API Reference Metastatic v#0.10.3
View SourceModules
Metastatic - Cross-language code analysis via unified MetaAST.
M2: Meta-Model for Programming Language Abstract Syntax.
Behaviour for language adapters (M1 ↔ M2 transformations).
Registry for language adapters.
Elixir language adapter for MetaAST transformations.
Transform MetaAST (M2) back to Elixir AST (M1).
Transform Elixir AST (M1) to MetaAST (M2).
Erlang language adapter for MetaAST transformations.
Transform MetaAST (M2) back to Erlang AST (M1).
Transform Erlang AST (M1) to MetaAST (M2).
Haskell language adapter for Metastatic.
Transform MetaAST (M2) back to Haskell AST (M1).
Manages subprocess communication with the Haskell parser.
Transform Haskell AST (M1) to MetaAST (M2).
Python language adapter for MetaAST transformations.
Transform MetaAST (M2) back to Python AST (M1).
Subprocess management for Python parser and unparser.
Transform Python AST (M1) to MetaAST (M2).
Ruby language adapter for MetaAST transformations.
Transform MetaAST (M2) back to Ruby AST (M1).
Subprocess management for Ruby parser and unparser.
Transform Ruby AST (M1) to MetaAST (M2).
Behaviour for MetaAST analyzers and refactoring suggestions.
API surface analysis for containers (modules/classes).
Detects blocking operations in request handling middleware.
Detects deeply nested conditional statements (callback hell pattern).
Detects direct object/struct updates bypassing validation.
Detects hardcoded URLs, IP addresses, and other sensitive values in string literals.
Detects improper input validation patterns (CWE-20).
Detects incorrect authorization patterns (CWE-863).
Detects inefficient filtering: fetching all data then filtering in memory.
Detects inline executable code in templates/strings (XSS/injection risk).
Detects Insecure Direct Object Reference (IDOR) vulnerabilities (CWE-639).
Detects critical functions without authentication checks (CWE-306).
Detects sensitive operations without authorization checks (CWE-862).
Detects state-changing endpoints without CSRF protection (CWE-352).
Detects pattern matching on success cases without error handling.
Detects missing async error handling (fire-and-forget without supervision).
Detects database queries without eager loading (N+1 query potential).
Detects external HTTP requests without telemetry instrumentation.
Detects authentication/authorization code without telemetry.
Detects component initialization/mounting without telemetry.
Detects background job processing without telemetry.
Detects expensive operations without rate limiting or throttling.
Detects N+1 query anti-pattern across all ORM frameworks.
Detects potential Path Traversal vulnerabilities (CWE-22).
Detects potential SQL injection vulnerabilities (CWE-89).
Detects potential Server-Side Request Forgery (SSRF) vulnerabilities (CWE-918).
Detects exposure of sensitive information to unauthorized actors (CWE-200).
Detects conditional statements that only handle the success case.
Detects exception handling that swallows exceptions without logging or re-raising.
Detects blocking synchronous operations used where async alternatives exist.
Detects Time-of-Check-Time-of-Use (TOCTOU) race condition vulnerabilities.
Detects telemetry/metrics emissions inside recursive functions.
Detects unsupervised async operations that can cause memory leaks.
Detects unrestricted file upload vulnerabilities (CWE-434).
Detects potential Cross-Site Scripting (XSS) vulnerabilities (CWE-79).
Cohesion analysis for containers (modules/classes).
Formatters for cohesion analysis results.
Result structure for cohesion analysis.
Code complexity analysis at the MetaAST level.
Cognitive complexity calculation.
Cyclomatic complexity calculation (McCabe metric).
Formats complexity analysis results for different output formats.
Function-level complexity metrics.
Halstead complexity metrics calculation.
Lines of Code (LoC) metrics calculation.
Maximum nesting depth calculation.
Result structure for complexity analysis.
Control flow graph construction at the MetaAST level.
Result structure for control flow graph analysis.
Coupling analysis for containers (modules/classes).
Dead code detection at the MetaAST level.
Result structure for dead code analysis.
Plugin analyzer wrapper for dead code detection.
Code duplication detection at the MetaAST level.
Structural fingerprinting for ASTs.
Reporting and formatting for code duplication detection results.
Result struct for code duplication detection analysis.
Similarity calculation between ASTs for Type III clone detection.
Clone type definitions for code duplication detection.
Encapsulation analysis for containers (modules/classes).
Formatters for encapsulation analysis results.
Result structure for encapsulation analysis.
Detects excessive nesting depth in code.
Function purity analysis at the MetaAST level.
Detects side effects in MetaAST nodes.
Formats purity analysis results for display.
Result structure for purity analysis.
Registry for analyzer plugins.
Executes multiple analyzers on a Document in a single pass.
Security vulnerability detection at the MetaAST level.
Result structure for security vulnerability detection.
Suggests simplification of redundant conditionals.
Code smell detection at the MetaAST level.
Result structure for code smell detection.
State management analysis for containers (modules/classes).
Formatters for state management analysis results.
Result structure for state management analysis.
Taint analysis at the MetaAST level.
Result structure for taint analysis.
Unused variable detection at the MetaAST level.
Result structure for unused variable analysis.
High-level API for building MetaAST documents from source code.
Shared utilities for Metastatic CLI commands.
Output formatting utilities for Metastatic CLI.
AST inspection and analysis logic for Metastatic CLI.
Cross-language translation orchestration for Metastatic CLI.
A MetaAST Document wraps an M2 AST with metadata and language information.
Authentication and authorization operation patterns for semantic enrichment.
Cache operation patterns for semantic enrichment.
Database operation patterns for semantic enrichment.
External API operation patterns for semantic enrichment.
File I/O operation patterns for semantic enrichment.
HTTP client operation patterns for semantic enrichment.
Message queue operation patterns for semantic enrichment.
AST enricher for semantic metadata injection.
Semantic operation kind metadata for MetaAST nodes.
Language-aware pattern registry for semantic enrichment.
Behaviour for supplemental modules that extend language adapter capabilities.
Provides a compatibility matrix showing which supplemental modules support which constructs for each language.
Error types for supplemental module system.
Raised when multiple supplementals attempt to handle the same construct.
Raised when a supplemental module's dependencies are incompatible.
Raised when a required supplemental module is not registered.
Raised when a MetaAST construct has no transformation path.
Metadata structure for supplemental modules.
Supplemental module for Python's asyncio library.
Pykka actor library supplemental for Python.
Registry for supplemental modules.
Helper module for transforming MetaAST using registered supplementals.
Validates supplemental module availability and compatibility.
Testing utilities for language adapters (M1 ↔ M2 transformations).
Helper utilities for loading and managing test fixtures.
Conformance validation for MetaAST.
Mix Tasks
Analyze MetaAST structure and provide detailed metrics.
Analyzes code complexity for a given file.
Detects dead code in a given file.
Detects code duplication across MetaAST documents.
Generates a new supplemental module scaffold.
Inspect the MetaAST structure of source code files.
Analyzes code purity for a given file.
Analyzes code to detect required supplemental modules.
Translate source code from one programming language to another using MetaAST.
Detects unused variables in a given file.
Validate that two source files have semantically equivalent MetaAST representations.