diff --git a/.gitignore b/.gitignore
index 1657979..7118b70 100644
--- a/.gitignore
+++ b/.gitignore
@@ -215,4 +215,8 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
 
+!dist/
+dist/*
+!dist/*.zip
+
 # End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
\ No newline at end of file
diff --git a/dist/plugin_package.zip b/dist/plugin_package.zip
new file mode 100644
index 0000000..31ab81a
Binary files /dev/null and b/dist/plugin_package.zip differ
diff --git a/packages/backend/dist/index.js b/packages/backend/dist/index.js
new file mode 100644
index 0000000..4a8c39f
--- /dev/null
+++ b/packages/backend/dist/index.js
@@ -0,0 +1,81 @@
+// packages/backend/src/controller/implictGrant.ts
+var ImplicitGrantController = class {
+  isImplicitGrantReq(req) {
+    const query = req.getQuery();
+    if (query.includes("client_id=") && query.includes("response_type=token")) {
+      return true;
+    }
+    return false;
+  }
+  isSendTokenToClient(req) {
+    const path = req.getPath();
+    const query = req.getQuery();
+    if (query.includes("access_token=") && query.includes("state=") || path.includes("&access_token=") || /access_token=%/i.test(query)) {
+      return true;
+    }
+    return false;
+  }
+  testReq(req) {
+    if (this.isImplicitGrantReq(req)) {
+      return "isImplicitGrantReq";
+    }
+    if (this.isSendTokenToClient(req)) {
+      return "isSendTokenToClient";
+    }
+    return false;
+  }
+};
+
+// packages/backend/src/controller/authZCodeGrant.ts
+var AuthZCodeGrantController = class {
+  constructor() {
+  }
+  isAuthZReq(req) {
+    const query = req.getQuery();
+    if (query.includes("client_id=") && query.includes("response_type=code")) {
+      return true;
+    }
+    return false;
+  }
+  isSendCodeToClient(req) {
+    const path = req.getPath();
+    const query = req.getQuery();
+    if (query.includes("code=") && query.includes("state=") || path.includes("&code=") || /code=%/i.test(query)) {
+      return true;
+    }
+    return false;
+  }
+  testReq(req) {
+    if (this.isAuthZReq(req)) {
+      return "isAuthZReq";
+    }
+    if (this.isSendCodeToClient(req)) {
+      return "isSendCodeToClient";
+    }
+    return false;
+  }
+  // isAccessTokenReq(req: Response) {
+  // }
+};
+
+// packages/backend/src/index.ts
+var implicitGrantController = new ImplicitGrantController();
+var authZCodeGrantController = new AuthZCodeGrantController();
+function init(sdk) {
+  sdk.events.onInterceptRequest(async (sdk2, req) => {
+    const result = authZCodeGrantController.testReq(req) || implicitGrantController.testReq(req);
+    if (result) {
+      await sdk2.findings.create({
+        title: "Possible SSO Request Detected",
+        description: `SSO-related parameters detected in request:
+
+${req.getMethod()} ${req.getUrl()} : ${result}`,
+        request: req,
+        reporter: ""
+      });
+    }
+  });
+}
+export {
+  init
+};