Add 14 new detectors: 9 auth + 5 frontend + layer classifier integration

Auth detectors:
- Spring Security (@secured, @PreAuthorize, SecurityFilterChain)
- Django Auth (@login_required, @permission_required, mixins)
- FastAPI Auth (Depends, Security, OAuth2PasswordBearer)
- NestJS Guards (@UseGuards, @roles, canActivate)
- Passport/JWT (passport.use, jwt.verify, express-jwt)
- Kubernetes RBAC (Role, ClusterRole, RoleBinding)
- LDAP Auth (ldap3, LdapContextSource, DirectoryServices)
- TLS/Certificate/Azure AD (mTLS, X.509, MSAL, cert-based)
- Session/Header Auth (cookies, API keys, CSRF)

Frontend detectors:
- React Components (function/class components, hooks, JSX)
- Vue Components (defineComponent, script setup, composables)
- Angular Components (@component, @Injectable, @directive)
- Svelte Components (export let, $: reactive)
- Frontend Routes (React Router, Vue Router, Next.js, Angular)

Infrastructure: register all 14 in registry, add .vue/.svelte support

72 detectors total, 35 languages, 361 tests passing

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: aksOps

src/code_intelligence/analyzer.py

@@ -34,6 +34,7 @@
     "bash", "powershell", "batch", "ruby", "rust", "kotlin",
     "scala", "swift", "r", "perl", "lua", "dart",
     "dockerfile", "toml", "ini", "dotenv", "csv",
+    "vue", "svelte",
 }
 
 
@@ -98,6 +99,10 @@ def _parse_structured(language: str, content: bytes, file_path: str) -> Any:
     elif language == "proto":
         # Return raw text for regex-based detection
         return {"type": "proto", "file": file_path, "data": content.decode("utf-8", errors="replace")}
+    elif language == "vue":
+        return {"type": "vue", "file": file_path, "data": content.decode("utf-8", errors="replace")}
+    elif language == "svelte":
+        return {"type": "svelte", "file": file_path, "data": content.decode("utf-8", errors="replace")}
     return None
 
 

src/code_intelligence/config.py

@@ -25,6 +25,7 @@ class DiscoveryConfig(BaseModel):
         ".r", ".R", ".pl", ".pm", ".lua", ".dart",
         ".toml", ".ini", ".cfg", ".conf",
         ".env", ".csv", ".dockerfile",
+        ".vue", ".svelte",
     ])
     exclude_patterns: list[str] = Field(default_factory=lambda: [
         "**/node_modules/**",

src/code_intelligence/detectors/auth/__init__.py

@@ -0,0 +1,138 @@
+"""Certificate-based authentication detector (mTLS, X.509, TLS config, Azure AD)."""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+
+from code_intelligence.detectors.base import DetectorContext, DetectorResult
+from code_intelligence.models.graph import GraphNode, NodeKind, SourceLocation
+
+
+@dataclass(frozen=True)
+class _PatternDef:
+    """A pattern definition with its auth_type and optional property extractor."""
+
+    regex: re.Pattern[str]
+    auth_type: str
+    prop_key: str | None = None
+
+
+# -- mTLS patterns --
+_MTLS_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bssl_verify_client\b"), "mtls"),
+    _PatternDef(re.compile(r"\brequestCert\s*:\s*true\b"), "mtls"),
+    _PatternDef(re.compile(r'\bclientAuth\s*=\s*"true"'), "mtls"),
+    _PatternDef(re.compile(r"\bX509AuthenticationFilter\b"), "mtls"),
+    _PatternDef(re.compile(r"\bAddCertificateForwarding\b"), "mtls"),
+]
+
+# -- X.509 patterns --
+_X509_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bX509AuthenticationFilter\b"), "x509"),
+    _PatternDef(re.compile(r"\bCertificateAuthenticationDefaults\b"), "x509"),
+    _PatternDef(re.compile(r"\.x509\s*\("), "x509"),
+]
+
+# -- TLS config patterns --
+_TLS_CONFIG_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bjavax\.net\.ssl\.keyStore\b"), "tls_config"),
+    _PatternDef(re.compile(r"\bssl\.SSLContext\b"), "tls_config"),
+    _PatternDef(re.compile(r"\btls\.createServer\b"), "tls_config"),
+    _PatternDef(
+        re.compile(r"""(?:cert|key|ca)\s*[=:]\s*(?:fs\.readFileSync\s*\(|['"][\w/.\\-]+\.(?:pem|crt|key|cert)['"])"""),
+        "tls_config",
+        "cert_path",
+    ),
+    _PatternDef(re.compile(r"\btrustStore\b"), "tls_config"),
+]
+
+# -- Azure AD patterns --
+_AZURE_AD_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"\bAzureAd\b"), "azure_ad"),
+    _PatternDef(re.compile(r"\bAZURE_TENANT_ID\b"), "azure_ad", "tenant_id"),
+    _PatternDef(re.compile(r"\bAZURE_CLIENT_ID\b"), "azure_ad"),
+    _PatternDef(re.compile(r"""\bmsal\b"""), "azure_ad"),
+    _PatternDef(re.compile(r"""['"]@azure/msal-browser['"]"""), "azure_ad"),
+    _PatternDef(re.compile(r"\bAddMicrosoftIdentityWebApi\b"), "azure_ad"),
+    _PatternDef(re.compile(r"\bClientCertificateCredential\b"), "azure_ad"),
+]
+
+_ALL_PATTERNS: list[_PatternDef] = (
+    _MTLS_PATTERNS + _X509_PATTERNS + _TLS_CONFIG_PATTERNS + _AZURE_AD_PATTERNS
+)
+
+# Dedup: when the same line matches both mTLS and x509 via X509AuthenticationFilter,
+# prefer the more specific auth_type already recorded.
+
+_CERT_PATH_RE = re.compile(
+    r"""['"]([^'"]*\.(?:pem|crt|key|cert|pfx|p12))['"]"""
+)
+_TENANT_ID_RE = re.compile(
+    r"""AZURE_TENANT_ID\s*[=:]\s*['"]?([a-f0-9-]+)['"]?"""
+)
+
+
+class CertificateAuthDetector:
+    """Detects certificate-based authentication patterns across multiple languages."""
+
+    name: str = "certificate_auth"
+    supported_languages: tuple[str, ...] = (
+        "java", "python", "typescript", "csharp", "json", "yaml",
+    )
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        text = ctx.content.decode("utf-8", errors="replace")
+        lines = text.split("\n")
+
+        # Track which lines already produced a node (first match wins per line).
+        seen_lines: set[int] = set()
+
+        for line_idx, line in enumerate(lines):
+            for pdef in _ALL_PATTERNS:
+                if line_idx in seen_lines:
+                    break
+                if pdef.regex.search(line):
+                    seen_lines.add(line_idx)
+                    line_num = line_idx + 1
+                    matched_text = line.strip()
+
+                    properties: dict[str, str] = {
+                        "auth_type": pdef.auth_type,
+                        "language": ctx.language,
+                        "pattern": matched_text[:120],
+                    }
+
+                    # Extract cert_path if present
+                    cert_m = _CERT_PATH_RE.search(line)
+                    if cert_m:
+                        properties["cert_path"] = cert_m.group(1)
+
+                    # Extract tenant_id if present
+                    tenant_m = _TENANT_ID_RE.search(line)
+                    if tenant_m:
+                        properties["tenant_id"] = tenant_m.group(1)
+
+                    # Detect auth_flow for Azure AD
+                    if pdef.auth_type == "azure_ad":
+                        if "ClientCertificateCredential" in line:
+                            properties["auth_flow"] = "client_certificate"
+                        elif "msal" in line.lower():
+                            properties["auth_flow"] = "msal"
+
+                    node = GraphNode(
+                        id=f"auth:{ctx.file_path}:cert:{line_num}",
+                        kind=NodeKind.GUARD,
+                        label=f"Certificate auth ({pdef.auth_type}): {matched_text[:60]}",
+                        module=ctx.module_name,
+                        location=SourceLocation(
+                            file_path=ctx.file_path,
+                            line_start=line_num,
+                            line_end=line_num,
+                        ),
+                        properties=properties,
+                    )
+                    result.nodes.append(node)
+
+        return result

src/code_intelligence/detectors/auth/certificate_auth.py

@@ -0,0 +1,88 @@
+"""LDAP authentication detector for Java, Python, TypeScript, and C# source files."""
+
+from __future__ import annotations
+
+import re
+
+from code_intelligence.detectors.base import DetectorContext, DetectorResult
+from code_intelligence.models.graph import GraphNode, NodeKind, SourceLocation
+
+# -- Java patterns --
+_JAVA_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"\bLdapContextSource\b"),
+    re.compile(r"\bLdapTemplate\b"),
+    re.compile(r"\bActiveDirectoryLdapAuthenticationProvider\b"),
+    re.compile(r"@EnableLdapRepositories\b"),
+]
+
+# -- Python patterns --
+_PYTHON_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"\bldap3\.Connection\b"),
+    re.compile(r"\bldap3\.Server\b"),
+    re.compile(r"\bAUTH_LDAP_SERVER_URI\b"),
+    re.compile(r"\bAUTH_LDAP_BIND_DN\b"),
+]
+
+# -- TypeScript patterns --
+_TS_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"""require\s*\(\s*['"]ldapjs['"]\s*\)"""),
+    re.compile(r"""(?:import\s+.*\s+from\s+['"]ldapjs['"]|import\s+ldapjs\b)"""),
+    re.compile(r"""['"]passport-ldapauth['"]"""),
+]
+
+# -- C# patterns --
+_CSHARP_PATTERNS: list[re.Pattern[str]] = [
+    re.compile(r"\bSystem\.DirectoryServices\b"),
+    re.compile(r"\bLdapConnection\b"),
+    re.compile(r"\bDirectoryEntry\b"),
+]
+
+_LANGUAGE_PATTERNS: dict[str, list[re.Pattern[str]]] = {
+    "java": _JAVA_PATTERNS,
+    "python": _PYTHON_PATTERNS,
+    "typescript": _TS_PATTERNS,
+    "csharp": _CSHARP_PATTERNS,
+}
+
+
+class LdapAuthDetector:
+    """Detects LDAP authentication patterns across multiple languages."""
+
+    name: str = "ldap_auth"
+    supported_languages: tuple[str, ...] = ("java", "python", "typescript", "csharp")
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        if ctx.language not in _LANGUAGE_PATTERNS:
+            return result
+
+        text = ctx.content.decode("utf-8", errors="replace")
+        lines = text.split("\n")
+        patterns = _LANGUAGE_PATTERNS[ctx.language]
+        seen_lines: set[int] = set()
+
+        for line_idx, line in enumerate(lines):
+            for pattern in patterns:
+                if pattern.search(line) and line_idx not in seen_lines:
+                    seen_lines.add(line_idx)
+                    line_num = line_idx + 1
+                    matched_text = line.strip()
+                    node = GraphNode(
+                        id=f"auth:{ctx.file_path}:ldap:{line_num}",
+                        kind=NodeKind.GUARD,
+                        label=f"LDAP auth: {matched_text[:80]}",
+                        module=ctx.module_name,
+                        location=SourceLocation(
+                            file_path=ctx.file_path,
+                            line_start=line_num,
+                            line_end=line_num,
+                        ),
+                        properties={
+                            "auth_type": "ldap",
+                            "language": ctx.language,
+                            "pattern": matched_text[:120],
+                        },
+                    )
+                    result.nodes.append(node)
+
+        return result

src/code_intelligence/detectors/auth/ldap_auth.py

@@ -0,0 +1,119 @@
+"""Session, header, API key, and CSRF authentication detector."""
+
+from __future__ import annotations
+
+import re
+from dataclasses import dataclass
+
+from code_intelligence.detectors.base import DetectorContext, DetectorResult
+from code_intelligence.models.graph import GraphNode, NodeKind, SourceLocation
+
+
+@dataclass(frozen=True)
+class _PatternDef:
+    regex: re.Pattern[str]
+    auth_type: str
+    node_kind: NodeKind
+
+
+# -- Session patterns --
+_SESSION_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"""['"]express-session['"]"""), "session", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"""['"]cookie-session['"]"""), "session", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"@SessionAttributes\b"), "session", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bSessionMiddleware\b"), "session", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"\bHttpSession\b"), "session", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bSESSION_ENGINE\b"), "session", NodeKind.GUARD),
+]
+
+# -- Header patterns --
+_HEADER_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"""['"](X-API-Key|x-api-key)['"]""", re.IGNORECASE), "header", NodeKind.GUARD),
+    _PatternDef(
+        re.compile(r"""(?:req|request|ctx)\.headers?\s*\[\s*['"]authorization['"]\s*\]""", re.IGNORECASE),
+        "header",
+        NodeKind.GUARD,
+    ),
+    _PatternDef(
+        re.compile(r"""getHeader\s*\(\s*['"]Authorization['"]""", re.IGNORECASE),
+        "header",
+        NodeKind.GUARD,
+    ),
+]
+
+# -- API key patterns --
+_API_KEY_PATTERNS: list[_PatternDef] = [
+    _PatternDef(
+        re.compile(r"""(?:req|request)\.headers?\s*\[\s*['"]x-api-key['"]\s*\]""", re.IGNORECASE),
+        "api_key",
+        NodeKind.GUARD,
+    ),
+    _PatternDef(re.compile(r"\bapi[_-]?key\s*(?:=|:)\s*", re.IGNORECASE), "api_key", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bvalidate[_]?api[_]?key\b", re.IGNORECASE), "api_key", NodeKind.GUARD),
+]
+
+# -- CSRF patterns --
+_CSRF_PATTERNS: list[_PatternDef] = [
+    _PatternDef(re.compile(r"@csrf_protect\b"), "csrf", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bcsrf_exempt\b"), "csrf", NodeKind.GUARD),
+    _PatternDef(re.compile(r"\bCsrfViewMiddleware\b"), "csrf", NodeKind.MIDDLEWARE),
+    _PatternDef(re.compile(r"""['"]csurf['"]"""), "csrf", NodeKind.MIDDLEWARE),
+]
+
+_ALL_PATTERNS: list[_PatternDef] = (
+    _SESSION_PATTERNS + _HEADER_PATTERNS + _API_KEY_PATTERNS + _CSRF_PATTERNS
+)
+
+# Map auth_type to the ID tag used in node IDs.
+_ID_TAG: dict[str, str] = {
+    "session": "session",
+    "header": "header",
+    "api_key": "apikey",
+    "csrf": "csrf",
+}
+
+
+class SessionHeaderAuthDetector:
+    """Detects session, header, API-key, and CSRF auth patterns."""
+
+    name: str = "session_header_auth"
+    supported_languages: tuple[str, ...] = ("java", "python", "typescript")
+
+    def detect(self, ctx: DetectorContext) -> DetectorResult:
+        result = DetectorResult()
+        if ctx.language not in self.supported_languages:
+            return result
+
+        text = ctx.content.decode("utf-8", errors="replace")
+        lines = text.split("\n")
+        seen_lines: set[int] = set()
+
+        for line_idx, line in enumerate(lines):
+            for pdef in _ALL_PATTERNS:
+                if line_idx in seen_lines:
+                    break
+                if pdef.regex.search(line):
+                    seen_lines.add(line_idx)
+                    line_num = line_idx + 1
+                    matched_text = line.strip()
+                    tag = _ID_TAG[pdef.auth_type]
+
+                    node = GraphNode(
+                        id=f"auth:{ctx.file_path}:{tag}:{line_num}",
+                        kind=pdef.node_kind,
+                        label=f"{pdef.auth_type} auth: {matched_text[:70]}",
+                        module=ctx.module_name,
+                        location=SourceLocation(
+                            file_path=ctx.file_path,
+                            line_start=line_num,
+                            line_end=line_num,
+                        ),
+                        properties={
+                            "auth_type": pdef.auth_type,
+                            "language": ctx.language,
+                            "pattern": matched_text[:120],
+                        },
+                    )
+                    result.nodes.append(node)
+
+        return result