vaspera 2.9.0 → 2.10.0

package/dist/__tests__/scanners/fp-tracker.test.js

@@ -0,0 +1,262 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdir, rm } from "fs/promises";
+import { join } from "path";
+import { tmpdir } from "os";
+import { loadTrackingData, saveTrackingData, markFalsePositive, markTruePositive, adjustFindingConfidence, generateFPReport, } from "../../scanners/fp-tracker.js";
+describe("fp-tracker", () => {
+    let testDir;
+    beforeEach(async () => {
+        testDir = join(tmpdir(), `fp-tracker-test-${Date.now()}`);
+        await mkdir(testDir, { recursive: true });
+    });
+    afterEach(async () => {
+        try {
+            await rm(testDir, { recursive: true, force: true });
+        }
+        catch {
+            // Ignore cleanup errors
+        }
+    });
+    describe("loadTrackingData", () => {
+        it("returns default data for new project", async () => {
+            const data = await loadTrackingData(testDir);
+            expect(data.version).toBe("1.0.0");
+            expect(data.projectPath).toBe(testDir);
+            expect(Object.keys(data.scanners)).toHaveLength(0);
+            expect(data.globalStats.totalFindings).toBe(0);
+        });
+        it("loads existing data", async () => {
+            // First save some data
+            const initialData = await loadTrackingData(testDir);
+            initialData.globalStats.totalFindings = 10;
+            await saveTrackingData(testDir, initialData);
+            // Then load it
+            const loadedData = await loadTrackingData(testDir);
+            expect(loadedData.globalStats.totalFindings).toBe(10);
+        });
+    });
+    describe("markFalsePositive", () => {
+        it("returns undefined for non-existent scanner", async () => {
+            const result = await markFalsePositive(testDir, "semgrep", "some-rule");
+            expect(result).toBeUndefined();
+        });
+        it("updates FP metrics correctly", async () => {
+            // First create a scanner and rule entry
+            const data = await loadTrackingData(testDir);
+            data.scanners["semgrep"] = {
+                scanner: "semgrep",
+                totalRules: 1,
+                totalFindings: 5,
+                overallFPRate: 0,
+                overallTPRate: 1,
+                ruleMetrics: new Map([
+                    [
+                        "test-rule",
+                        {
+                            scanner: "semgrep",
+                            ruleId: "test-rule",
+                            totalReported: 5,
+                            confirmedTP: 2,
+                            confirmedFP: 0,
+                            pendingReview: 3,
+                            fpRate: 0,
+                            tpRate: 1,
+                            adjustmentFactor: 1,
+                            lastUpdated: new Date().toISOString(),
+                            severityDistribution: {},
+                        },
+                    ],
+                ]),
+            };
+            await saveTrackingData(testDir, data);
+            // Mark as FP
+            const result = await markFalsePositive(testDir, "semgrep", "test-rule");
+            expect(result).toBeDefined();
+            expect(result.confirmedFP).toBe(1);
+            expect(result.pendingReview).toBe(2);
+            expect(result.fpRate).toBeGreaterThan(0);
+        });
+    });
+    describe("markTruePositive", () => {
+        it("updates TP metrics correctly", async () => {
+            // First create a scanner and rule entry
+            const data = await loadTrackingData(testDir);
+            data.scanners["semgrep"] = {
+                scanner: "semgrep",
+                totalRules: 1,
+                totalFindings: 5,
+                overallFPRate: 0,
+                overallTPRate: 1,
+                ruleMetrics: new Map([
+                    [
+                        "test-rule",
+                        {
+                            scanner: "semgrep",
+                            ruleId: "test-rule",
+                            totalReported: 5,
+                            confirmedTP: 0,
+                            confirmedFP: 2,
+                            pendingReview: 3,
+                            fpRate: 1,
+                            tpRate: 0,
+                            adjustmentFactor: 0.1,
+                            lastUpdated: new Date().toISOString(),
+                            severityDistribution: {},
+                        },
+                    ],
+                ]),
+            };
+            await saveTrackingData(testDir, data);
+            // Mark as TP
+            const result = await markTruePositive(testDir, "semgrep", "test-rule");
+            expect(result).toBeDefined();
+            expect(result.confirmedTP).toBe(1);
+            expect(result.pendingReview).toBe(2);
+            expect(result.tpRate).toBeGreaterThan(0);
+        });
+    });
+    describe("adjustFindingConfidence", () => {
+        it("returns original confidence when no metrics", () => {
+            const finding = {
+                scanner: "semgrep",
+                ruleId: "test",
+                file: "test.ts",
+                line: 1,
+                message: "Test",
+                severity: "high",
+                confidence: 100,
+            };
+            const result = adjustFindingConfidence(finding, undefined);
+            expect(result).toBe(100);
+        });
+        it("reduces confidence for high FP rate rules", () => {
+            const finding = {
+                scanner: "semgrep",
+                ruleId: "test",
+                file: "test.ts",
+                line: 1,
+                message: "Test",
+                severity: "high",
+                confidence: 100,
+            };
+            const metrics = {
+                scanner: "semgrep",
+                ruleId: "test",
+                totalReported: 10,
+                confirmedTP: 2,
+                confirmedFP: 8,
+                pendingReview: 0,
+                fpRate: 0.8,
+                tpRate: 0.2,
+                adjustmentFactor: 0.28, // 1 - (0.8 * 0.9) = 0.28
+                lastUpdated: new Date().toISOString(),
+                severityDistribution: {},
+            };
+            const result = adjustFindingConfidence(finding, metrics);
+            expect(result).toBeLessThan(100);
+            expect(result).toBe(28);
+        });
+        it("maintains confidence for low FP rate rules", () => {
+            const finding = {
+                scanner: "semgrep",
+                ruleId: "test",
+                file: "test.ts",
+                line: 1,
+                message: "Test",
+                severity: "high",
+                confidence: 100,
+            };
+            const metrics = {
+                scanner: "semgrep",
+                ruleId: "test",
+                totalReported: 10,
+                confirmedTP: 9,
+                confirmedFP: 1,
+                pendingReview: 0,
+                fpRate: 0.1,
+                tpRate: 0.9,
+                adjustmentFactor: 0.91, // 1 - (0.1 * 0.9) = 0.91
+                lastUpdated: new Date().toISOString(),
+                severityDistribution: {},
+            };
+            const result = adjustFindingConfidence(finding, metrics);
+            expect(result).toBeGreaterThan(90);
+        });
+        it("clamps confidence to valid range", () => {
+            const finding = {
+                scanner: "semgrep",
+                ruleId: "test",
+                file: "test.ts",
+                line: 1,
+                message: "Test",
+                severity: "high",
+                confidence: 100,
+            };
+            const metrics = {
+                scanner: "semgrep",
+                ruleId: "test",
+                totalReported: 10,
+                confirmedTP: 0,
+                confirmedFP: 10,
+                pendingReview: 0,
+                fpRate: 1.0,
+                tpRate: 0,
+                adjustmentFactor: 0.1, // Minimum
+                lastUpdated: new Date().toISOString(),
+                severityDistribution: {},
+            };
+            const result = adjustFindingConfidence(finding, metrics);
+            expect(result).toBeGreaterThanOrEqual(1);
+            expect(result).toBeLessThanOrEqual(100);
+        });
+    });
+    describe("generateFPReport", () => {
+        it("generates empty report for new project", async () => {
+            const report = await generateFPReport(testDir);
+            expect(report.summary.totalScanners).toBe(0);
+            expect(report.summary.totalRules).toBe(0);
+            expect(report.highFPRules).toHaveLength(0);
+        });
+        it("includes recommendations for high FP rates", async () => {
+            // Create data with high FP rate
+            const data = await loadTrackingData(testDir);
+            data.scanners["semgrep"] = {
+                scanner: "semgrep",
+                totalRules: 1,
+                totalFindings: 20,
+                overallFPRate: 0.8,
+                overallTPRate: 0.2,
+                ruleMetrics: new Map([
+                    [
+                        "high-fp-rule",
+                        {
+                            scanner: "semgrep",
+                            ruleId: "high-fp-rule",
+                            totalReported: 20,
+                            confirmedTP: 4,
+                            confirmedFP: 16,
+                            pendingReview: 0,
+                            fpRate: 0.8,
+                            tpRate: 0.2,
+                            adjustmentFactor: 0.28,
+                            lastUpdated: new Date().toISOString(),
+                            severityDistribution: {},
+                        },
+                    ],
+                ]),
+            };
+            data.globalStats = {
+                totalFindings: 20,
+                totalTP: 4,
+                totalFP: 16,
+                totalPending: 0,
+                overallAccuracy: 0.2,
+            };
+            await saveTrackingData(testDir, data);
+            const report = await generateFPReport(testDir, { minSampleSize: 5 });
+            expect(report.highFPRules.length).toBeGreaterThan(0);
+            expect(report.recommendations.length).toBeGreaterThan(0);
+        });
+    });
+});
+//# sourceMappingURL=fp-tracker.test.js.map

package/dist/__tests__/scanners/fp-tracker.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fp-tracker.test.js","sourceRoot":"","sources":["../../../src/__tests__/scanners/fp-tracker.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,gBAAgB,EAChB,uBAAuB,EACvB,gBAAgB,GAEjB,MAAM,8BAA8B,CAAC;AAItC,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,IAAI,OAAe,CAAC;IAEpB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,mBAAmB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAE7C,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACnD,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qBAAqB,EAAE,KAAK,IAAI,EAAE;YACnC,uBAAuB;YACvB,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACpD,WAAW,CAAC,WAAW,CAAC,aAAa,GAAG,EAAE,CAAC;YAC3C,MAAM,gBAAgB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAE7C,eAAe;YACf,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAEnD,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,MAAM,MAAM,GAAG,MAAM,iBAAiB,CACpC,OAAO,EACP,SAAwB,EACxB,WAAW,CACZ,CAAC;YAEF,MAAM,CAAC,MAAM,CAAC,CAAC,aAAa,EAAE,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,wCAAwC;YACxC,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG;gBACzB,OAAO,EAAE,SAAwB;gBACjC,UAAU,EAAE,CAAC;gBACb,aAAa,EAAE,CAAC;gBAChB,aAAa,EAAE,CAAC;gBAChB,aAAa,EAAE,CAAC;gBAChB,WAAW,EAAE,IAAI,GAAG,CAAC;oBACnB;wBACE,WAAW;wBACX;4BACE,OAAO,EAAE,SAAwB;4BACjC,MAAM,EAAE,WAAW;4BACnB,aAAa,EAAE,CAAC;4BAChB,WAAW,EAAE,CAAC;4BACd,WAAW,EAAE,CAAC;4BACd,aAAa,EAAE,CAAC;4BAChB,MAAM,EAAE,CAAC;4BACT,MAAM,EAAE,CAAC;4BACT,gBAAgB,EAAE,CAAC;4BACnB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;4BACrC,oBAAoB,EAAE,EAAE;yBACzB;qBACF;iBACF,CAAC;aACH,CAAC;YACF,MAAM,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAEtC,aAAa;YACb,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,EAAE,SAAwB,EAAE,WAAW,CAAC,CAAC;YAEvF,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7B,MAAM,CAAC,MAAO,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,CAAC,MAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtC,MAAM,CAAC,MAAO,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC5C,wCAAwC;YACxC,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG;gBACzB,OAAO,EAAE,SAAwB;gBACjC,UAAU,EAAE,CAAC;gBACb,aAAa,EAAE,CAAC;gBAChB,aAAa,EAAE,CAAC;gBAChB,aAAa,EAAE,CAAC;gBAChB,WAAW,EAAE,IAAI,GAAG,CAAC;oBACnB;wBACE,WAAW;wBACX;4BACE,OAAO,EAAE,SAAwB;4BACjC,MAAM,EAAE,WAAW;4BACnB,aAAa,EAAE,CAAC;4BAChB,WAAW,EAAE,CAAC;4BACd,WAAW,EAAE,CAAC;4BACd,aAAa,EAAE,CAAC;4BAChB,MAAM,EAAE,CAAC;4BACT,MAAM,EAAE,CAAC;4BACT,gBAAgB,EAAE,GAAG;4BACrB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;4BACrC,oBAAoB,EAAE,EAAE;yBACzB;qBACF;iBACF,CAAC;aACH,CAAC;YACF,MAAM,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAEtC,aAAa;YACb,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,SAAwB,EAAE,WAAW,CAAC,CAAC;YAEtF,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7B,MAAM,CAAC,MAAO,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,CAAC,MAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtC,MAAM,CAAC,MAAO,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,OAAO,GAAyB;gBACpC,OAAO,EAAE,SAAwB;gBACjC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,MAAkB;gBAC5B,UAAU,EAAE,GAAG;aAChB,CAAC;YAEF,MAAM,MAAM,GAAG,uBAAuB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAE3D,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,OAAO,GAAyB;gBACpC,OAAO,EAAE,SAAwB;gBACjC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,MAAkB;gBAC5B,UAAU,EAAE,GAAG;aAChB,CAAC;YAEF,MAAM,OAAO,GAAgB;gBAC3B,OAAO,EAAE,SAAwB;gBACjC,MAAM,EAAE,MAAM;gBACd,aAAa,EAAE,EAAE;gBACjB,WAAW,EAAE,CAAC;gBACd,WAAW,EAAE,CAAC;gBACd,aAAa,EAAE,CAAC;gBAChB,MAAM,EAAE,GAAG;gBACX,MAAM,EAAE,GAAG;gBACX,gBAAgB,EAAE,IAAI,EAAE,yBAAyB;gBACjD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,oBAAoB,EAAE,EAAE;aACzB,CAAC;YAEF,MAAM,MAAM,GAAG,uBAAuB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,OAAO,GAAyB;gBACpC,OAAO,EAAE,SAAwB;gBACjC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,MAAkB;gBAC5B,UAAU,EAAE,GAAG;aAChB,CAAC;YAEF,MAAM,OAAO,GAAgB;gBAC3B,OAAO,EAAE,SAAwB;gBACjC,MAAM,EAAE,MAAM;gBACd,aAAa,EAAE,EAAE;gBACjB,WAAW,EAAE,CAAC;gBACd,WAAW,EAAE,CAAC;gBACd,aAAa,EAAE,CAAC;gBAChB,MAAM,EAAE,GAAG;gBACX,MAAM,EAAE,GAAG;gBACX,gBAAgB,EAAE,IAAI,EAAE,yBAAyB;gBACjD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,oBAAoB,EAAE,EAAE;aACzB,CAAC;YAEF,MAAM,MAAM,GAAG,uBAAuB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,OAAO,GAAyB;gBACpC,OAAO,EAAE,SAAwB;gBACjC,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,MAAM;gBACf,QAAQ,EAAE,MAAkB;gBAC5B,UAAU,EAAE,GAAG;aAChB,CAAC;YAEF,MAAM,OAAO,GAAgB;gBAC3B,OAAO,EAAE,SAAwB;gBACjC,MAAM,EAAE,MAAM;gBACd,aAAa,EAAE,EAAE;gBACjB,WAAW,EAAE,CAAC;gBACd,WAAW,EAAE,EAAE;gBACf,aAAa,EAAE,CAAC;gBAChB,MAAM,EAAE,GAAG;gBACX,MAAM,EAAE,CAAC;gBACT,gBAAgB,EAAE,GAAG,EAAE,UAAU;gBACjC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,oBAAoB,EAAE,EAAE;aACzB,CAAC;YAEF,MAAM,MAAM,GAAG,uBAAuB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAEzD,MAAM,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;QAChC,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAE/C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC1C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;YAC1D,gCAAgC;YAChC,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,GAAG;gBACzB,OAAO,EAAE,SAAwB;gBACjC,UAAU,EAAE,CAAC;gBACb,aAAa,EAAE,EAAE;gBACjB,aAAa,EAAE,GAAG;gBAClB,aAAa,EAAE,GAAG;gBAClB,WAAW,EAAE,IAAI,GAAG,CAAC;oBACnB;wBACE,cAAc;wBACd;4BACE,OAAO,EAAE,SAAwB;4BACjC,MAAM,EAAE,cAAc;4BACtB,aAAa,EAAE,EAAE;4BACjB,WAAW,EAAE,CAAC;4BACd,WAAW,EAAE,EAAE;4BACf,aAAa,EAAE,CAAC;4BAChB,MAAM,EAAE,GAAG;4BACX,MAAM,EAAE,GAAG;4BACX,gBAAgB,EAAE,IAAI;4BACtB,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;4BACrC,oBAAoB,EAAE,EAAE;yBACzB;qBACF;iBACF,CAAC;aACH,CAAC;YACF,IAAI,CAAC,WAAW,GAAG;gBACjB,aAAa,EAAE,EAAE;gBACjB,OAAO,EAAE,CAAC;gBACV,OAAO,EAAE,EAAE;gBACX,YAAY,EAAE,CAAC;gBACf,eAAe,EAAE,GAAG;aACrB,CAAC;YACF,MAAM,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAEtC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,EAAE,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC,CAAC;YAErE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Property-Based Tests for Endpoint Analyzer
+ *
+ * Tests invariants of extractPathParams and inferResourceType
+ * using fast-check property-based testing.
+ *
+ * @module __tests__/scanners/logic/endpoint-analyzer.property
+ */
+export {};
+//# sourceMappingURL=endpoint-analyzer.property.test.d.ts.map

package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoint-analyzer.property.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/endpoint-analyzer.property.test.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG"}

package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.js

@@ -0,0 +1,238 @@
+/**
+ * Property-Based Tests for Endpoint Analyzer
+ *
+ * Tests invariants of extractPathParams and inferResourceType
+ * using fast-check property-based testing.
+ *
+ * @module __tests__/scanners/logic/endpoint-analyzer.property
+ */
+import { describe, it } from "vitest";
+import * as fc from "fast-check";
+import { extractPathParams, inferResourceType, } from "../../../scanners/logic/endpoint-analyzer.js";
+import { arbitraries, expressPath, nextjsPath, flaskPath, springPath, uniqueParamNames, PARAM_DELIMITERS, containsAny, } from "../../property-test-helpers.js";
+describe("extractPathParams - Property Tests", () => {
+    describe("Invariants", () => {
+        it("always returns an array", () => {
+            fc.assert(fc.property(fc.string(), (path) => {
+                const result = extractPathParams(path);
+                return Array.isArray(result);
+            }));
+        });
+        it("never returns params containing delimiter characters", () => {
+            fc.assert(fc.property(fc.string(), (path) => {
+                const result = extractPathParams(path);
+                return result.every((param) => !containsAny(param, PARAM_DELIMITERS));
+            }));
+        });
+        it("is idempotent - same input always produces same output", () => {
+            fc.assert(fc.property(fc.string(), (path) => {
+                const r1 = extractPathParams(path);
+                const r2 = extractPathParams(path);
+                return JSON.stringify(r1) === JSON.stringify(r2);
+            }));
+        });
+        it("returns empty array for paths without parameter syntax", () => {
+            fc.assert(fc.property(fc.array(arbitraries.pathSegment, { minLength: 1, maxLength: 5 }), (segments) => {
+                // Build a path with no parameter syntax
+                const path = "/" + segments.join("/");
+                const result = extractPathParams(path);
+                return result.length === 0;
+            }));
+        });
+    });
+    describe("Express-style :param", () => {
+        it("extracts all colon-prefixed params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = expressPath(paramNames);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts correct number of params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = expressPath(paramNames);
+                const result = extractPathParams(path);
+                return result.length === paramNames.length;
+            }));
+        });
+    });
+    describe("Next.js-style [param]", () => {
+        it("extracts all bracket params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = nextjsPath(paramNames);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts correct number of params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = nextjsPath(paramNames);
+                const result = extractPathParams(path);
+                return result.length === paramNames.length;
+            }));
+        });
+    });
+    describe("Flask-style <param>", () => {
+        it("extracts all angle bracket params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = flaskPath(paramNames, false);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts params ignoring type hints", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = flaskPath(paramNames, true);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+    });
+    describe("Spring-style {param}", () => {
+        it("extracts all curly brace params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = springPath(paramNames);
+                const result = extractPathParams(path);
+                return paramNames.every((p) => result.includes(p));
+            }));
+        });
+        it("extracts correct number of params", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const path = springPath(paramNames);
+                const result = extractPathParams(path);
+                return result.length === paramNames.length;
+            }));
+        });
+    });
+    describe("Cross-framework consistency", () => {
+        it("all framework styles extract same param names", () => {
+            fc.assert(fc.property(uniqueParamNames, (paramNames) => {
+                if (paramNames.length === 0)
+                    return true;
+                const expressResult = new Set(extractPathParams(expressPath(paramNames)));
+                const nextjsResult = new Set(extractPathParams(nextjsPath(paramNames)));
+                const flaskResult = new Set(extractPathParams(flaskPath(paramNames)));
+                const springResult = new Set(extractPathParams(springPath(paramNames)));
+                // All should extract the same set of param names
+                const expected = new Set(paramNames);
+                const setsEqual = (a, b) => a.size === b.size && [...a].every((x) => b.has(x));
+                return (setsEqual(expressResult, expected) &&
+                    setsEqual(nextjsResult, expected) &&
+                    setsEqual(flaskResult, expected) &&
+                    setsEqual(springResult, expected));
+            }));
+        });
+    });
+});
+describe("inferResourceType - Property Tests", () => {
+    describe("Singularization properties", () => {
+        it("output is never longer than the resource segment", () => {
+            fc.assert(fc.property(arbitraries.pluralNoun, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                return result.length <= plural.length;
+            }));
+        });
+        it("returns undefined for empty or root paths", () => {
+            fc.assert(fc.property(fc.constantFrom("", "/", "//"), (path) => {
+                const result = inferResourceType(path);
+                return result === undefined;
+            }));
+        });
+        it("result does not end with 's' for regular plurals (with exceptions)", () => {
+            // Words like "users", "orders", "products" should become "user", "order", "product"
+            const regularPlurals = fc.constantFrom("users", "orders", "products", "items", "files", "posts");
+            fc.assert(fc.property(regularPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                // Regular plurals (ending in just 's') should be singularized
+                return !result.endsWith("s") || result.endsWith("ss");
+            }));
+        });
+        it("'-ies' endings become '-y'", () => {
+            const iesPlurals = fc.constantFrom("categories", "companies", "stories", "entries", "policies");
+            fc.assert(fc.property(iesPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                return result.endsWith("y");
+            }));
+        });
+        it("handles '-ses' endings correctly", () => {
+            const sesPlurals = fc.constantFrom("addresses", "statuses", "databases");
+            fc.assert(fc.property(sesPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                // "addresses" -> "address", "statuses" -> "status"
+                return !result.endsWith("es") || result === plural;
+            }));
+        });
+        it("handles '-xes', '-ches', '-shes' endings", () => {
+            const esPlurals = fc.constantFrom("boxes", "matches", "bushes", "taxes");
+            fc.assert(fc.property(esPlurals, (plural) => {
+                const path = `/api/${plural}`;
+                const result = inferResourceType(path);
+                if (!result)
+                    return true;
+                // These should drop "es" but keep the base
+                return result.length < plural.length;
+            }));
+        });
+        it("is idempotent after one application", () => {
+            fc.assert(fc.property(arbitraries.pluralNoun, (plural) => {
+                const path1 = `/api/${plural}`;
+                const result1 = inferResourceType(path1);
+                if (!result1)
+                    return true;
+                // Applying again (pluralizing then singularizing) should be stable
+                const path2 = `/api/${result1}s`;
+                const result2 = inferResourceType(path2);
+                // The second singularization should match the first
+                // (This tests stability, not exact equality since re-pluralizing changes the input)
+                return result2 !== undefined;
+            }));
+        });
+    });
+    describe("API path handling", () => {
+        it("extracts resource from standard API paths", () => {
+            fc.assert(fc.property(arbitraries.apiPrefix, arbitraries.pluralNoun, (prefix, resource) => {
+                const path = `${prefix}/${resource}`;
+                const result = inferResourceType(path);
+                // Should return something for valid paths
+                return result !== undefined || path === "/" || path === "";
+            }));
+        });
+        it("ignores numeric ID segments", () => {
+            fc.assert(fc.property(arbitraries.pluralNoun, fc.nat({ max: 9999 }), (resource, id) => {
+                const path = `/api/${resource}/${id}`;
+                const result = inferResourceType(path);
+                // Should extract the resource, not the ID
+                return result !== undefined && !/^\d+$/.test(result);
+            }));
+        });
+    });
+});
+//# sourceMappingURL=endpoint-analyzer.property.test.js.map

package/dist/__tests__/scanners/logic/endpoint-analyzer.property.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoint-analyzer.property.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/endpoint-analyzer.property.test.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAU,MAAM,QAAQ,CAAC;AAC9C,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,8CAA8C,CAAC;AACtD,OAAO,EACL,WAAW,EACX,WAAW,EACX,UAAU,EACV,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,GACZ,MAAM,gCAAgC,CAAC;AAExC,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC,CAAC;YACxE,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,EAAE,EAAE;gBAChC,MAAM,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACnC,MAAM,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACnC,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YACnD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;YAChE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CACT,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,EACjE,CAAC,QAAQ,EAAE,EAAE;gBACX,wCAAwC;gBACxC,MAAM,IAAI,GAAG,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;YAC7B,CAAC,CACF,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;gBACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;gBACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,CAAC;YAC7C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,CAAC;YAC7C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;gBAC1C,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gBACzC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,CAAC;YAC7C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;QAC3C,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,gBAAgB,EAAE,CAAC,UAAU,EAAE,EAAE;gBAC3C,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,IAAI,CAAC;gBAEzC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAC1E,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACxE,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACtE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBAExE,iDAAiD;gBACjD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;gBACrC,MAAM,SAAS,GAAG,CAAC,CAAc,EAAE,CAAc,EAAE,EAAE,CACnD,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAErD,OAAO,CACL,SAAS,CAAC,aAAa,EAAE,QAAQ,CAAC;oBAClC,SAAS,CAAC,YAAY,EAAE,QAAQ,CAAC;oBACjC,SAAS,CAAC,WAAW,EAAE,QAAQ,CAAC;oBAChC,SAAS,CAAC,YAAY,EAAE,QAAQ,CAAC,CAClC,CAAC;YACJ,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QAC1C,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBAC7C,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,OAAO,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC;YACxC,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE;gBACnD,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,OAAO,MAAM,KAAK,SAAS,CAAC;YAC9B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oEAAoE,EAAE,GAAG,EAAE;YAC5E,oFAAoF;YACpF,MAAM,cAAc,GAAG,EAAE,CAAC,YAAY,CACpC,OAAO,EACP,QAAQ,EACR,UAAU,EACV,OAAO,EACP,OAAO,EACP,OAAO,CACR,CAAC;YAEF,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE;gBACrC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,8DAA8D;gBAC9D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACxD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAChC,YAAY,EACZ,WAAW,EACX,SAAS,EACT,SAAS,EACT,UAAU,CACX,CAAC;YAEF,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBACjC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;YAEzE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBACjC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,mDAAmD;gBACnD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,MAAM,KAAK,MAAM,CAAC;YACrD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,SAAS,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEzE,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE;gBAChC,MAAM,IAAI,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,IAAI,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;gBACzB,2CAA2C;gBAC3C,OAAO,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;YACvC,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,EAAE;gBAC7C,MAAM,KAAK,GAAG,QAAQ,MAAM,EAAE,CAAC;gBAC/B,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBAEzC,IAAI,CAAC,OAAO;oBAAE,OAAO,IAAI,CAAC;gBAE1B,mEAAmE;gBACnE,MAAM,KAAK,GAAG,QAAQ,OAAO,GAAG,CAAC;gBACjC,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBAEzC,oDAAoD;gBACpD,oFAAoF;gBACpF,OAAO,OAAO,KAAK,SAAS,CAAC;YAC/B,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CACT,WAAW,CAAC,SAAS,EACrB,WAAW,CAAC,UAAU,EACtB,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBACnB,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,QAAQ,EAAE,CAAC;gBACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,0CAA0C;gBAC1C,OAAO,MAAM,KAAK,SAAS,IAAI,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;YAC7D,CAAC,CACF,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,EAAE,CAAC,MAAM,CACP,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAE;gBAC1E,MAAM,IAAI,GAAG,QAAQ,QAAQ,IAAI,EAAE,EAAE,CAAC;gBACtC,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACvC,0CAA0C;gBAC1C,OAAO,MAAM,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvD,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=endpoint-analyzer.test.d.ts.map

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoint-analyzer.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/endpoint-analyzer.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.js

@@ -0,0 +1,55 @@
+import { describe, it, expect } from "vitest";
+import { extractPathParams, inferResourceType, } from "../../../scanners/logic/endpoint-analyzer.js";
+describe("endpoint-analyzer", () => {
+    describe("extractPathParams", () => {
+        it("extracts Express-style colon params", () => {
+            const params = extractPathParams("/api/users/:id/posts/:postId");
+            expect(params).toContain("id");
+            expect(params).toContain("postId");
+        });
+        it("extracts Next.js-style bracket params", () => {
+            const params = extractPathParams("/api/users/[id]/posts/[postId]");
+            expect(params).toContain("id");
+            expect(params).toContain("postId");
+        });
+        it("extracts Flask/Django-style angle bracket params", () => {
+            const params = extractPathParams("/api/users/<id>/posts/<post_id:int>");
+            expect(params).toContain("id");
+            expect(params).toContain("post_id");
+        });
+        it("extracts Spring-style curly brace params", () => {
+            const params = extractPathParams("/api/users/{id}/posts/{postId}");
+            expect(params).toContain("id");
+            expect(params).toContain("postId");
+        });
+        it("returns empty array for paths without params", () => {
+            const params = extractPathParams("/api/users/all");
+            expect(params).toHaveLength(0);
+        });
+        it("handles mixed parameter styles", () => {
+            const params = extractPathParams("/api/:userId/[orderId]");
+            expect(params).toContain("userId");
+            expect(params).toContain("orderId");
+        });
+    });
+    describe("inferResourceType", () => {
+        it("infers resource from API path", () => {
+            expect(inferResourceType("/api/users")).toBe("user");
+            expect(inferResourceType("/api/v1/orders")).toBe("order");
+            expect(inferResourceType("/api/products/123")).toBe("product");
+        });
+        it("handles pluralized resources correctly", () => {
+            expect(inferResourceType("/api/categories")).toBe("category");
+            expect(inferResourceType("/api/companies")).toBe("company");
+            expect(inferResourceType("/api/addresses")).toBe("address");
+        });
+        it("extracts first resource segment from nested paths", () => {
+            // The function extracts the first resource segment after /api/v*
+            expect(inferResourceType("/api/v2/admin/users")).toBe("admin");
+        });
+        it("returns undefined for root paths", () => {
+            expect(inferResourceType("/")).toBeUndefined();
+        });
+    });
+});
+//# sourceMappingURL=endpoint-analyzer.test.js.map

package/dist/__tests__/scanners/logic/endpoint-analyzer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoint-analyzer.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/endpoint-analyzer.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,8CAA8C,CAAC;AAEtD,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,iBAAiB,CAAC,8BAA8B,CAAC,CAAC;YACjE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,iBAAiB,CAAC,gCAAgC,CAAC,CAAC;YACnE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,MAAM,GAAG,iBAAiB,CAAC,qCAAqC,CAAC,CAAC;YACxE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,MAAM,GAAG,iBAAiB,CAAC,gCAAgC,CAAC,CAAC;YACnE,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;YACnD,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,iBAAiB,CAAC,wBAAwB,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrD,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1D,MAAM,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC9D,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5D,MAAM,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,iEAAiE;YACjE,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QACjD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/scanners/logic/index.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.test.d.ts.map

package/dist/__tests__/scanners/logic/index.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.test.d.ts","sourceRoot":"","sources":["../../../../src/__tests__/scanners/logic/index.test.ts"],"names":[],"mappings":""}