vaspera 2.9.0 → 2.10.0

package/dist/eval/fixtures.js

@@ -523,6 +523,431 @@ export async function getFileSecure(filename: string) {
         tags: ["owasp-top-10", "path-traversal"],
     },
 ];
+/**
+ * Command Injection Fixtures
+ */
+export const commandInjectionFixtures = [
+    {
+        id: "cmd-001",
+        name: "exec with user input",
+        description: "Command injection via child_process.exec with string concatenation",
+        category: "command-injection",
+        source: "OWASP",
+        files: [
+            {
+                path: "utils/git.ts",
+                language: "typescript",
+                content: `import { exec } from 'child_process';
+
+// VULNERABLE: User input directly in exec
+export function cloneRepo(repoUrl: string) {
+  exec(\`git clone \${repoUrl}\`);
+}
+
+// SAFE: Array-based spawn
+import { spawn } from 'child_process';
+export function cloneRepoSafe(repoUrl: string) {
+  spawn('git', ['clone', repoUrl]);
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "utils/git.ts",
+                line: 5,
+                severity: "critical",
+                category: "command-injection",
+                cweId: "CWE-78",
+                description: "Command injection via template literal in exec",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["owasp-top-10", "injection", "child-process"],
+    },
+    {
+        id: "cmd-002",
+        name: "spawn with shell:true",
+        description: "Command injection via spawn with shell option enabled",
+        category: "command-injection",
+        source: "custom",
+        files: [
+            {
+                path: "services/deploy.ts",
+                language: "typescript",
+                content: `import { spawn } from 'child_process';
+
+// VULNERABLE: shell: true with user input
+export function runScript(scriptName: string) {
+  spawn(\`./scripts/\${scriptName}.sh\`, { shell: true });
+}
+
+// SAFE: No shell option
+export function runScriptSafe(scriptName: string) {
+  spawn('./scripts/run.sh', [scriptName]);
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "services/deploy.ts",
+                line: 5,
+                severity: "critical",
+                category: "command-injection",
+                cweId: "CWE-78",
+                description: "shell: true enables command injection",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["injection", "shell"],
+    },
+];
+/**
+ * SSRF Fixtures
+ */
+export const ssrfFixtures = [
+    {
+        id: "ssrf-001",
+        name: "Fetch with user-controlled URL",
+        description: "SSRF via fetch with user-provided URL",
+        category: "ssrf",
+        source: "OWASP",
+        files: [
+            {
+                path: "api/proxy.ts",
+                language: "typescript",
+                content: `// VULNERABLE: Direct user URL in fetch
+export async function proxyRequest(url: string) {
+  const response = await fetch(url);
+  return response.json();
+}
+
+// SAFE: URL allowlist
+const ALLOWED_HOSTS = ['api.example.com', 'cdn.example.com'];
+export async function proxyRequestSafe(url: string) {
+  const parsed = new URL(url);
+  if (!ALLOWED_HOSTS.includes(parsed.host)) {
+    throw new Error('Host not allowed');
+  }
+  return fetch(url);
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "api/proxy.ts",
+                line: 3,
+                severity: "high",
+                category: "ssrf",
+                cweId: "CWE-918",
+                description: "SSRF via user-controlled URL in fetch",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["owasp-top-10", "ssrf", "network"],
+    },
+    {
+        id: "ssrf-002",
+        name: "HTTP client with redirect following",
+        description: "SSRF via axios with redirect following to internal networks",
+        category: "ssrf",
+        source: "custom",
+        files: [
+            {
+                path: "services/webhook.ts",
+                language: "typescript",
+                content: `import axios from 'axios';
+
+// VULNERABLE: Following redirects to internal networks
+export async function callWebhook(webhookUrl: string, payload: object) {
+  const response = await axios.post(webhookUrl, payload, {
+    maxRedirects: 5, // Can redirect to internal networks
+  });
+  return response.data;
+}
+
+// SAFE: Validate URL and disable redirects
+export async function callWebhookSafe(webhookUrl: string, payload: object) {
+  const url = new URL(webhookUrl);
+  if (url.hostname === 'localhost' || url.hostname.startsWith('192.168.')) {
+    throw new Error('Internal URLs not allowed');
+  }
+  return axios.post(webhookUrl, payload, { maxRedirects: 0 });
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "services/webhook.ts",
+                line: 5,
+                severity: "high",
+                category: "ssrf",
+                cweId: "CWE-918",
+                description: "SSRF via unvalidated webhook URL",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["ssrf", "redirect"],
+    },
+];
+/**
+ * XXE Fixtures
+ */
+export const xxeFixtures = [
+    {
+        id: "xxe-001",
+        name: "XML parsing without disabling external entities",
+        description: "XXE via insecure XML parser configuration",
+        category: "xxe",
+        source: "OWASP",
+        files: [
+            {
+                path: "utils/xml.ts",
+                language: "typescript",
+                content: `import { DOMParser } from 'xmldom';
+import { XMLParser } from 'fast-xml-parser';
+
+// VULNERABLE: Default parser may allow XXE
+export function parseXml(xmlString: string) {
+  const parser = new DOMParser();
+  return parser.parseFromString(xmlString, 'text/xml');
+}
+
+// SAFE: fast-xml-parser with external entities disabled
+export function parseXmlSafe(xmlString: string) {
+  const parser = new XMLParser({
+    allowBooleanAttributes: true,
+    ignoreAttributes: false,
+    // External entities are disabled by default in fast-xml-parser
+  });
+  return parser.parse(xmlString);
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "utils/xml.ts",
+                line: 6,
+                severity: "high",
+                category: "xxe",
+                cweId: "CWE-611",
+                description: "XML parser may be vulnerable to XXE",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["owasp-top-10", "xxe", "xml"],
+    },
+];
+/**
+ * Insecure Deserialization Fixtures
+ */
+export const insecureDeserializationFixtures = [
+    {
+        id: "deser-001",
+        name: "eval-based JSON parsing",
+        description: "Unsafe deserialization using eval",
+        category: "insecure-deserialization",
+        source: "custom",
+        files: [
+            {
+                path: "utils/parse.ts",
+                language: "typescript",
+                content: `// VULNERABLE: eval for JSON parsing
+export function parseJson(str: string) {
+  return eval('(' + str + ')');
+}
+
+// VULNERABLE: Function constructor
+export function parseJsonAlt(str: string) {
+  return new Function('return ' + str)();
+}
+
+// SAFE: JSON.parse
+export function parseJsonSafe(str: string) {
+  return JSON.parse(str);
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "utils/parse.ts",
+                line: 3,
+                severity: "critical",
+                category: "insecure-deserialization",
+                cweId: "CWE-502",
+                description: "Unsafe deserialization via eval",
+                isVulnerable: true,
+            },
+            {
+                file: "utils/parse.ts",
+                line: 8,
+                severity: "critical",
+                category: "insecure-deserialization",
+                cweId: "CWE-502",
+                description: "Unsafe deserialization via Function constructor",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["deserialization", "eval"],
+    },
+    {
+        id: "deser-002",
+        name: "YAML unsafe load",
+        description: "Unsafe YAML parsing that allows arbitrary code execution",
+        category: "insecure-deserialization",
+        source: "custom",
+        files: [
+            {
+                path: "config/loader.ts",
+                language: "typescript",
+                content: `import * as yaml from 'js-yaml';
+import { readFileSync } from 'fs';
+
+// VULNERABLE: yaml.load can execute code in YAML 1.0
+export function loadConfig(path: string) {
+  const content = readFileSync(path, 'utf-8');
+  return yaml.load(content); // Deprecated, use safeLoad
+}
+
+// SAFE: yaml.safeLoad or schema restriction
+export function loadConfigSafe(path: string) {
+  const content = readFileSync(path, 'utf-8');
+  return yaml.load(content, { schema: yaml.JSON_SCHEMA });
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "config/loader.ts",
+                line: 7,
+                severity: "high",
+                category: "insecure-deserialization",
+                cweId: "CWE-502",
+                description: "Unsafe YAML loading may allow code execution",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["deserialization", "yaml"],
+    },
+];
+/**
+ * RLS Bypass / IDOR Fixtures
+ */
+export const rlsBypassFixtures = [
+    {
+        id: "rls-001",
+        name: "Missing user filter on database query",
+        description: "Direct object reference without ownership check",
+        category: "rls-bypass",
+        source: "custom",
+        files: [
+            {
+                path: "api/documents.ts",
+                language: "typescript",
+                content: `import { db } from '../db';
+
+// VULNERABLE: No userId filter - IDOR
+export async function getDocument(id: string) {
+  return db.query('SELECT * FROM documents WHERE id = $1', [id]);
+}
+
+// VULNERABLE: No ownership check in update
+export async function updateDocument(id: string, content: string) {
+  return db.query('UPDATE documents SET content = $2 WHERE id = $1', [id, content]);
+}
+
+// SAFE: userId filter present
+export async function getDocumentSafe(id: string, userId: string) {
+  return db.query(
+    'SELECT * FROM documents WHERE id = $1 AND user_id = $2',
+    [id, userId]
+  );
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "api/documents.ts",
+                line: 5,
+                severity: "high",
+                category: "rls-bypass",
+                cweId: "CWE-639",
+                description: "Missing ownership filter allows unauthorized access",
+                isVulnerable: true,
+            },
+            {
+                file: "api/documents.ts",
+                line: 10,
+                severity: "high",
+                category: "rls-bypass",
+                cweId: "CWE-639",
+                description: "Missing ownership check on update operation",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["access-control", "idor", "authorization"],
+    },
+    {
+        id: "rls-002",
+        name: "Supabase RLS bypass via service role",
+        description: "Using service role key bypasses RLS policies",
+        category: "rls-bypass",
+        source: "custom",
+        files: [
+            {
+                path: "lib/supabase.ts",
+                language: "typescript",
+                content: `import { createClient } from '@supabase/supabase-js';
+
+// VULNERABLE: Service role bypasses RLS
+export const adminClient = createClient(
+  process.env.SUPABASE_URL!,
+  process.env.SUPABASE_SERVICE_ROLE_KEY! // Bypasses RLS
+);
+
+export async function deleteAnyUser(userId: string) {
+  // This bypasses all RLS policies!
+  return adminClient.from('users').delete().eq('id', userId);
+}
+
+// SAFE: Use anon key with user context
+export const publicClient = createClient(
+  process.env.SUPABASE_URL!,
+  process.env.SUPABASE_ANON_KEY!
+);
+
+export async function deleteOwnUser(userId: string, accessToken: string) {
+  const client = createClient(
+    process.env.SUPABASE_URL!,
+    process.env.SUPABASE_ANON_KEY!,
+    { global: { headers: { Authorization: \`Bearer \${accessToken}\` } } }
+  );
+  return client.from('users').delete().eq('id', userId);
+}
+`,
+            },
+        ],
+        expectedFindings: [
+            {
+                file: "lib/supabase.ts",
+                line: 10,
+                severity: "high",
+                category: "rls-bypass",
+                cweId: "CWE-639",
+                description: "Service role key usage bypasses RLS policies",
+                isVulnerable: true,
+            },
+        ],
+        tags: ["supabase", "rls", "authorization"],
+    },
+];
 /**
  * All fixtures combined
  */
@@ -533,6 +958,11 @@ export const ALL_FIXTURES = [
     ...typeSafetyFixtures,
     ...authFixtures,
     ...pathTraversalFixtures,
+    ...commandInjectionFixtures,
+    ...ssrfFixtures,
+    ...xxeFixtures,
+    ...insecureDeserializationFixtures,
+    ...rlsBypassFixtures,
 ];
 /**
  * Get fixtures by category

package/dist/eval/fixtures.js.map

@@ -1 +1 @@
-{"version":3,"file":"fixtures.js","sourceRoot":"","sources":["../../src/eval/fixtures.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAkB;IACjD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;CAehB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,wCAAwC;gBACrD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;KACpC;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;CAahB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,oCAAoC;gBACjD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,kCAAkC;gBAC/C,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,WAAW,EAAE,kBAAkB,CAAC;KACxC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAkB;IACxC;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;CAyBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,OAAO,EAAE,KAAK,CAAC;KACvC;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;CAoBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,mBAAmB;gBAChC,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,wBAAwB;gBACrC,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAkB;IAC5C;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;CAYhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,0BAA0B;gBACvC,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,6BAA6B;gBAC1C,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,wBAAwB;gBACrC,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;KACjC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;CAOhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,uBAAuB;gBACpC,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,sBAAsB;gBACnC,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;KACjC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAkB;IAC/C;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,yCAAyC;gBACtD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,8BAA8B;gBAC3C,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,YAAY,EAAE,aAAa,CAAC;KACpC;IACD;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;CAUhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,mCAAmC;gBAChD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,yCAAyC;gBACtD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KACrC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,aAAa;gBACvB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,qDAAqD;gBAClE,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,gBAAgB,CAAC;KACjC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAkB;IAClD;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;CAqBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,gBAAgB;gBAC1B,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,sCAAsC;gBACnD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,gBAAgB;gBAC1B,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,yCAAyC;gBACtD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,gBAAgB,CAAC;KACzC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,GAAG,oBAAoB;IACvB,GAAG,WAAW;IACd,GAAG,eAAe;IAClB,GAAG,kBAAkB;IACrB,GAAG,YAAY;IACf,GAAG,qBAAqB;CACzB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAK7B,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACvE,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC;IACnD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,YAAY,CAAC,MAAM;QAC1B,UAAU;QACV,aAAa;KACd,CAAC;AACJ,CAAC"}
+{"version":3,"file":"fixtures.js","sourceRoot":"","sources":["../../src/eval/fixtures.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAkB;IACjD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;CAehB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,wCAAwC;gBACrD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC;KACpC;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,eAAe;QACzB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;CAahB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,oCAAoC;gBACjD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,kCAAkC;gBAC/C,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,WAAW,EAAE,kBAAkB,CAAC;KACxC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAkB;IACxC;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;CAyBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,iCAAiC;gBAC9C,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,OAAO,EAAE,KAAK,CAAC;KACvC;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,8BAA8B;QAC3C,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,YAAY;gBAClB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;CAoBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,mBAAmB;gBAChC,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,wBAAwB;gBACrC,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,SAAS,CAAC;KAClB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAkB;IAC5C;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,wCAAwC;QACrD,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;CAYhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,0BAA0B;gBACvC,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,6BAA6B;gBAC1C,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,wBAAwB;gBACrC,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;KACjC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,wBAAwB;QACrC,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,SAAS;gBACf,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;CAOhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,uBAAuB;gBACpC,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,SAAS;gBACnB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,sBAAsB;gBACnC,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC;KACjC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAkB;IAC/C;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,yCAAyC;gBACtD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,aAAa;gBACnB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,8BAA8B;gBAC3C,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,YAAY,EAAE,aAAa,CAAC;KACpC;IACD;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;CAUhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,mCAAmC;gBAChD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,KAAK;gBACf,QAAQ,EAAE,aAAa;gBACvB,WAAW,EAAE,yCAAyC;gBACtD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KACrC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,aAAa;QACvB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,aAAa;gBACvB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,qDAAqD;gBAClE,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,gBAAgB,CAAC;KACjC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAkB;IAClD;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,gBAAgB;QAC1B,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,UAAU;gBAChB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;CAqBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,gBAAgB;gBAC1B,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,sCAAsC;gBACnD,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,gBAAgB;gBAC1B,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,yCAAyC;gBACtD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,gBAAgB,CAAC;KACzC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAkB;IACrD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,mBAAmB;QAC7B,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;CAYhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,mBAAmB;gBAC7B,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,gDAAgD;gBAC7D,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,eAAe,CAAC;KACrD;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,uDAAuD;QACpE,QAAQ,EAAE,mBAAmB;QAC7B,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,oBAAoB;gBAC1B,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;CAWhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,oBAAoB;gBAC1B,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,mBAAmB;gBAC7B,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,uCAAuC;gBACpD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC;KAC7B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;CAehB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,uCAAuC;gBACpD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,qBAAqB;gBAC3B,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,qBAAqB;gBAC3B,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,kCAAkC;gBAC/C,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;KAC3B;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAkB;IACxC;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,iDAAiD;QACvD,WAAW,EAAE,2CAA2C;QACxD,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;QACf,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;CAkBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,KAAK;gBACf,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,qCAAqC;gBAClD,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,cAAc,EAAE,KAAK,EAAE,KAAK,CAAC;KACrC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAkB;IAC5D;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE,0BAA0B;QACpC,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;CAchB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,0BAA0B;gBACpC,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,iCAAiC;gBAC9C,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,0BAA0B;gBACpC,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,iDAAiD;gBAC9D,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,iBAAiB,EAAE,MAAM,CAAC;KAClC;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,0BAA0B;QACpC,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;CAchB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,kBAAkB;gBACxB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,0BAA0B;gBACpC,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,8CAA8C;gBAC3D,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,iBAAiB,EAAE,MAAM,CAAC;KAClC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAkB;IAC9C;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,uCAAuC;QAC7C,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,YAAY;QACtB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;;CAmBhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,kBAAkB;gBACxB,IAAI,EAAE,CAAC;gBACP,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,YAAY;gBACtB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,qDAAqD;gBAClE,YAAY,EAAE,IAAI;aACnB;YACD;gBACE,IAAI,EAAE,kBAAkB;gBACxB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,YAAY;gBACtB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,6CAA6C;gBAC1D,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,eAAe,CAAC;KAClD;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,8CAA8C;QAC3D,QAAQ,EAAE,YAAY;QACtB,MAAM,EAAE,QAAQ;QAChB,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,YAAY;gBACtB,OAAO,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2BhB;aACM;SACF;QACD,gBAAgB,EAAE;YAChB;gBACE,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,EAAE;gBACR,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,YAAY;gBACtB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,8CAA8C;gBAC3D,YAAY,EAAE,IAAI;aACnB;SACF;QACD,IAAI,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,CAAC;KAC3C;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,GAAG,oBAAoB;IACvB,GAAG,WAAW;IACd,GAAG,eAAe;IAClB,GAAG,kBAAkB;IACrB,GAAG,YAAY;IACf,GAAG,qBAAqB;IACxB,GAAG,wBAAwB;IAC3B,GAAG,YAAY;IACf,GAAG,WAAW;IACd,GAAG,+BAA+B;IAClC,GAAG,iBAAiB;CACrB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,EAAU;IACvC,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAK7B,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;QACnC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACvE,aAAa,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC;IACnD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,YAAY,CAAC,MAAM;QAC1B,UAAU;QACV,aAAa;KACd,CAAC;AACJ,CAAC"}

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAwPpE;;GAEG;AACH,iBAAS,YAAY,CAAC,IAAI,EAAE,MAAM;;;;;EAIjC;AAED;;GAEG;AACH,iBAAS,YAAY,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC;;;;;;EAK/D;AAED;;GAEG;AACH,iBAAS,aAAa,CAAC,OAAO,EAAE,MAAM;;;;;EAIrC;AA+CD,QAAA,MAAM,MAAM,WAGV,CAAC;AAghKH,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAiQpE;;GAEG;AACH,iBAAS,YAAY,CAAC,IAAI,EAAE,MAAM;;;;;EAIjC;AAED;;GAEG;AACH,iBAAS,YAAY,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC;;;;;;EAK/D;AAED;;GAEG;AACH,iBAAS,aAAa,CAAC,OAAO,EAAE,MAAM;;;;;EAIrC;AA+CD,QAAA,MAAM,MAAM,WAGV,CAAC;AAkoKH,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC"}

package/dist/index.js

@@ -46,6 +46,9 @@ import { getTracker, formatCost, formatTokens, estimateCost, getSupportedModels,
 import { getRunner, DEFAULT_MODELS, formatProvider, } from "./multimodel/index.js";
 // Path validation utilities
 import { validateProjectPath, PathValidationError } from "./util/paths.js";
+// Telemetry and scan registry
+import { trackCertificationStarted, trackCertificationCompleted, trackScannerRun, } from "./telemetry/usage.js";
+import { getRegistry } from "./telemetry/registry.js";
 // ---------------------------------------------------------------------------
 // Config
 // ---------------------------------------------------------------------------
@@ -755,6 +758,12 @@ server.registerTool("certification_scan", {
         project: basename(project_path),
     });
     scanLogger.info("scanners.starting", { scanners, auto_detect });
+    const startTime = Date.now();
+    // Track scan start via telemetry
+    const scannersToRun = auto_detect
+        ? ["auto-detect"]
+        : Object.entries(scanners || {}).filter(([, v]) => v).map(([k]) => k);
+    await trackCertificationStarted(project_path, scannersToRun, [], auto_detect ? "auto" : "manual");
     // Use auto-detection or manual scanner selection
     let result;
     let detectedLanguages;
@@ -768,6 +777,24 @@ server.registerTool("certification_scan", {
     else {
         result = await runAllScanners(project_path, scanners);
     }
+    // Track scanner runs in telemetry
+    for (const scanner of Object.keys(result.byScanner)) {
+        await trackScannerRun(project_path, scanner, result.totalDuration / Object.keys(result.byScanner).length, // Approximate per-scanner duration
+        result.byScanner[scanner] || 0, !result.failedScanners.includes(scanner));
+    }
+    // Record scan in registry for analytics
+    const registry = getRegistry();
+    await registry.recordScan({
+        certificationId: certification_id,
+        projectPath: project_path,
+        scanDate: new Date().toISOString(),
+        duration: Date.now() - startTime,
+        findingsSummary: result.bySeverity,
+        totalFindings: result.totalFindings,
+        scannersRun: Object.keys(result.byScanner),
+        frameworksAssessed: [],
+        success: result.allSucceeded,
+    });
     // If certification_id provided and submit_findings is true, submit to certification
     if (certification_id && submit_findings && result.totalFindings > 0) {
         const certFindings = scannerFindingsToCertificationFindings(result);
@@ -1579,6 +1606,7 @@ server.registerTool("certification_finalize", {
     },
 }, async ({ project_path, certification_id }) => {
     const certLogger = createChildLogger({ certId: certification_id, project: basename(project_path) });
+    const startTime = Date.now();
     const certification = await getCertification(project_path, certification_id);
     if (!certification) {
         certLogger.warn("certification.not_found");
@@ -1604,6 +1632,36 @@ server.registerTool("certification_finalize", {
     }
     // Generate artifacts
     const artifacts = await writeCertificationArtifacts(project_path, finalCert);
+    // Track certification completion via telemetry
+    const severityCounts = { critical: 0, high: 0, medium: 0, low: 0, info: 0 };
+    let totalFindings = 0;
+    for (const agentType of Object.keys(certification.agents || {})) {
+        const agent = certification.agents[agentType];
+        if (agent?.findings) {
+            for (const finding of agent.findings) {
+                severityCounts[finding.severity]++;
+                totalFindings++;
+            }
+        }
+    }
+    await trackCertificationCompleted(project_path, certification_id, finalCert.consensus?.certification_level || "BLOCKED", finalCert.consensus?.overall_score || 0, Date.now() - new Date(certification.metadata.started_at).getTime(), severityCounts, totalFindings, [] // frameworks
+    );
+    // Record in registry
+    const registry = getRegistry();
+    await registry.recordScan({
+        certificationId: certification_id,
+        projectPath: project_path,
+        scanDate: new Date().toISOString(),
+        level: finalCert.consensus?.certification_level || "BLOCKED",
+        score: finalCert.consensus?.overall_score || 0,
+        duration: Date.now() - startTime,
+        findingsSummary: severityCounts,
+        totalFindings,
+        scannersRun: Object.keys(certification.agents || {}),
+        frameworksAssessed: [],
+        success: true,
+        tags: ["certification-finalized"],
+    });
     certLogger.info("certification.finalized", {
         level: finalCert.consensus?.certification_level,
         score: finalCert.consensus?.overall_score,
@@ -3625,7 +3683,11 @@ Maps findings to AI compliance frameworks (OWASP LLM, NIST AI RMF, EU AI Act).`,
     if (!authorized) {
         return errorResponse("Agent scanning requires explicit authorization. Set authorized=true to confirm you have permission to scan this target.");
     }
+    const startTime = Date.now();
     try {
+        // Track scan start via telemetry
+        const enabledScanners = scanners || AGENT_SCANNER_TYPES;
+        await trackCertificationStarted(target, enabledScanners, frameworks || [], "agent-cert");
         // Build scan target
         const scanTarget = {};
         if (target.startsWith("http://") || target.startsWith("https://")) {
@@ -3641,7 +3703,6 @@ Maps findings to AI compliance frameworks (OWASP LLM, NIST AI RMF, EU AI Act).`,
             scanTarget.npmPackage = target;
         }
         // Build scanner options
-        const enabledScanners = scanners || AGENT_SCANNER_TYPES;
         const scannerFlags = {
             manifestAudit: enabledScanners.includes("manifest-audit"),
             toolDrift: enabledScanners.includes("tool-description-drift"),
@@ -3680,6 +3741,28 @@ Maps findings to AI compliance frameworks (OWASP LLM, NIST AI RMF, EU AI Act).`,
         }
         // Generate summary
         const summary = generateAgentScannerSummary(result);
+        // Record scan in registry for analytics
+        const registry = getRegistry();
+        await registry.recordScan({
+            certificationId: certification_id,
+            projectPath: target,
+            scanDate: new Date().toISOString(),
+            level: result.certificationReadiness === "ready" ? "CERTIFIED"
+                : result.certificationReadiness === "needs-review" ? "REVIEW_REQUIRED"
+                    : "BLOCKED",
+            score: 100 - result.riskScore,
+            duration: Date.now() - startTime,
+            findingsSummary: result.bySeverity,
+            totalFindings: result.totalFindings,
+            scannersRun: result.scanners.map((s) => s.scanner),
+            frameworksAssessed: frameworks || [],
+            success: result.allSucceeded,
+            tags: ["agent-cert", "mcp-security"],
+        });
+        // Track individual scanner runs
+        for (const scanner of result.scanners) {
+            await trackScannerRun(target, scanner.scanner, scanner.duration || 0, scanner.findings.length, scanner.success);
+        }
         return jsonResponse({
             success: result.allSucceeded,
             target,