webmcp-cli 1.2.2 → 1.2.3

package/dist/rules/security/SEC-009.js

@@ -0,0 +1,93 @@
+/**
+ * SEC-009: Cross-Origin Awareness
+ *
+ * Flags tools that send data to cross-origin destinations.
+ * This is informational — not necessarily bad, but agents should
+ * be aware of cross-origin data flow.
+ */
+import { createRuleResult } from '../runner.js';
+function extractDomain(url) {
+    try {
+        return new URL(url).hostname;
+    }
+    catch {
+        return null;
+    }
+}
+export const SEC_009 = {
+    id: 'SEC-009',
+    category: 'security',
+    name: 'Cross-Origin Awareness',
+    description: 'Tools that send data cross-origin should be flagged for awareness',
+    severity: 'info',
+    maxScore: 5,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-009', 5, {
+                passed: true,
+                score: 5,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const pageDomain = extractDomain(context.url);
+        const crossOriginTools = [];
+        for (const tool of tools) {
+            // Check declarative form actions
+            if (tool.formData?.formAction) {
+                const actionDomain = extractDomain(tool.formData.formAction);
+                if (actionDomain &&
+                    pageDomain &&
+                    actionDomain !== pageDomain &&
+                    !actionDomain.endsWith(`.${pageDomain}`)) {
+                    crossOriginTools.push({
+                        name: tool.name,
+                        target: actionDomain,
+                    });
+                    continue;
+                }
+            }
+            // Check execute source for cross-origin fetches
+            const src = tool.executeSource ?? '';
+            const urlRegex = /fetch\s*\(\s*['"`]([^'"`]+)['"`]/g;
+            let match;
+            while ((match = urlRegex.exec(src)) !== null) {
+                const url = match[1];
+                if (!url)
+                    continue;
+                const domain = extractDomain(url);
+                if (domain &&
+                    pageDomain &&
+                    domain !== pageDomain &&
+                    !domain.endsWith(`.${pageDomain}`) &&
+                    !url.startsWith('/')) {
+                    crossOriginTools.push({ name: tool.name, target: domain });
+                    break;
+                }
+            }
+        }
+        if (crossOriginTools.length === 0) {
+            return createRuleResult('SEC-009', 5, {
+                passed: true,
+                score: 5,
+                message: 'No cross-origin data flows detected',
+            });
+        }
+        // Informational — partial deduction only
+        const penalty = Math.min(crossOriginTools.length, 3);
+        const score = Math.max(0, 5 - penalty);
+        return createRuleResult('SEC-009', 5, {
+            passed: false,
+            score,
+            message: `${crossOriginTools.length} tool(s) send data cross-origin`,
+            details: crossOriginTools.map((t) => `Tool "${t.name}" sends data to cross-origin domain: ${t.target}`),
+            suggestions: [
+                'Document cross-origin data flows in the tool description',
+                'Consider whether cross-origin requests are necessary',
+                'Ensure user consent for data sent to third-party domains',
+            ],
+            affectedTools: crossOriginTools.map((t) => t.name),
+        });
+    },
+};
+//# sourceMappingURL=SEC-009.js.map

package/dist/rules/security/SEC-009.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-009.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-009.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EAAE,mEAAmE;IAChF,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC9C,MAAM,gBAAgB,GAAuC,EAAE,CAAC;QAEhE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,iCAAiC;YACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,CAAC;gBAC9B,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC7D,IACE,YAAY;oBACZ,UAAU;oBACV,YAAY,KAAK,UAAU;oBAC3B,CAAC,YAAY,CAAC,QAAQ,CAAC,IAAI,UAAU,EAAE,CAAC,EACxC,CAAC;oBACD,gBAAgB,CAAC,IAAI,CAAC;wBACpB,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,MAAM,EAAE,YAAY;qBACrB,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,mCAAmC,CAAC;YACrD,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC7C,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACrB,IAAI,CAAC,GAAG;oBAAE,SAAS;gBACnB,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;gBAClC,IACE,MAAM;oBACN,UAAU;oBACV,MAAM,KAAK,UAAU;oBACrB,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU,EAAE,CAAC;oBAClC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EACpB,CAAC;oBACD,gBAAgB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;oBAC3D,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,qCAAqC;aAC/C,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,gBAAgB,CAAC,MAAM,iCAAiC;YACpE,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,IAAI,wCAAwC,CAAC,CAAC,MAAM,EAAE,CACzE;YACD,WAAW,EAAE;gBACX,0DAA0D;gBAC1D,sDAAsD;gBACtD,0DAA0D;aAC3D;YACD,aAAa,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SACnD,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-010.d.ts

@@ -0,0 +1,8 @@
+/**
+ * SEC-010: Service Worker Isolation
+ *
+ * Checks that tools registered in a service worker context
+ * use clientInfo.sessionId for proper session isolation.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_010: Rule;

package/dist/rules/security/SEC-010.js

@@ -0,0 +1,78 @@
+/**
+ * SEC-010: Service Worker Isolation
+ *
+ * Checks that tools registered in a service worker context
+ * use clientInfo.sessionId for proper session isolation.
+ */
+import { createRuleResult } from '../runner.js';
+const SERVICE_WORKER_PATTERNS = [
+    /serviceWorker/,
+    /self\.addEventListener\s*\(\s*['"](?:fetch|install|activate)/,
+    /ServiceWorkerGlobalScope/,
+    /importScripts\s*\(/,
+];
+const SESSION_ISOLATION_PATTERNS = [
+    /clientInfo\.sessionId/,
+    /sessionId/,
+    /client\.id/,
+    /clientId/,
+];
+export const SEC_010 = {
+    id: 'SEC-010',
+    category: 'security',
+    name: 'Service Worker Isolation',
+    description: 'Service worker tools should use clientInfo.sessionId for session isolation',
+    severity: 'warning',
+    maxScore: 5,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-010', 5, {
+                passed: true,
+                score: 5,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        // Check scripts for service worker context
+        const hasServiceWorkerContext = (context.scripts ?? []).some((script) => SERVICE_WORKER_PATTERNS.some((p) => p.test(script.content)));
+        if (!hasServiceWorkerContext) {
+            return createRuleResult('SEC-010', 5, {
+                passed: true,
+                score: 5,
+                message: 'No service worker context detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of tools) {
+            const src = tool.executeSource ?? '';
+            if (src.length === 0)
+                continue;
+            const hasIsolation = SESSION_ISOLATION_PATTERNS.some((p) => p.test(src));
+            if (!hasIsolation) {
+                violations.push(tool.name);
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-010', 5, {
+                passed: true,
+                score: 5,
+                message: 'Service worker tools properly use session isolation',
+            });
+        }
+        const penalty = violations.length * 2;
+        const score = Math.max(0, 5 - penalty);
+        return createRuleResult('SEC-010', 5, {
+            passed: false,
+            score,
+            message: `${violations.length} service worker tool(s) lack session isolation`,
+            details: violations.map((name) => `Tool "${name}" in service worker context does not reference clientInfo.sessionId`),
+            suggestions: [
+                'Use clientInfo.sessionId to scope tool state per session',
+                'Service workers are shared across tabs — tools must isolate state',
+                'Example: const state = sessions.get(clientInfo.sessionId)',
+            ],
+            affectedTools: violations,
+        });
+    },
+};
+//# sourceMappingURL=SEC-010.js.map

package/dist/rules/security/SEC-010.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-010.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-010.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,uBAAuB,GAAG;IAC9B,eAAe;IACf,8DAA8D;IAC9D,0BAA0B;IAC1B,oBAAoB;CACrB,CAAC;AAEF,MAAM,0BAA0B,GAAG;IACjC,uBAAuB;IACvB,WAAW;IACX,YAAY;IACZ,UAAU;CACX,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,0BAA0B;IAChC,WAAW,EACT,4EAA4E;IAC9E,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,MAAM,uBAAuB,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACtE,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAC5D,CAAC;QAEF,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAC7B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,0DAA0D;aACpE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAE/B,MAAM,YAAY,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACzE,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,qDAAqD;aAC/D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,gDAAgD;YAC7E,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,SAAS,IAAI,qEAAqE,CACrF;YACD,WAAW,EAAE;gBACX,0DAA0D;gBAC1D,mEAAmE;gBACnE,2DAA2D;aAC5D;YACD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-011.d.ts

@@ -0,0 +1,8 @@
+/**
+ * SEC-011: Rate Limit Consideration
+ *
+ * Checks that repeatable tools (those that can be called many times)
+ * have some form of rate limiting or throttling to prevent abuse.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_011: Rule;

package/dist/rules/security/SEC-011.js

@@ -0,0 +1,93 @@
+/**
+ * SEC-011: Rate Limit Consideration
+ *
+ * Checks that repeatable tools (those that can be called many times)
+ * have some form of rate limiting or throttling to prevent abuse.
+ */
+import { createRuleResult } from '../runner.js';
+const RATE_LIMIT_PATTERNS = [
+    /rateLimit/i,
+    /throttle/i,
+    /debounce/i,
+    /cooldown/i,
+    /lastCall/i,
+    /callCount/i,
+    /Date\.now\s*\(\s*\)\s*-/,
+    /setTimeout/,
+    /setInterval/,
+    /maxCalls/i,
+    /requestsPerMinute/i,
+    /rateLimited/i,
+];
+const REPEATABLE_KEYWORDS = [
+    'search',
+    'query',
+    'find',
+    'list',
+    'fetch',
+    'get',
+    'load',
+    'filter',
+    'browse',
+    'lookup',
+    'check',
+    'send',
+    'submit',
+    'post',
+    'create',
+    'add',
+];
+export const SEC_011 = {
+    id: 'SEC-011',
+    category: 'security',
+    name: 'Rate Limit Consideration',
+    description: 'Repeatable tools should have rate limiting or throttling',
+    severity: 'info',
+    maxScore: 5,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-011', 5, {
+                passed: true,
+                score: 5,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of tools) {
+            const nameAndDesc = `${tool.name} ${tool.description}`.toLowerCase();
+            const isRepeatable = REPEATABLE_KEYWORDS.some((kw) => new RegExp(`\\b${kw}\\b`).test(nameAndDesc));
+            if (!isRepeatable)
+                continue;
+            const src = tool.executeSource ?? '';
+            if (src.length === 0)
+                continue;
+            const hasRateLimit = RATE_LIMIT_PATTERNS.some((p) => p.test(src));
+            if (!hasRateLimit) {
+                violations.push(tool.name);
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-011', 5, {
+                passed: true,
+                score: 5,
+                message: 'Repeatable tools have rate limiting considerations',
+            });
+        }
+        const penalty = Math.min(violations.length, 5);
+        const score = Math.max(0, 5 - penalty);
+        return createRuleResult('SEC-011', 5, {
+            passed: false,
+            score,
+            message: `${violations.length} repeatable tool(s) lack rate limiting`,
+            details: violations.map((name) => `Tool "${name}" is repeatable but has no visible rate limiting`),
+            suggestions: [
+                'Add rate limiting or throttling to tools that can be called repeatedly',
+                'Consider using debounce/throttle for search and query tools',
+                'Track call frequency and reject excessive requests',
+            ],
+            affectedTools: violations,
+        });
+    },
+};
+//# sourceMappingURL=SEC-011.js.map

package/dist/rules/security/SEC-011.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-011.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-011.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,mBAAmB,GAAG;IAC1B,YAAY;IACZ,WAAW;IACX,WAAW;IACX,WAAW;IACX,WAAW;IACX,YAAY;IACZ,yBAAyB;IACzB,YAAY;IACZ,aAAa;IACb,WAAW;IACX,oBAAoB;IACpB,cAAc;CACf,CAAC;AAEF,MAAM,mBAAmB,GAAG;IAC1B,QAAQ;IACR,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,KAAK;IACL,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,KAAK;CACN,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,0BAA0B;IAChC,WAAW,EAAE,0DAA0D;IACvE,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,WAAW,EAAE,CAAC;YACrE,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CACnD,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAC5C,CAAC;YAEF,IAAI,CAAC,YAAY;gBAAE,SAAS;YAE5B,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YACrC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAE/B,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAClE,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,oDAAoD;aAC9D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,wCAAwC;YACrE,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,IAAI,kDAAkD,CAC1E;YACD,WAAW,EAAE;gBACX,wEAAwE;gBACxE,6DAA6D;gBAC7D,oDAAoD;aACrD;YACD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-012.d.ts

@@ -0,0 +1,8 @@
+/**
+ * SEC-012: Autosubmit Safety
+ *
+ * Checks that forms with toolautosubmit don't perform sensitive actions
+ * like payments, account deletion, or other critical operations.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_012: Rule;

package/dist/rules/security/SEC-012.js

@@ -0,0 +1,79 @@
+/**
+ * SEC-012: Autosubmit Safety
+ *
+ * Checks that forms with toolautosubmit don't perform sensitive actions
+ * like payments, account deletion, or other critical operations.
+ */
+import { createRuleResult } from '../runner.js';
+const SENSITIVE_ACTION_PATTERNS = [
+    /\bpay\b/i,
+    /\bpurchase\b/i,
+    /\bcheckout\b/i,
+    /\bbuy\b/i,
+    /\bdelete\b/i,
+    /\bremove\b/i,
+    /\bdestroy\b/i,
+    /\btransfer\b/i,
+    /\bcancel\b/i,
+    /\bterminate\b/i,
+    /\bsubscribe\b/i,
+    /\bunsubscribe\b/i,
+    /\bpassword\b/i,
+    /\baccount\b.*\b(?:close|deactivate)\b/i,
+];
+export const SEC_012 = {
+    id: 'SEC-012',
+    category: 'security',
+    name: 'Autosubmit Safety',
+    description: 'Forms with toolautosubmit should not perform sensitive actions without confirmation',
+    severity: 'critical',
+    maxScore: 10,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-012', 10, {
+                passed: true,
+                score: 10,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const autosubmitTools = tools.filter((t) => t.source === 'declarative' && t.formData?.autosubmit === true);
+        if (autosubmitTools.length === 0) {
+            return createRuleResult('SEC-012', 10, {
+                passed: true,
+                score: 10,
+                message: 'No autosubmit forms detected',
+            });
+        }
+        const violations = [];
+        for (const tool of autosubmitTools) {
+            const textToCheck = `${tool.name} ${tool.description} ${tool.formData?.formAction ?? ''}`;
+            const isSensitive = SENSITIVE_ACTION_PATTERNS.some((p) => p.test(textToCheck));
+            if (isSensitive) {
+                violations.push(tool.name);
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-012', 10, {
+                passed: true,
+                score: 10,
+                message: 'Autosubmit forms do not perform sensitive actions',
+            });
+        }
+        const penalty = violations.length * 5;
+        const score = Math.max(0, 10 - penalty);
+        return createRuleResult('SEC-012', 10, {
+            passed: false,
+            score,
+            message: `${violations.length} autosubmit form(s) perform sensitive actions`,
+            details: violations.map((name) => `Form tool "${name}" has toolautosubmit but performs a sensitive action`),
+            suggestions: [
+                'Remove toolautosubmit from forms that perform destructive or financial actions',
+                'Use a confirmation step before sensitive operations',
+                'Autosubmit is designed for safe, repeatable operations like search or filter',
+            ],
+            affectedTools: violations,
+        });
+    },
+};
+//# sourceMappingURL=SEC-012.js.map

package/dist/rules/security/SEC-012.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-012.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-012.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,yBAAyB,GAAG;IAChC,UAAU;IACV,eAAe;IACf,eAAe;IACf,UAAU;IACV,aAAa;IACb,aAAa;IACb,cAAc;IACd,eAAe;IACf,aAAa;IACb,gBAAgB;IAChB,gBAAgB;IAChB,kBAAkB;IAClB,eAAe;IACf,wCAAwC;CACzC,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,mBAAmB;IACzB,WAAW,EACT,qFAAqF;IACvF,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,EAAE;IAEZ,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,eAAe,GAAG,KAAK,CAAC,MAAM,CAClC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,aAAa,IAAI,CAAC,CAAC,QAAQ,EAAE,UAAU,KAAK,IAAI,CACrE,CAAC;QAEF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,8BAA8B;aACxC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE,EAAE,CAAC;YAE1F,MAAM,WAAW,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CACpB,CAAC;YAEF,IAAI,WAAW,EAAE,CAAC;gBAChB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,mDAAmD;aAC7D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,OAAO,CAAC,CAAC;QAExC,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,+CAA+C;YAC5E,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,cAAc,IAAI,sDAAsD,CAC3E;YACD,WAAW,EAAE;gBACX,gFAAgF;gBAChF,qDAAqD;gBACrD,8EAA8E;aAC/E;YACD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-013.d.ts

@@ -0,0 +1,9 @@
+/**
+ * SEC-013: Hidden Field Exposure
+ *
+ * Checks that hidden form fields are not exposed as tool parameters.
+ * Hidden fields often contain CSRF tokens, session IDs, or internal state
+ * that should not be manipulated by AI agents.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_013: Rule;

package/dist/rules/security/SEC-013.js

@@ -0,0 +1,107 @@
+/**
+ * SEC-013: Hidden Field Exposure
+ *
+ * Checks that hidden form fields are not exposed as tool parameters.
+ * Hidden fields often contain CSRF tokens, session IDs, or internal state
+ * that should not be manipulated by AI agents.
+ */
+import { createRuleResult } from '../runner.js';
+const SENSITIVE_HIDDEN_FIELDS = [
+    /csrf/i,
+    /token/i,
+    /session/i,
+    /nonce/i,
+    /secret/i,
+    /auth/i,
+    /key/i,
+    /signature/i,
+    /hmac/i,
+    /hash/i,
+    /_method/i,
+    /honeypot/i,
+];
+export const SEC_013 = {
+    id: 'SEC-013',
+    category: 'security',
+    name: 'Hidden Field Exposure',
+    description: 'Hidden form fields should not be exposed as tool parameters',
+    severity: 'warning',
+    maxScore: 8,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-013', 8, {
+                passed: true,
+                score: 8,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const declarativeTools = tools.filter((t) => t.source === 'declarative');
+        if (declarativeTools.length === 0) {
+            return createRuleResult('SEC-013', 8, {
+                passed: true,
+                score: 8,
+                message: 'No declarative form tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        // Scan HTML for hidden fields in forms with toolname
+        const html = context.html ?? '';
+        const formRegex = /<form[^>]*toolname\s*=\s*["']([^"']+)["'][^>]*>([\s\S]*?)<\/form>/gi;
+        let formMatch;
+        while ((formMatch = formRegex.exec(html)) !== null) {
+            const toolname = formMatch[1];
+            const formBody = formMatch[2] ?? '';
+            const hiddenFieldRegex = /<input[^>]*type\s*=\s*["']hidden["'][^>]*name\s*=\s*["']([^"']+)["'][^>]*/gi;
+            const hiddenFields = [];
+            let fieldMatch;
+            while ((fieldMatch = hiddenFieldRegex.exec(formBody)) !== null) {
+                const fieldName = fieldMatch[1];
+                if (!fieldName)
+                    continue;
+                const isSensitive = SENSITIVE_HIDDEN_FIELDS.some((p) => p.test(fieldName));
+                if (isSensitive) {
+                    hiddenFields.push(fieldName);
+                }
+            }
+            // Also check reverse order: name before type
+            const hiddenFieldRegex2 = /<input[^>]*name\s*=\s*["']([^"']+)["'][^>]*type\s*=\s*["']hidden["'][^>]*/gi;
+            while ((fieldMatch = hiddenFieldRegex2.exec(formBody)) !== null) {
+                const fieldName = fieldMatch[1];
+                if (!fieldName)
+                    continue;
+                if (hiddenFields.includes(fieldName))
+                    continue;
+                const isSensitive = SENSITIVE_HIDDEN_FIELDS.some((p) => p.test(fieldName));
+                if (isSensitive) {
+                    hiddenFields.push(fieldName);
+                }
+            }
+            if (hiddenFields.length > 0) {
+                violations.push({ tool: toolname ?? 'unknown', fields: hiddenFields });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-013', 8, {
+                passed: true,
+                score: 8,
+                message: 'No sensitive hidden fields exposed as tool parameters',
+            });
+        }
+        const penalty = violations.length * 4;
+        const score = Math.max(0, 8 - penalty);
+        return createRuleResult('SEC-013', 8, {
+            passed: false,
+            score,
+            message: `${violations.length} form(s) expose sensitive hidden fields`,
+            details: violations.map((v) => `Form tool "${v.tool}" exposes hidden fields: [${v.fields.join(', ')}]`),
+            suggestions: [
+                'Exclude hidden fields (CSRF tokens, session IDs) from tool parameters',
+                'Use toolparamexclude attribute to hide sensitive hidden fields',
+                'Hidden form fields should be handled automatically, not by AI agents',
+            ],
+            affectedTools: violations.map((v) => v.tool),
+        });
+    },
+};
+//# sourceMappingURL=SEC-013.js.map

package/dist/rules/security/SEC-013.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-013.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-013.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,uBAAuB,GAAG;IAC9B,OAAO;IACP,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,SAAS;IACT,OAAO;IACP,MAAM;IACN,YAAY;IACZ,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;CACZ,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EACT,6DAA6D;IAC/D,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC;QAEzE,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,0DAA0D;aACpE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAyC,EAAE,CAAC;QAE5D,qDAAqD;QACrD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,qEAAqE,CAAC;QACxF,IAAI,SAAiC,CAAC;QAEtC,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAEpC,MAAM,gBAAgB,GAAG,6EAA6E,CAAC;YACvG,MAAM,YAAY,GAAa,EAAE,CAAC;YAClC,IAAI,UAAkC,CAAC;YAEvC,OAAO,CAAC,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC/D,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,CAAC,SAAS;oBAAE,SAAS;gBACzB,MAAM,WAAW,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACrD,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAClB,CAAC;gBACF,IAAI,WAAW,EAAE,CAAC;oBAChB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YAED,6CAA6C;YAC7C,MAAM,iBAAiB,GAAG,6EAA6E,CAAC;YACxG,OAAO,CAAC,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChE,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,CAAC,SAAS;oBAAE,SAAS;gBACzB,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAAE,SAAS;gBAC/C,MAAM,WAAW,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACrD,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAClB,CAAC;gBACF,IAAI,WAAW,EAAE,CAAC;oBAChB,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,IAAI,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,uDAAuD;aACjE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,yCAAyC;YACtE,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,cAAc,CAAC,CAAC,IAAI,6BAA6B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1E;YACD,WAAW,EAAE;gBACX,uEAAuE;gBACvE,gEAAgE;gBAChE,sEAAsE;aACvE;YACD,aAAa,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/scoring/calculator.js

@@ -17,6 +17,7 @@ export function calculateScore(ruleResults, ruleCategories) {
         security: [],
         'best-practices': [],
         coverage: [],
+        accessibility: [],
     };
     for (const [ruleId, result] of ruleResults) {
         const category = ruleCategories.get(ruleId);

package/dist/scoring/calculator.js.map

@@ -1 +1 @@
-{"version":3,"file":"calculator.js","sourceRoot":"","sources":["../../src/scoring/calculator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,WAAoC,EACpC,cAAyC;IAEzC,4BAA4B;IAC5B,MAAM,eAAe,GAAuC;QAC1D,cAAc,EAAE,EAAE;QAClB,WAAW,EAAE,EAAE;QACf,MAAM,EAAE,EAAE;QACV,QAAQ,EAAE,EAAE;QACZ,gBAAgB,EAAE,EAAE;QACpB,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,QAAQ,EAAE,CAAC;YACb,eAAe,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,UAAU,GAAoB,EAAE,CAAC;IACvC,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAG/D,EAAE,CAAC;QACJ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAEvE,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,cAAc,CAAC,UAAU,CAAC;YAChC,EAAE,EAAE,UAAU;YACd,KAAK,EAAE,WAAW;YAClB,QAAQ;YACR,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;SACnC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC5C,kBAAkB,IAAI,UAAU,GAAG,MAAM,CAAC;QAC1C,WAAW,IAAI,MAAM,CAAC;IACxB,CAAC;IAED,gCAAgC;IAChC,MAAM,KAAK,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjF,kBAAkB;IAClB,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEpC,2BAA2B;IAC3B,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;QACV,IAAI,EAAE,CAAC;KACR,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;QAC1C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,mCAAmC;YACnC,IAAI,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;gBACzC,UAAU,CAAC,QAAQ,EAAE,CAAC;YACxB,CAAC;iBAAM,IAAI,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC/C,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK;QACL,KAAK;QACL,UAAU;QACV,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAoC,EACpC,cAA4D;IAE5D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC3C,IAAI,MAAM,CAAC,MAAM;YAAE,SAAS;QAE5B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;QACzD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;QAEnD,sCAAsC;QACtC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM;YACN,QAAQ;YACR,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,IAAI,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;YAC/B,IAAI,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;YAC/B,GAAG,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YAC5B,WAAW;SACZ,CAAC,CAAC;QAEH,oDAAoD;QACpD,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5D,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM;oBACN,QAAQ;oBACR,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI;oBACJ,GAAG,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;oBAC5B,WAAW,EAAE,CAAC,EAAE,kBAAkB;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC3D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACrB,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,QAAmB;IACzD,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,SAAS;QAC5C,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9B,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,SAAS;QAE3B,6CAA6C;QAC7C,IAAI,MAAM,GAA8B,QAAQ,CAAC;QACjD,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC;YAAE,MAAM,GAAG,KAAK,CAAC;QAC7C,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE;YAAE,MAAM,GAAG,MAAM,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;YAAE,MAAM,GAAG,MAAM,CAAC;QACvD,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,MAAM,GAAG,KAAK,CAAC;QAEvD,yBAAyB;QACzB,MAAM,aAAa,GAAG,QAAQ;aAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,CAAC;aACpD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC;QAEvB,eAAe,CAAC,IAAI,CAAC;YACnB,QAAQ,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC;YACpC,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,MAAM;YACN,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,aAAa,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;SACpE,CAAC,CAAC;IACL,CAAC;IAED,uCAAuC;IACvC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC;IAE9D,oCAAoC;IACpC,eAAe,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACjC,GAAG,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB;AACvD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,YAAoB,EACpB,UAAsB,EACtB,cAAsB;IAEtB,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC;IAC3D,MAAM,qBAAqB,GAAG,WAAW,CAAC,CAAC,4CAA4C;IACvF,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,qBAAqB,GAAG,cAAc,CAAC,GAAG,GAAG,CAAC,CAAC;AACpE,CAAC"}
+{"version":3,"file":"calculator.js","sourceRoot":"","sources":["../../src/scoring/calculator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,WAAoC,EACpC,cAAyC;IAEzC,4BAA4B;IAC5B,MAAM,eAAe,GAAuC;QAC1D,cAAc,EAAE,EAAE;QAClB,WAAW,EAAE,EAAE;QACf,MAAM,EAAE,EAAE;QACV,QAAQ,EAAE,EAAE;QACZ,gBAAgB,EAAE,EAAE;QACpB,QAAQ,EAAE,EAAE;QACZ,aAAa,EAAE,EAAE;KAClB,CAAC;IAEF,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5C,IAAI,QAAQ,EAAE,CAAC;YACb,eAAe,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,UAAU,GAAoB,EAAE,CAAC;IACvC,IAAI,kBAAkB,GAAG,CAAC,CAAC;IAC3B,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAG/D,EAAE,CAAC;QACJ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACjE,MAAM,UAAU,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAEvE,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,cAAc,CAAC,UAAU,CAAC;YAChC,EAAE,EAAE,UAAU;YACd,KAAK,EAAE,WAAW;YAClB,QAAQ;YACR,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC;SACnC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAC5C,kBAAkB,IAAI,UAAU,GAAG,MAAM,CAAC;QAC1C,WAAW,IAAI,MAAM,CAAC;IACxB,CAAC;IAED,gCAAgC;IAChC,MAAM,KAAK,GAAG,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjF,kBAAkB;IAClB,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEpC,2BAA2B;IAC3B,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;QACV,IAAI,EAAE,CAAC;KACR,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;QAC1C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,mCAAmC;YACnC,IAAI,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;gBACzC,UAAU,CAAC,QAAQ,EAAE,CAAC;YACxB,CAAC;iBAAM,IAAI,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC/C,UAAU,CAAC,OAAO,EAAE,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK;QACL,KAAK;QACL,UAAU;QACV,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,IAAI,KAAK,IAAI,gBAAgB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC;IAC/C,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAoC,EACpC,cAA4D;IAE5D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC3C,IAAI,MAAM,CAAC,MAAM;YAAE,SAAS;QAE5B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;QACzD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;QAEnD,sCAAsC;QACtC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM;YACN,QAAQ;YACR,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,IAAI,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;YAC/B,IAAI,EAAE,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;YAC/B,GAAG,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YAC5B,WAAW;SACZ,CAAC,CAAC;QAEH,oDAAoD;QACpD,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5D,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjD,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM;oBACN,QAAQ;oBACR,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI;oBACJ,GAAG,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;oBAC5B,WAAW,EAAE,CAAC,EAAE,kBAAkB;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC3D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACrB,MAAM,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC3E,IAAI,YAAY,KAAK,CAAC;YAAE,OAAO,YAAY,CAAC;QAC5C,OAAO,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,QAAmB;IACzD,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAG,IAAI,GAAG,EAAU,CAAC;IAEpC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;YAAE,SAAS;QAC5C,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9B,IAAI,CAAC,OAAO,CAAC,GAAG;YAAE,SAAS;QAE3B,6CAA6C;QAC7C,IAAI,MAAM,GAA8B,QAAQ,CAAC;QACjD,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC;YAAE,MAAM,GAAG,KAAK,CAAC;QAC7C,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE;YAAE,MAAM,GAAG,MAAM,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;YAAE,MAAM,GAAG,MAAM,CAAC;QACvD,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,MAAM,GAAG,KAAK,CAAC;QAEvD,yBAAyB;QACzB,MAAM,aAAa,GAAG,QAAQ;aAC3B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,CAAC;aACpD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAK,CAAC,CAAC;QAEvB,eAAe,CAAC,IAAI,CAAC;YACnB,QAAQ,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC;YACpC,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,MAAM;YACN,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,aAAa,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;SACpE,CAAC,CAAC;IACL,CAAC;IAED,uCAAuC;IACvC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC;IAE9D,oCAAoC;IACpC,eAAe,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACjC,GAAG,CAAC,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB;AACvD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,YAAoB,EACpB,UAAsB,EACtB,cAAsB;IAEtB,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC;IAC3D,MAAM,qBAAqB,GAAG,WAAW,CAAC,CAAC,4CAA4C;IACvF,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,qBAAqB,GAAG,cAAc,CAAC,GAAG,GAAG,CAAC,CAAC;AACpE,CAAC"}

package/dist/ui/ink/components/AIRecommendationCard.d.ts

@@ -0,0 +1,11 @@
+/**
+ * AIRecommendationCard Component
+ *
+ * Displays an AI-generated recommendation for WebMCP potential.
+ */
+import type { AIRecommendation } from '../../../potential/types.js';
+export interface AIRecommendationCardProps {
+    recommendation: AIRecommendation;
+    index: number;
+}
+export declare const AIRecommendationCard: import("react").NamedExoticComponent<AIRecommendationCardProps>;

package/dist/ui/ink/components/AIRecommendationCard.js

@@ -0,0 +1,23 @@
+import { jsxs as _jsxs, jsx as _jsx } from "react/jsx-runtime";
+/**
+ * AIRecommendationCard Component
+ *
+ * Displays an AI-generated recommendation for WebMCP potential.
+ */
+import { memo } from 'react';
+import { Box, Text } from 'ink';
+import figures from 'figures';
+import { Card } from './shared/Card.js';
+import { Badge } from './shared/Badge.js';
+const PRIORITY_COLORS = {
+    critical: 'red',
+    high: 'yellow',
+    medium: 'cyan',
+    low: 'gray',
+};
+export const AIRecommendationCard = memo(function AIRecommendationCard({ recommendation, index }) {
+    const color = PRIORITY_COLORS[recommendation.priority] ?? 'gray';
+    const schema = recommendation.toolDefinition?.inputSchema;
+    return (_jsx(Card, { borderColor: color, borderStyle: "round", marginBottom: 1, children: _jsxs(Box, { flexDirection: "column", gap: 1, children: [_jsxs(Box, { justifyContent: "space-between", flexWrap: "wrap", children: [_jsxs(Text, { bold: true, children: ["#", index + 1, " ", recommendation.title] }), _jsx(Badge, { label: recommendation.priority.toUpperCase(), color: color })] }), _jsx(Text, { wrap: "wrap", children: recommendation.description }), recommendation.toolDefinition && (_jsxs(Box, { flexDirection: "column", marginTop: 1, children: [_jsx(Text, { dimColor: true, children: "Tool:" }), _jsxs(Box, { marginLeft: 2, flexDirection: "column", children: [_jsx(Text, { color: "cyan", children: recommendation.toolDefinition.name }), _jsx(Text, { wrap: "wrap", dimColor: true, children: recommendation.toolDefinition.description }), schema && (_jsxs(Text, { dimColor: true, children: ["Schema: ", JSON.stringify(schema)] }))] })] })), _jsxs(Box, { marginTop: 1, flexDirection: "column", children: [_jsxs(Text, { children: [figures.arrowRight, " Impact: ", recommendation.estimatedImpact] }), _jsxs(Text, { dimColor: true, children: ["Hint: ", recommendation.implementationHint] })] })] }) }));
+});
+//# sourceMappingURL=AIRecommendationCard.js.map

package/dist/ui/ink/components/AIRecommendationCard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AIRecommendationCard.js","sourceRoot":"","sources":["../../../../src/ui/ink/components/AIRecommendationCard.tsx"],"names":[],"mappings":";AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC;AAC7B,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,CAAC;AAChC,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAG1C,MAAM,eAAe,GAA2B;IAC9C,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,QAAQ;IACd,MAAM,EAAE,MAAM;IACd,GAAG,EAAE,MAAM;CACZ,CAAC;AAOF,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,CAAC,SAAS,oBAAoB,CAAC,EAAE,cAAc,EAAE,KAAK,EAA6B;IACzH,MAAM,KAAK,GAAG,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC;IACjE,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,EAAE,WAAkD,CAAC;IAEjG,OAAO,CACL,KAAC,IAAI,IAAC,WAAW,EAAE,KAAK,EAAE,WAAW,EAAC,OAAO,EAAC,YAAY,EAAE,CAAC,YAC3D,MAAC,GAAG,IAAC,aAAa,EAAC,QAAQ,EAAC,GAAG,EAAE,CAAC,aAChC,MAAC,GAAG,IAAC,cAAc,EAAC,eAAe,EAAC,QAAQ,EAAC,MAAM,aACjD,MAAC,IAAI,IAAC,IAAI,wBACN,KAAK,GAAG,CAAC,OAAG,cAAc,CAAC,KAAK,IAC7B,EACP,KAAC,KAAK,IAAC,KAAK,EAAE,cAAc,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,KAAK,GAAI,IACjE,EAEN,KAAC,IAAI,IAAC,IAAI,EAAC,MAAM,YAAE,cAAc,CAAC,WAAW,GAAQ,EAEpD,cAAc,CAAC,cAAc,IAAI,CAChC,MAAC,GAAG,IAAC,aAAa,EAAC,QAAQ,EAAC,SAAS,EAAE,CAAC,aACtC,KAAC,IAAI,IAAC,QAAQ,4BAAa,EAC3B,MAAC,GAAG,IAAC,UAAU,EAAE,CAAC,EAAE,aAAa,EAAC,QAAQ,aACxC,KAAC,IAAI,IAAC,KAAK,EAAC,MAAM,YAAE,cAAc,CAAC,cAAc,CAAC,IAAI,GAAQ,EAC9D,KAAC,IAAI,IAAC,IAAI,EAAC,MAAM,EAAC,QAAQ,kBACvB,cAAc,CAAC,cAAc,CAAC,WAAW,GACrC,EACN,MAAM,IAAI,CACT,MAAC,IAAI,IAAC,QAAQ,+BACH,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAC1B,CACR,IACG,IACF,CACP,EAED,MAAC,GAAG,IAAC,SAAS,EAAE,CAAC,EAAE,aAAa,EAAC,QAAQ,aACvC,MAAC,IAAI,eACF,OAAO,CAAC,UAAU,eAAW,cAAc,CAAC,eAAe,IACvD,EACP,MAAC,IAAI,IAAC,QAAQ,6BACL,cAAc,CAAC,kBAAkB,IACnC,IACH,IACF,GACD,CACR,CAAC;AACJ,CAAC,CAAC,CAAC"}

package/dist/ui/ink/components/OpportunityList.d.ts

@@ -0,0 +1,10 @@
+/**
+ * OpportunityList Component
+ *
+ * Displays grouped opportunity lists color-coded by agentic value.
+ */
+import type { PotentialOpportunity } from '../../../potential/types.js';
+export interface OpportunityListProps {
+    opportunities: PotentialOpportunity[];
+}
+export declare const OpportunityList: import("react").NamedExoticComponent<OpportunityListProps>;