: 'Use execFile or spawn instead' },
+    // High: SQL injection
+    { pattern: /SELECT\s+.*\s+FROM.*\+/gi, rule: 'sql-injection-risk', severity: 'high', message: 'Potential SQL injection - string concatenation in query', suggestion: 'Use parameterized queries' },
+    { pattern: /`SELECT.*\$\{/gi, rule: 'sql-injection-template', severity: 'high', message: 'Template literal in SQL query', suggestion: 'Use parameterized queries' },
+    // Medium: XSS risks
+    { pattern: /dangerouslySetInnerHTML/g, rule: 'xss-risk', severity: 'medium', message: 'XSS risk: dangerouslySetInnerHTML', suggestion: 'Sanitize content before rendering' },
+    { pattern: /innerHTML\s*=/g, rule: 'no-inner-html', severity: 'medium', message: 'Avoid innerHTML - XSS risk', suggestion: 'Use textContent or sanitize content' },
+    { pattern: /document\.write\s*\(/g, rule: 'no-document-write', severity: 'medium', message: 'Avoid document.write - XSS risk' },
+    // Medium: Other risks
+    { pattern: /\$\{.*\}/g, rule: 'template-injection', severity: 'low', message: 'Template literal detected - verify no injection' },
+    { pattern: /new\s+RegExp\s*\([^)]*\+/g, rule: 'regex-injection', severity: 'medium', message: 'Dynamic RegExp - potential ReDoS risk', suggestion: 'Validate/sanitize regex input' },
+    { pattern: /\.on\s*\(\s*['"]error['"]/g, rule: 'unhandled-error', severity: 'low', message: 'Error handler detected - verify proper error handling' },
+];
+/**
+ * Scan a single file for security issues
+ */
+function scanFile(filePath, content, patterns = exports.SECURITY_PATTERNS) {
+    const findings = [];
+    try {
+        const fileContent = content ?? (fs.existsSync(filePath) ? fs.readFileSync(filePath, 'utf-8') : '');
+        if (!fileContent)
+            return findings;
+        for (const { pattern, rule, severity, message, suggestion } of patterns) {
+            const regex = new RegExp(pattern.source, pattern.flags);
+            let match;
+            while ((match = regex.exec(fileContent)) !== null) {
+                const lineNum = fileContent.slice(0, match.index).split('\n').length;
+                findings.push({
+                    file: filePath,
+                    line: lineNum,
+                    severity,
+                    rule,
+                    message,
+                    match: match[0].slice(0, 50),
+                    suggestion,
+                });
+            }
+        }
+    }
+    catch {
+        // Skip unreadable files
+    }
+    return findings;
+}
+/**
+ * Scan multiple files for security issues
+ */
+function scanFiles(files, patterns = exports.SECURITY_PATTERNS, maxFiles = 100) {
+    const findings = [];
+    for (const file of files.slice(0, maxFiles)) {
+        findings.push(...scanFile(file, undefined, patterns));
+    }
+    return findings;
+}
+/**
+ * Get severity score (for sorting/filtering)
+ */
+function getSeverityScore(severity) {
+    switch (severity) {
+        case 'critical': return 4;
+        case 'high': return 3;
+        case 'medium': return 2;
+        case 'low': return 1;
+        default: return 0;
+    }
+}
+/**
+ * Sort findings by severity (highest first)
+ */
+function sortBySeverity(findings) {
+    return [...findings].sort((a, b) => getSeverityScore(b.severity) - getSeverityScore(a.severity));
+}
+exports.default = {
+    SECURITY_PATTERNS: exports.SECURITY_PATTERNS,
+    scanFile,
+    scanFiles,
+    getSeverityScore,
+    sortBySeverity,
+};

package/dist/core/index.d.ts

@@ -21,6 +21,7 @@ export * from './coverage-router';
 export * from './graph-algorithms';
 export * from './tensor-compress';
 export * from './learning-engine';
+export * from '../analysis';
 export { default as gnnWrapper } from './gnn-wrapper';
 export { default as attentionFallbacks } from './attention-fallbacks';
 export { default as agentdbFast } from './agentdb-fast';

package/dist/core/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,eAAe,CAAC;AAC9B,cAAc,uBAAuB,CAAC;AACtC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,uBAAuB,CAAC;AACtC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAGlC,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,cAAc,CAAC;AAGrD,OAAO,EAAE,UAAU,IAAI,SAAS,EAAE,MAAM,cAAc,CAAC;AAGvD,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,cAAc,eAAe,CAAC;AAC9B,cAAc,uBAAuB,CAAC;AACtC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,uBAAuB,CAAC;AACtC,cAAc,iBAAiB,CAAC;AAChC,cAAc,yBAAyB,CAAC;AACxC,cAAc,oBAAoB,CAAC;AACnC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC;AAChC,cAAc,mBAAmB,CAAC;AAClC,cAAc,cAAc,CAAC;AAC7B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,aAAa,CAAC;AAG5B,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AACtE,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC1E,OAAO,EAAE,OAAO,IAAI,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,OAAO,IAAI,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,OAAO,IAAI,UAAU,EAAE,MAAM,cAAc,CAAC;AAGrD,OAAO,EAAE,UAAU,IAAI,SAAS,EAAE,MAAM,cAAc,CAAC;AAGvD,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/core/index.js

@@ -41,6 +41,8 @@ __exportStar(require("./coverage-router"), exports);
 __exportStar(require("./graph-algorithms"), exports);
 __exportStar(require("./tensor-compress"), exports);
 __exportStar(require("./learning-engine"), exports);
+// Analysis module (consolidated security, complexity, patterns)
+__exportStar(require("../analysis"), exports);
 // Re-export default objects for convenience
 var gnn_wrapper_1 = require("./gnn-wrapper");
 Object.defineProperty(exports, "gnnWrapper", { enumerable: true, get: function () { return __importDefault(gnn_wrapper_1).default; } });

package/dist/core/parallel-workers.d.ts

@@ -38,6 +38,7 @@
  *    - Merge conflict prediction
  *    - Code churn metrics
  */
+import { SecurityFinding } from '../analysis/security';
 export interface WorkerPoolConfig {
     numWorkers?: number;
     enabled?: boolean;
@@ -59,14 +60,7 @@ export interface ASTAnalysis {
     exports: string[];
     dependencies: string[];
 }
-export interface SecurityFinding {
-    file: string;
-    line: number;
-    severity: 'low' | 'medium' | 'high' | 'critical';
-    rule: string;
-    message: string;
-    suggestion?: string;
-}
+export type { SecurityFinding };
 export interface ContextChunk {
     content: string;
     source: string;

package/dist/core/parallel-workers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"parallel-workers.d.ts","sourceRoot":"","sources":["../../src/core/parallel-workers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAWH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;CACtB;AA+BD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,SAAS,CAKT;IACR,OAAO,CAAC,WAAW,CAAkC;IACrD,OAAO,CAAC,MAAM,CAA6B;IAC3C,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,gBAAgB,CAAgD;IACxE,OAAO,CAAC,QAAQ,CAAuC;gBAE3C,MAAM,GAAE,gBAAqB;IAYnC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAgC3B,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,iBAAiB;IAqUzB,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,YAAY;YAWN,OAAO;IAsCrB;;;OAGG;IACG,gBAAgB,CACpB,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GACjC,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA4BlC;;;OAGG;IACG,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAoBzD;;;OAGG;IACG,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC;QACtD,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;IAIH;;;OAGG;IACG,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAQpF;;;OAGG;IACG,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAQjF;;;OAGG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,EAAE,IAAI,GAAE,MAAU,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAInG;;;OAGG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAI1H;;;OAGG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,SAAS,GAAE,MAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAQ9E;;;OAGG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAIpD;;;OAGG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAQrE,QAAQ,IAAI;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB,EAAE,MAAM,CAAC;QAC7B,YAAY,EAAE,MAAM,CAAC;KACtB;IAWD,WAAW,IAAI,IAAI;IAKb,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAchC;AAQD,wBAAgB,qBAAqB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,kBAAkB,CAKnF;AAED,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAInG;AAED,eAAe,kBAAkB,CAAC"}
+{"version":3,"file":"parallel-workers.d.ts","sourceRoot":"","sources":["../../src/core/parallel-workers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAQH,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAMvD,MAAM,WAAW,gBAAgB;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAGD,YAAY,EAAE,eAAe,EAAE,CAAC;AAEhC,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;CACtB;AA+BD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,SAAS,CAKT;IACR,OAAO,CAAC,WAAW,CAAkC;IACrD,OAAO,CAAC,MAAM,CAA6B;IAC3C,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,gBAAgB,CAAgD;IACxE,OAAO,CAAC,QAAQ,CAAuC;gBAE3C,MAAM,GAAE,gBAAqB;IAYnC,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAgC3B,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,iBAAiB;IAqUzB,OAAO,CAAC,kBAAkB;IAmB1B,OAAO,CAAC,YAAY;YAWN,OAAO;IAsCrB;;;OAGG;IACG,gBAAgB,CACpB,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GACjC,OAAO,CAAC,oBAAoB,EAAE,CAAC;IA4BlC;;;OAGG;IACG,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAoBzD;;;OAGG;IACG,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC;QACtD,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,aAAa,EAAE,MAAM,CAAC;QACtB,oBAAoB,EAAE,MAAM,CAAC;QAC7B,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;IAIH;;;OAGG;IACG,oBAAoB,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAQpF;;;OAGG;IACG,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAQjF;;;OAGG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,EAAE,IAAI,GAAE,MAAU,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAInG;;;OAGG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAI1H;;;OAGG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,SAAS,GAAE,MAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAQ9E;;;OAGG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAIpD;;;OAGG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAQrE,QAAQ,IAAI;QACV,OAAO,EAAE,OAAO,CAAC;QACjB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,oBAAoB,EAAE,MAAM,CAAC;QAC7B,YAAY,EAAE,MAAM,CAAC;KACtB;IAWD,WAAW,IAAI,IAAI;IAKb,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAchC;AAQD,wBAAgB,qBAAqB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,kBAAkB,CAKnF;AAED,wBAAsB,sBAAsB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAInG;AAED,eAAe,kBAAkB,CAAC"}

package/dist/workers/native-worker.d.ts

@@ -35,7 +35,7 @@ export declare class NativeWorker {
      */
     private phaseFileDiscovery;
     /**
-     * Phase: Pattern Extraction
+     * Phase: Pattern Extraction (uses shared analysis module)
      */
     private phasePatternExtraction;
     /**
@@ -51,11 +51,11 @@ export declare class NativeWorker {
      */
     private phaseSimilaritySearch;
     /**
-     * Phase: Security Scan
+     * Phase: Security Scan (uses shared analysis module)
      */
     private phaseSecurityScan;
     /**
-     * Phase: Complexity Analysis
+     * Phase: Complexity Analysis (uses shared analysis module)
      */
     private phaseComplexityAnalysis;
     /**

package/dist/workers/native-worker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"native-worker.d.ts","sourceRoot":"","sources":["../../src/workers/native-worker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EACL,YAAY,EACZ,YAAY,EAKb,MAAM,SAAS,CAAC;AAuBjB;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,KAAK,CAKX;gBAEU,MAAM,EAAE,YAAY;IAIhC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAmB3B;;OAEG;IACG,GAAG,CAAC,UAAU,GAAE,MAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAiD1D;;OAEG;YACW,YAAY;IAmC1B;;OAEG;YACW,kBAAkB;IAqBhC;;OAEG;YACW,sBAAsB;IAoDpC;;OAEG;YACW,wBAAwB;IAgDtC;;OAEG;YACW,kBAAkB;IA8BhC;;OAEG;YACW,qBAAqB;IAoBnC;;OAEG;YACW,iBAAiB;IAyC/B;;OAEG;YACW,uBAAuB;IA0CrC;;OAEG;YACW,kBAAkB;IAqBhC;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAsB3B;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,SAAqB,GAAG,YAAY,CAW5E;AAED,wBAAgB,oBAAoB,CAAC,IAAI,SAAkB,GAAG,YAAY,CAczE;AAED,wBAAgB,oBAAoB,CAAC,IAAI,SAAoB,GAAG,YAAY,CAa3E"}
+{"version":3,"file":"native-worker.d.ts","sourceRoot":"","sources":["../../src/workers/native-worker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EACL,YAAY,EACZ,YAAY,EAKb,MAAM,SAAS,CAAC;AA0BjB;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,KAAK,CAKX;gBAEU,MAAM,EAAE,YAAY;IAIhC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAmB3B;;OAEG;IACG,GAAG,CAAC,UAAU,GAAE,MAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAiD1D;;OAEG;YACW,YAAY;IAmC1B;;OAEG;YACW,kBAAkB;IAqBhC;;OAEG;YACW,sBAAsB;IAoCpC;;OAEG;YACW,wBAAwB;IAgDtC;;OAEG;YACW,kBAAkB;IA8BhC;;OAEG;YACW,qBAAqB;IAoBnC;;OAEG;YACW,iBAAiB;IAuB/B;;OAEG;YACW,uBAAuB;IA0BrC;;OAEG;YACW,kBAAkB;IAqBhC;;OAEG;IACH,OAAO,CAAC,kBAAkB;CAsB3B;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,SAAqB,GAAG,YAAY,CAW5E;AAED,wBAAgB,oBAAoB,CAAC,IAAI,SAAkB,GAAG,YAAY,CAczE;AAED,wBAAgB,oBAAoB,CAAC,IAAI,SAAoB,GAAG,YAAY,CAa3E"}

package/dist/workers/native-worker.js

@@ -51,6 +51,9 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const glob_1 = require("glob");
 const onnx_embedder_1 = require("../core/onnx-embedder");
+const security_1 = require("../analysis/security");
+const complexity_1 = require("../analysis/complexity");
+const patterns_1 = require("../analysis/patterns");
 // Lazy imports for optional dependencies
 let VectorDb = null;
 let intelligence = null;
@@ -193,41 +196,28 @@ class NativeWorker {
         return { ...context, files };
     }
     /**
-     * Phase: Pattern Extraction
+     * Phase: Pattern Extraction (uses shared analysis module)
      */
     async phasePatternExtraction(context, config) {
         const patterns = [];
         const patternTypes = config?.types || ['function', 'class', 'import', 'export', 'todo'];
         for (const file of context.files.slice(0, 100)) {
             try {
-                const content = fs.readFileSync(file, 'utf-8');
-                // Extract functions
-                if (patternTypes.includes('function')) {
-                    const funcMatches = content.match(/(?:async\s+)?function\s+(\w+)|(?:const|let|var)\s+(\w+)\s*=\s*(?:async\s*)?\(/g) || [];
-                    patterns.push(...funcMatches.map(m => ({ type: 'function', match: m, file })));
-                }
-                // Extract classes
-                if (patternTypes.includes('class')) {
-                    const classMatches = content.match(/class\s+(\w+)/g) || [];
-                    patterns.push(...classMatches.map(m => ({ type: 'class', match: m, file })));
-                }
-                // Extract imports
-                if (patternTypes.includes('import')) {
-                    const importMatches = content.match(/import\s+.*?from\s+['"][^'"]+['"]/g) || [];
-                    patterns.push(...importMatches.map(m => ({ type: 'import', match: m, file })));
-                }
-                // Extract TODOs
-                if (patternTypes.includes('todo')) {
-                    const todoMatches = content.match(/\/\/\s*(TODO|FIXME|HACK|XXX):.*/gi) || [];
-                    patterns.push(...todoMatches.map(m => ({ type: 'todo', match: m, file })));
-                    // Add findings for TODOs
-                    todoMatches.forEach(m => {
-                        this.findings.push({
-                            type: 'info',
-                            message: m,
-                            file,
-                        });
-                    });
+                const filePatterns = (0, patterns_1.extractAllPatterns)(file);
+                const matches = (0, patterns_1.toPatternMatches)(filePatterns);
+                // Filter by requested pattern types
+                for (const match of matches) {
+                    if (patternTypes.includes(match.type)) {
+                        patterns.push(match);
+                        // Add findings for TODOs
+                        if (match.type === 'todo') {
+                            this.findings.push({
+                                type: 'info',
+                                message: match.match,
+                                file,
+                            });
+                        }
+                    }
                 }
             }
             catch {
@@ -324,75 +314,43 @@ class NativeWorker {
         return { ...context, searchResults: results };
     }
     /**
-     * Phase: Security Scan
+     * Phase: Security Scan (uses shared analysis module)
      */
     async phaseSecurityScan(context, config) {
-        const securityPatterns = [
-            { pattern: /password\s*=\s*['"][^'"]+['"]/gi, severity: 'high', type: 'Hardcoded password' },
-            { pattern: /api[_-]?key\s*=\s*['"][^'"]+['"]/gi, severity: 'high', type: 'Hardcoded API key' },
-            { pattern: /secret\s*=\s*['"][^'"]+['"]/gi, severity: 'high', type: 'Hardcoded secret' },
-            { pattern: /eval\s*\(/g, severity: 'medium', type: 'eval() usage' },
-            { pattern: /dangerouslySetInnerHTML/g, severity: 'medium', type: 'XSS risk' },
-            { pattern: /SELECT\s+.*\s+FROM.*\+/gi, severity: 'high', type: 'SQL injection risk' },
-            { pattern: /exec\s*\(/g, severity: 'medium', type: 'Command execution' },
-        ];
-        for (const file of context.files.slice(0, 100)) {
-            try {
-                const content = fs.readFileSync(file, 'utf-8');
-                const lines = content.split('\n');
-                for (const { pattern, severity, type } of securityPatterns) {
-                    let match;
-                    const regex = new RegExp(pattern.source, pattern.flags);
-                    while ((match = regex.exec(content)) !== null) {
-                        const lineNum = content.slice(0, match.index).split('\n').length;
-                        this.findings.push({
-                            type: 'security',
-                            message: `${type}: ${match[0].slice(0, 50)}...`,
-                            file,
-                            line: lineNum,
-                            severity: severity === 'high' ? 3 : 2,
-                        });
-                    }
-                }
-            }
-            catch {
-                // Skip
-            }
+        // Use consolidated security scanner
+        const findings = (0, security_1.scanFiles)(context.files, undefined, 100);
+        // Convert to worker findings format
+        for (const finding of findings) {
+            this.findings.push({
+                type: 'security',
+                message: `${finding.rule}: ${finding.message}`,
+                file: finding.file,
+                line: finding.line,
+                severity: finding.severity === 'critical' ? 4 :
+                    finding.severity === 'high' ? 3 :
+                        finding.severity === 'medium' ? 2 : 1,
+            });
         }
         return context;
     }
     /**
-     * Phase: Complexity Analysis
+     * Phase: Complexity Analysis (uses shared analysis module)
      */
     async phaseComplexityAnalysis(context, config) {
         const complexityThreshold = config?.threshold || 10;
         const complexFiles = [];
         for (const file of context.files.slice(0, 50)) {
-            try {
-                const content = fs.readFileSync(file, 'utf-8');
-                // Simple cyclomatic complexity approximation
-                const branches = (content.match(/\bif\b/g)?.length || 0) +
-                    (content.match(/\belse\b/g)?.length || 0) +
-                    (content.match(/\bfor\b/g)?.length || 0) +
-                    (content.match(/\bwhile\b/g)?.length || 0) +
-                    (content.match(/\bswitch\b/g)?.length || 0) +
-                    (content.match(/\bcase\b/g)?.length || 0) +
-                    (content.match(/\bcatch\b/g)?.length || 0) +
-                    (content.match(/\?\?/g)?.length || 0) +
-                    (content.match(/\?/g)?.length || 0);
-                const complexity = branches + 1;
-                if (complexity > complexityThreshold) {
-                    complexFiles.push({ file, complexity });
-                    this.findings.push({
-                        type: 'warning',
-                        message: `High complexity: ${complexity} (threshold: ${complexityThreshold})`,
-                        file,
-                        severity: complexity > 20 ? 3 : 2,
-                    });
-                }
-            }
-            catch {
-                // Skip
+            // Use consolidated complexity analyzer
+            const result = (0, complexity_1.analyzeFile)(file);
+            if (result.cyclomaticComplexity > complexityThreshold) {
+                complexFiles.push(result);
+                const rating = (0, complexity_1.getComplexityRating)(result.cyclomaticComplexity);
+                this.findings.push({
+                    type: 'warning',
+                    message: `High complexity: ${result.cyclomaticComplexity} (threshold: ${complexityThreshold})`,
+                    file,
+                    severity: rating === 'critical' ? 4 : rating === 'high' ? 3 : 2,
+                });
             }
         }
         return { ...context, complexFiles };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ruvector",
-  "version": "0.1.80",
+  "version": "0.1.81",
   "description": "High-performance vector database for Node.js with automatic native/WASM fallback",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/.claude-flow/metrics/agent-metrics.json

@@ -1 +0,0 @@
-{}

package/.claude-flow/metrics/performance.json

@@ -1,87 +0,0 @@
-{
-  "startTime": 1765652041941,
-  "sessionId": "session-1765652041941",
-  "lastActivity": 1765652041941,
-  "sessionDuration": 0,
-  "totalTasks": 1,
-  "successfulTasks": 1,
-  "failedTasks": 0,
-  "totalAgents": 0,
-  "activeAgents": 0,
-  "neuralEvents": 0,
-  "memoryMode": {
-    "reasoningbankOperations": 0,
-    "basicOperations": 0,
-    "autoModeSelections": 0,
-    "modeOverrides": 0,
-    "currentMode": "auto"
-  },
-  "operations": {
-    "store": {
-      "count": 0,
-      "totalDuration": 0,
-      "errors": 0
-    },
-    "retrieve": {
-      "count": 0,
-      "totalDuration": 0,
-      "errors": 0
-    },
-    "query": {
-      "count": 0,
-      "totalDuration": 0,
-      "errors": 0
-    },
-    "list": {
-      "count": 0,
-      "totalDuration": 0,
-      "errors": 0
-    },
-    "delete": {
-      "count": 0,
-      "totalDuration": 0,
-      "errors": 0
-    },
-    "search": {
-      "count": 0,
-      "totalDuration": 0,
-      "errors": 0
-    },
-    "init": {
-      "count": 0,
-      "totalDuration": 0,
-      "errors": 0
-    }
-  },
-  "performance": {
-    "avgOperationDuration": 0,
-    "minOperationDuration": null,
-    "maxOperationDuration": null,
-    "slowOperations": 0,
-    "fastOperations": 0,
-    "totalOperationTime": 0
-  },
-  "storage": {
-    "totalEntries": 0,
-    "reasoningbankEntries": 0,
-    "basicEntries": 0,
-    "databaseSize": 0,
-    "lastBackup": null,
-    "growthRate": 0
-  },
-  "errors": {
-    "total": 0,
-    "byType": {},
-    "byOperation": {},
-    "recent": []
-  },
-  "reasoningbank": {
-    "semanticSearches": 0,
-    "sqlFallbacks": 0,
-    "embeddingGenerated": 0,
-    "consolidations": 0,
-    "avgQueryTime": 0,
-    "cacheHits": 0,
-    "cacheMisses": 0
-  }
-}

package/.claude-flow/metrics/task-metrics.json

@@ -1,10 +0,0 @@
-[
-  {
-    "id": "cmd-hooks-1765652042057",
-    "type": "hooks",
-    "success": true,
-    "duration": 9.497447000000022,
-    "timestamp": 1765652042067,
-    "metadata": {}
-  }
-]