openvox-lint 1.0.0

data/lib/openvox-lint/plugins/checks/documentation.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+# Classes and defined types should be preceded by documentation comments.
+OpenvoxLint.new_check(:documentation) do
+  def check
+    tokens.each_with_index do |tok, i|
+      next unless tok.type == :CLASS || tok.type == :DEFINE
+      # Look backwards for a comment on the preceding line(s)
+      has_doc = false
+      j = i - 1
+      while j >= 0
+        prev = tokens[j]
+        if prev.type == :COMMENT && prev.line >= tok.line - 2
+          has_doc = true; break
+        end
+        break unless prev.formatting?
+        j -= 1
+      end
+      next if has_doc
+      kind = tok.type == :CLASS ? 'class' : 'defined type'
+      notify :warning,
+        message: "#{kind} not documented (add a comment above the declaration)",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/double_quoted_strings.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# Double-quoted strings that do not contain variables or escape sequences
+# should use single quotes instead.
+OpenvoxLint.new_check(:double_quoted_strings) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :STRING
+      val = tok.value
+      # STRING type means double-quoted without interpolation
+      next if val =~ /\\[nt\\$"]/  # has meaningful escapes
+      next if val.length <= 2      # empty string ""
+      notify :warning,
+        message: 'string does not contain variables or escapes; use single quotes',
+        line: tok.line,
+        column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/duplicate_params.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+# No duplicate parameters in resource declarations.
+OpenvoxLint.new_check(:duplicate_params) do
+  def check
+    resource_indexes.each do |res|
+      seen = {}
+      params = res[:param_tokens]
+      params.each_with_index do |tok, i|
+        next unless tok.type == :NAME
+        # Check if followed by =>
+        j = i + 1
+        j += 1 while j < params.length && params[j].formatting?
+        next unless j < params.length && params[j].type == :FARROW
+        if seen[tok.value]
+          notify :error,
+            message: "duplicate parameter '#{tok.value}'",
+            line: tok.line, column: tok.column
+        end
+        seen[tok.value] = true
+      end
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/ensure_first_param.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+# The 'ensure' attribute should be the first parameter in a resource body.
+OpenvoxLint.new_check(:ensure_first_param) do
+  def check
+    resource_indexes.each do |resource|
+      params = resource[:param_tokens]
+      ensure_idx = nil
+      first_param_idx = nil
+      params.each_with_index do |tok, i|
+        if tok.type == :NAME || tok.type == :CLASSREF
+          first_param_idx ||= i
+          if tok.value == 'ensure'
+            ensure_idx = i
+            break
+          end
+        end
+      end
+      next unless ensure_idx
+      next if ensure_idx == first_param_idx
+      next unless first_param_idx
+      notify :warning,
+        message: "ensure is not the first attribute (found at position after first param)",
+        line: params[ensure_idx].line,
+        column: params[ensure_idx].column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/ensure_not_symlink_target.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# Symlinks should use ensure => link with a target attribute,
+# not ensure => '/path/to/target'.
+OpenvoxLint.new_check(:ensure_not_symlink_target) do
+  def check
+    tokens.each_with_index do |tok, i|
+      next unless tok.type == :NAME && tok.value == 'ensure'
+      arrow = find_next_non_ws(i + 1)
+      next unless arrow && arrow.type == :FARROW
+      val = find_next_non_ws(tokens.index(arrow) + 1)
+      next unless val
+      next unless (val.type == :SSTRING || val.type == :STRING) && val.value =~ /\//
+      notify :warning,
+        message: 'ensure should not be set to a symlink target; use ensure => link with a target attribute',
+        line: val.line,
+        column: val.column
+    end
+  end
+
+  private
+
+  def find_next_non_ws(start)
+    (start...tokens.length).each do |j|
+      return tokens[j] unless tokens[j].formatting?
+    end
+    nil
+  end
+end

data/lib/openvox-lint/plugins/checks/file_mode.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# File mode should be a 4-digit quoted string or symbolic mode.
+OpenvoxLint.new_check(:file_mode) do
+  def check
+    tokens.each_with_index do |tok, i|
+      next unless tok.type == :NAME && tok.value == 'mode'
+      arrow = next_non_ws(i + 1)
+      next unless arrow && arrow.type == :FARROW
+      val = next_non_ws(tokens.index(arrow) + 1)
+      next unless val
+      if val.type == :NUMBER
+        notify :warning,
+          message: "file mode should be a quoted string, not a bare number",
+          line: val.line, column: val.column
+      elsif val.type == :SSTRING || val.type == :STRING
+        mode = val.value.gsub(/['"]/, '')
+        next if mode =~ /\A[0-7]{4}\z/       # 4-digit octal
+        next if mode =~ /\A[ugoa]+[=+-]/      # symbolic
+        notify :warning,
+          message: "file mode '#{mode}' is not a valid 4-digit octal or symbolic mode",
+          line: val.line, column: val.column
+      end
+    end
+  end
+
+  private
+
+  def next_non_ws(start)
+    (start...tokens.length).each { |j| return tokens[j] unless tokens[j].formatting? }
+    nil
+  end
+end

data/lib/openvox-lint/plugins/checks/hard_tabs.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Detects hard tab characters. Two-space soft tabs are required.
+OpenvoxLint.new_check(:hard_tabs) do
+  def check
+    manifest_lines.each_with_index do |line, idx|
+      col = line.index("\t")
+      next unless col
+      notify :warning,
+        message: 'tab character found (use 2-space soft tabs)',
+        line: idx + 1,
+        column: col + 1
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/hiera3_function.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+# Hiera 3 functions (hiera, hiera_array, hiera_hash, hiera_include)
+# are removed in Puppet 8 / OpenVox 8. Use lookup() instead.
+OpenvoxLint.new_check(:hiera3_function) do
+  HIERA3_FUNCS = %w[hiera hiera_array hiera_hash hiera_include].freeze
+
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :NAME && HIERA3_FUNCS.include?(tok.value)
+      notify :error,
+        message: "'#{tok.value}()' is removed in Puppet 8 / OpenVox 8 — use lookup() instead",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/import_statement.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# The 'import' statement was removed in Puppet 4+.
+OpenvoxLint.new_check(:import_statement) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :IMPORT
+      notify :error,
+        message: "'import' statement was removed in Puppet 4; use module autoloading instead",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/inherits_across_namespaces.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+# Classes should not inherit across module namespaces.
+OpenvoxLint.new_check(:inherits_across_namespaces) do
+  def check
+    sem = semantic_tokens
+    sem.each_with_index do |tok, i|
+      next unless tok.type == :INHERITS
+      # The class being inherited is the next name token
+      j = i + 1
+      next if j >= sem.length
+      parent = sem[j]
+      next unless parent.type == :NAME || parent.type == :CLASSREF
+      # Find the class name (before inherits)
+      k = i - 1
+      next if k < 0
+      child = sem[k]
+      next unless child.type == :NAME || child.type == :CLASSREF
+      child_ns  = child.value.split('::').first
+      parent_ns = parent.value.sub(/\A::/, '').split('::').first
+      next if child_ns == parent_ns
+      notify :warning,
+        message: "class '#{child.value}' inherits from '#{parent.value}' across namespaces",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/leading_zero.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# Numbers should not have leading zeros (except octal file modes).
+OpenvoxLint.new_check(:leading_zero) do
+  def check
+    tokens.each_with_index do |tok, i|
+      next unless tok.type == :NUMBER
+      next unless tok.value =~ /\A0\d+\z/ && tok.value !~ /\A0[xX]/
+      # Allow if preceded by 'mode =>'
+      j = i - 1
+      j -= 1 while j >= 0 && tokens[j].formatting?
+      if j >= 0 && tokens[j].type == :FARROW
+        k = j - 1
+        k -= 1 while k >= 0 && tokens[k].formatting?
+        next if k >= 0 && tokens[k].type == :NAME && tokens[k].value == 'mode'
+      end
+      notify :warning,
+        message: "number '#{tok.value}' has a leading zero (interpreted as octal)",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/legacy_facts.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# Legacy (unstructured) top-scope facts are removed in Puppet 8 / OpenVox 8.
+# Use structured facts via $facts hash instead.
+#
+# e.g. $osfamily       -> $facts['os']['family']
+#      $fqdn           -> $facts['networking']['fqdn']
+#      $ipaddress      -> $facts['networking']['ip']
+#      $operatingsystem -> $facts['os']['name']
+OpenvoxLint.new_check(:legacy_facts) do
+  LEGACY_FACTS = %w[
+    architecture augeasversion bios_release_date bios_vendor bios_version
+    blockdevice_sda_model blockdevice_sda_size blockdevice_sda_vendor
+    blockdevices boardmanufacturer boardproductname boardserialnumber
+    chassisassettag chassistype domain facterversion filesystems fqdn
+    gid hardwareisa hardwaremodel hostname id interfaces ipaddress
+    ipaddress6 is_virtual kernel kernelmajversion kernelrelease
+    kernelversion lsbdistcodename lsbdistdescription lsbdistid
+    lsbdistrelease lsbmajdistrelease lsbminordistrelease lsbrelease
+    macaddress manufacturer memoryfree memorysize memoryfree_mb
+    memorysize_mb netmask network operatingsystem operatingsystemmajrelease
+    operatingsystemrelease os osfamily path physicalprocessorcount
+    processor0 processorcount productname ps puppetversion rubyplatform
+    rubysitedir rubyversion selinux selinux_config_mode
+    selinux_config_policy selinux_current_mode selinux_enforced
+    selinux_policyversion serialnumber sp_boot_mode sp_boot_volume
+    sp_cpu_type sp_current_processor_speed sp_l2_cache_core
+    sp_l3_cache sp_local_host_name sp_machine_model sp_machine_name
+    sp_number_processors sp_os_version sp_packages sp_physical_memory
+    sp_platform_uuid sp_secure_vm sp_serial_number sp_smc_version_system
+    sp_uptime sshdsakey sshecdsakey sshed25519key sshfp_dsa sshfp_ecdsa
+    sshfp_ed25519 sshfp_rsa sshrsakey swapfree swapfree_mb swapsize
+    swapsize_mb system_uptime timezone type uniqueid uptime
+    uptime_days uptime_hours uptime_seconds uuid virtual
+  ].freeze
+
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :VARIABLE
+      name = tok.value.sub(/^\$/, '').sub(/\A::/, '')
+      next unless LEGACY_FACTS.include?(name)
+      notify :warning,
+        message: "legacy fact '#{name}' — use $facts['...'] structured fact instead (Puppet 8 / OpenVox 8)",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/line_length.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+# Lines should not exceed 140 characters.
+OpenvoxLint.new_check(:line_length) do
+  MAX_LENGTH = 140
+
+  def check
+    manifest_lines.each_with_index do |line, idx|
+      next if line.length <= MAX_LENGTH
+      # Exception: long puppet:/// source URLs
+      next if line =~ /puppet:\/\//
+      notify :warning,
+        message: "line has #{line.length} characters (max #{MAX_LENGTH})",
+        line: idx + 1,
+        column: MAX_LENGTH + 1
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/nested_classes_or_defines.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+# Classes and defined types should not be nested inside other classes or defined types.
+OpenvoxLint.new_check(:nested_classes_or_defines) do
+  def check
+    depth = 0
+    in_class_or_define = false
+    tokens.each do |tok|
+      if tok.type == :CLASS || tok.type == :DEFINE
+        if in_class_or_define && depth > 0
+          kind = tok.type == :CLASS ? 'class' : 'defined type'
+          notify :warning,
+            message: "#{kind} defined inside another class or defined type",
+            line: tok.line, column: tok.column
+        end
+        in_class_or_define = true
+      end
+      case tok.type
+      when :LBRACE then depth += 1
+      when :RBRACE
+        depth -= 1
+        in_class_or_define = false if depth == 0
+      end
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/node_name_unquoted.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+# Node names should be quoted strings, not bare words.
+OpenvoxLint.new_check(:node_name_unquoted) do
+  def check
+    sem = semantic_tokens
+    sem.each_with_index do |tok, i|
+      next unless tok.type == :NODE
+      j = i + 1
+      next if j >= sem.length
+      name = sem[j]
+      next unless name.type == :NAME
+      notify :warning,
+        message: "unquoted node name '#{name.value}' — use a quoted string",
+        line: name.line, column: name.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/only_variable_string.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+# A string containing only a variable should not be quoted.
+# e.g. "${foo}" should be $foo
+OpenvoxLint.new_check(:only_variable_string) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :DQSTRING
+      val = tok.value
+      # Match strings like "${varname}" or "$varname" with nothing else
+      next unless val =~ /\A"\$\{?[a-zA-Z_][a-zA-Z0-9_:]*\}?"\z/
+      notify :warning,
+        message: 'string containing only a variable is unnecessarily quoted',
+        line: tok.line,
+        column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/parameter_order.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# Parameters with defaults should come after parameters without defaults.
+OpenvoxLint.new_check(:parameter_order) do
+  def check
+    [class_indexes, defined_type_indexes].flatten.each do |defn|
+      params = defn[:param_tokens]
+      found_default = false
+      params.each_with_index do |tok, i|
+        next unless tok.type == :VARIABLE
+        # Look ahead for = (default value)
+        j = i + 1
+        j += 1 while j < params.length && params[j].formatting?
+        has_default = j < params.length && params[j].type == :EQUALS
+        if has_default
+          found_default = true
+        elsif found_default
+          notify :warning,
+            message: "parameter '#{tok.value}' without default follows a parameter with a default",
+            line: tok.line, column: tok.column
+        end
+      end
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/puppet_url_without_modules.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+# puppet:// URLs should include the modules mount point.
+# e.g. puppet:///modules/mymod/file not puppet:///mymod/file
+OpenvoxLint.new_check(:puppet_url_without_modules) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :SSTRING || tok.type == :STRING || tok.type == :DQSTRING
+      val = tok.value.gsub(/['"]/, '')
+      next unless val.start_with?('puppet:///')
+      next if val.start_with?('puppet:///modules/')
+      notify :warning,
+        message: "puppet:// URL should include /modules/ mount point",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/quoted_booleans.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+# Booleans should not be quoted strings.
+# e.g. 'true' or "false" should be bare true/false.
+OpenvoxLint.new_check(:quoted_booleans) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :SSTRING || tok.type == :STRING
+      val = tok.value.gsub(/['"]/, '')
+      next unless val == 'true' || val == 'false'
+      notify :warning,
+        message: "quoted boolean '#{val}' — use bare #{val} instead",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/relative_classname_inclusion.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+# Use absolute class names in include/require/contain statements.
+OpenvoxLint.new_check(:relative_classname_inclusion) do
+  INCLUDE_FUNCS = %w[include require contain].freeze
+
+  def check
+    sem = semantic_tokens
+    sem.each_with_index do |tok, i|
+      next unless tok.type == :NAME && INCLUDE_FUNCS.include?(tok.value)
+      j = i + 1
+      next if j >= sem.length
+      name_tok = sem[j]
+      next unless name_tok.type == :NAME || name_tok.type == :SSTRING || name_tok.type == :STRING
+      class_name = name_tok.value.gsub(/['"]/, '')
+      next if class_name.start_with?('::') || class_name.empty?
+      # Single-segment names are OK (they're unambiguous)
+      next unless class_name.include?('::')
+      notify :warning,
+        message: "class name '#{class_name}' should be fully qualified (start with ::)",
+        line: name_tok.line, column: name_tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/resource_reference_without_title_capital.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# Resource reference titles must start with a capital letter.
+# e.g. File['/tmp/foo'] not file['/tmp/foo']
+OpenvoxLint.new_check(:resource_reference_without_title_capital) do
+  def check
+    sem = semantic_tokens
+    sem.each_with_index do |tok, i|
+      next unless tok.type == :NAME
+      next if i + 1 >= sem.length
+      next unless sem[i + 1].type == :LBRACK
+      # This is name[...] which should be Name[...] for a resource reference
+      next if tok.value =~ /\A[A-Z]/
+      # Skip function calls and normal array access
+      next if %w[split join include contain require].include?(tok.value)
+      notify :warning,
+        message: "resource reference '#{tok.value}' must start with a capital letter",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/selector_inside_resource.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# Selectors (?) should not be used inside resource declarations.
+OpenvoxLint.new_check(:selector_inside_resource) do
+  def check
+    resource_indexes.each do |res|
+      res[:param_tokens].each do |tok|
+        next unless tok.type == :QMARK
+        notify :warning,
+          message: 'selector (?) inside resource body; use a variable or conditional instead',
+          line: tok.line, column: tok.column
+      end
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/single_quote_string_with_variables.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+# Single-quoted strings containing variable-like patterns ($var)
+# should use double quotes for interpolation.
+OpenvoxLint.new_check(:single_quote_string_with_variables) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :SSTRING
+      val = tok.value
+      next unless val =~ /\$[a-zA-Z_]/
+      notify :warning,
+        message: 'single-quoted string contains a variable reference; use double quotes for interpolation',
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/space_before_arrow.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+# There should be at most one space before a hash rocket (=>)
+# when there is only one parameter.
+OpenvoxLint.new_check(:space_before_arrow) do
+  def check
+    tokens.each_with_index do |tok, i|
+      next unless tok.type == :FARROW
+      next if i == 0
+      prev = tokens[i - 1]
+      next unless prev.type == :WHITESPACE
+      next if prev.value.length <= 1
+      # Allow if this is in a multi-param aligned block
+      # (arrow_alignment handles that)
+      notify :warning,
+        message: "more than one space before => (found #{prev.value.length})",
+        line: tok.line, column: prev.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/star_comments.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# Use # comments, not /* */ multi-line comments.
+OpenvoxLint.new_check(:star_comments) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :MLCOMMENT
+      notify :warning,
+        message: 'use # (hash) comments instead of /* */ block comments',
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/strict_indent.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+# Indentation should use exactly 2 spaces per level.
+OpenvoxLint.new_check(:strict_indent) do
+  def check
+    manifest_lines.each_with_index do |line, idx|
+      next if line.strip.empty?
+      next if line =~ /\A#/  # comment lines
+      indent = line.match(/\A( *)/)[1]
+      next if indent.length.even?
+      notify :warning,
+        message: "odd number of spaces in indentation (#{indent.length}); use 2-space increments",
+        line: idx + 1, column: 1
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/top_scope_facts.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+# Top-scope fact variables ($::fact_name) are deprecated in Puppet 8 / OpenVox 8.
+# Use $facts['fact_name'] instead.
+OpenvoxLint.new_check(:top_scope_facts) do
+  def check
+    tokens.each do |tok|
+      next unless tok.type == :VARIABLE
+      name = tok.value.sub(/^\$/, '')
+      next unless name.start_with?('::')
+      fact_name = name.sub(/\A::/, '')
+      # Skip module-qualified variables (e.g. ::mymodule::param)
+      next if fact_name.include?('::')
+      notify :warning,
+        message: "top-scope fact '$::#{fact_name}' — use $facts['#{fact_name}'] instead (Puppet 8 / OpenVox 8)",
+        line: tok.line, column: tok.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/trailing_comma.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+# Resource bodies and parameter lists should end with a trailing comma.
+OpenvoxLint.new_check(:trailing_comma) do
+  def check
+    tokens.each_with_index do |tok, i|
+      next unless tok.type == :RBRACE || tok.type == :RPAREN
+      # Find the previous non-whitespace token
+      j = i - 1
+      j -= 1 while j >= 0 && tokens[j].formatting?
+      next if j < 0
+      prev = tokens[j]
+      # Skip if previous is opening brace/paren (empty block) or already a comma
+      next if %i[LBRACE LPAREN COMMA RBRACE].include?(prev.type)
+      # Only flag inside parameter lists and resource bodies
+      next unless prev.type == :SSTRING || prev.type == :STRING || prev.type == :NAME ||
+                  prev.type == :VARIABLE || prev.type == :NUMBER || prev.type == :TRUE ||
+                  prev.type == :FALSE || prev.type == :CLASSREF || prev.type == :RBRACK
+      notify :warning,
+        message: 'missing trailing comma after last attribute',
+        line: prev.line, column: prev.column
+    end
+  end
+end

data/lib/openvox-lint/plugins/checks/trailing_whitespace.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+# Detects trailing whitespace at the end of lines.
+OpenvoxLint.new_check(:trailing_whitespace) do
+  def check
+    manifest_lines.each_with_index do |line, idx|
+      next unless line =~ /\s+$/
+      notify :warning,
+        message: 'trailing whitespace found',
+        line: idx + 1,
+        column: line.rstrip.length + 1
+    end
+  end
+end