@aicqtools/guardrail 1.0.0-alpha.9 → 1.0.0-beta.1

package/dist/rules-default/no-empty-catch.js.map

@@ -1 +1 @@
-{"version":3,"file":"no-empty-catch.js","sourceRoot":"","sources":["../../src/rules-default/no-empty-catch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;GAGG;AACH,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,gBAAgB;IACpB,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC;IAC7C,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,iDAAiD;IAC1D,SAAS,EAAE,6CAA6C;IACxD,QAAQ,EAAE;QACR,YAAY,CAAC,IAAI,EAAE,GAAG;YACpB,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACjC,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBACtC,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,CAAC,OAAO;gBAAE,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;KACF;CACF,CAAC,CAAC"}
+{"version":3,"file":"no-empty-catch.js","sourceRoot":"","sources":["../../src/rules-default/no-empty-catch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,+CAA+C,CAAC;AAE5E,MAAM,qBAAqB,GAAsB;IAC/C,kDAAkD;CAC1C,CAAC;AAEX,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,gBAAgB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,qBAAqB,CAAC,CAAC;CAC1E,CAAC;KACD,MAAM,EAAE,CAAC;AAMZ,2FAA2F;AAC3F,gGAAgG;AAChG,+FAA+F;AAC/F,IAAI,YAAY,GAA6B,IAAI,CAAC;AAClD,IAAI,cAAc,GAA6B,IAAI,CAAC;AAEpD,SAAS,mBAAmB,CAAC,MAAyB;IACpD,IAAI,YAAY,KAAK,MAAM,IAAI,cAAc,KAAK,IAAI;QAAE,OAAO,cAAc,CAAC;IAC9E,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,YAAY,GAAG,MAAM,CAAC;IACtB,cAAc,GAAG,QAAQ,CAAC;IAC1B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,gBAAgB;IACpB,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC;IAC7C,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,iDAAiD;IAC1D,SAAS,EAAE,6CAA6C;IACxD,YAAY,EAAE,CAAC,YAAY,CAAC;IAC5B,OAAO,EAAE;QACP,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,EAAE,gBAAgB,EAAE,CAAC,GAAG,qBAAqB,CAAC,EAAE;KAC3D;IACD,QAAQ,EAAE;QACR,YAAY,CAAC,IAAI,EAAE,GAAG;YACpB,yFAAyF;YACzF,6EAA6E;YAC7E,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,MAAM,IAAI,GAAI,GAAG,CAAC,OAA2C,IAAI;oBAC/D,gBAAgB,EAAE,qBAAqB;iBACxC,CAAC;gBACF,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBAC5D,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBAAE,OAAO;YAC3D,CAAC;YACD,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACjC,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;oBACtC,OAAO,GAAG,IAAI,CAAC;oBACf,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,CAAC,OAAO;gBAAE,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;KACF;CACF,CAAC,CAAC"}

package/dist/rules-default/no-fstring-sql.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"no-fstring-sql.d.ts","sourceRoot":"","sources":["../../src/rules-default/no-fstring-sql.ts"],"names":[],"mappings":";AAIA,wBAiBG"}
+{"version":3,"file":"no-fstring-sql.d.ts","sourceRoot":"","sources":["../../src/rules-default/no-fstring-sql.ts"],"names":[],"mappings":";AAkDA,wBA0BG"}

package/dist/rules-default/no-fstring-sql.js

@@ -1,18 +1,67 @@
+import { z } from 'zod';
 import { defineRule } from '@aicqtools/rule-sdk';
-const SQL_KEYWORD_PATTERN = /\b(SELECT|INSERT|UPDATE|DELETE|FROM|WHERE|JOIN|VALUES)\b/i;
+/**
+ * Default SQL keywords flagged inside Python f-strings. Alpha.16 exposes this list as
+ * `options.sqlKeywords` so projects can shrink it (e.g. `['SELECT']` only) or extend it
+ * (e.g. add `'CREATE TABLE'`). Default keeps alpha.15 behavior bit-for-bit identical.
+ *
+ * Multi-token keywords like `'CREATE TABLE'` work via `\b(...)\b` with the literal space
+ * preserved — note that double spaces or newlines between tokens won't match, and meta
+ * characters are escaped via `escapeRegex` to keep user-supplied keywords safe.
+ */
+const DEFAULT_SQL_KEYWORDS = [
+    'SELECT',
+    'INSERT',
+    'UPDATE',
+    'DELETE',
+    'FROM',
+    'WHERE',
+    'JOIN',
+    'VALUES',
+];
+const optionsSchema = z
+    .object({
+    sqlKeywords: z.array(z.string()).default([...DEFAULT_SQL_KEYWORDS]),
+})
+    .strict();
+function escapeRegex(s) {
+    return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+// Module-scope compile cache — keyed by source array reference equality (same trade-off as
+// alpha.15 `no-empty-catch.compileSkipPatterns`).
+let cachedSource = null;
+let cachedPattern = null;
+function compileSqlKeywordPattern(source) {
+    if (cachedSource === source && cachedPattern !== null)
+        return cachedPattern;
+    const pattern = new RegExp('\\b(' + source.map(escapeRegex).join('|') + ')\\b', 'i');
+    cachedSource = source;
+    cachedPattern = pattern;
+    return pattern;
+}
 export default defineRule({
     id: 'no-fstring-sql',
     language: 'python',
     severity: 'error',
     message: 'SQL inside f-string is a SQL injection vector — use parameterized queries.',
     messageKo: 'f-string으로 SQL 조합은 SQL 주입 위험 — 파라미터 바인딩을 사용하세요.',
+    options: {
+        schema: optionsSchema,
+        defaults: { sqlKeywords: [...DEFAULT_SQL_KEYWORDS] },
+    },
     visitors: {
         string(node, ctx) {
             const text = ctx.textOf(node);
             // Python f-string starts with f" or f' (or rf", fr", etc.)
             if (!/^[a-zA-Z]*[fF][a-zA-Z]*['"]/.test(text))
                 return;
-            if (!SQL_KEYWORD_PATTERN.test(text))
+            const opts = ctx.options ?? {
+                sqlKeywords: DEFAULT_SQL_KEYWORDS,
+            };
+            if (opts.sqlKeywords.length === 0)
+                return;
+            const pattern = compileSqlKeywordPattern(opts.sqlKeywords);
+            if (!pattern.test(text))
                 return;
             // Has interpolation `{...}`?
             if (!/\{[^{}]+\}/.test(text))

package/dist/rules-default/no-fstring-sql.js.map

@@ -1 +1 @@
-{"version":3,"file":"no-fstring-sql.js","sourceRoot":"","sources":["../../src/rules-default/no-fstring-sql.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,MAAM,mBAAmB,GAAG,2DAA2D,CAAC;AAExF,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,gBAAgB;IACpB,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,4EAA4E;IACrF,SAAS,EAAE,iDAAiD;IAC5D,QAAQ,EAAE;QACR,MAAM,CAAC,IAAI,EAAE,GAAG;YACd,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9B,2DAA2D;YAC3D,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO;YACtD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO;YAC5C,6BAA6B;YAC7B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO;YACrC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvB,CAAC;KACF;CACF,CAAC,CAAC"}
+{"version":3,"file":"no-fstring-sql.js","sourceRoot":"","sources":["../../src/rules-default/no-fstring-sql.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;;;;;;GAQG;AACH,MAAM,oBAAoB,GAAsB;IAC9C,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,OAAO;IACP,MAAM;IACN,QAAQ;CACA,CAAC;AAEX,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,oBAAoB,CAAC,CAAC;CACpE,CAAC;KACD,MAAM,EAAE,CAAC;AAMZ,SAAS,WAAW,CAAC,CAAS;IAC5B,OAAO,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED,2FAA2F;AAC3F,kDAAkD;AAClD,IAAI,YAAY,GAA6B,IAAI,CAAC;AAClD,IAAI,aAAa,GAAkB,IAAI,CAAC;AAExC,SAAS,wBAAwB,CAAC,MAAyB;IACzD,IAAI,YAAY,KAAK,MAAM,IAAI,aAAa,KAAK,IAAI;QAAE,OAAO,aAAa,CAAC;IAC5E,MAAM,OAAO,GAAG,IAAI,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC;IACrF,YAAY,GAAG,MAAM,CAAC;IACtB,aAAa,GAAG,OAAO,CAAC;IACxB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,gBAAgB;IACpB,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,4EAA4E;IACrF,SAAS,EAAE,iDAAiD;IAC5D,OAAO,EAAE;QACP,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,EAAE,WAAW,EAAE,CAAC,GAAG,oBAAoB,CAAC,EAAE;KACrD;IACD,QAAQ,EAAE;QACR,MAAM,CAAC,IAAI,EAAE,GAAG;YACd,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9B,2DAA2D;YAC3D,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO;YACtD,MAAM,IAAI,GAAI,GAAG,CAAC,OAA2C,IAAI;gBAC/D,WAAW,EAAE,oBAAoB;aAClC,CAAC;YACF,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO;YAC1C,MAAM,OAAO,GAAG,wBAAwB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO;YAChC,6BAA6B;YAC7B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO;YACrC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvB,CAAC;KACF;CACF,CAAC,CAAC"}

package/dist/rules-default/no-id-overwrite.d.ts

@@ -1,6 +1,7 @@
 /**
  * Forbid assignment to `<obj>.id`. IDs should be immutable after creation.
- * Catches the TalkUp class of bugs where conv_* IDs get overwritten with resp_*.
+ * Catches a common class of bugs where IDs are overwritten after creation
+ * (e.g. a record's id field reassigned to a child entity's id).
  */
 declare const _default: import("@aicqtools/rule-sdk").FunctionRule;
 export default _default;

package/dist/rules-default/no-id-overwrite.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"no-id-overwrite.d.ts","sourceRoot":"","sources":["../../src/rules-default/no-id-overwrite.ts"],"names":[],"mappings":"AAEA;;;GAGG;;AACH,wBAiBG"}
+{"version":3,"file":"no-id-overwrite.d.ts","sourceRoot":"","sources":["../../src/rules-default/no-id-overwrite.ts"],"names":[],"mappings":"AAEA;;;;GAIG;;AACH,wBAiBG"}

package/dist/rules-default/no-id-overwrite.js

@@ -1,7 +1,8 @@
 import { defineRule } from '@aicqtools/rule-sdk';
 /**
  * Forbid assignment to `<obj>.id`. IDs should be immutable after creation.
- * Catches the TalkUp class of bugs where conv_* IDs get overwritten with resp_*.
+ * Catches a common class of bugs where IDs are overwritten after creation
+ * (e.g. a record's id field reassigned to a child entity's id).
  */
 export default defineRule({
     id: 'no-id-overwrite',

package/dist/rules-default/no-id-overwrite.js.map

@@ -1 +1 @@
-{"version":3,"file":"no-id-overwrite.js","sourceRoot":"","sources":["../../src/rules-default/no-id-overwrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;GAGG;AACH,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,iBAAiB;IACrB,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC;IAC7C,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,0DAA0D;IACnE,SAAS,EAAE,0CAA0C;IACrD,QAAQ,EAAE;QACR,qBAAqB,CAAC,IAAI,EAAE,GAAG;YAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB;gBAAE,OAAO;YACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YACpD,IAAI,CAAC,QAAQ;gBAAE,OAAO;YACtB,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;gBAClC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;KACF;CACF,CAAC,CAAC"}
+{"version":3,"file":"no-id-overwrite.js","sourceRoot":"","sources":["../../src/rules-default/no-id-overwrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;;GAIG;AACH,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,iBAAiB;IACrB,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC;IAC7C,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,0DAA0D;IACnE,SAAS,EAAE,0CAA0C;IACrD,QAAQ,EAAE;QACR,qBAAqB,CAAC,IAAI,EAAE,GAAG;YAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,mBAAmB;gBAAE,OAAO;YACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YACpD,IAAI,CAAC,QAAQ;gBAAE,OAAO;YACtB,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;gBAClC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;KACF;CACF,CAAC,CAAC"}

package/dist/rules-default/no-magic-number.d.ts

@@ -1,3 +1,4 @@
+export declare const SKIP_FILE_RE: RegExp;
 declare const _default: import("@aicqtools/rule-sdk").FunctionRule;
 export default _default;
 //# sourceMappingURL=no-magic-number.d.ts.map

package/dist/rules-default/no-magic-number.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"no-magic-number.d.ts","sourceRoot":"","sources":["../../src/rules-default/no-magic-number.ts"],"names":[],"mappings":";AA6HA,wBAiBG"}
+{"version":3,"file":"no-magic-number.d.ts","sourceRoot":"","sources":["../../src/rules-default/no-magic-number.ts"],"names":[],"mappings":"AA0DA,eAAO,MAAM,YAAY,QAA0M,CAAC;;AA6FpO,wBA0BG"}

package/dist/rules-default/no-magic-number.js

@@ -1,3 +1,4 @@
+import { z } from 'zod';
 import { defineRule } from '@aicqtools/rule-sdk';
 /**
  * `no-magic-number` — info-severity rule that flags numeric literals appearing inline in
@@ -24,10 +25,30 @@ import { defineRule } from '@aicqtools/rule-sdk';
  * Allowed-numbers default extended to common-sense values: powers of two, common bases,
  * time/clock constants, etc.
  */
-const ALLOWED_NUMBERS = new Set([
+/**
+ * Default allowed-number literals. Common-sense values: -2..2, base-10 / base-16 / base-2,
+ * time/clock constants, plus RFC 7231 / RFC 6585 HTTP status codes (beta.1 — the
+ * `res.status(200/404/500)` pattern in Next.js/Express/Hono/Fastify routes is universal
+ * and not a magic number in any meaningful sense). Alpha.14 exposes this list as
+ * `options.allowedNumbers` so users can extend (`['0', '1', '-1', '2', '60', '3600', '86400']`
+ * for time-heavy projects) or shrink the allow-list per project.
+ */
+const DEFAULT_ALLOWED_NUMBERS = [
+    // -2..2, common bases, time/clock constants
     '0', '1', '-1', '2', '-2', '10', '16', '24', '60', '100', '1000', '1024',
-]);
-const SKIP_FILE_RE = /(\.test\.|\.spec\.|__tests__|fixtures|\.config\.|\.polyfill\.|[/\\]polyfills[/\\]|[/\\]seeders[/\\]|[/\\]migrations[/\\])/;
+    // HTTP status codes (RFC 7231 / RFC 6585) — 100 already covered by base-10
+    '101',
+    '200', '201', '204',
+    '301', '302', '304',
+    '400', '401', '403', '404', '405', '409', '422', '429',
+    '500', '502', '503', '504',
+];
+const optionsSchema = z
+    .object({
+    allowedNumbers: z.array(z.string()).default([...DEFAULT_ALLOWED_NUMBERS]),
+})
+    .strict();
+export const SKIP_FILE_RE = /(\.test\.|\.spec\.|__tests__|fixtures|\.config\.|\.polyfill\.|[/\\]polyfills[/\\]|[/\\]seeders[/\\]|[/\\]migrations[/\\]|[/\\](scripts|tools|bin)[/\\]|[/\\](native-bridge|service-worker)\.[jt]sx?$)/;
 // Callee names whose numeric args are almost always intentional, not magic numbers.
 // Matched on the leaf identifier (last name segment) — covers both `parseInt(...)` and
 // `Number.parseInt(...)` / `globalThis.setTimeout(...)`.
@@ -125,12 +146,21 @@ export default defineRule({
     severity: 'info',
     message: 'Magic number — extract to a named constant for clarity.',
     messageKo: '매직 넘버 — 명명된 상수로 추출해 의미를 명확히 하세요.',
+    skipPatterns: [SKIP_FILE_RE],
+    options: {
+        schema: optionsSchema,
+        defaults: { allowedNumbers: [...DEFAULT_ALLOWED_NUMBERS] },
+    },
     visitors: {
         number(node, ctx) {
-            if (isInSkippedFile(ctx.filePath))
+            if (!ctx.skipBuiltinSkips && isInSkippedFile(ctx.filePath))
                 return;
+            const opts = ctx.options ?? {
+                allowedNumbers: DEFAULT_ALLOWED_NUMBERS,
+            };
+            const allowed = new Set(opts.allowedNumbers);
             const text = ctx.textOf(node);
-            if (ALLOWED_NUMBERS.has(text))
+            if (allowed.has(text))
                 return;
             if (hasSkippableAncestor(node))
                 return;

package/dist/rules-default/no-magic-number.js.map

@@ -1 +1 @@
-{"version":3,"file":"no-magic-number.js","sourceRoot":"","sources":["../../src/rules-default/no-magic-number.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;CACzE,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,2HAA2H,CAAC;AAEjJ,oFAAoF;AACpF,uFAAuF;AACvF,yDAAyD;AACzD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,UAAU,EAAE,YAAY,EAAE,QAAQ;IAClC,YAAY,EAAE,aAAa,EAAE,cAAc;IAC3C,SAAS,EAAE,aAAa,EAAE,eAAe,EAAE,UAAU;IACrD,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa;IACvF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;CAC7E,CAAC,CAAC;AAEH,SAAS,eAAe,CAAC,QAAgB;IACvC,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAuB,EAAE,MAAwC;IAC7F,gGAAgG;IAChG,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACzB,OAAO,MAAM,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5F,IAAI,MAAM,CAAC,IAAI,KAAK,sBAAsB,IAAI,MAAM,CAAC,IAAI,KAAK,mBAAmB;YAAE,MAAM;QACzF,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,uFAAuF;IACvF,qBAAqB;IACrB,mCAAmC;IACnC,WAAW;IACX,iBAAiB;IACjB,8CAA8C;IAC9C,eAAe;IACf,gBAAgB;IAChB,oCAAoC;IACpC,sBAAsB;IACtB,oDAAoD;IACpD,eAAe;IACf,kBAAkB;IAClB,kBAAkB;CACnB,CAAC,CAAC;AAEH,SAAS,oBAAoB,CAAC,IAAuB;IACnD,IAAI,MAAM,GAA6B,IAAI,CAAC,MAAM,CAAC;IACnD,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAC3B,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACtD,oFAAoF;QACpF,gEAAgE;QAChE,IACE,MAAM,CAAC,IAAI,KAAK,iBAAiB;YACjC,MAAM,CAAC,IAAI,KAAK,sBAAsB;YACtC,MAAM,CAAC,IAAI,KAAK,mBAAmB;YACnC,MAAM,CAAC,IAAI,KAAK,gBAAgB;YAChC,MAAM,CAAC,IAAI,KAAK,qBAAqB,EACrC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QACvB,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,IAAuB,EAAE,MAAwC;IAC1F,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW;QAAE,OAAO,KAAK,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/B,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,iBAAiB;QAAE,OAAO,KAAK,CAAC;IACnE,MAAM,EAAE,GAAG,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,EAAE;QAAE,OAAO,KAAK,CAAC;IACtB,2FAA2F;IAC3F,IAAI,QAAQ,GAA6B,EAAE,CAAC;IAC5C,OAAO,QAAQ,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,mBAAmB,IAAI,QAAQ,CAAC,IAAI,KAAK,0BAA0B,CAAC,EAAE,CAAC;QAC3G,MAAM,SAAS,GAA6B,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACnF,MAAM,QAAQ,GAAkC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC1G,MAAM,IAAI,GAA6B,SAAS,IAAI,QAAQ,IAAI,IAAI,CAAC;QACrE,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ;YAAE,MAAM;QACtC,QAAQ,GAAG,IAAI,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC9B,OAAO,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,iBAAiB;IACrB,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC;IAC7C,QAAQ,EAAE,MAAM;IAChB,OAAO,EAAE,yDAAyD;IAClE,SAAS,EAAE,kCAAkC;IAC7C,QAAQ,EAAE;QACR,MAAM,CAAC,IAAI,EAAE,GAAG;YACd,IAAI,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC;gBAAE,OAAO;YAC1C,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9B,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,OAAO;YACtC,IAAI,oBAAoB,CAAC,IAAI,CAAC;gBAAE,OAAO;YACvC,IAAI,iBAAiB,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO;YAChD,IAAI,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO;YACnD,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvB,CAAC;KACF;CACF,CAAC,CAAC"}
+{"version":3,"file":"no-magic-number.js","sourceRoot":"","sources":["../../src/rules-default/no-magic-number.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH;;;;;;;GAOG;AACH,MAAM,uBAAuB,GAAsB;IACjD,4CAA4C;IAC5C,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM;IACxE,2EAA2E;IAC3E,KAAK;IACL,KAAK,EAAE,KAAK,EAAE,KAAK;IACnB,KAAK,EAAE,KAAK,EAAE,KAAK;IACnB,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IACtD,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;CAClB,CAAC;AAEX,MAAM,aAAa,GAAG,CAAC;KACpB,MAAM,CAAC;IACN,cAAc,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,uBAAuB,CAAC,CAAC;CAC1E,CAAC;KACD,MAAM,EAAE,CAAC;AAMZ,MAAM,CAAC,MAAM,YAAY,GAAG,uMAAuM,CAAC;AAEpO,oFAAoF;AACpF,uFAAuF;AACvF,yDAAyD;AACzD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,UAAU,EAAE,YAAY,EAAE,QAAQ;IAClC,YAAY,EAAE,aAAa,EAAE,cAAc;IAC3C,SAAS,EAAE,aAAa,EAAE,eAAe,EAAE,UAAU;IACrD,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,aAAa;IACvF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;CAC7E,CAAC,CAAC;AAEH,SAAS,eAAe,CAAC,QAAgB;IACvC,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAuB,EAAE,MAAwC;IAC7F,gGAAgG;IAChG,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACzB,OAAO,MAAM,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,kDAAkD,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5F,IAAI,MAAM,CAAC,IAAI,KAAK,sBAAsB,IAAI,MAAM,CAAC,IAAI,KAAK,mBAAmB;YAAE,MAAM;QACzF,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACzB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,uFAAuF;IACvF,qBAAqB;IACrB,mCAAmC;IACnC,WAAW;IACX,iBAAiB;IACjB,8CAA8C;IAC9C,eAAe;IACf,gBAAgB;IAChB,oCAAoC;IACpC,sBAAsB;IACtB,oDAAoD;IACpD,eAAe;IACf,kBAAkB;IAClB,kBAAkB;CACnB,CAAC,CAAC;AAEH,SAAS,oBAAoB,CAAC,IAAuB;IACnD,IAAI,MAAM,GAA6B,IAAI,CAAC,MAAM,CAAC;IACnD,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,MAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAC3B,IAAI,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACtD,oFAAoF;QACpF,gEAAgE;QAChE,IACE,MAAM,CAAC,IAAI,KAAK,iBAAiB;YACjC,MAAM,CAAC,IAAI,KAAK,sBAAsB;YACtC,MAAM,CAAC,IAAI,KAAK,mBAAmB;YACnC,MAAM,CAAC,IAAI,KAAK,gBAAgB;YAChC,MAAM,CAAC,IAAI,KAAK,qBAAqB,EACrC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QACvB,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,IAAuB,EAAE,MAAwC;IAC1F,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAC3B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW;QAAE,OAAO,KAAK,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;IAC/B,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,iBAAiB;QAAE,OAAO,KAAK,CAAC;IACnE,MAAM,EAAE,GAAG,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,CAAC,EAAE;QAAE,OAAO,KAAK,CAAC;IACtB,2FAA2F;IAC3F,IAAI,QAAQ,GAA6B,EAAE,CAAC;IAC5C,OAAO,QAAQ,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,mBAAmB,IAAI,QAAQ,CAAC,IAAI,KAAK,0BAA0B,CAAC,EAAE,CAAC;QAC3G,MAAM,SAAS,GAA6B,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACnF,MAAM,QAAQ,GAAkC,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC1G,MAAM,IAAI,GAA6B,SAAS,IAAI,QAAQ,IAAI,IAAI,CAAC;QACrE,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ;YAAE,MAAM;QACtC,QAAQ,GAAG,IAAI,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC9B,OAAO,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,iBAAiB;IACrB,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC;IAC7C,QAAQ,EAAE,MAAM;IAChB,OAAO,EAAE,yDAAyD;IAClE,SAAS,EAAE,kCAAkC;IAC7C,YAAY,EAAE,CAAC,YAAY,CAAC;IAC5B,OAAO,EAAE;QACP,MAAM,EAAE,aAAa;QACrB,QAAQ,EAAE,EAAE,cAAc,EAAE,CAAC,GAAG,uBAAuB,CAAC,EAAE;KAC3D;IACD,QAAQ,EAAE;QACR,MAAM,CAAC,IAAI,EAAE,GAAG;YACd,IAAI,CAAC,GAAG,CAAC,gBAAgB,IAAI,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC;gBAAE,OAAO;YACnE,MAAM,IAAI,GAAI,GAAG,CAAC,OAA4C,IAAI;gBAChE,cAAc,EAAE,uBAAuB;aACxC,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC7C,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9B,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,OAAO;YAC9B,IAAI,oBAAoB,CAAC,IAAI,CAAC;gBAAE,OAAO;YACvC,IAAI,iBAAiB,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO;YAChD,IAAI,oBAAoB,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC;gBAAE,OAAO;YACnD,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvB,CAAC;KACF;CACF,CAAC,CAAC"}

package/dist/rules-default/no-print-in-prod.yaml

@@ -3,6 +3,14 @@ language: python
 severity: warning
 message: Avoid bare print() in production code; use the standard `logging` module.
 messageKo: 운영 코드에서 print() 사용 지양 — 표준 `logging` 모듈을 사용하세요.
+options:
+  # Alpha.18 — YAML PatternRule framework consistency demo. The `query` below is static
+  # (`print` literal), so `disallowedFunctions` doesn't drive matching today; it's exposed
+  # purely so users can see the option via `aicq rules suggest` and override it in their
+  # config. Dynamic query substitution is deferred to a v1.0+ release.
+  defaults:
+    disallowedFunctions:
+      - print
 query: |
   (call
     function: (identifier) @fn

package/dist/runner/apply-rule-config.d.ts

@@ -1,39 +1,91 @@
-import type { RuleOverride } from '@aicqtools/core';
+import type { RuleEntry, RuleOverride } from '@aicqtools/core';
 import type { Rule } from '@aicqtools/rule-sdk';
+import { type UnknownRuleOption } from './resolve-rule-options.js';
 /**
- * Resolution of `config.modules.guardrail.rules` (the `{ ruleId: 'off' | 'warn' | 'error' }` map)
- * against the loaded rule set. Filters out `off`'d rules, overrides severity for `warn`/`error`
- * entries, and reports unknown rule ids back to the caller so the CLI can warn the user once.
+ * Resolution of `config.modules.guardrail.rules` (the `{ ruleId: RuleEntry }` map) against the
+ * loaded rule set. Filters out `off`'d rules, overrides severity for `warn`/`error` entries,
+ * resolves alpha.14 per-rule options, and reports unknown rule ids + unknown option keys back
+ * to the caller so the CLI can warn the user once.
  */
 export interface ApplyRuleConfigResult {
     readonly rules: readonly Rule[];
-    /** rule ids that appeared in the config map but matched no loaded rule */
+    /** Rule ids that appeared in the config map but matched no loaded rule. */
     readonly unknownIds: readonly string[];
+    /** Alpha.14 — resolved per-rule options keyed by ruleId. Absent entries = no options. */
+    readonly ruleOptions: ReadonlyMap<string, Readonly<Record<string, unknown>>>;
+    /** Alpha.14 — unknown option keys per rule (typo surface). One entry per rule with typos. */
+    readonly unknownOptions: readonly UnknownRuleOption[];
+    /** Alpha.14 — zod schema parse failures keyed by ruleId (caller surfaces via stderr). */
+    readonly optionParseErrors: ReadonlyMap<string, string>;
 }
-type RuleLevel = 'off' | 'warn' | 'error';
 /**
  * Apply the user-supplied `rules:` map to a loaded rule list.
  *
  * - `off`        → drop the rule from the returned list
  * - `warn`/`error` → return a copy of the rule with `severity` overridden
+ * - object shape (alpha.14) → optional `severity` override + optional `options` validated
+ *   against the rule's own zod schema; resolved options attached via `ruleOptions` map.
  * - missing entry → rule passes through unchanged
  *
- * Map keys that don't correspond to any loaded rule are collected in `unknownIds`. The function
- * never throws; an invalid level value (should already be rejected by zod) is treated as "no
- * override" rather than crashing the run.
+ * Map keys that don't correspond to any loaded rule are collected in `unknownIds`. Unknown
+ * option keys (typos inside `options`) land in `unknownOptions`. Zod parse failures land in
+ * `optionParseErrors` — the rule still runs with its `defaults`, never crashing the scan.
  */
-export declare function applyRuleConfig(rules: readonly Rule[], cfgMap: Readonly<Record<string, RuleLevel>> | undefined): ApplyRuleConfigResult;
+export declare function applyRuleConfig(rules: readonly Rule[], cfgMap: Readonly<Record<string, RuleEntry>> | undefined): ApplyRuleConfigResult;
+/**
+ * Auto-anchor a single `overrides.paths` glob (alpha.10).
+ *
+ * `fast-glob` returns absolute file paths, so a user-written `scripts/**` would silently never
+ * match. We prepend `**\/` unless the glob already carries an anchor token, mirroring the
+ * ESLint mental model where `paths: ['scripts/**']` means "any `scripts/` in the project":
+ *
+ * - leading `**` (with or without `/`) — already anchored, leave alone
+ * - leading `/` — Unix absolute path, user opted out of auto-anchor
+ * - leading `<letter>:/` — Windows drive path, same
+ * - leading `!` — negation; preserve the marker, normalize the body
+ *
+ * The function is pure and never throws. Empty input returns empty.
+ */
+export declare function normalizeOverridePath(glob: string): string;
 /**
  * Apply per-path `overrides` (alpha.8) on top of an already-globally-resolved rule list.
  *
  * For each override entry whose `paths` globs match `filePath`, merge its `rules` map into a
- * per-file effective level map. Later matching entries win for the same rule id (ESLint semantics).
+ * per-file effective entry map. Later matching entries win for the same rule id (ESLint semantics).
  * `off` drops the rule for this file; `warn`/`error` copies the rule with overridden severity.
  *
+ * Alpha.14: override entries can also carry the object shape `{ severity?, options? }`. The
+ * resolved options override the global ones for the matched files. The function returns an
+ * augmented baseline-options map (cloned, never mutates the caller's map) so the runner can
+ * thread the per-file options into `RuleContext.options`.
+ *
  * Fast path: if no overrides are configured, returns the input list unchanged so the file loop
  * stays cheap when this feature is unused.
+ *
+ * Alpha.10: `paths` globs are auto-anchored via `normalizeOverridePath` so users can write
+ * `scripts/**` instead of `**\/scripts/**` and get the expected ESLint semantics. When the
+ * optional `matchCounts` array is provided, each matched override entry's slot is incremented;
+ * the caller (CLI) reads zero-valued slots to emit "matched no files — ignored." warnings.
  */
-export declare function applyOverridesForFile(baselineRules: readonly Rule[], overrides: readonly RuleOverride[], filePath: string): readonly Rule[];
+/**
+ * Alpha.8/10 signature — returns `readonly Rule[]`. Preserved verbatim for back-compat with
+ * tests and external callers that don't need per-rule options. For runner usage (which threads
+ * options into RuleContext), call `applyOverridesForFileResolved` instead.
+ */
+export declare function applyOverridesForFile(baselineRules: readonly Rule[], overrides: readonly RuleOverride[], filePath: string, matchCounts?: number[]): readonly Rule[];
+/**
+ * Alpha.14 — extended return shape with per-rule resolved options. The runner calls this so
+ * `RuleContext.options` reflects per-file overrides on top of the global baseline.
+ */
+export interface ApplyOverridesResult {
+    readonly rules: readonly Rule[];
+    /**
+     * Per-rule resolved options for this file. Always returned (cloned from `baselineRuleOptions`
+     * when no override matched, so callers can read it unconditionally).
+     */
+    readonly ruleOptions: ReadonlyMap<string, Readonly<Record<string, unknown>>>;
+}
+export declare function applyOverridesForFileResolved(baselineRules: readonly Rule[], overrides: readonly RuleOverride[], filePath: string, matchCounts?: number[], baselineRuleOptions?: ReadonlyMap<string, Readonly<Record<string, unknown>>>): ApplyOverridesResult;
 /**
  * Collect rule ids referenced by `overrides` entries that don't match any loaded rule, paired
  * with the index of the offending override entry. The caller (CLI) uses these to emit one
@@ -45,5 +97,19 @@ export interface UnknownOverrideId {
     readonly paths: readonly string[];
 }
 export declare function collectUnknownOverrideIds(baselineRules: readonly Rule[], overrides: readonly RuleOverride[]): readonly UnknownOverrideId[];
-export {};
+/**
+ * Collect leading-`!` negation globs inside `overrides[i].paths` entries (alpha.11).
+ *
+ * Background: `applyOverridesForFile` matches a file via `micromatch.isMatch(file, paths)`, and
+ * `isMatch` with an array uses any-match (OR) semantics. A `!vendor/**` entry in `paths` therefore
+ * does NOT subtract from a sibling positive glob the way ESLint's `ignores` field would — it just
+ * silently no-ops. The CLI emits one stderr warning per offending entry so the silent footgun
+ * surfaces; users get pointed at the top-level `exclude:` field as the real opt-out path.
+ */
+export interface NegationOverridePath {
+    readonly index: number;
+    /** The negation globs found in this entry (leading `!` preserved). */
+    readonly paths: readonly string[];
+}
+export declare function collectNegationPaths(overrides: readonly RuleOverride[]): readonly NegationOverridePath[];
 //# sourceMappingURL=apply-rule-config.d.ts.map

package/dist/runner/apply-rule-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apply-rule-config.d.ts","sourceRoot":"","sources":["../../src/runner/apply-rule-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAY,MAAM,iBAAiB,CAAC;AAC9D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAEhD;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,KAAK,EAAE,SAAS,IAAI,EAAE,CAAC;IAChC,0EAA0E;IAC1E,QAAQ,CAAC,UAAU,EAAE,SAAS,MAAM,EAAE,CAAC;CACxC;AAED,KAAK,SAAS,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;AAM1C;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,SAAS,IAAI,EAAE,EACtB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,GAAG,SAAS,GACtD,qBAAqB,CAgCvB;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,aAAa,EAAE,SAAS,IAAI,EAAE,EAC9B,SAAS,EAAE,SAAS,YAAY,EAAE,EAClC,QAAQ,EAAE,MAAM,GACf,SAAS,IAAI,EAAE,CAqCjB;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;CACnC;AAED,wBAAgB,yBAAyB,CACvC,aAAa,EAAE,SAAS,IAAI,EAAE,EAC9B,SAAS,EAAE,SAAS,YAAY,EAAE,GACjC,SAAS,iBAAiB,EAAE,CAY9B"}
+{"version":3,"file":"apply-rule-config.d.ts","sourceRoot":"","sources":["../../src/runner/apply-rule-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAa,YAAY,EAAY,MAAM,iBAAiB,CAAC;AACpF,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAChD,OAAO,EAAsB,KAAK,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAEvF;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,KAAK,EAAE,SAAS,IAAI,EAAE,CAAC;IAChC,2EAA2E;IAC3E,QAAQ,CAAC,UAAU,EAAE,SAAS,MAAM,EAAE,CAAC;IACvC,yFAAyF;IACzF,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IAC7E,6FAA6F;IAC7F,QAAQ,CAAC,cAAc,EAAE,SAAS,iBAAiB,EAAE,CAAC;IACtD,yFAAyF;IACzF,QAAQ,CAAC,iBAAiB,EAAE,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACzD;AAiBD;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,SAAS,IAAI,EAAE,EACtB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,GAAG,SAAS,GACtD,qBAAqB,CAyDvB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAa1D;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH;;;;GAIG;AACH,wBAAgB,qBAAqB,CACnC,aAAa,EAAE,SAAS,IAAI,EAAE,EAC9B,SAAS,EAAE,SAAS,YAAY,EAAE,EAClC,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,EAAE,GACrB,SAAS,IAAI,EAAE,CAEjB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,SAAS,IAAI,EAAE,CAAC;IAChC;;;OAGG;IACH,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;CAC9E;AAED,wBAAgB,6BAA6B,CAC3C,aAAa,EAAE,SAAS,IAAI,EAAE,EAC9B,SAAS,EAAE,SAAS,YAAY,EAAE,EAClC,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,EAAE,EACtB,mBAAmB,CAAC,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,GAC3E,oBAAoB,CAgEtB;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;CACnC;AAED,wBAAgB,yBAAyB,CACvC,aAAa,EAAE,SAAS,IAAI,EAAE,EAC9B,SAAS,EAAE,SAAS,YAAY,EAAE,GACjC,SAAS,iBAAiB,EAAE,CAY9B;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,sEAAsE;IACtE,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;CACnC;AAED,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,SAAS,YAAY,EAAE,GACjC,SAAS,oBAAoB,EAAE,CAUjC"}