@agjs/tsforge 0.3.3 → 0.4.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@agjs/tsforge",
   "type": "module",
-  "version": "0.3.3",
+  "version": "0.4.0",
   "license": "MIT",
   "description": "TypeScript coding harness with a deterministic gate, stack-aware guardrails, and stream-level correction.",
   "repository": {
@@ -38,6 +38,7 @@
     "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-react-hooks": "^7.1.1",
     "eslint-plugin-jsx-a11y": "^6.10.2",
+    "eslint-plugin-sonarjs": "4.0.3",
     "eslint": "10.4.0",
     "prettier": "3.8.3",
     "typescript": "6.0.3",

package/scripts/build-rules-md.ts

@@ -131,6 +131,7 @@ const categoryOrder = [
   "testing",
   "stack-layout",
   "ci",
+  "container",
 ] as const;
 
 const rulesByCategory = new Map<string, (typeof META_RULES)[number][]>();
@@ -172,9 +173,11 @@ out.push(
   "- GraphQL/WebSocket/OpenAPI contract rules (until OpenAPI dep + parser)"
 );
 out.push(
-  "- Container/Kubernetes YAML hardening (future meta-rules when Dockerfile/k8s detected)"
+  "- Kubernetes / Compose YAML hardening (Dockerfile hardening now ships as container meta-rules)"
+);
+out.push(
+  "- MCP-server security pack (the AI-SDK pack now covers `ai`/`openai`/Anthropic clients)"
 );
-out.push("- LLM/MCP security packs (opt-in when AI SDK deps detected)");
 out.push("- FSD layer DAG / full authorization taint tracking");
 out.push("- Lighthouse / bundle-analyzer CI gates");
 out.push("- Violation ratcheting / baseline snapshots (Phase 5)");

package/src/cli/commands.ts

@@ -0,0 +1,97 @@
+/**
+ * The single source of truth for the REPL's slash commands — drives BOTH the
+ * `/help` text and the interactive `/` palette, so they can never drift and the
+ * user never has to memorize what exists. The executor stays the `command()`
+ * switch in cli.ts; `commandVerbs()` lets a test assert the two stay in sync.
+ */
+export interface ICommandSpec {
+  /** Full token incl. leading slash, e.g. "/gate". */
+  readonly name: string;
+  /** Argument hint shown after the name (e.g. "<cmd>", "[name]"); omitted if none. */
+  readonly arg?: string;
+  /** One-line description. */
+  readonly summary: string;
+}
+
+export const COMMANDS: readonly ICommandSpec[] = [
+  { name: "/help", summary: "show this help" },
+  {
+    name: "/compact",
+    summary: "summarize the conversation to free up context",
+  },
+  {
+    name: "/clear",
+    summary: "reset the conversation (keeps the workspace + gate)",
+  },
+  {
+    name: "/plan",
+    summary:
+      "toggle plan mode (explore → clarify → plan; 'approve' implements)",
+  },
+  {
+    name: "/gate",
+    arg: "<cmd>",
+    summary: "set the gate command (empty to clear)",
+  },
+  {
+    name: "/files",
+    arg: "<globs>",
+    summary: "set the editable scope (comma-separated; empty = all)",
+  },
+  {
+    name: "/model",
+    arg: "[name]",
+    summary: "list configured models (★ active), or switch to <name>",
+  },
+  { name: "/sessions", summary: "list saved sessions" },
+  { name: "/cost", summary: "rough conversation size (messages + ~tokens)" },
+  {
+    name: "/metrics",
+    summary: "token totals + generation rate (tok/s) this session",
+  },
+  {
+    name: "/memory",
+    arg: "[forget]",
+    summary: "show learned failure→fix lessons (forget to clear)",
+  },
+  { name: "/exit", summary: "leave the session" },
+] as const;
+
+/** True when the spec takes an argument — the palette prefills `"<name> "` and
+ *  lets the user type instead of running immediately. */
+export function takesArg(spec: ICommandSpec): boolean {
+  return spec.arg !== undefined;
+}
+
+/** Command verbs (no slash) that MUST have an executor case, incl. the `/quit`
+ *  alias that isn't listed in the palette. Used by the registry↔switch parity test. */
+export const COMMAND_VERBS: readonly string[] = [
+  ...COMMANDS.map((c) => c.name.slice(1)),
+  "quit",
+];
+
+/** The `/help` body — the command table (from the registry) plus the footer. */
+export function formatHelp(): string {
+  const width = Math.max(
+    ...COMMANDS.map(
+      (c) => c.name.length + (c.arg === undefined ? 0 : c.arg.length + 1)
+    )
+  );
+  const rows = COMMANDS.map((c) => {
+    const left = c.arg === undefined ? c.name : `${c.name} ${c.arg}`;
+
+    return `  ${left.padEnd(width)}   ${c.summary}`;
+  });
+
+  return [
+    "Commands:",
+    ...rows,
+    "  /quit              alias for /exit",
+    "",
+    "Press / for an interactive menu (↑/↓ to select, type to filter, Enter to run).",
+    "Anything else is sent to the agent. It works with its tools; when it stops,",
+    'the gate (if set) confirms "done".',
+    "While it's working: type a message to STEER the next turn (e.g. 'use Tailwind');",
+    "Ctrl-C interrupts the current run.",
+  ].join("\n");
+}

package/src/cli.ts

@@ -2,6 +2,9 @@
 import { join, isAbsolute } from "node:path";
 import { appendFileSync, mkdirSync } from "node:fs";
 import { createInterface } from "node:readline/promises";
+import { emitKeypressEvents } from "node:readline";
+import { formatHelp, takesArg } from "./cli/commands";
+import { pickCommand } from "./render/command-menu";
 import { runTask, RUN_STATUS, Session, PLAN_APPROVED_NOTE } from "./loop";
 import {
   PROVIDER_LIMITS,
@@ -664,26 +667,9 @@ export function isPlanApproval(line: string): boolean {
   return /^(approve|approved|go|lgtm|implement)[.!]?$/i.test(line.trim());
 }
 
-const HELP = [
-  "Commands:",
-  "  /help            show this help",
-  "  /compact         summarize the conversation to free up context",
-  "  /clear           reset the conversation (keeps the workspace + gate)",
-  "  /plan            toggle plan mode (read-only: explore → clarify → plan; 'approve' implements)",
-  "  /gate <cmd>      set the gate command (empty to clear)",
-  "  /files <globs>   set the editable scope (comma-separated; empty = all)",
-  "  /model [name]    list configured models (★ active), or switch to <name>",
-  "  /sessions        list saved sessions (resume one with: tsforge --resume <id>)",
-  "  /cost            rough conversation size (messages + ~tokens)",
-  "  /metrics         token totals + generation rate (tok/s) this session",
-  "  /memory          show learned failure→fix lessons (/memory forget to clear)",
-  "  /exit, /quit     leave the session",
-  "",
-  "Anything else is sent to the agent. It works with its tools; when it stops,",
-  'the gate (if set) confirms "done".',
-  "While it's working: type a message to STEER the next turn (e.g. 'use Tailwind');",
-  "Ctrl-C interrupts the current run.",
-].join("\n");
+// The /help body is generated from the command registry (src/cli/commands.ts) so
+// the help text and the interactive `/` palette can never drift.
+const HELP = formatHelp();
 
 /** The session status line — distinguishes off / new / resumed. */
 function sessionLine(id: string, resumed: ISessionRecord | null): string {
@@ -788,7 +774,7 @@ async function baseGate(
   }
 
   if (args.web) {
-    const web = buildWebGate("react");
+    const web = buildWebGate("react", undefined, args.dir);
 
     return { accept: web.command, gateLabel: web.label };
   }
@@ -994,7 +980,7 @@ async function repl(args: ICliArgs): Promise<number> {
       `\n  ↳ scaffolding a ${frameworkLabel(framework)} project\n`
     );
     await setUpWebProject(args.dir, framework);
-    session.setGate(buildWebGate(framework).command);
+    session.setGate(buildWebGate(framework, undefined, args.dir).command);
     session.setFix(buildWebFix(framework));
     session.setIncrementalCheck(buildWebTscCheck());
     session.guide(webGuidance(framework));
@@ -1191,6 +1177,7 @@ async function repl(args: ICliArgs): Promise<number> {
         session.setPlanMode(planMode); // a /clear must not silently drop the mode
         planDiscussed = false;
         await persist();
+        clearScreen(); // wipe the visible terminal + scrollback, not just the state
         process.stdout.write("conversation cleared\n");
         break;
 
@@ -1356,6 +1343,23 @@ async function repl(args: ICliArgs): Promise<number> {
     statusBar.teardown();
   });
 
+  // Wipe the visible terminal + scrollback (2J + 3J + home), re-pinning the status
+  // bar around it so its scroll region stays correct. Used by /clear so the screen
+  // is a clean slate, not just the conversation state.
+  const clearScreen = (): void => {
+    const wasActive = statusBar.active;
+
+    if (wasActive) {
+      statusBar.teardown();
+    }
+
+    process.stdout.write("\x1b[2J\x1b[3J\x1b[H");
+
+    if (wasActive) {
+      statusBar.install(statusInfo());
+    }
+  };
+
   // The prompt. With the bar pinned it repaints the bar and shows only the
   // input marker; otherwise it prints the inline status line above the marker.
   const prompt = (): void => {
@@ -1374,6 +1378,7 @@ async function repl(args: ICliArgs): Promise<number> {
   await new Promise<void>((resolveLoop) => {
     let busy = false;
     let closed = false;
+    let paletteOpen = false;
 
     // Finish the loop only when stdin has closed AND no run is in flight — so a
     // stdin EOF (piped input / Ctrl-D) never kills a build mid-turn.
@@ -1417,6 +1422,50 @@ async function repl(args: ICliArgs): Promise<number> {
       }
     };
 
+    // Open the interactive `/` command palette: pick a command from a navigable
+    // list, then either run it (no-arg) or prefill the line so the user types the
+    // argument. Cancel ⇒ back to a clean prompt. Only meaningful on a TTY.
+    const openPalette = async (): Promise<void> => {
+      paletteOpen = true;
+
+      try {
+        rl.write(null, { ctrl: true, name: "u" }); // clear the typed "/"
+
+        const picked = await pickCommand(process.stdout.isTTY);
+
+        // The palette ran on the alternate screen; exiting it restored the prompt
+        // verbatim, so don't re-draw it (that left stray `›` lines). On cancel,
+        // nothing to do; for an arg command, prefill so the user types the value.
+        if (picked !== null) {
+          if (takesArg(picked)) {
+            rl.write(`${picked.name} `);
+          } else {
+            void runLine(picked.name);
+          }
+        }
+      } finally {
+        paletteOpen = false;
+      }
+    };
+
+    // Press `/` on an empty line ⇒ open the palette. setImmediate lets readline
+    // finish inserting the slash first, so `rl.line === "/"` confirms it's a fresh
+    // command start (not a slash mid-text). No-op while busy or already open.
+    if (process.stdin.isTTY) {
+      emitKeypressEvents(process.stdin);
+      process.stdin.on("keypress", (str: string | undefined) => {
+        if (busy || paletteOpen || str !== "/") {
+          return;
+        }
+
+        setImmediate(() => {
+          if (!busy && !paletteOpen && rl.line === "/") {
+            void openPalette();
+          }
+        });
+      });
+    }
+
     // Event-driven (not for-await) so stdin is read DURING a run: a line typed
     // mid-run is queued to steer the next turn (or, if "/exit", aborts). This is
     // what makes it feel like a real harness — you can redirect without waiting.

package/src/detect-gate.ts

@@ -442,7 +442,8 @@ function packEnvPrefix(
 
 export function buildWebGate(
   framework: WebFramework,
-  packs: readonly string[] = WEB_PACKS
+  packs: readonly string[] = WEB_PACKS,
+  cwd: string = process.cwd()
 ): IGate {
   const template = WEB_TEMPLATES[framework];
   const ignores = template.eslintIgnore
@@ -478,8 +479,21 @@ export function buildWebGate(
   // fails fast.
   const stubs = `bun "${STUB_CHECK}" .`;
 
+  // Type-aware async correctness (no-floating-promises / no-misused-promises) —
+  // the CORE gate already runs this via typeAwareLintPart(), but the web gate
+  // historically did not, so a dropped `await` in a handler/effect/mutation passed.
+  // Splice it in after the syntactic lint when the scaffold has a tsconfig (it
+  // always does), reusing the SHIPPED strict.type-aware config verbatim.
+  const typeAware = existsSync(join(cwd, "tsconfig.json"))
+    ? `bun "${ESLINT_BIN}" --no-config-lookup -c "${TYPE_AWARE_CONFIG}" ${ignores} --format json .`.replace(
+        /\s+/g,
+        " "
+      )
+    : null;
+  const lintChain = typeAware === null ? lint : `${lint} && ${typeAware}`;
+
   return {
-    command: `${build} && ${tsc} && ${lint} && ${stubs} && ${format} && ${render}`,
+    command: `${build} && ${tsc} && ${lintChain} && ${stubs} && ${format} && ${render}`,
     label: `${template.label} (build + behaviour smoke)`,
   };
 }

package/src/loop/feedback/meta-rule-docs.ts

@@ -86,4 +86,14 @@ export const META_RULE_DOCS: Record<string, string> = {
 
   "no-github-context-in-shell":
     "Pass github.event values through env: instead of interpolating them directly in run: shell scripts.",
+
+  // Container
+  "dockerfile-base-image-pinned":
+    "Pin every Dockerfile FROM to an explicit non-latest tag (e.g. node:24.3.0-bookworm) or a @sha256: digest; build-stage references and scratch are exempt.",
+
+  "dockerfile-non-root-user":
+    "Add a non-root USER instruction (after the install steps) so the container process does not run as root.",
+
+  "dockerfile-no-secrets-in-env-arg":
+    "Do not assign secret-looking ENV/ARG literals (names ending in _KEY/_TOKEN/_SECRET/_PASSWORD) — they bake into image layers; inject them at runtime via --env-file, a secret manager, or a BuildKit --secret mount.",
 };

package/src/loop/prompt/prompt.ts

@@ -15,6 +15,7 @@ export const SYSTEM = [
   "The harness also AUTO-FIXES mechanical formatting on every file you write — blank lines, braces, quotes, semicolons, import order, `prefer-template`. NEVER hand-fix or chase those, and do NOT run `tsc`/`eslint`/the gate yourself to look for them. Fix only what the gate explicitly hands back (`as`/`any`/`!`, `I`-prefix, real type errors), then stop.",
   "Test hypotheses by RUNNING them, never by reasoning them out. Unsure about an edge case, rounding, or ordering (`Math.floor(100/3)`, largest-remainder ties)? `run` a quick `bun -e '…console.log(…)'`, or write a throwaway `scratch/check.ts` importing your impl and `run` it. `scratch/` is yours — the gate ignores it.",
   "The gate is `tsc` strict + eslint with every rule an error, so write TypeScript that satisfies it: interfaces are `I`-prefixed; `===`; no `var`; never the non-null `!` — guard index access (`const x = arr[i]; if (x === undefined) {...}`); no `any` and no `as` — type every parameter (e.g. `.reduce((acc: number, r: number) => …, 0)`); explicit boolean conditions. When the gate flags errors in read-only files (tests/types), they come from your editable file being missing or wrong-shaped and vanish once it's correct — don't edit them.",
+  "Keep functions small: the gate caps cognitive complexity at 20 and nesting depth at 4. If a function grows long or deeply nested, extract named helpers instead of one sprawling block. Always `await` promises (or `void` them deliberately) — a floating promise is a gate error.",
 ].join("\n");
 
 /** Appended to SYSTEM for from-scratch, NON-web utility builds when the simplicity

package/src/meta-rules/context.ts

@@ -133,6 +133,55 @@ function collectWorkflowFiles(root: string): string[] {
   return out.sort();
 }
 
+/** True for a Dockerfile-shaped name: `Dockerfile`, `Dockerfile.<x>`, `<x>.Dockerfile`. */
+function isDockerfileName(entry: string): boolean {
+  return (
+    entry === "Dockerfile" ||
+    entry.startsWith("Dockerfile.") ||
+    entry.endsWith(".Dockerfile")
+  );
+}
+
+/** Dockerfiles at the root and one directory level down (e.g. docker/, apps/*). */
+function collectDockerfiles(root: string): string[] {
+  const out: string[] = [];
+
+  const scanDir = (dir: string, relBase: string): void => {
+    let entries: string[];
+
+    try {
+      entries = readdirSync(dir);
+    } catch {
+      return;
+    }
+
+    for (const entry of entries) {
+      if (IGNORE_SEGMENTS.has(entry)) {
+        continue;
+      }
+
+      const full = join(dir, entry);
+      const rel = relBase === "" ? entry : join(relBase, entry);
+
+      try {
+        const stat = statSync(full);
+
+        if (stat.isFile() && isDockerfileName(entry)) {
+          out.push(rel);
+        } else if (stat.isDirectory() && relBase === "") {
+          scanDir(full, entry); // one level only
+        }
+      } catch {
+        // Skip unreadable entries
+      }
+    }
+  };
+
+  scanDir(root, "");
+
+  return out.sort();
+}
+
 /** Parse package.json, returning null on error. */
 function parsePackageJson(root: string): Record<string, unknown> | null {
   const pkgPath = join(root, "package.json");
@@ -196,6 +245,7 @@ export function buildMetaRuleContext(
     sourceFiles: collectSourceFiles(root),
     configFiles: collectConfigFiles(root),
     workflowFiles: collectWorkflowFiles(root),
+    dockerfiles: collectDockerfiles(root),
     activePacks,
     readFile,
   };

package/src/meta-rules/meta-rules.types.ts

@@ -10,7 +10,8 @@ export type MetaRuleCategory =
   | "source-text"
   | "testing"
   | "stack-layout"
-  | "ci";
+  | "ci"
+  | "container";
 
 /** A single rule violation (file, rule, message). */
 export interface IMetaRuleViolation {
@@ -30,6 +31,7 @@ export interface IMetaRuleContext {
   readonly sourceFiles: readonly string[]; // repo-relative .ts/.tsx
   readonly configFiles: readonly string[]; // tsconfig*, eslint*, package.json, *.config.*
   readonly workflowFiles: readonly string[]; // .github/workflows/*.yml|yaml
+  readonly dockerfiles: readonly string[]; // Dockerfile, Dockerfile.*, *.Dockerfile (root + 1 level)
   readonly activePacks: readonly string[]; // pack ids from stack detection
   readonly readFile: (relPath: string) => string | null; // cached, safe
 }

package/src/meta-rules/registry.ts

@@ -25,6 +25,9 @@ import { workflowPermissionsExplicitRule } from "./rules/ci/workflow-permissions
 import { workflowPermissionsLeastPrivilegeRule } from "./rules/ci/workflow-permissions-least-privilege";
 import { noPullRequestTargetUntrustedCheckoutRule } from "./rules/ci/no-pull-request-target-untrusted-checkout";
 import { noGithubContextInShellRule } from "./rules/ci/no-github-context-in-shell";
+import { dockerfileBaseImagePinnedRule } from "./rules/docker/dockerfile-base-image-pinned";
+import { dockerfileNonRootUserRule } from "./rules/docker/dockerfile-non-root-user";
+import { dockerfileNoSecretsInEnvArgRule } from "./rules/docker/dockerfile-no-secrets-in-env-arg";
 
 /**
  * All available meta-rules, ordered by category for readability.
@@ -66,4 +69,9 @@ export const META_RULES: readonly IMetaRule[] = [
   workflowPermissionsLeastPrivilegeRule,
   noPullRequestTargetUntrustedCheckoutRule,
   noGithubContextInShellRule,
+
+  // Container
+  dockerfileBaseImagePinnedRule,
+  dockerfileNonRootUserRule,
+  dockerfileNoSecretsInEnvArgRule,
 ];

package/src/meta-rules/rules/docker/dockerfile-base-image-pinned.ts

@@ -0,0 +1,73 @@
+import type { IMetaRule, IMetaRuleViolation } from "../../meta-rules.types";
+import { dockerInstructionLines } from "./utils";
+
+/**
+ * Every `FROM` must pin its base image to an explicit, non-floating tag (or a
+ * digest). `latest` (or no tag) changes underneath you between builds with no
+ * diff — non-reproducible images and silent base-image drift.
+ */
+const FROM_PATTERN = /^(?<ref>\S+)(?:\s+[Aa][Ss]\s+(?<stage>\S+))?/u;
+
+/** The tag of an image ref, or null when untagged. Splits on the LAST `/` so a
+ *  registry host:port (which also contains `:`) is not mistaken for a tag. */
+function imageTag(ref: string): string | null {
+  const lastSlash = ref.lastIndexOf("/");
+  const finalSegment = lastSlash === -1 ? ref : ref.slice(lastSlash + 1);
+  const colon = finalSegment.indexOf(":");
+
+  return colon === -1 ? null : finalSegment.slice(colon + 1);
+}
+
+export const dockerfileBaseImagePinnedRule: IMetaRule = {
+  id: "dockerfile-base-image-pinned",
+  category: "container",
+  description:
+    "Dockerfile FROM instructions must pin an explicit non-latest tag (or a digest) so image builds are reproducible.",
+  severity: "error",
+  run(ctx) {
+    const violations: IMetaRuleViolation[] = [];
+    const stages = new Set<string>();
+
+    for (const line of dockerInstructionLines(ctx)) {
+      if (line.instruction !== "FROM") {
+        continue;
+      }
+
+      const match = FROM_PATTERN.exec(line.args);
+      const ref = match?.groups?.ref;
+      const stage = match?.groups?.stage;
+
+      if (stage !== undefined) {
+        stages.add(stage.toLowerCase());
+      }
+
+      if (ref === undefined) {
+        continue;
+      }
+
+      // Skip references to an earlier build stage and the empty `scratch` base.
+      if (stages.has(ref.toLowerCase()) || ref.toLowerCase() === "scratch") {
+        continue;
+      }
+
+      const pinnedByDigest = ref.includes("@sha256:");
+      const tag = imageTag(ref);
+
+      if (pinnedByDigest || (tag !== null && tag !== "latest")) {
+        continue;
+      }
+
+      const reason =
+        tag === "latest" ? "uses the floating `latest` tag" : "has no tag";
+
+      violations.push({
+        file: line.file,
+        ruleId: "dockerfile-base-image-pinned",
+        severity: "error",
+        message: `Line ${line.lineNo}: \`FROM ${ref}\` ${reason} — pin an explicit version (e.g. \`node:24.3.0-bookworm\`) or a \`@sha256:\` digest for reproducible builds.`,
+      });
+    }
+
+    return violations;
+  },
+};

package/src/meta-rules/rules/docker/dockerfile-no-secrets-in-env-arg.ts

@@ -0,0 +1,67 @@
+import type { IMetaRule, IMetaRuleViolation } from "../../meta-rules.types";
+import { dockerInstructionLines } from "./utils";
+
+/**
+ * Secrets must not be baked into the image via `ENV`/`ARG` literals — they
+ * persist in every image layer and `docker history`, readable by anyone who
+ * pulls the image. Inject them at runtime (`--env-file`, a secret manager, or
+ * BuildKit `--secret`) instead.
+ */
+const SECRET_NAME =
+  /(^|_)(KEY|TOKEN|SECRET|SECRETS|PASSWORD|PASSWD|CREDENTIAL|CREDENTIALS)(_|$)/u;
+
+/** The `NAME=value` (or `NAME value`) pairs declared on one ENV/ARG line. */
+function declaredName(args: string): string | null {
+  const eq = args.indexOf("=");
+  const name = eq === -1 ? args.split(/\s+/u)[0] : args.slice(0, eq);
+
+  return name === undefined || name.length === 0 ? null : name.trim();
+}
+
+/** True when the line actually assigns a value (vs. a bare build-time `ARG`). */
+function hasAssignedValue(instruction: string, args: string): boolean {
+  if (args.includes("=")) {
+    const value = args.slice(args.indexOf("=") + 1).trim();
+
+    return value.length > 0;
+  }
+
+  // `ENV NAME value` form assigns; bare `ARG NAME` does not.
+  return instruction === "ENV" && /\S+\s+\S/u.test(args);
+}
+
+export const dockerfileNoSecretsInEnvArgRule: IMetaRule = {
+  id: "dockerfile-no-secrets-in-env-arg",
+  category: "container",
+  description:
+    "Dockerfiles must not assign secret-looking ENV/ARG values (KEY/TOKEN/SECRET/PASSWORD) — they bake into image layers. Inject secrets at runtime.",
+  severity: "error",
+  run(ctx) {
+    const violations: IMetaRuleViolation[] = [];
+
+    for (const line of dockerInstructionLines(ctx)) {
+      if (line.instruction !== "ENV" && line.instruction !== "ARG") {
+        continue;
+      }
+
+      const name = declaredName(line.args);
+
+      if (
+        name === null ||
+        !SECRET_NAME.test(name.toUpperCase()) ||
+        !hasAssignedValue(line.instruction, line.args)
+      ) {
+        continue;
+      }
+
+      violations.push({
+        file: line.file,
+        ruleId: "dockerfile-no-secrets-in-env-arg",
+        severity: "error",
+        message: `Line ${line.lineNo}: \`${line.instruction} ${name}=…\` bakes a secret into the image layers (visible in \`docker history\`). Inject it at runtime via \`--env-file\`/secret manager or a BuildKit \`--secret\` mount.`,
+      });
+    }
+
+    return violations;
+  },
+};

package/src/meta-rules/rules/docker/dockerfile-non-root-user.ts

@@ -0,0 +1,58 @@
+import type { IMetaRule, IMetaRuleViolation } from "../../meta-rules.types";
+import { dockerInstructionLines } from "./utils";
+
+/**
+ * A Dockerfile must drop privileges with a non-root `USER` instruction. Running
+ * the container process as root is the default and a standard container-escape
+ * amplifier; a single `USER app` (after install steps) closes it.
+ */
+const ROOT_USERS = new Set(["root", "0", "0:0"]);
+
+/** The user name/uid from a `USER` arg (`USER node` / `USER node:node`). */
+function userName(args: string): string {
+  return args.trim().toLowerCase();
+}
+
+export const dockerfileNonRootUserRule: IMetaRule = {
+  id: "dockerfile-non-root-user",
+  category: "container",
+  description:
+    "Dockerfiles must declare a non-root USER so the container process does not run as root.",
+  severity: "error",
+  run(ctx) {
+    const violations: IMetaRuleViolation[] = [];
+    const lines = dockerInstructionLines(ctx);
+    const byFile = new Map<string, boolean>();
+
+    // Seed every READABLE Dockerfile as "no non-root USER seen yet" (readFile is
+    // cached, so this does not re-hit disk).
+    for (const file of ctx.dockerfiles) {
+      if (ctx.readFile(file) !== null) {
+        byFile.set(file, false);
+      }
+    }
+
+    for (const line of lines) {
+      if (line.instruction !== "USER") {
+        continue;
+      }
+
+      if (!ROOT_USERS.has(userName(line.args))) {
+        byFile.set(line.file, true);
+      }
+    }
+
+    for (const [file, hasNonRoot] of byFile) {
+      if (!hasNonRoot) {
+        violations.push({
+          file,
+          ruleId: "dockerfile-non-root-user",
+          severity: "error",
+          message: `${file} never drops to a non-root USER — add \`USER <non-root>\` after the install steps so the container does not run as root.`,
+        });
+      }
+    }
+
+    return violations;
+  },
+};

package/src/meta-rules/rules/docker/utils.ts

@@ -0,0 +1,58 @@
+import type { IMetaRuleContext } from "../../meta-rules.types";
+
+/** One meaningful Dockerfile instruction line (comments + blanks stripped). */
+export interface IDockerLine {
+  readonly file: string;
+  readonly lineNo: number; // 1-based
+  readonly instruction: string; // upper-cased keyword, e.g. "FROM"
+  readonly args: string; // everything after the keyword, trimmed
+  readonly raw: string;
+}
+
+const INSTRUCTION_PATTERN = /^\s*(?<keyword>[A-Za-z]+)\s+(?<args>.*\S)\s*$/u;
+
+/** Parse every Dockerfile in the context into instruction lines. Continuation
+ *  lines (`\` at EOL) and comments are skipped — good enough for the textual
+ *  hardening checks (base-image pin, USER, secret literals). */
+export function dockerInstructionLines(
+  ctx: Pick<IMetaRuleContext, "dockerfiles" | "readFile">
+): IDockerLine[] {
+  const out: IDockerLine[] = [];
+
+  for (const file of ctx.dockerfiles) {
+    const text = ctx.readFile(file);
+
+    if (text === null) {
+      continue;
+    }
+
+    const lines = text.split("\n");
+
+    for (let i = 0; i < lines.length; i += 1) {
+      const raw = lines[i] ?? "";
+      const trimmed = raw.trim();
+
+      if (trimmed.length === 0 || trimmed.startsWith("#")) {
+        continue;
+      }
+
+      const match = INSTRUCTION_PATTERN.exec(raw);
+      const keyword = match?.groups?.keyword;
+      const args = match?.groups?.args;
+
+      if (keyword === undefined || args === undefined) {
+        continue;
+      }
+
+      out.push({
+        file,
+        lineNo: i + 1,
+        instruction: keyword.toUpperCase(),
+        args: args.trim(),
+        raw,
+      });
+    }
+  }
+
+  return out;
+}

package/src/render/command-menu.ts

@@ -0,0 +1,174 @@
+import { emitKeypressEvents } from "node:readline";
+import { STYLE, paint } from "./style";
+import { COMMANDS, type ICommandSpec } from "../cli/commands";
+
+const ESC = String.fromCharCode(27);
+// Render the palette on the terminal's ALTERNATE screen buffer: enter on open,
+// clear+home before each frame, exit on close — which restores the previous screen
+// (conversation + status bar) verbatim. This avoids in-place cursor math fighting
+// the status bar's scroll region (which caused frames to stack instead of redraw).
+const ENTER_ALT = `${ESC}[?1049h${ESC}[r`; // alt screen + reset scroll margins
+const EXIT_ALT = `${ESC}[?1049l`;
+const HIDE_CURSOR = `${ESC}[?25l`;
+const SHOW_CURSOR = `${ESC}[?25h`;
+const CLEAR_HOME = `${ESC}[2J${ESC}[H`;
+
+/** Filter commands by a query (the text typed after `/`). Leading slash and case
+ *  are ignored; matches commands whose name contains the query. Empty ⇒ all. */
+export function filterCommands(
+  commands: readonly ICommandSpec[],
+  query: string
+): ICommandSpec[] {
+  const q = query.replace(/^\//u, "").toLowerCase();
+
+  if (q.length === 0) {
+    return [...commands];
+  }
+
+  return commands.filter((c) => c.name.slice(1).toLowerCase().includes(q));
+}
+
+/** Keep `selected` within `[0, count)` (wraps), so ↑/↓ never points off-list. */
+export function clampIndex(selected: number, count: number): number {
+  if (count <= 0) {
+    return 0;
+  }
+
+  return ((selected % count) + count) % count;
+}
+
+/** Render the palette as a block of lines (no trailing newline). The header echoes
+ *  the current filter + key hints; the selected row is brand-highlighted. */
+export function renderMenu(
+  items: readonly ICommandSpec[],
+  selected: number,
+  query: string,
+  color: boolean
+): string {
+  const header =
+    paint(`/${query}`, STYLE.brand, color) +
+    paint(
+      "  ↑/↓ select · type to filter · enter run · esc cancel",
+      STYLE.dim,
+      color
+    );
+
+  if (items.length === 0) {
+    return `${header}\n  ${paint("no matching command", STYLE.dim, color)}`;
+  }
+
+  const rows = items.map((c, i) => {
+    const active = i === selected;
+    const gutter = active ? paint("›", STYLE.brand, color) : " ";
+    const label = c.arg === undefined ? c.name : `${c.name} ${c.arg}`;
+    const name = paint(label, active ? STYLE.brand : STYLE.bold, color);
+
+    return `${gutter} ${name}  ${paint(c.summary, STYLE.dim, color)}`;
+  });
+
+  return [header, ...rows].join("\n");
+}
+
+/** One keypress, as decoded by readline's `emitKeypressEvents`. */
+interface IKeyInfo {
+  readonly name?: string;
+  readonly ctrl?: boolean;
+}
+
+/**
+ * The interactive `/` palette. Owns `keypress` input for its lifetime — it detaches
+ * the existing keypress listeners (readline's line editor + the REPL's `/` trigger)
+ * so they don't also react, renders a navigable list, and resolves to the chosen
+ * command or null (Esc / Ctrl-C / backspace-past-empty). `finish()` ALWAYS restores
+ * the saved listeners, so input returns to normal. No-ops to null off a TTY.
+ *
+ * Note: stdin stays in the raw, flowing mode readline already set — we only swap
+ * WHO listens, never toggle raw mode, so the terminal can't be left wedged.
+ */
+export function pickCommand(
+  color: boolean,
+  out: (s: string) => void = (s) => process.stdout.write(s)
+): Promise<ICommandSpec | null> {
+  const stdin = process.stdin;
+
+  if (!stdin.isTTY) {
+    return Promise.resolve(null);
+  }
+
+  return new Promise((resolve) => {
+    let query = "";
+    let selected = 0;
+
+    emitKeypressEvents(stdin);
+
+    // Take over keypress for the palette's lifetime: stash + detach the current
+    // listeners (readline's editor + the REPL `/` trigger) so only `onKey` reacts;
+    // restored in finish().
+    const saved = stdin.rawListeners("keypress");
+
+    stdin.removeAllListeners("keypress");
+
+    const draw = (): void => {
+      const items = filterCommands(COMMANDS, query);
+
+      selected = clampIndex(selected, items.length);
+
+      out(`${CLEAR_HOME}${renderMenu(items, selected, query, color)}`);
+    };
+
+    const finish = (result: ICommandSpec | null): void => {
+      stdin.removeListener("keypress", onKey);
+      out(`${SHOW_CURSOR}${EXIT_ALT}`); // restore the previous screen verbatim
+
+      // Restore the listeners we detached (readline's editor + the REPL trigger),
+      // forwarding through a thin wrapper so we don't fight the Function[] type.
+      for (const l of saved) {
+        stdin.on("keypress", (...args: unknown[]) => {
+          Reflect.apply(l, stdin, args);
+        });
+      }
+
+      resolve(result);
+    };
+
+    const onKey = (str: string | undefined, key: IKeyInfo): void => {
+      try {
+        if ((key.ctrl === true && key.name === "c") || key.name === "escape") {
+          finish(null);
+
+          return;
+        }
+
+        const items = filterCommands(COMMANDS, query);
+
+        if (key.name === "return" || key.name === "enter") {
+          finish(items[clampIndex(selected, items.length)] ?? null);
+        } else if (key.name === "up") {
+          selected -= 1;
+          draw();
+        } else if (key.name === "down") {
+          selected += 1;
+          draw();
+        } else if (key.name === "backspace") {
+          if (query.length === 0) {
+            finish(null); // backspace past the slash closes the palette
+          } else {
+            query = query.slice(0, -1);
+            selected = 0;
+            draw();
+          }
+        } else if (key.ctrl !== true && str?.length === 1 && str >= " ") {
+          query += str;
+          selected = 0;
+          draw();
+        }
+      } catch {
+        finish(null); // never let a render error wedge input
+      }
+    };
+
+    stdin.on("keypress", onKey);
+    out(`${ENTER_ALT}${HIDE_CURSOR}`);
+    draw();
+  });
+}

package/src/rule-packs/ai-sdk/index.ts

@@ -0,0 +1,28 @@
+import type { TSESLint } from "@typescript-eslint/utils";
+
+import { noApiKeyInClientRule } from "./rules/no-api-key-in-client";
+import { requireCompletionTokenLimitRule } from "./rules/require-completion-token-limit";
+import { noUserInputInSystemPromptRule } from "./rules/no-user-input-in-system-prompt";
+import type { IRulePack } from "../rule-packs.types";
+
+const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>> = {
+  "no-api-key-in-client": noApiKeyInClientRule,
+  "require-completion-token-limit": requireCompletionTokenLimitRule,
+  "no-user-input-in-system-prompt": noUserInputInSystemPromptRule,
+};
+
+export const aiSdkPack: IRulePack = {
+  id: "ai-sdk",
+  description:
+    "LLM/AI-SDK security and cost guardrails: no provider key in client bundles, bounded completion tokens, and no request data spliced into the system prompt",
+  rules,
+  // Structural checks block (error); the injection heuristic warns until proven
+  // precise — a false positive on an un-bypassable gate would deadlock the model.
+  rulesConfig: {
+    "no-api-key-in-client": "error",
+    "require-completion-token-limit": "error",
+    "no-user-input-in-system-prompt": "warn",
+  },
+};
+
+export default aiSdkPack;

package/src/rule-packs/ai-sdk/rules/no-api-key-in-client.ts

@@ -0,0 +1,92 @@
+import { AST_NODE_TYPES, type TSESTree } from "@typescript-eslint/utils";
+
+import { createRule } from "../../create-rule";
+
+export const RULE_NAME = "no-api-key-in-client";
+
+type MessageIds = "clientProvider";
+
+// Providers whose constructor / factory takes an API key. Building one in a
+// `"use client"` file ships the key into the browser bundle.
+const PROVIDER_CONSTRUCTORS = new Set([
+  "OpenAI",
+  "Anthropic",
+  "GoogleGenerativeAI",
+]);
+const PROVIDER_FACTORIES = new Set([
+  "createOpenAI",
+  "createAnthropic",
+  "createGoogleGenerativeAI",
+  "createAzure",
+  "createMistral",
+]);
+
+/** True when the file opens with a `"use client"` directive (client component). */
+function hasUseClientDirective(
+  body: readonly TSESTree.ProgramStatement[]
+): boolean {
+  for (const stmt of body) {
+    if (stmt.type !== AST_NODE_TYPES.ExpressionStatement) {
+      return false; // directives must lead; first non-expression ends the prologue
+    }
+
+    const expr = stmt.expression;
+
+    if (expr.type === AST_NODE_TYPES.Literal && expr.value === "use client") {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+/** `new OpenAI(...)` etc. */
+function isProviderConstruction(node: TSESTree.NewExpression): boolean {
+  return (
+    node.callee.type === AST_NODE_TYPES.Identifier &&
+    PROVIDER_CONSTRUCTORS.has(node.callee.name)
+  );
+}
+
+/** `createOpenAI(...)` etc. */
+function isProviderFactory(node: TSESTree.CallExpression): boolean {
+  return (
+    node.callee.type === AST_NODE_TYPES.Identifier &&
+    PROVIDER_FACTORIES.has(node.callee.name)
+  );
+}
+
+export const noApiKeyInClientRule = createRule<[], MessageIds>({
+  name: RULE_NAME,
+  meta: {
+    type: "problem",
+    docs: {
+      description:
+        "Disallow constructing an AI provider client in a client component — it leaks the API key into the browser bundle. Call the model from a server route/action.",
+    },
+    schema: [],
+    messages: {
+      clientProvider:
+        "Do not create an AI provider client in a `'use client'` file — the API key would ship to the browser. Move the call to a server route or server action.",
+    },
+  },
+  defaultOptions: [],
+  create(context) {
+    if (!hasUseClientDirective(context.sourceCode.ast.body)) {
+      return {};
+    }
+
+    return {
+      NewExpression(node: TSESTree.NewExpression) {
+        if (isProviderConstruction(node)) {
+          context.report({ node, messageId: "clientProvider" });
+        }
+      },
+      CallExpression(node: TSESTree.CallExpression) {
+        if (isProviderFactory(node)) {
+          context.report({ node, messageId: "clientProvider" });
+        }
+      },
+    };
+  },
+});

package/src/rule-packs/ai-sdk/rules/no-user-input-in-system-prompt.ts

@@ -0,0 +1,91 @@
+import { AST_NODE_TYPES, type TSESTree } from "@typescript-eslint/utils";
+
+import { createRule } from "../../create-rule";
+
+export const RULE_NAME = "no-user-input-in-system-prompt";
+
+type MessageIds = "dynamicSystemPrompt";
+
+/** A value built by interpolation/concatenation rather than a constant string —
+ *  the shape that splices request data into the system prompt (injection). A
+ *  plain string, identifier, or constant template (no `${}`) is fine. */
+function isDynamicString(node: TSESTree.Node): boolean {
+  if (node.type === AST_NODE_TYPES.TemplateLiteral) {
+    return node.expressions.length > 0;
+  }
+
+  return node.type === AST_NODE_TYPES.BinaryExpression && node.operator === "+";
+}
+
+/** Find a non-computed string-keyed property on an object literal. */
+function findProperty(
+  obj: TSESTree.ObjectExpression,
+  name: string
+): TSESTree.Property | null {
+  for (const p of obj.properties) {
+    if (
+      p.type === AST_NODE_TYPES.Property &&
+      !p.computed &&
+      p.key.type === AST_NODE_TYPES.Identifier &&
+      p.key.name === name
+    ) {
+      return p;
+    }
+  }
+
+  return null;
+}
+
+/** True when the object is a chat message with `role: "system"`. */
+function isSystemMessage(obj: TSESTree.ObjectExpression): boolean {
+  const role = findProperty(obj, "role");
+
+  return (
+    role !== null &&
+    role.value.type === AST_NODE_TYPES.Literal &&
+    role.value.value === "system"
+  );
+}
+
+export const noUserInputInSystemPromptRule = createRule<[], MessageIds>({
+  name: RULE_NAME,
+  meta: {
+    type: "suggestion",
+    docs: {
+      description:
+        "Warn when a system prompt is built by string interpolation/concatenation — splicing request data into the system role enables prompt injection. Keep the system prompt constant; pass user input as a user message.",
+    },
+    schema: [],
+    messages: {
+      dynamicSystemPrompt:
+        "System prompt is built dynamically — do not interpolate request/user data into the system role (prompt injection). Keep it a constant and pass user input as a `user` message.",
+    },
+  },
+  defaultOptions: [],
+  create(context) {
+    const reportIfDynamic = (value: TSESTree.Node | null): void => {
+      if (value !== null && isDynamicString(value)) {
+        context.report({ node: value, messageId: "dynamicSystemPrompt" });
+      }
+    };
+
+    return {
+      // Vercel AI SDK: `{ system: `...${x}...` }`
+      "Property[key.name='system']"(node: TSESTree.Property) {
+        if (!node.computed) {
+          reportIfDynamic(node.value);
+        }
+      },
+      // Chat messages: `{ role: "system", content: `...${x}...` }`
+      ObjectExpression(node: TSESTree.ObjectExpression) {
+        if (!isSystemMessage(node)) {
+          return;
+        }
+
+        const content = findProperty(node, "content");
+
+        reportIfDynamic(content === null ? null : content.value);
+      },
+    };
+  },
+});

package/src/rule-packs/ai-sdk/rules/require-completion-token-limit.ts

@@ -0,0 +1,112 @@
+import { AST_NODE_TYPES, type TSESTree } from "@typescript-eslint/utils";
+
+import { createRule } from "../../create-rule";
+
+export const RULE_NAME = "require-completion-token-limit";
+
+type MessageIds = "missingLimit";
+
+// Vercel AI SDK top-level generators.
+const VERCEL_FNS = new Set([
+  "generateText",
+  "streamText",
+  "generateObject",
+  "streamObject",
+]);
+// Provider-SDK members that own a `.create(...)` completion call.
+const CREATE_OWNERS = new Set(["completions", "messages", "responses"]);
+// Any of these keys bounds the output, across SDKs.
+const TOKEN_KEYS = new Set([
+  "maxTokens",
+  "max_tokens",
+  "maxOutputTokens",
+  "max_output_tokens",
+  "max_completion_tokens",
+]);
+
+/** The options object literal for a Vercel generator call, or null. */
+function vercelOptionsArg(
+  node: TSESTree.CallExpression
+): TSESTree.ObjectExpression | null {
+  if (node.callee.type !== AST_NODE_TYPES.Identifier) {
+    return null;
+  }
+
+  if (!VERCEL_FNS.has(node.callee.name)) {
+    return null;
+  }
+
+  const arg = node.arguments[0];
+
+  return arg?.type === AST_NODE_TYPES.ObjectExpression ? arg : null;
+}
+
+/** The options object for an `x.<owner>.create({...})` SDK call, or null. */
+function createCallOptionsArg(
+  node: TSESTree.CallExpression
+): TSESTree.ObjectExpression | null {
+  const callee = node.callee;
+
+  if (
+    callee.type !== AST_NODE_TYPES.MemberExpression ||
+    callee.computed ||
+    callee.property.type !== AST_NODE_TYPES.Identifier ||
+    callee.property.name !== "create"
+  ) {
+    return null;
+  }
+
+  const owner = callee.object;
+
+  if (
+    owner.type !== AST_NODE_TYPES.MemberExpression ||
+    owner.computed ||
+    owner.property.type !== AST_NODE_TYPES.Identifier ||
+    !CREATE_OWNERS.has(owner.property.name)
+  ) {
+    return null;
+  }
+
+  const arg = node.arguments[0];
+
+  return arg?.type === AST_NODE_TYPES.ObjectExpression ? arg : null;
+}
+
+/** True when the object literal sets one of the recognized token-limit keys. */
+function hasTokenLimit(obj: TSESTree.ObjectExpression): boolean {
+  return obj.properties.some(
+    (p) =>
+      p.type === AST_NODE_TYPES.Property &&
+      !p.computed &&
+      p.key.type === AST_NODE_TYPES.Identifier &&
+      TOKEN_KEYS.has(p.key.name)
+  );
+}
+
+export const requireCompletionTokenLimitRule = createRule<[], MessageIds>({
+  name: RULE_NAME,
+  meta: {
+    type: "problem",
+    docs: {
+      description:
+        "Require a token limit (maxTokens / max_tokens) on AI completion calls to bound runaway cost and latency.",
+    },
+    schema: [],
+    messages: {
+      missingLimit:
+        "AI completion call has no token limit — set `maxTokens` (Vercel AI SDK) or `max_tokens` (OpenAI/Anthropic) to bound cost and latency.",
+    },
+  },
+  defaultOptions: [],
+  create(context) {
+    return {
+      CallExpression(node: TSESTree.CallExpression) {
+        const options = vercelOptionsArg(node) ?? createCallOptionsArg(node);
+
+        if (options !== null && !hasTokenLimit(options)) {
+          context.report({ node, messageId: "missingLimit" });
+        }
+      },
+    };
+  },
+});

package/src/rule-packs/index.ts

@@ -1,6 +1,7 @@
 import type { TSESLint } from "@typescript-eslint/utils";
 
 import type { IRulePack } from "./rule-packs.types";
+import { aiSdkPack } from "./ai-sdk";
 import { authorizationPack } from "./authorization";
 import { bullmqPack } from "./bullmq";
 import { commentHygienePack } from "./comment-hygiene";
@@ -25,6 +26,7 @@ import { PACK_REGISTRY } from "../stack-detection";
 
 /** Registry of all available rule packs, keyed by pack ID. */
 export const RULE_PACKS = {
+  "ai-sdk": aiSdkPack,
   authorization: authorizationPack,
   bullmq: bullmqPack,
   "code-flow": codeFlowPack,

package/src/stack-detection/packs.ts

@@ -222,6 +222,25 @@ export const PACK_REGISTRY = {
     appliesWhen: { anyDeps: ["i18next", "react-i18next"] },
     guidance: "Keep i18n keys organized and validated.",
   } as const satisfies IRulePackDescriptor,
+
+  "ai-sdk": {
+    id: "ai-sdk",
+    label: "AI SDK Security",
+    description:
+      "LLM/AI-SDK security and cost guardrails: no provider key in client bundles, bounded completion tokens, no request data in the system prompt",
+    category: "library",
+    appliesWhen: {
+      anyDeps: [
+        "ai",
+        "openai",
+        "@anthropic-ai/sdk",
+        "@ai-sdk/openai",
+        "@ai-sdk/anthropic",
+      ],
+    },
+    guidance:
+      "Call models server-side, bound output tokens, and keep the system prompt constant.",
+  } as const satisfies IRulePackDescriptor,
 } as const;
 
 /** Ordered list of always-on pack IDs (for deterministic ordering). */

package/strict.eslint.config.mjs

@@ -13,6 +13,7 @@
 // map of bare rule names to "error" | "warn" | "off").
 import tseslint from "typescript-eslint";
 import stylistic from "@stylistic/eslint-plugin";
+import sonarjs from "eslint-plugin-sonarjs";
 
 // Load stack-aware packs if TSFORGE_PACKS env var is set
 let packConfig = [];
@@ -56,8 +57,19 @@ export default tseslint.config(
     plugins: {
       "@typescript-eslint": tseslint.plugin,
       "@stylistic": stylistic,
+      sonarjs,
     },
     rules: {
+      // Concern-mixing / copy-paste ceiling (syntactic — no type info needed).
+      // cc <= 20 is the house rule tsforge holds ITSELF to (eslint.config.js); it
+      // forces the model to decompose a sprawling function into named helpers
+      // instead of one un-reviewable block. Not auto-fixable, so it surfaces as a
+      // hand-fix error — the intended "split this up" signal. max-depth/max-params
+      // are zero-dep ESLint-core complements.
+      "sonarjs/cognitive-complexity": ["error", 20],
+      "sonarjs/no-identical-functions": "error",
+      "max-depth": ["error", 4],
+      "max-params": ["error", 4],
       // The idioms the model habitually violates — all caught WITHOUT type info.
       "@typescript-eslint/consistent-type-assertions": [
         "error",

package/strict.web.eslint.config.mjs

@@ -13,6 +13,7 @@ import stylistic from "@stylistic/eslint-plugin";
 import pluginReact from "eslint-plugin-react";
 import pluginReactHooks from "eslint-plugin-react-hooks";
 import pluginJsxA11y from "eslint-plugin-jsx-a11y";
+import sonarjs from "eslint-plugin-sonarjs";
 
 // Load stack-aware packs if TSFORGE_PACKS env var is set
 let packConfig = [];
@@ -112,6 +113,7 @@ export default tseslint.config(
       "@stylistic": stylistic,
       react: pluginReact,
       "react-hooks": pluginReactHooks,
+      sonarjs,
       boringstack: { rules: { "one-component-per-file": oneComponentPerFile } },
       ...packConfig
         .filter(
@@ -125,6 +127,13 @@ export default tseslint.config(
       // literal/tuple data (and it makes a fixed array a tuple, so literal-index
       // access is defined, not `T | undefined`). Instead we ban only the
       // value-changing forms (`x as Foo`, `<Foo>x`) via AST selectors below.
+      // Concern-mixing / copy-paste ceiling (syntactic — mirrors the core config).
+      // cc <= 20 forces decomposition into named helpers; max-depth/max-params are
+      // zero-dep ESLint-core complements.
+      "sonarjs/cognitive-complexity": ["error", 20],
+      "sonarjs/no-identical-functions": "error",
+      "max-depth": ["error", 4],
+      "max-params": ["error", 4],
       "@typescript-eslint/no-explicit-any": "error",
       "@typescript-eslint/no-non-null-assertion": "error",
       "@typescript-eslint/no-inferrable-types": "error",