@amityco/social-plus-vise 0.8.1 → 0.12.2

package/dist/tools/project.js

@@ -1,7 +1,7 @@
 import { access, readdir, readFile } from "node:fs/promises";
 import path from "node:path";
 import { objectInput, optionalStringField, stringField, textResult } from "../types.js";
-import { findCallExpressions, parse, pickObjectProperty, resolveLiteralValue, stripComments } from "./ast.js";
+import { findCallExpressions, parse, tryParse, pickObjectProperty, resolveLiteralValue, stripComments } from "./ast.js";
 async function exists(filePath) {
     try {
         await access(filePath);
@@ -74,11 +74,16 @@ async function inspectRoot(root) {
     }
     // When react-native is detected alongside generic typescript signals, prefer react-native
     // so that platform-specific rules (react-native.*) are used for init/check/run-sensors.
+    // Same for android: an agent may create package.json (e.g. to enable npm run sp-check) which
+    // would normally trigger typescript detection — suppress it so only android rules apply.
     const rawPlatforms = Array.from(new Set(signals.map((signal) => signal.platform)));
     const hasRN = rawPlatforms.includes("react-native");
+    const hasAndroid = rawPlatforms.includes("android");
     const platforms = hasRN
         ? ["react-native", ...rawPlatforms.filter((p) => p !== "react-native" && p !== "typescript")]
-        : rawPlatforms;
+        : hasAndroid
+            ? rawPlatforms.filter((p) => p !== "typescript")
+            : rawPlatforms;
     return { platforms, signals, designSignals: await detectDesignSignals(root) };
 }
 export const inspectProjectTool = {
@@ -166,7 +171,14 @@ async function validateAndroid(root) {
     const findings = [];
     const manifestPath = "app/src/main/AndroidManifest.xml";
     const manifest = await readIfExists(path.join(root, manifestPath));
-    const buildFiles = await existingFiles(root, ["app/build.gradle", "app/build.gradle.kts", "build.gradle", "build.gradle.kts", "settings.gradle", "settings.gradle.kts"]);
+    // Scan ALL Gradle build scripts, not just app/root — a multi-module app idiomatically declares the
+    // SDK dependency in the consuming FEATURE module's build.gradle(.kts) (e.g. feature/community/impl).
+    // Only checking app/build.gradle false-fired android.dependency.sdk on those (brownfield Now-in-Android).
+    const gradleScripts = (await findFiles(root, [".gradle", ".kts"], 200)).filter((f) => /(?:^|[\\/])(?:build|settings)\.gradle(?:\.kts)?$/.test(f));
+    const buildFiles = [...new Set([
+            ...(await existingFiles(root, ["app/build.gradle", "app/build.gradle.kts", "build.gradle", "build.gradle.kts", "settings.gradle", "settings.gradle.kts"])),
+            ...gradleScripts,
+        ])];
     const buildContent = await readMany(buildFiles);
     const sourceFiles = await findFiles(root, [".kt", ".java"], 300);
     const sourceContent = await readMany(sourceFiles);
@@ -196,7 +208,17 @@ async function validateAndroid(root) {
         findings.push(finding("android.setup.present", "warning", "No obvious AmityCoreClient.setup call was found in Kotlin/Java files.", undefined, "Call SDK setup once during application startup before any social.plus API usage."));
     }
     else {
-        const activitySetup = setupFiles.find((file) => /Activity|Fragment|Composable|onCreateView/.test(sourceContent.get(file) ?? ""));
+        const activitySetup = setupFiles.find((file) => {
+            const c = sourceContent.get(file) ?? "";
+            // Application-scoped setup (a Hilt @Module / @HiltAndroidApp Application / SingletonComponent
+            // provider) is the CORRECT place — never flag it. The old marker matched the bare word
+            // "Activity" anywhere (incl. a comment like "outlives any Activity/ViewModel" in a DI module),
+            // false-firing on idiomatic Hilt setup (brownfield Now-in-Android).
+            if (/@Module\b|@HiltAndroidApp\b|SingletonComponent\b|@ApplicationContext\b|:\s*Application\b|\bApplication\s*\(\s*\)/.test(c))
+                return false;
+            // Otherwise flag setup in an actual UI lifecycle: an Activity/Fragment class, a @Composable, or onCreateView.
+            return /\bclass\s+\w*(?:Activity|Fragment)\b|:\s*(?:ComponentActivity|AppCompatActivity|Activity|Fragment)\b|@Composable\b|\bonCreateView\b/.test(c);
+        });
         if (activitySetup) {
             findings.push(finding("android.setup.lifecycle", "warning", "SDK setup appears near Activity/Fragment/UI lifecycle code.", relativeFile(root, activitySetup), "Prefer Application.onCreate so the SDK is initialized once and not reinitialized on screen recreation."));
         }
@@ -208,14 +230,16 @@ async function validateAndroid(root) {
         findings.push(finding("android.login.present", "warning", "No obvious social.plus login call was found.", undefined, "Call login after the app has a known user identity, and before subscribing to social.plus collections."));
     }
     else if (!containsAny(sourceContent, [/sessionWillRenewAccessToken/, /AmitySessionHandler/, /renewal\s*\.\s*renew\s*\(/])) {
-        findings.push(finding("android.session.renewal", "warning", "Login was found but no AmitySessionHandler with session renewal was detected.", relativeFile(root, loginFiles[0]), "Pass an AmitySessionHandler to login and call renewal.renew() in sessionWillRenewAccessToken so sessions refresh in production."));
+        findings.push(finding("android.session.renewal", "warning", "Login was found but no SessionHandler with session renewal was detected.", relativeFile(root, loginFiles[0]), "Pass a SessionHandler to login and call renewal.renew() in sessionWillRenewAccessToken so sessions refresh in production."));
     }
     if (pushRegistrationFiles.length > 0 && pushUnregisterFiles.length === 0) {
         findings.push(finding("android.push.unregister.present", "warning", "Push registration was found but no obvious unregister call was detected.", relativeFile(root, pushRegistrationFiles[0]), "Unregister device tokens on logout or user switch so notifications are not sent to the wrong user."));
     }
     // Android push payload: if onMessageReceived exists, require push-specific SDK forwarding
+    // Nexus gate (see iOS): a generic FCM handler with no social.plus push registration is the host
+    // app's own push, not a social.plus forwarding gap — require social.plus push registration first.
     const androidPayloadFiles = filesMatching(sourceContent, [/onMessageReceived/, /FirebaseMessagingService/]);
-    if (androidPayloadFiles.length > 0 && !containsAny(sourceContent, [/AmityPush/, /handlePushNotification/, /didReceiveAmityNotification/, /EkoPushNotification/, /amityPushMessaging/, /registerDeviceForPush/, /handleAmityPush/])) {
+    if (androidPayloadFiles.length > 0 && pushRegistrationFiles.length > 0 && !containsAny(sourceContent, [/AmityPush/, /handlePushNotification/, /didReceiveAmityNotification/, /EkoPushNotification/, /amityPushMessaging/, /registerDeviceForPush/, /handleAmityPush/])) {
         findings.push(finding("android.push.payload-contract-respected", "warning", "Push payload handler (onMessageReceived) exists but no social.plus push forwarding call was detected.", relativeFile(root, androidPayloadFiles[0]), "Forward incoming FCM payloads to the social.plus SDK push handler (e.g. AmityPush.handleNotification) so social notifications are routed correctly."));
     }
     if (liveDataFiles.length > 0 && !containsAny(sourceContent, [/dispose\s*\(/, /Disposable/, /CompositeDisposable/, /clear\s*\(/, /removeObserver/, /unsubscribe/])) {
@@ -232,6 +256,13 @@ async function validateAndroid(root) {
     findings.push(...validateComments(root, "android", sourceContent));
     findings.push(...validateModeration(root, "android", sourceContent));
     findings.push(...validateLiveCollectionApiMismatch(root, "android", sourceContent));
+    findings.push(...validatePostDataTypeHandled(root, "android", sourceContent));
+    findings.push(...validateAvatarFromSdk(root, "android", sourceContent));
+    findings.push(...validatePollAnswerDataShape(root, "android", sourceContent));
+    findings.push(...validateCommentsQueryHasLimit(root, "android", sourceContent));
+    findings.push(...validateCommentCreationAffordance(root, "android", sourceContent));
+    findings.push(...validateCommunityDisplayNameFromSdk(root, "android", sourceContent));
+    findings.push(...validateRoomPostFetched(root, "android", sourceContent));
     findings.push(...validatePostsStatusFilter(root, "android", sourceContent));
     findings.push(...validatePaginationCursorOpaque(root, "android", sourceContent));
     findings.push(...validatePostsParentChild(root, "android", sourceContent));
@@ -250,6 +281,7 @@ async function validateAndroid(root) {
     findings.push(...validateSessionHandlerRetention(root, "android", sourceContent));
     findings.push(...validateChat(root, "android", sourceContent));
     findings.push(...(await validateDesignReuse(root, "android", sourceContent)));
+    findings.push(...(await validateEnvSecretHygiene(root, "android", sourceContent)));
     return findings;
 }
 async function validateFlutter(root) {
@@ -278,7 +310,14 @@ async function validateFlutter(root) {
         if (!containsAny(dartContent, [/WidgetsFlutterBinding\.ensureInitialized\s*\(/])) {
             findings.push(finding("flutter.binding.initialized", "warning", "SDK setup was found but WidgetsFlutterBinding.ensureInitialized was not detected.", relativeFile(root, setupFiles[0]), "Call WidgetsFlutterBinding.ensureInitialized before async SDK setup in main()."));
         }
-        if (!containsAnyForFiles(dartContent, setupFiles, [/AmityEndpoint\./, /\bendpoint\s*:/, /\bregion\s*:/])) {
+        // Region is configured via AmityRegion.* OR an explicit endpoint (the idiomatic Flutter
+        // forms — `httpEndpoint:` is not matched by `\bendpoint:` because of the camelCase boundary
+        // + case). The real endpoint symbols are httpEndpoint/mqttEndpoint/uploadEndpoint and the
+        // AmityRegional{Http,Mqtt}Endpoint enums (verified against the SDK surface — there is no
+        // `socketEndpoint`). NOTE: do NOT key on AmityCoreClientOption — that builder is used by
+        // EVERY setup regardless of whether a region is set, so it would silence this rule for any
+        // standard setup (a false negative).
+        if (!containsAnyForFiles(dartContent, setupFiles, [/AmityEndpoint\./, /\bendpoint\s*:/, /\bregion\s*:/, /\bhttpEndpoint\s*:/i, /\bmqttEndpoint\s*:/i, /\buploadEndpoint\s*:/i, /\bAmityRegional(?:Http|Mqtt)Endpoint\b/, /\bAmityRegion\b/])) {
             findings.push(finding("flutter.setup.region", "warning", "SDK setup was found but no explicit endpoint/region marker was detected.", relativeFile(root, setupFiles[0]), "Set the endpoint/region explicitly to match the customer's social.plus console project."));
         }
     }
@@ -286,14 +325,16 @@ async function validateFlutter(root) {
         findings.push(finding("flutter.login.present", "warning", "No obvious AmityCoreClient.login call was found.", undefined, "Call login after the app has a known user identity and before social.plus queries/subscriptions."));
     }
     else if (!containsAny(dartContent, [/sessionWillRenewAccessToken/, /AmitySessionHandler/, /SessionHandler/, /renewal\s*\.\s*renew\s*\(/])) {
-        findings.push(finding("flutter.session.renewal", "warning", "Login was found but no AmitySessionHandler with session renewal was detected.", relativeFile(root, loginFiles[0]), "Implement an AmitySessionHandler and call renewal.renew() in sessionWillRenewAccessToken so sessions refresh in production."));
+        findings.push(finding("flutter.session.renewal", "warning", "Login was found but no session handler callback with session renewal was detected.", relativeFile(root, loginFiles[0]), "Pass a session handler callback (AccessTokenRenewal renewal) to login and call renewal.renew() in sessionWillRenewAccessToken so sessions refresh in production."));
     }
     if (pushRegistrationFiles.length > 0 && pushUnregisterFiles.length === 0) {
         findings.push(finding("flutter.push.unregister.present", "warning", "Push registration was found but no obvious unregister call was detected.", relativeFile(root, pushRegistrationFiles[0]), "Unregister device tokens on logout or user switch so notifications are not sent to the wrong user."));
     }
     // Flutter push payload: if FirebaseMessaging.onMessage/onBackgroundMessage exists, require push-specific SDK forwarding
+    // Nexus gate (see iOS): require social.plus push registration before demanding forwarding, so a
+    // host app's own FirebaseMessaging handler doesn't false-fire when push isn't a social.plus concern.
     const flutterPayloadFiles = filesMatching(dartContent, [/FirebaseMessaging\.onMessage/, /onBackgroundMessage/, /FirebaseMessaging\.instance/]);
-    if (flutterPayloadFiles.length > 0 && !containsAny(dartContent, [/AmityPush/, /handlePushNotification/, /didReceiveAmityNotification/, /EkoPushNotification/, /amityPushMessaging/, /registerDeviceForPush/, /handleAmityPush/])) {
+    if (flutterPayloadFiles.length > 0 && pushRegistrationFiles.length > 0 && !containsAny(dartContent, [/AmityPush/, /handlePushNotification/, /didReceiveAmityNotification/, /EkoPushNotification/, /amityPushMessaging/, /registerDeviceForPush/, /handleAmityPush/])) {
         findings.push(finding("flutter.push.payload-contract-respected", "warning", "Push payload handler (FirebaseMessaging) exists but no social.plus push forwarding call was detected.", relativeFile(root, flutterPayloadFiles[0]), "Forward incoming Firebase push payloads to the social.plus SDK push handler (e.g. AmityPush.handleNotification) so social notifications are routed correctly."));
     }
     if (liveDataFiles.length > 0 && !containsAny(dartContent, [/StreamSubscription/, /\.cancel\s*\(/, /dispose\s*\(/])) {
@@ -310,6 +351,13 @@ async function validateFlutter(root) {
     findings.push(...validateComments(root, "flutter", dartContent));
     findings.push(...validateModeration(root, "flutter", dartContent));
     findings.push(...validateLiveCollectionApiMismatch(root, "flutter", dartContent));
+    findings.push(...validatePostDataTypeHandled(root, "flutter", dartContent));
+    findings.push(...validateAvatarFromSdk(root, "flutter", dartContent));
+    findings.push(...validatePollAnswerDataShape(root, "flutter", dartContent));
+    findings.push(...validateCommentsQueryHasLimit(root, "flutter", dartContent));
+    findings.push(...validateCommentCreationAffordance(root, "flutter", dartContent));
+    findings.push(...validateCommunityDisplayNameFromSdk(root, "flutter", dartContent));
+    findings.push(...validateRoomPostFetched(root, "flutter", dartContent));
     findings.push(...validatePostsStatusFilter(root, "flutter", dartContent));
     findings.push(...validatePaginationCursorOpaque(root, "flutter", dartContent));
     findings.push(...validatePostsParentChild(root, "flutter", dartContent));
@@ -328,6 +376,7 @@ async function validateFlutter(root) {
     findings.push(...validateSessionHandlerRetention(root, "flutter", dartContent));
     findings.push(...validateChat(root, "flutter", dartContent));
     findings.push(...(await validateDesignReuse(root, "flutter", dartContent)));
+    findings.push(...(await validateEnvSecretHygiene(root, "flutter", dartContent)));
     return findings;
 }
 async function validateTypeScript(root, platform) {
@@ -335,11 +384,18 @@ async function validateTypeScript(root, platform) {
     const packageJson = await readIfExists(path.join(root, "package.json"));
     const sourceFiles = await findFiles(root, [".ts", ".tsx", ".js", ".jsx"], 500);
     const sourceContent = await readMany(sourceFiles);
-    const setupFiles = filesMatching(sourceContent, [/Client\s*\.\s*createClient/, /createClient\s*\(/]);
+    const setupFiles = filesMatching(sourceContent, [/Client\s*\.\s*createClient/, /Client\s*\.\s*create\s*\(/, /createClient\s*\(/]);
     const loginFiles = filesMatching(sourceContent, [/Client\s*\.\s*login/, /\.login\s*\(/]);
     const pushRegistrationFiles = filesMatching(sourceContent, [/registerPushNotification/, /enablePushNotification/, /PushNotification/]);
-    const pushUnregisterFiles = filesMatching(sourceContent, [/unregisterPushNotification/, /disablePushNotification/]);
-    const liveDataFiles = filesMatching(sourceContent, [/LiveCollection/, /LiveObject/, /\.subscribe\s*\(/, /\.observe\s*\(/, /queryPosts\s*\(/, /getPost\s*\(/, /onSnapshot/]);
+    // Skip .d.ts declarations when checking for unregister — type stubs declare both register and
+    // unregister methods but should not suppress the "unregister missing" finding.
+    const implContent = new Map([...sourceContent].filter(([f]) => !path.basename(f).endsWith('.d.ts')));
+    const pushUnregisterFiles = filesMatching(implContent, [/unregisterPushNotification/, /disablePushNotification/]);
+    // Only REACTIVE subscriptions need cleanup. A one-shot `await queryPosts(...)` /
+    // `await getPost(...)` returns a Promise with nothing to unsubscribe, so bare
+    // queryPosts(/getPost( are NOT live-data markers (they'd false-fire live.cleanup on
+    // one-shot awaits — found on a weak-model build). The reactive forms below remain.
+    const liveDataFiles = filesMatching(sourceContent, [/LiveCollection/, /LiveObject/, /\.subscribe\s*\(/, /\.observe\s*\(/, /\.onData\s*\(/, /onSnapshot/]);
     if (!packageJson) {
         findings.push(finding("typescript.package.present", "warning", "No package.json file was found.", "package.json", "Point repoPath at the TypeScript or React Native project root."));
     }
@@ -360,11 +416,17 @@ async function validateTypeScript(root, platform) {
         //        process.env.<*REGION*> | <*ENDPOINT*>, including NEXT_PUBLIC_, EXPO_PUBLIC_,
         //        VITE_ prefixes; also import.meta.env.<*REGION*> for Vite/Astro.
         // Any one of these is sufficient evidence the integration is region-aware.
-        const setupHasKeywordRegion = containsAnyForFiles(sourceContent, setupFiles, [/\bregion\s*:/, /\bapiRegion\b/, /\bapiEndpoint\b/]);
-        const setupHasNamedRegionDecl = containsAnyForFiles(sourceContent, setupFiles, [/\bconst\s+(region|apiRegion|endpoint|apiEndpoint)\b/, /\blet\s+(region|apiRegion|endpoint|apiEndpoint)\b/]);
+        // `API_REGIONS` is the canonical social.plus TS SDK region enum
+        // (API_REGIONS.SG/EU/US) — its presence is definitive region evidence. The
+        // named-decl form is case-insensitive so `const REGION = API_REGIONS.SG` counts.
+        //   (d) positional region argument: createClient(API_KEY, AMITY_REGION) — a 2nd arg whose name
+        //       contains "region" (incl. an uppercase env const like AMITY_REGION). Idiom (b)'s regex only
+        //       caught a `const region` decl named exactly "region"; the positional call site was missed (RN build).
+        const setupHasKeywordRegion = containsAnyForFiles(sourceContent, setupFiles, [/\bregion\s*:/, /\bapiRegion\b/, /\bapiEndpoint\b/, /\bAPI_REGIONS\b/, /createClient\s*\([^,)]+,\s*[\w.$]*[Rr]egion/i]);
+        const setupHasNamedRegionDecl = containsAnyForFiles(sourceContent, setupFiles, [/\b(?:const|let)\s+(?:region|apiRegion|endpoint|apiEndpoint)\b/i]);
         const projectHasEnvRegion = containsAny(sourceContent, [/process\.env\.[A-Z0-9_]*(?:REGION|ENDPOINT)[A-Z0-9_]*/, /import\.meta\.env\.[A-Z0-9_]*(?:REGION|ENDPOINT)[A-Z0-9_]*/]);
         if (!setupHasKeywordRegion && !setupHasNamedRegionDecl && !projectHasEnvRegion) {
-            findings.push(finding("typescript.client.region", "warning", "Client initialization was found but no explicit region or endpoint marker was detected.", relativeFile(root, setupFiles[0]), "Pass the region or endpoint that matches the customer's social.plus console project."));
+            findings.push(finding("typescript.client.region", "warning", "Client initialization was found but no explicit region or endpoint marker was detected.", relativeFile(root, setupFiles[0]), "Pass the region or endpoint that matches the customer's social.plus console project. Reuse the app's existing config or environment source of truth if one exists, and do not hardcode a guessed default region just to make setup appear green."));
         }
         const renderCycleSetup = setupFiles.find((file) => /useEffect|function\s+[A-Z]\w*\s*\(|const\s+[A-Z]\w*\s*=/.test(sourceContent.get(file) ?? ""));
         if (renderCycleSetup && platform === "react-native") {
@@ -375,12 +437,16 @@ async function validateTypeScript(root, platform) {
         findings.push(finding("typescript.login.present", "warning", "No obvious social.plus login call was found.", undefined, "Call login after the app has a known user identity, and await it before subscribing to live collections."));
     }
     if (loginFiles.length > 0 && !containsAny(sourceContent, [/sessionWillRenewAccessToken/, /sessionHandler/, /renewal\.renew/])) {
-        findings.push(finding(`${platform}.session.renewal`, "warning", "Login was found but no access-token renewal handler marker was detected.", relativeFile(root, loginFiles[0]), "Implement a session handler that renews the access token (sessionWillRenewAccessToken + renewal.renew()) so sessions refresh in production."));
+        findings.push(finding(`${platform}.session.renewal`, "warning", "Login was found but no access-token renewal handler marker was detected.", relativeFile(root, loginFiles[0]), "Implement a session handler that renews the access token (sessionWillRenewAccessToken + renewal.renew()) in the existing login path so sessions refresh in production. Preserve the current session owner and retain the handler for the full session lifetime."));
     }
     if (pushRegistrationFiles.length > 0 && pushUnregisterFiles.length === 0) {
-        findings.push(finding(`${platform}.push.unregister.present`, "warning", "Push registration was found but no obvious unregister call was detected.", relativeFile(root, pushRegistrationFiles[0]), "Unregister device tokens on logout or user switch so notifications are not sent to the wrong user."));
+        findings.push(finding(`${platform}.push.unregister.present`, "warning", "Push registration was found but no obvious unregister call was detected.", relativeFile(root, pushRegistrationFiles[0]), "Unregister device tokens when the user logs out or the component unmounts. In React/React Native, return the unregister call from useEffect: return () => { NotificationRepository.unregisterPushNotification(deviceToken).catch(() => {}); }. Also update any local registration-state you maintain. Missing unregistration means notifications continue arriving after logout, which is a privacy and UX bug."));
     }
-    if (liveDataFiles.length > 0 && !containsAny(sourceContent, [/unsubscribe\s*\(/, /\.unsubscribe\s*\(/, /return\s*\(\s*\)\s*=>/, /return\s+unsubscribe/, /AbortController/, /cleanup/i])) {
+    // A function whose RETURN TYPE is Amity.Unsubscriber hands the cleanup contract to
+    // its caller — the idiomatic repository/store pattern. Anchored on the return-type
+    // annotation `): Unsubscriber` (not a bare mention), so a disposer captured and
+    // dropped on the floor still fires.
+    if (liveDataFiles.length > 0 && !containsAny(sourceContent, [/unsubscribe\s*\(/, /\.unsubscribe\s*\(/, /return\s*\(\s*\)\s*=>/, /return\s+unsubscribe/, /AbortController/, /cleanup/i, /\)\s*:\s*(?:Amity\.)?Unsubscriber\b/, /\)\s*:\s*\(\s*\)\s*=>\s*void\b/])) {
         findings.push(finding(`${platform}.live.cleanup`, "warning", "Live Object/Collection subscription was found but no obvious cleanup was detected.", relativeFile(root, liveDataFiles[0]), "Return or call the unsubscribe cleanup from the owning component, route, or store lifecycle."));
     }
     findings.push(...validateLiteralGuardrails(root, platform, sourceContent));
@@ -395,6 +461,17 @@ async function validateTypeScript(root, platform) {
     findings.push(...validateModeration(root, platform, sourceContent));
     findings.push(...validateLiveCollectionApiMismatch(root, platform, sourceContent));
     findings.push(...validatePostsStatusFilter(root, platform, sourceContent));
+    findings.push(...validateActivityPostsTagFilter(root, platform, sourceContent));
+    findings.push(...validatePostDataTypeHandled(root, platform, sourceContent));
+    findings.push(...validateAvatarFromSdk(root, platform, sourceContent));
+    findings.push(...validatePollAnswerDataShape(root, platform, sourceContent));
+    findings.push(...validateCommentsQueryHasLimit(root, platform, sourceContent));
+    findings.push(...validateCommentCreationAffordance(root, platform, sourceContent));
+    findings.push(...validateCommunityDisplayNameFromSdk(root, platform, sourceContent));
+    findings.push(...validateRoomPostFetched(root, platform, sourceContent));
+    findings.push(...validateReactionStalePostRef(root, platform, sourceContent));
+    findings.push(...validateFollowStatusSubscription(root, platform, sourceContent));
+    findings.push(...validateMembershipUsesLiveCollection(root, platform, sourceContent));
     findings.push(...validatePaginationCursorOpaque(root, platform, sourceContent));
     findings.push(...validatePostsParentChild(root, platform, sourceContent));
     findings.push(...validateFeedTargetTypeExplicit(root, platform, sourceContent));
@@ -413,24 +490,82 @@ async function validateTypeScript(root, platform) {
     findings.push(...validateChat(root, platform, sourceContent));
     findings.push(...(await validateDesignReuse(root, platform, sourceContent)));
     if (platform === "typescript") {
-        findings.push(...(await validateTypeScriptEnvSecretHygiene(root, sourceContent)));
+        findings.push(...validateClientNoSsrInit(root, sourceContent));
     }
+    findings.push(...(await validateEnvSecretHygiene(root, platform, sourceContent)));
     return findings;
 }
-async function validateTypeScriptEnvSecretHygiene(root, sourceContent) {
+async function validateEnvSecretHygiene(root, platform, sourceContent) {
     const findings = [];
-    const envSecretFiles = await committedEnvSecretFiles(root);
-    for (const file of envSecretFiles) {
-        findings.push(finding("typescript.secret.committed-env", "warning", "A local env file appears to contain a social.plus secret.", file, "Do not commit .env files with real API keys. Commit a placeholder .env.example and keep local env files ignored."));
+    if (platform === "typescript") {
+        const envSecretFiles = await committedEnvSecretFiles(root);
+        for (const file of envSecretFiles) {
+            findings.push(finding("typescript.secret.committed-env", "warning", "A local env file appears to contain a social.plus secret.", file, "Do not commit .env files with real API keys. Commit a placeholder .env.example and keep local env files ignored."));
+        }
+    }
+    if (platform === "typescript" || platform === "react-native") {
+        if (usesEnvSecretConfig(sourceContent)) {
+            const gitignore = await readIfExists(path.join(root, ".gitignore"));
+            if (!gitignoreIgnoresEnvFiles(gitignore)) {
+                findings.push(finding(`${platform}.secret.env-gitignore`, "warning", "Source uses env-based social.plus secret config but .gitignore does not ignore local env files.", ".gitignore", "Add .env, .env.local, and environment-specific local env files to .gitignore."));
+            }
+            const hasExample = await exists(path.join(root, ".env.example")) || await exists(path.join(root, ".env.sample"));
+            if (!hasExample) {
+                findings.push(finding(`${platform}.secret.env-example`, "warning", "Source uses env-based social.plus secret config but no env example file was found.", ".env.example", "Commit .env.example with placeholder keys so agents and developers know which values to provide locally."));
+            }
+        }
+    }
+    if (platform === "flutter") {
+        const gitignore = await readIfExists(path.join(root, ".gitignore"));
+        const envContent = await readIfExists(path.join(root, ".env"));
+        const secretsDartContent = await readIfExists(path.join(root, "lib/secrets.dart")) || await readIfExists(path.join(root, "secrets.dart"));
+        const hasSecretValue = (content) => /(?:AMITY|SOCIAL_PLUS|SOCIALPLUS).*?(?:API[_-]?KEY|KEY)/i.test(content) && !content.includes("your_api_key");
+        const hasTargetEnv = envContent && hasSecretValue(envContent);
+        const hasTargetDart = secretsDartContent && hasSecretValue(secretsDartContent);
+        if ((hasTargetEnv && !gitignore.includes(".env")) || (hasTargetDart && !gitignore.includes("secrets.dart"))) {
+            findings.push(finding("flutter.secret.env-gitignore", "warning", ".env or secrets.dart contains a social.plus key but is not in .gitignore.", ".gitignore", "Add .env or secrets.dart to .gitignore."));
+        }
     }
-    if (usesEnvSecretConfig(sourceContent)) {
+    if (platform === "android") {
         const gitignore = await readIfExists(path.join(root, ".gitignore"));
-        if (!gitignoreIgnoresEnvFiles(gitignore)) {
-            findings.push(finding("typescript.secret.env-gitignore", "warning", "Source uses env-based social.plus secret config but .gitignore does not ignore local env files.", ".gitignore", "Add .env, .env.local, and environment-specific local env files to .gitignore."));
+        const localProps = await readIfExists(path.join(root, "local.properties"));
+        if (localProps && /(?:AMITY|SOCIAL_PLUS|SOCIALPLUS).*?(?:API[_-]?KEY|KEY)/i.test(localProps) && !gitignore.includes("local.properties")) {
+            findings.push(finding("android.secret.env-gitignore", "warning", "local.properties contains a social.plus key but is not in .gitignore.", ".gitignore", "Add local.properties to .gitignore."));
+        }
+    }
+    if (platform === "ios") {
+        const gitignore = await readIfExists(path.join(root, ".gitignore"));
+        const ignoresSecrets = gitignore.includes("Secrets.plist") || gitignore.includes("xcconfig");
+        let hasIosSecretFile = false;
+        for (const [file, content] of sourceContent) {
+            if ((file.endsWith("Secrets.plist") || file.endsWith(".xcconfig")) && /(?:AMITY|SOCIAL_PLUS|SOCIALPLUS).*?(?:API[_-]?KEY|KEY)/i.test(content)) {
+                hasIosSecretFile = true;
+                break;
+            }
+        }
+        if (hasIosSecretFile && !ignoresSecrets) {
+            findings.push(finding("ios.secret.env-gitignore", "warning", "Secrets.plist or .xcconfig contains a social.plus key but is not in .gitignore.", ".gitignore", "Add Secrets.plist and/or *.xcconfig to .gitignore."));
+        }
+    }
+    return findings;
+}
+function validateClientNoSsrInit(root, sourceContent) {
+    const findings = [];
+    const clientCreatePatterns = [/Client\s*\.\s*createClient/, /Client\s*\.\s*create\s*\(/, /createClient\s*\(/];
+    const serverContextPathPatterns = [/layout\.tsx?$/, /page\.tsx?$/];
+    const serverContextContentPatterns = [/getServerSideProps/, /getStaticProps/];
+    for (const [file, content] of sourceContent) {
+        if (!clientCreatePatterns.some((p) => p.test(content))) {
+            continue;
         }
-        const hasExample = await exists(path.join(root, ".env.example")) || await exists(path.join(root, ".env.sample"));
-        if (!hasExample) {
-            findings.push(finding("typescript.secret.env-example", "warning", "Source uses env-based social.plus secret config but no env example file was found.", ".env.example", "Commit .env.example with placeholder keys so agents and developers know which values to provide locally."));
+        if (/["']use client["']/.test(content)) {
+            continue;
+        }
+        const basename = path.basename(file);
+        const isServerContext = serverContextPathPatterns.some((p) => p.test(basename)) || serverContextContentPatterns.some((p) => p.test(content));
+        if (isServerContext) {
+            findings.push(finding("typescript.client.no-ssr-init", "error", "TypeScript SDK client must not be initialized in a server-side context.", relativeFile(root, file), "If this is a Next.js project, SDK initialization must happen client-side only. Wrap the client initialization call (Client.create() or createClient()) in a 'use client' component, a useEffect, or use dynamic() with { ssr: false }. Do not call it in a Server Component, layout file, or getServerSideProps."));
+            break;
         }
     }
     return findings;
@@ -664,7 +799,7 @@ function validateFeedPagination(root, platform, sourceContent) {
             }
         }
         return [
-            finding(`${platform}.feed.pagination-wired`, "warning", "A feed/posts observer is present but no pagination mechanism was detected.", relativeFile(root, file), "Wire pagination (hasMore/loadMore/nextPage, FlatList.onEndReached, LazyColumn scroll trigger, ScrollController, etc.) to avoid loading all content on mount."),
+            finding(`${platform}.feed.pagination-wired`, "warning", "A feed/posts observer is present but no pagination mechanism was detected.", relativeFile(root, file), "Wire pagination (hasMore/loadMore/nextPage, pageToken, FlatList.onEndReached, LazyColumn scroll trigger, ScrollController, etc.) to avoid loading all content on mount. When repairing a live feed, preserve any existing pagination inputs or state instead of dropping them."),
         ];
     }
     return [];
@@ -704,8 +839,11 @@ function validateFeedModerationAffordance(root, platform, sourceContent) {
 }
 // ─── Logout on user-switch ───────────────────────────────────────────────────
 const USER_SWITCH_SYMBOLS = [
-    /switchUser/i, /setCurrentUser/i, /authStateChanged/i, /onAuthStateChanged/i,
-    /logoutAndLogin/i, /signInAs/i, /changeUser/i, /setUser/i,
+    // setActiveUser is the real SDK user-switch. `setCurrentUser`/`setUser` were REMOVED — they collide
+    // with ubiquitous React useState setters (`const [u, setCurrentUser] = useState(...)`) and false-fired
+    // logout-on-user-switch on an RN feed screen that merely READ the active user into state.
+    /switchUser/i, /setActiveUser/i, /authStateChanged/i, /onAuthStateChanged/i,
+    /logoutAndLogin/i, /signInAs/i, /changeUser/i,
 ];
 const LOGIN_PATTERNS_BY_PLATFORM = {
     android: [/AmityCoreClient\.login/, /\.login\s*\(/],
@@ -735,7 +873,7 @@ function validateLogoutOnUserSwitch(root, platform, sourceContent) {
     if (containsAny(sourceContent, logoutMarkers))
         return [];
     return [
-        finding(`${platform}.auth.logout-on-user-switch`, "warning", "User-switch pattern detected with social.plus login, but no logout/disconnect call was found. Switching users without logout can leak state across identities.", relativeFile(root, switchFiles[0]), "Call logout or disconnect on the current session before logging in as a different user. Attest if the switch is handled by a centralized auth coordinator."),
+        finding(`${platform}.auth.logout-on-user-switch`, "warning", "User-switch pattern detected with social.plus login, but no logout/disconnect call was found. Switching users without logout can leak state across identities.", relativeFile(root, switchFiles[0]), "Call logout or disconnect on the current session before logging in as a different user. Preserve the existing sessionHandler or renewal wiring on the subsequent login call, and attest only if a centralized auth coordinator owns the switch flow."),
     ];
 }
 // ─── No anonymous write ──────────────────────────────────────────────────────
@@ -746,9 +884,14 @@ const WRITE_CALL_PATTERNS = [
     /\.createPost\s*\(/, /\.createComment\s*\(/, /\.sendMessage\s*\(/,
 ];
 const AUTH_GATE_MARKERS = [
-    /\bcurrentUser\b/, /\bisAuthenticated\b/, /\brequireAuth\b/,
+    // `currentUser` prefix, NOT \bcurrentUser\b — a write gated on `currentUserId` (the
+    // session-derived user id, idiomatically passed into a component) is a valid
+    // anonymous-write guard, and \b after "currentUser" would not match "currentUserId".
+    /\bcurrentUser\w*/, /\bisAuthenticated\b/, /\brequireAuth\b/,
     /\bsession\b/, /\bisLoggedIn\b/, /\bauthState\b/,
-    /\bgetCurrentUser\b/, /\bgetAccessToken\b/, /\baccessToken\b/,
+    // \w* not \b: `getCurrentUserId()` (the session-derived id used to gate writes) must match —
+    // the trailing \b would stop at "getCurrentUser" and miss the camelCase suffix (recurring pattern).
+    /\bgetCurrentUser\w*/, /\bgetAccessToken\b/, /\baccessToken\b/,
     /\bauthGuard\b/, /\bwithAuth\b/, /\bProtectedRoute\b/, /\bAuthProvider\b/,
 ];
 function validateNoAnonymousWrite(root, platform, sourceContent) {
@@ -811,8 +954,8 @@ const COMMENT_PRESENCE_PATTERNS = [
 const COMMENT_OBSERVER_CLEANUP_MARKERS_BY_PLATFORM = {
     android: [/dispose\s*\(/, /Disposable/, /CompositeDisposable/, /clear\s*\(/, /removeObserver/, /unsubscribe/],
     flutter: [/StreamSubscription/, /\.cancel\s*\(/, /dispose\s*\(/],
-    typescript: [/unsubscribe/, /\.off\s*\(/, /removeListener/, /dispose/],
-    "react-native": [/unsubscribe/, /\.off\s*\(/, /removeListener/, /dispose/, /useEffect.*return/],
+    typescript: [/unsubscribe/, /unobserve/, /\.off\s*\(/, /removeListener/, /dispose/, /\)\s*:\s*(?:Amity\.)?Unsubscriber\b/, /\)\s*:\s*\(\s*\)\s*=>\s*void\b/, /return\s*\(\s*\)\s*=>/],
+    "react-native": [/unsubscribe/, /unobserve/, /\.off\s*\(/, /removeListener/, /dispose/, /useEffect.*return/, /\)\s*:\s*(?:Amity\.)?Unsubscriber\b/, /\)\s*:\s*\(\s*\)\s*=>\s*void\b/, /return\s*\(\s*\)\s*=>/],
     ios: [/\.invalidate\s*\(/, /AmityNotificationToken/, /deinit/, /viewWillDisappear/],
 };
 const COMMENT_UI_STATE_MARKERS = [
@@ -833,9 +976,19 @@ function validateComments(root, platform, sourceContent) {
             break;
         }
     }
-    // observer-cleanup: if comment live collection exists, require cleanup
+    // observer-cleanup: require cleanup only for a REACTIVE comment observer. The
+    // distinguisher is `await`: a one-shot `await queryComments(...)` returns a Promise
+    // with nothing to clean up (false-fired on a weak-model build), whereas a non-awaited
+    // getComments/queryComments creates a live collection that must be disposed. Strip the
+    // awaited one-shot queries, then any remaining (bare-call, assigned, or chained) comment
+    // query is a live observer.
+    const hasReactiveCommentObserver = [...sourceContent.values()].some((c) => {
+        const stripped = c.replace(/\bawait\b[^\n;]*?(?:get|query)Comments\s*\(/g, "");
+        return /(?:get|query)Comments\s*\(/.test(stripped)
+            || /CommentLiveCollection|AmityCommentCollection|commentCollection/.test(c);
+    });
     const cleanupMarkers = COMMENT_OBSERVER_CLEANUP_MARKERS_BY_PLATFORM[platform] ?? COMMENT_OBSERVER_CLEANUP_MARKERS_BY_PLATFORM.typescript;
-    if (!containsAny(sourceContent, cleanupMarkers)) {
+    if (commentFiles.length > 0 && hasReactiveCommentObserver && !containsAny(sourceContent, cleanupMarkers)) {
         findings.push(finding(`${platform}.comments.observer-cleanup`, "warning", "Comment observer/subscription was found but no obvious cleanup was detected.", relativeFile(root, commentFiles[0]), "Dispose or unsubscribe comment observers when the lifecycle owner is destroyed."));
     }
     // ui-states-present: require loading/empty/error states
@@ -938,6 +1091,25 @@ function validateChat(root, platform, sourceContent) {
     const chatFiles = filesMatching(sourceContent, CHAT_PRESENCE_PATTERNS);
     if (chatFiles.length === 0)
         return findings;
+    // channel-type-dm: createChannel with type 'community' AND userIds indicates DM intent with wrong type.
+    // Disambiguating condition: community channels do not pass userIds in createChannel (membership is
+    // managed separately). If userIds appears alongside type:'community', the intent is clearly a DM
+    // conversation but the wrong channel type was used. Do NOT fire on community channels without userIds.
+    for (const filePath of chatFiles) {
+        const content = sourceContent.get(filePath) ?? "";
+        if (/\bcreateChannel\b/.test(content)) {
+            const hasCommunityType = /createChannel[\s\S]{0,400}type\s*:\s*['"]community['"]/.test(content);
+            const hasUserIds = /createChannel[\s\S]{0,400}\buserIds\b/.test(content);
+            const hasConversationType = /createChannel[\s\S]{0,400}type\s*:\s*['"]conversation['"]/.test(content);
+            // Only fire on react-native/typescript where this rule is registered.
+            // Only fire when both type:'community' AND userIds are present — that combination signals
+            // DM intent. Community channel creation does not pass userIds to createChannel.
+            if ((platform === "react-native" || platform === "typescript") && hasCommunityType && hasUserIds && !hasConversationType) {
+                findings.push(finding(`${platform}.chat.channel-type-dm`, "warning", "createChannel uses type 'community' with userIds, which indicates DM intent — but 'community' creates a discoverable group channel, not a private conversation.", relativeFile(root, filePath), "Use type: 'conversation' for 1-to-1 direct messages between known users. 'community' channels are discoverable group channels; passing userIds to createChannel with type:'community' does not create a private DM."));
+                break;
+            }
+        }
+    }
     // channel-target-resolved: check for hardcoded channelId/conversationId
     for (const filePath of chatFiles) {
         const content = sourceContent.get(filePath) ?? "";
@@ -1013,6 +1185,9 @@ function validateLiveCollectionApiMismatch(root, platform, sourceContent) {
         /\bListView\b/,
         /\bRecyclerView\b/,
         /\bLazyColumn\b/,
+        /\bLazyRow\b/, // Jetpack Compose lists
+        /\bLazyVerticalGrid\b/,
+        /\bLazyVerticalStaggeredGrid\b/,
         /\bForEach\b/,
         /\bList\s*\(/,
         /\bsubmitList\b/,
@@ -1027,19 +1202,39 @@ function validateLiveCollectionApiMismatch(root, platform, sourceContent) {
         /\bonData\b/,
         /\bStreamBuilder\b/,
         /\bLiveData\b/,
+        /\bMutableLiveData\b/, // Android LiveData (modern; `\bLiveData\b` misses Mutable/Mediator forms)
+        /\bMediatorLiveData\b/,
+        /collectAsState/, // Jetpack Compose: Flow/StateFlow → State (collectAsState, collectAsStateWithLifecycle)
+        /observeAsState/, // Jetpack Compose: LiveData → State
         /Amity\w*Flow\b/,
         /\bPagingData\b/,
+        /LazyPagingItems/, // Paging3 Compose: getX().collectAsLazyPagingItems() in a LazyColumn — reactive
+        /collectAsLazyPagingItems/,
+        /\.on\s*\(\s*['"]data[A-Z]/, // event-emitter SDK pattern: .on('dataUpdated', ...)
+        /\$snapshots\b/, // iOS Combine: AmityCollection.$snapshots.sink { ... }
+        /\bAmityCollection\b/, // iOS live collection type, consumed reactively (@Published / .snapshots in a List)
+        /\bLiveCollectionCallback\b/, // TS/RN live-collection callback type (Amity.LiveCollectionCallback)
+        /\bLiveObjectCallback\b/, // TS/RN live-object callback type
+        // TS/RN reactive form: getPosts(params, callback) / getComments(params, cb) — the
+        // 2-arg callback form IS the live collection (callback fires on every update). Earlier
+        // markers only knew getLiveCollection/observe and missed this idiomatic v6 form. The
+        // first arg is a flat params OBJECT or an identifier; the callback is a genuine SECOND
+        // argument — matching `{...},` (not a comma *inside* the object, which would falsely
+        // count a one-shot `queryPosts({ a, b })` as reactive).
+        /\b(?:get|query)(?:Posts|Comments|Channels|Communities|Users|Members|Reactions)\s*\(\s*(?:\{[^{}]*\}|\w+)\s*,\s*(?:\w+|\([^)]*\)\s*=>|function\b|async\b)/,
         /\/\/\s*vise:\s*one-shot query/i
     ];
     for (const [file, content] of sourceContent) {
         const rel = relativeFile(root, file);
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
         const hasListQuery = LIST_QUERY_PATTERNS.some((p) => p.test(content));
         if (hasListQuery) {
             const hasListUI = LIST_UI_PATTERNS.some((p) => p.test(content));
             if (hasListUI) {
                 const hasReactivity = REACTIVE_MARKERS.some((p) => p.test(content));
                 if (!hasReactivity) {
-                    findings.push(finding(ruleId, "warning", `A list query (like getPosts) is present but no reactive markers (getLiveCollection, observe, onData) were found in the same file.`, rel, "Use the reactive LiveCollection API for lists so the UI updates when new items arrive. If a one-shot query is truly intended, add comment // vise: one-shot query."));
+                    findings.push(finding(ruleId, "warning", `A list query (like getPosts) is present but no reactive markers (getLiveCollection, observe, onData) were found in the same file.`, rel, "Use the reactive LiveCollection API for lists so the UI updates when new items arrive. Preserve existing query options and pagination wiring (for example pageToken, hasMore/loadMore, useInfiniteQuery) while converting the list to live updates. If a one-shot query is truly intended, add comment // vise: one-shot query."));
                 }
             }
         }
@@ -1052,7 +1247,10 @@ function validatePostsStatusFilter(root, platform, sourceContent) {
     const POST_QUERY_PATTERNS = [
         /\bgetPosts\b/,
         /\bqueryPosts\b/,
-        /\bgetCommunityFeed\b/
+        // getCommunityFeed intentionally NOT matched: it is also a common name for a
+        // user-defined wrapper, and firing on a wrapper CALL SITE (which has no query
+        // params to filter) is a false positive. The explicit getPosts/queryPosts cover
+        // the real query path where filters are actually applied.
     ];
     const FILTER_MARKERS = [
         /\bfeedTypes?\b/,
@@ -1078,6 +1276,99 @@ function validatePostsStatusFilter(root, platform, sourceContent) {
     }
     return findings;
 }
+function validateActivityPostsTagFilter(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.posts.activity-tag-filter`;
+    for (const [file, content] of sourceContent) {
+        const rel = relativeFile(root, file);
+        const filename = path.basename(file).toLowerCase();
+        if (filename.endsWith('.d.ts'))
+            continue;
+        // Only fire for files that are clearly activity / toast / notification hooks
+        if (!/activity|toast|notification|event/.test(filename))
+            continue;
+        if (!/\bgetPosts\b/.test(content))
+            continue;
+        if (/\btags\s*:/.test(content))
+            continue;
+        if (/\/\/\s*vise:\s*untagged posts intentional/i.test(content))
+            continue;
+        findings.push(finding(ruleId, "warning", "A getPosts query in an activity or toast hook is missing a tags filter.", rel, "Add a tags: ['activity'] parameter to the existing query object — e.g. change PostRepository.getPosts({ communityId }) to PostRepository.getPosts({ communityId, tags: ['activity'] }). Without this filter every community post enters the toast pipeline, not just activity events. Do not rewrite the query style; just add the tags field."));
+    }
+    return findings;
+}
+function validateReactionStalePostRef(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.posts.reaction-stale-post-ref`;
+    for (const [file, content] of sourceContent) {
+        const rel = relativeFile(root, file);
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        // Only check files that have reaction calls
+        if (!/\baddReaction\b|\bremoveReaction\b/.test(content))
+            continue;
+        // Only check files that use a ref (React hook — TypeScript/React Native only)
+        if (!/\buseRef\b/.test(content))
+            continue;
+        // Look for .current passed into the reaction call — the stale-ref pattern
+        if (!/.current\b/.test(content))
+            continue;
+        // If the file already reads post.postId from live state it is correct
+        if (/\bpost\s*\??\.\s*postId\b/.test(content))
+            continue;
+        if (/\/\/\s*vise:\s*captured ref intentional/i.test(content))
+            continue;
+        findings.push(finding(ruleId, "warning", "A reaction call (addReaction/removeReaction) uses a captured ref instead of reading postId from live state.", rel, "Delete the captured ref variable (capturedPostId / similar) completely — remove the useRef declaration, the assignment inside the subscription callback, and every reference to .current. Then pass post?.postId directly to addReaction and removeReaction, and add the live post variable to the useCallback dependency array: useCallback(async (name) => { await addReaction('post', post?.postId, name); }, [post]). Keeping the ref — even without the null-guard — is still the stale-ref pattern."));
+    }
+    return findings;
+}
+function validateFollowStatusSubscription(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.follow.status-subscription`;
+    for (const [file, content] of sourceContent) {
+        const rel = relativeFile(root, file);
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        if (!/\bgetFollowStatus\b/.test(content))
+            continue;
+        // Positive markers: live object subscription or explicit escape hatch.
+        // The canonical "live" pattern is `getFollowStatus(userId, ({ data }) => ...)` —
+        // a callback that receives the live snapshot. That's also what the
+        // recommendation below suggests. If the call passes a function-style argument
+        // (arrow or function), treat it as a live subscription.
+        if (/\.on\s*\(\s*['"]dataUpdated['"]/.test(content) ||
+            /\bLiveObject\b/.test(content) ||
+            /\bobserve\s*\(/.test(content) ||
+            // `getFollowStatus(userId, callback)` — two-arg form (comma inside the
+            // first level of parens). Matches the recommended pattern whether the
+            // callback is inline `({ data }) => …` or a named reference.
+            // [^()]* keeps us inside the first level — disqualifies promise chains
+            // like `getFollowStatus(userId).then(...)` which have no comma inside.
+            /getFollowStatus\s*\([^()]*,/.test(content) ||
+            /\/\/\s*vise:\s*one-shot follow status intentional/i.test(content))
+            continue;
+        findings.push(finding(ruleId, "warning", "getFollowStatus is called without a live subscription. Follow state will not update when the relationship changes.", rel, "Subscribe to the live object returned by getFollowStatus and dispose on cleanup: const unsubFollow = UserRepository.getFollowStatus(userId, ({ data }) => { if (data) setFollowStatus(data.status); }); return () => { unsubFollow(); };"));
+        break;
+    }
+    return findings;
+}
+function validateMembershipUsesLiveCollection(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.membership.use-live-collection`;
+    for (const [file, content] of sourceContent) {
+        const rel = relativeFile(root, file);
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        if (!/\bsearchMembers\b/.test(content))
+            continue;
+        if (/\bgetMembers\b/.test(content))
+            continue; // already uses live collection
+        if (/\/\/\s*vise:\s*one-shot membership intentional/i.test(content))
+            continue;
+        findings.push(finding(ruleId, "warning", "searchMembers is a one-shot query — it fetches membership once and will not update when members join or leave.", rel, "Replace searchMembers with CommunityRepository.Membership.getMembers({ communityId }) which returns a LiveCollection. Subscribe to dataUpdated for real-time membership changes and call dispose() for cleanup: const liveCollection = CommunityRepository.Membership.getMembers({ communityId }); liveCollection.on('dataUpdated', (members) => setMembers(members)); return () => liveCollection.dispose();"));
+    }
+    return findings;
+}
 function validatePaginationCursorOpaque(root, platform, sourceContent) {
     const findings = [];
     const ruleId = `${platform}.pagination.cursor-opaque`;
@@ -1115,23 +1406,57 @@ function validatePaginationCursorOpaque(root, platform, sourceContent) {
 function validatePostsParentChild(root, platform, sourceContent) {
     const findings = [];
     const ruleId = `${platform}.posts.parent-child-rendered`;
+    // Direct text-field reads that signal a component is rendering the post body.
+    // Deliberately NOT a bare `post.data` — that also matches passing post.data as
+    // an argument to a content/share helper (e.g. textFromContent(post.dataType,
+    // post.data)) in a non-rendering file like an actions menu, which produced a
+    // false positive on a correctly-factored app where rendering and the actions
+    // menu live in separate files.
+    // Case-SENSITIVE on purpose: lowercase `post.data.text` is post-body rendering,
+    // but the case-insensitive form also matched Kotlin/Swift sealed-class type
+    // discriminators like `AmityComment.Data.TEXT` / `AmityMessage.Data.TEXT` —
+    // which are type checks in comment/message code, not post rendering. That
+    // produced a large false-positive cluster on real Kotlin (Android sample app).
     const POST_RENDER_PATTERNS = [
-        /\.data\.text\b/i,
-        /\bpost\.data\b/i,
-        /\bpost\.text\b/i
+        /\.data\.text\b/,
+        /\bpost\.text\b/
     ];
     const CHILD_REFERENCE_PATTERNS = [
         /\.\s*children\b/,
         /\.\s*childrenPosts\b/,
         /\bgetChildren\b/
     ];
+    // Child-typed media the parent-child model carries (TS/RN string dataTypes).
+    const CHILD_MEDIA_TYPES = ["poll", "video", "room", "file", "audio"];
     for (const [filename, text] of sourceContent) {
         const rel = relativeFile(root, filename);
-        const hasPostRender = POST_RENDER_PATTERNS.some((p) => p.test(text));
-        if (hasPostRender) {
-            const hasChildRef = CHILD_REFERENCE_PATTERNS.some((p) => p.test(text));
-            if (!hasChildRef) {
-                findings.push(finding(ruleId, "warning", `A component renders post text but does not appear to inspect post children for media.`, rel, "Amity models images and videos as child posts. A UI that only renders the parent post's text will silently drop attachments. Inspect post.children or call getChildren()."));
+        // Escape-hatch checked on RAW content (stripComments would delete the marker).
+        if (/\/\/\s*vise:\s*child-types intentional/i.test(text))
+            continue;
+        const astLang = astLanguageForFile(filename, platform);
+        const checkContent = astLang ? stripComments(astLang, text) : text;
+        const hasPostRender = POST_RENDER_PATTERNS.some((p) => p.test(checkContent));
+        const hasChildRef = CHILD_REFERENCE_PATTERNS.some((p) => p.test(checkContent));
+        // (1) Presence: renders post text but never inspects children at all.
+        if (hasPostRender && !hasChildRef) {
+            findings.push(finding(ruleId, "warning", `A component renders post text but does not appear to inspect post children for media.`, rel, "Amity models images and videos as child posts. A UI that only renders the parent post's text will silently drop attachments. Inspect post.children or call getChildren()."));
+            continue;
+        }
+        // (2) Inconsistency (TS/RN): the renderer DOES inspect children (so the
+        // parent-child model is in play) but gates some media types on the PARENT
+        // post's dataType with no matching child lookup. A feed parent is dataType
+        // 'text', so `post.dataType === 'poll'` never matches and that content
+        // silently never renders. Only fires when child handling is already
+        // present for something — which keeps false positives low (a feed with
+        // genuinely top-level posts won't be inspecting childrenPosts at all).
+        if (hasChildRef && (platform === "typescript" || platform === "react-native")) {
+            const missed = CHILD_MEDIA_TYPES.filter((t) => {
+                const parentGated = new RegExp(`post\\s*\\.\\s*dataType\\s*===\\s*['"\`]${t}['"\`]`).test(checkContent);
+                const childResolved = new RegExp(`childrenPosts[\\s\\S]{0,80}dataType\\s*===\\s*['"\`]${t}['"\`]`).test(checkContent);
+                return parentGated && !childResolved;
+            });
+            if (missed.length > 0) {
+                findings.push(finding(ruleId, "warning", `Post renderer resolves children for some types but gates ${missed.join("/")} on the parent post's dataType. Feed parents are dataType 'text', so these branches never match and that content silently never renders.`, rel, "Resolve every child media type from post.childrenPosts, e.g. post.childrenPosts.find(c => c.dataType === 'poll')?.getPollInfo() — the same way images are handled. Checking post.dataType === 'poll' on a feed parent never matches. Add // vise: child-types intentional if these are genuinely top-level posts."));
             }
         }
     }
@@ -1223,7 +1548,9 @@ function validateLiteralGuardrails(root, platform, sourceContent) {
                 continue;
             const rel = relativeFile(root, file);
             const lang = file.endsWith(".tsx") ? "tsx" : "typescript";
-            const tree = parse(lang, content);
+            const tree = tryParse(lang, content);
+            if (!tree)
+                continue; // oversized/unparseable file — regex passes above still apply
             // ── auth.no-literal-user-id via .login({ userId: CONST }) ──
             const userIdRule = `${platform}.auth.no-literal-user-id`;
             if (!findings.some((f) => f.ruleId === userIdRule && f.file === rel)) {
@@ -1295,7 +1622,9 @@ function validateLiteralGuardrails(root, platform, sourceContent) {
             if (!file.endsWith(".kt"))
                 continue;
             const rel = relativeFile(root, file);
-            const tree = parse("kotlin", content);
+            const tree = tryParse("kotlin", content);
+            if (!tree)
+                continue; // oversized/unparseable file — regex passes above still apply
             // ── auth.no-literal-user-id via .login(CONST) ──
             const userIdRule = `${platform}.auth.no-literal-user-id`;
             if (!findings.some((f) => f.ruleId === userIdRule && f.file === rel)) {
@@ -1450,11 +1779,15 @@ async function validateIos(root) {
     const findings = [];
     const manifestFiles = await existingFiles(root, ["Podfile", "Package.swift"]);
     const manifestContent = await readMany(manifestFiles);
-    const swiftFiles = await findFiles(root, [".swift"], 400);
+    const swiftFiles = await findFiles(root, [".swift", ".xcconfig", ".plist"], 400);
     const swiftContent = await readMany(swiftFiles);
     const setupFiles = filesMatching(swiftContent, [/AmityClient\s*\(/, /AmityClient\s*\.\s*setup/]);
     const loginFiles = filesMatching(swiftContent, [/\.login\s*\(/, /client\.login\s*\(/]);
-    const pushRegistrationFiles = filesMatching(swiftContent, [/registerPushNotification/, /enablePushNotification/, /didRegisterForRemoteNotifications/]);
+    // social.plus push REGISTRATION only (real iOS symbol: registerPushNotification). Do NOT key
+    // on the generic APNs primitive `didRegisterForRemoteNotifications` — that is the host app's own
+    // push, present in any iOS app with notifications, and made the social.plus-push rules false-fire
+    // on brownfield apps whose social.plus integration never included push.
+    const pushRegistrationFiles = filesMatching(swiftContent, [/registerPushNotification/, /enablePushNotification/]);
     const pushUnregisterFiles = filesMatching(swiftContent, [/unregisterPushNotification/, /disablePushNotification/]);
     const liveDataFiles = filesMatching(swiftContent, [/AmityCollection/, /AmityObject/, /\.observe\s*\(/, /getPost\s*\(/, /queryPosts\s*\(/]);
     if (manifestFiles.length === 0) {
@@ -1485,7 +1818,7 @@ async function validateIos(root) {
         findings.push(finding("ios.login.present", "warning", "No obvious social.plus login call was found.", undefined, "Call login after the app has a known user identity and handle session renewal for production auth."));
     }
     else if (!containsAny(swiftContent, [/sessionWillRenewAccessToken/, /AmitySessionHandler/, /renewal\.renew\s*\(/])) {
-        findings.push(finding("ios.session.renewal", "warning", "Login was found but no AmitySessionHandler with sessionWillRenewAccessToken / renewal.renew() was detected.", relativeFile(root, loginFiles[0]), "Implement AmitySessionHandler and call renewal.renew() in sessionWillRenewAccessToken so the session can refresh in production."));
+        findings.push(finding("ios.session.renewal", "warning", "Login was found but no SessionHandler with sessionWillRenewAccessToken / renewal.renew() was detected.", relativeFile(root, loginFiles[0]), "Implement a SessionHandler and call renewal.renew() in sessionWillRenewAccessToken so the session can refresh in production."));
     }
     if (pushRegistrationFiles.length > 0 && pushUnregisterFiles.length === 0) {
         findings.push(finding("ios.push.unregister.present", "warning", "Push registration was found but no obvious unregister call was detected.", relativeFile(root, pushRegistrationFiles[0]), "Unregister device tokens on logout or user switch so notifications are not sent to the wrong user."));
@@ -1496,8 +1829,11 @@ async function validateIos(root) {
     }
     // iOS push payload: if didReceiveRemoteNotification or userNotificationCenter(_:didReceive:) exists,
     // require push-specific SDK forwarding marker.
+    // Nexus gate: only demand social.plus forwarding when social.plus push is actually set up
+    // (registration present). A host app's generic push payload handler with no social.plus push
+    // registration is not a social.plus concern (brownfield false-positive).
     const iosPayloadHandlerFiles = filesMatching(swiftContent, [/didReceiveRemoteNotification/, /userNotificationCenter\s*\(\s*_\s*,\s*didReceive/]);
-    if (iosPayloadHandlerFiles.length > 0 && !containsAny(swiftContent, [/AmityPush/, /handlePushNotification/, /didReceiveAmityNotification/, /EkoPushNotification/, /amityPushMessaging/, /registerDeviceForPush/, /handleAmityPush/])) {
+    if (iosPayloadHandlerFiles.length > 0 && pushRegistrationFiles.length > 0 && !containsAny(swiftContent, [/AmityPush/, /handlePushNotification/, /didReceiveAmityNotification/, /EkoPushNotification/, /amityPushMessaging/, /registerDeviceForPush/, /handleAmityPush/])) {
         findings.push(finding("ios.push.payload-contract-respected", "warning", "Push payload handler exists but no social.plus push forwarding call was detected.", relativeFile(root, iosPayloadHandlerFiles[0]), "Forward incoming push payloads to the social.plus SDK push handler (e.g. AmityPush.handleNotification) so social notifications are routed correctly."));
     }
     if (liveDataFiles.length > 0 && !containsAny(swiftContent, [/AmityNotificationToken/, /\.invalidate\s*\(/, /deinit/, /viewWillDisappear/])) {
@@ -1514,6 +1850,13 @@ async function validateIos(root) {
     findings.push(...validateComments(root, "ios", swiftContent));
     findings.push(...validateModeration(root, "ios", swiftContent));
     findings.push(...validateLiveCollectionApiMismatch(root, "ios", swiftContent));
+    findings.push(...validatePostDataTypeHandled(root, "ios", swiftContent));
+    findings.push(...validateAvatarFromSdk(root, "ios", swiftContent));
+    findings.push(...validatePollAnswerDataShape(root, "ios", swiftContent));
+    findings.push(...validateCommentsQueryHasLimit(root, "ios", swiftContent));
+    findings.push(...validateCommentCreationAffordance(root, "ios", swiftContent));
+    findings.push(...validateCommunityDisplayNameFromSdk(root, "ios", swiftContent));
+    findings.push(...validateRoomPostFetched(root, "ios", swiftContent));
     findings.push(...validatePostsStatusFilter(root, "ios", swiftContent));
     findings.push(...validatePaginationCursorOpaque(root, "ios", swiftContent));
     findings.push(...validatePostsParentChild(root, "ios", swiftContent));
@@ -1532,6 +1875,7 @@ async function validateIos(root) {
     findings.push(...validateSessionHandlerRetention(root, "ios", swiftContent));
     findings.push(...validateChat(root, "ios", swiftContent));
     findings.push(...(await validateDesignReuse(root, "ios", swiftContent)));
+    findings.push(...(await validateEnvSecretHygiene(root, "ios", swiftContent)));
     return findings;
 }
 function statusForFindings(findings) {
@@ -1812,6 +2156,16 @@ function astLanguageForFile(filePath, platform) {
 }
 function validateCommentReferenceTypeEnum(root, platform, sourceContent) {
     const findings = [];
+    // TypeScript/React Native: the SDK types referenceType as the string-literal
+    // union Amity.CommentReferenceType ('post' | 'story' | 'content') — there is
+    // no enum to use, and `referenceType: 'post'` is the documented, idiomatic
+    // value (this ruleset's own comment-limit / creation-affordance remediation
+    // strings instruct exactly that). A wrong casing like 'POST' is not assignable
+    // to the union, so tsc already catches it. Flagging the correct string here was
+    // a pure false positive; the rule remains active on android/flutter/ios where a
+    // real AmityCommentReferenceType enum exists.
+    if (platform === "typescript" || platform === "react-native")
+        return findings;
     const ruleId = `${platform}.comment.reference-type-enum`;
     const REFERENCE_TYPE_PATTERNS = [
         /referenceType\s*[:=\(]\s*(['"][^'"]+['"])/i
@@ -1868,7 +2222,23 @@ function validateReactionConfiguredNameUsed(root, platform, sourceContent) {
         if (/\/\/\s*vise:\s*reaction\s*"[^"]+"\s*matches\s*console\s*config/i.test(text)) {
             continue;
         }
-        if (/\b(addReaction|removeReaction|flagReaction|react)\s*\(\s*['"`][^'"`]+['"`]/i.test(text)) {
+        // The reaction NAME is the tenant-specific argument. The TS/RN SDK signature is
+        // addReaction(referenceType, referenceId, reactionName) — the first literal is the
+        // referenceType ('post'/'comment'/'message'/'story'), which is LEGITIMATELY a literal
+        // and must not be mistaken for a hardcoded reaction name. Flag only when a string
+        // literal that is NOT a known reference-type appears in the call.
+        const REF_TYPE = /^(?:post|comment|message|story|community|user|channel|content)$/i;
+        const reactionCallRe = /\b(?:addReaction|removeReaction|flagReaction|react)\s*\(([^)]*)\)/gi;
+        let hardcodesReactionName = false;
+        let rcm;
+        while ((rcm = reactionCallRe.exec(text)) !== null) {
+            const literals = [...rcm[1].matchAll(/['"`]([^'"`]+)['"`]/g)].map((x) => x[1]);
+            if (literals.some((lit) => !REF_TYPE.test(lit))) {
+                hardcodesReactionName = true;
+                break;
+            }
+        }
+        if (hardcodesReactionName) {
             findings.push(finding(ruleId, "warning", `File ${rel} hardcodes a reaction name string literal.`, rel, `Reaction names are per-tenant. Retrieve the reaction name from a configuration file or prop instead of hardcoding it. If it matches console config, add comment // vise: reaction "<name>" matches console config.`));
         }
     }
@@ -1986,23 +2356,67 @@ function validateNotificationsPreferencesConfigured(root, platform, sourceConten
     }
     return findings;
 }
+// The ban-state / role-gated / flagCount-leak rules all flag a MISSING UI guard.
+// That claim only makes sense for files that render UI. Service and data layers —
+// repositories, managers, datasources, API clients, stores, interactors — wrap the
+// SDK call but legitimately leave the guard to the UI layer above them, so firing on
+// them is a false positive. Observed on the official Amity sample apps, where
+// PostFlagManager / StoryManager / MembershipListDataSource tripped all three rules
+// despite the guards living correctly in their View/ViewController callers.
+function isNonUiSourceFile(filename) {
+    const base = path.basename(filename).replace(/\.(kt|swift|dart|tsx?|jsx?)$/i, "");
+    // PascalCase class-named files (Swift, Kotlin, TS): suffix match. Note "Controller"
+    // and "View(Model)" are deliberately absent — iOS ViewControllers/SwiftUI Views DO
+    // render and must keep firing.
+    if (/(?:Manager|Repository|Repo|Service|DataSource|Datasource|Provider|Client|Store|Mapper|Interactor|UseCase|Bloc|Cubit|Notifier|Mock|Fake|Stub|Test|Tests|Spec)$/.test(base))
+        return true;
+    // snake_case files (Dart, sometimes RN): same non-UI layers, plus Flutter's BLoC /
+    // Cubit / ChangeNotifier state-management layers. "_page"/"_popup"/"_screen" are UI
+    // and intentionally not matched.
+    if (/_(?:manager|repository|repo|service|data_source|datasource|provider|client|store|mapper|interactor|use_case|usecase|bloc|cubit|notifier|mock|fake|stub|test|spec)$/i.test(base))
+        return true;
+    // dotted test/spec helpers (foo.test.ts, foo.spec.ts)
+    if (/\.(?:test|spec)$/i.test(base))
+        return true;
+    return false;
+}
 function validateUserBanStateRespected(root, platform, sourceContent) {
     const findings = [];
     const ruleId = platform + '.user.ban-state-respected';
     for (const [filename, text] of sourceContent) {
         const rel = (typeof filename === 'string' && root) ? (filename.startsWith(root) ? filename.slice(root.length).replace(/^\//, '') : filename) : filename;
-        // Check if interaction methods are used in the file
-        if (!/\b(createPost|createComment|sendMessage|addReaction)\b/.test(text)) {
+        // Skip type declaration files — they declare the method signatures but are not
+        // the implementation that needs the ban-state guard.
+        if (path.basename(filename).endsWith('.d.ts'))
+            continue;
+        // Skip non-UI service/data layers — the ban gate belongs in the UI that renders
+        // the interaction button, not in the manager/repository that wraps the SDK call.
+        if (isNonUiSourceFile(filename))
+            continue;
+        // Check if interaction methods are used in the file (includes flag actions — banned users
+        // should also not be able to flag content, preventing spurious moderation queue spam)
+        if (!/\b(createPost|createComment|sendMessage|addReaction|flagComment|flagPost)\b/.test(text)) {
             continue;
         }
-        // Ban-state positive markers
-        const hasBanCheck = /currentUser\.isGlobalBan/.test(text) ||
+        // Ban-state positive markers. Accepts both member-access form
+        // (`user.isBanned`, `currentUser.isGlobalBan`) and bare-variable form
+        // (`disabled={isBanned}`, `!isBanned && ...`) — the latter is common
+        // when a hook destructures the flag and the screen consumes it directly.
+        const hasBanCheck = 
+        // Any ban-STATE boolean: isBanned, isGlobalBan, isGlobalBanned, isUserBanned,
+        // currentUser.isGlobalBan(ned). The `is` prefix anchors this to ban-state flags
+        // and excludes the banUser/bannedUserIds ACTION names. Real SDK ships both
+        // isGlobalBan and isGlobalBanned; agents commonly derive a local `isGlobalBanned`.
+        /\bis\w*Ban(?:ned)?\b/.test(text) ||
+            // camelCase boolean form: `currentUserIsBanned` / `userIsBanned` — typically the ban state
+            // fetched in a parent and passed down as a prop, then used to gate the write. The lowercase
+            // `is`-anchored marker above misses it (capital `Is`, no leading word boundary mid-identifier).
+            /\b\w*[Ii]sBanned\b/.test(text) ||
             /isCurrentUserBannedFromCommunity/.test(text) ||
             /community\.bannedUserIds\.(?:contains|includes)/i.test(text) ||
             /channel\.isMuted/.test(text) ||
             /member\.isMuted/.test(text) ||
             /user\.banState/.test(text) ||
-            /\.isBanned/.test(text) ||
             /\/\/\s*vise:\s*ban state checked at/i.test(text);
         if (!hasBanCheck) {
             findings.push(finding(ruleId, "warning", "File " + rel + " renders an interaction action without checking ban state.", rel, "Banned users still see post-create, like, comment, or send-message buttons, which fail on the server. To avoid poor UX and support tickets, check the ban state before showing these actions."));
@@ -2015,6 +2429,10 @@ function validateFlagCountNotLeaked(root, platform, sourceContent) {
     const ruleId = platform + '.flag-count.not-leaked-to-non-mods';
     for (const [filename, text] of sourceContent) {
         const rel = (typeof filename === 'string' && root) ? (filename.startsWith(root) ? filename.slice(root.length).replace(/^\//, '') : filename) : filename;
+        // Non-UI service/data layers read flagCount to pass it upward; the role gate
+        // that decides whether to RENDER it lives in the UI layer, so skip them.
+        if (isNonUiSourceFile(filename))
+            continue;
         // Check if flagCount is used in the file
         if (!/\bflagCount\b/.test(text)) {
             continue;
@@ -2041,11 +2459,25 @@ function validateModerationRoleGatedAction(root, platform, sourceContent) {
     const ruleId = platform + '.moderation.role-gated-action';
     for (const [filename, text] of sourceContent) {
         const rel = (typeof filename === 'string' && root) ? (filename.startsWith(root) ? filename.slice(root.length).replace(/^\//, '') : filename) : filename;
-        // Check if any of the target actions exist in the file
-        if (!/\b(flagPost|deletePost|banUser|muteChannelMember|unflagPost|flagComment|deleteComment|unbanUser)\b/.test(text)) {
+        // Skip non-UI service/data layers for BOTH branches. The ownership gate
+        // (edit/delete) is a UI concern; and on real code (Amity's MembershipListDataSource,
+        // a UITableView data source that wraps muteMembers) the mod-only ban/mute gate also
+        // belongs in the presenting ViewController, not the data layer — firing on the
+        // service reads as a false positive. The SDK enforces ban/mute server-side regardless.
+        if (isNonUiSourceFile(filename))
+            continue;
+        // Moderator-ONLY actions: only an admin/moderator can ban or mute members.
+        // (flagPost/flagComment/unflag are deliberately NOT here — flagging/reporting
+        // is a user-level action available to any authenticated member, so gating it
+        // on a moderator role is itself a bug.)
+        const hasModOnlyAction = /\b(banUser|unbanUser|banMembers|muteChannelMember|unmuteChannelMember|muteMembers)\b/.test(text);
+        // Delete/edit: valid for the content AUTHOR (ownership) OR a moderator/admin
+        // — per the SDK, "only post owners and admins can delete posts".
+        const hasOwnableAction = /\b(deletePost|softDeletePost|hardDeletePost|deleteComment|softDeleteComment|hardDeleteComment|editPost|updateComment)\b/.test(text);
+        if (!hasModOnlyAction && !hasOwnableAction) {
             continue;
         }
-        // Role-check positive markers
+        // Moderator role markers
         const hasRoleCheck = /currentUser\.roles\.(?:contains|includes|some).*moderator/i.test(text) ||
             /\.hasRole\s*\(.*moderator/i.test(text) ||
             /community\.hasModeratorRole/.test(text) ||
@@ -2054,9 +2486,26 @@ function validateModerationRoleGatedAction(root, platform, sourceContent) {
             /member\.isModerator/.test(text) ||
             /roles\.includes\s*\(.*moderator/i.test(text) ||
             /permissions\.(?:contains|includes).*moderation/i.test(text) ||
+            /\bhasPermission\s*\(/.test(text) ||
             /\/\/\s*vise:\s*role check applied/i.test(text);
-        if (!hasRoleCheck) {
-            findings.push(finding(ruleId, "warning", "File " + rel + " invokes a moderator action without a role check.", rel, "Moderation actions (flag, delete, ban, mute) fail on the server if the user lacks the moderator role. Showing these buttons to all users causes a poor user experience. Wrap the action or the button in a role check (e.g. currentUser.roles.contains('moderator'))."));
+        // Ownership markers (valid alternative to a role check for delete/edit).
+        const hasOwnershipCheck = /\bisAuthor\b/.test(text) ||
+            /\bisOwner\b/.test(text) ||
+            /postedUserId\s*===?=?\s*\w+/.test(text) ||
+            /\w+\s*===?=?\s*[\w.]*postedUserId\b/.test(text) ||
+            /creator\s*\??\.\s*userId\s*===?=?/.test(text) ||
+            // Ownership by comparing the entity's userId to the current user — the
+            // idiomatic Swift/Kotlin form, e.g. `comment.userId == amity.currentUserId`.
+            /\buserId\s*===?\s*[\w.]*(?:currentUser|currentUserId)\b/.test(text) ||
+            /\b(?:currentUser|currentUserId)[\w.]*\s*===?\s*[\w.]*\buserId\b/.test(text) ||
+            /\/\/\s*vise:\s*owner action\b/i.test(text);
+        // Moderator-only actions require a role check.
+        if (hasModOnlyAction && !hasRoleCheck) {
+            findings.push(finding(ruleId, "warning", "File " + rel + " invokes a moderator-only action (ban/mute) without a role check.", rel, "Ban/mute require the moderator role and fail on the server otherwise. Gate the action behind a role check (e.g. currentUser.roles.includes('moderator'), or client.hasPermission(...))."));
+        }
+        else if (hasOwnableAction && !hasRoleCheck && !hasOwnershipCheck) {
+            // Delete/edit need EITHER ownership OR a moderator role.
+            findings.push(finding(ruleId, "warning", "File " + rel + " deletes/edits content without an ownership or moderator-role check.", rel, "Only the content author or a moderator/admin can delete or edit a post/comment. Gate the action behind an ownership check (post.postedUserId === currentUserId) or a moderator role check. Add // vise: owner action if the author-ownership gate lives elsewhere."));
         }
     }
     return findings;
@@ -2073,6 +2522,11 @@ function validateCustomPostTypeDataTypeDeclared(root, platform, sourceContent) {
         if (!matches)
             continue;
         for (const match of matches) {
+            // A standard TEXT post (`data: { text: ... }`, incl. quoted keys for Dart/Swift) legitimately
+            // has no dataType — only CUSTOM data payloads need the dataType tag. Don't mistake the canonical
+            // text-post shape for a custom post (the weak-model bench build hit this with `data: { text }`).
+            if (/data\s*[:=(]\s*[\{\[]\s*['"]?text['"]?\s*:/i.test(match))
+                continue;
             if (!/dataType\s*[:=\(]/i.test(match)) {
                 findings.push(finding(ruleId, "warning", `File ${rel} creates a custom data post but does not declare a dataType.`, rel, `When creating a post with a custom data payload, the 'dataType' tag must be explicitly provided so the SDK can route it correctly. If missing, it defaults to a text post, which stringifies the payload.`));
             }
@@ -2080,6 +2534,342 @@ function validateCustomPostTypeDataTypeDeclared(root, platform, sourceContent) {
     }
     return findings;
 }
+// ── Post data-type check ──────────────────────────────────────────────────────
+// Fires when a file renders post content but only reads the text field without
+// branching on the post's data type. getGlobalFeed / getPosts return every
+// post type (image, video, file, poll, liveStream…); text-only rendering leaves
+// all non-text posts silently blank.
+function validatePostDataTypeHandled(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.feed.post-datatype-handled`;
+    const TEXT_ACCESS = {
+        typescript: /post\s*\??\.\s*data\s*(?:as\s*\{|\.text\b|\?\.text\b)/,
+        "react-native": /post\s*\??\.\s*data\s*(?:as\s*\{|\.text\b|\?\.text\b)/,
+        flutter: /\.getData\s*<|\bAmityTextPost\b|\bAmityPostData\b/,
+        ios: /\.getData\(\)\s*as\?.*AmityPost\.Data\.TEXT|post\s*\.\s*text\b/,
+        // POST text only — a bare `.getText()` also matches a COMMENT renderer reading
+        // AmityComment.Data.TEXT (comments are text by nature), which is not a post
+        // renderer and must not trip this rule. Scope to AmityPost.Data.TEXT.
+        android: /\.getData\(\)\s*as\??\s*AmityPost\.Data\.TEXT/,
+    };
+    const TYPE_GUARD = {
+        typescript: /\bpost\s*\??\.\s*dataType\b|\bPostContentType\b|\bstructureType\b|\bdataType\s*===/,
+        "react-native": /\bpost\s*\??\.\s*dataType\b|\bPostContentType\b|\bstructureType\b|\bdataType\s*===/,
+        flutter: /post\s*\.\s*type\b|\bAmityDataType\b/,
+        ios: /post\s*\.\s*dataType\b|\bAmityPostDataType\b|\bdataType\s*==/,
+        android: /post\s*\.\s*getType\(\)|\bAmityPost\.Data\.IMAGE\b|\bAmityPost\.Data\.VIDEO\b|\bwhen\s*\{[\s\S]*AmityPost\.Data/,
+    };
+    const RENDER_CTX = /\bcommentsCount\b|\breactionsCount\b|\bpostId\b|\bAmityPost\b/;
+    const textPat = TEXT_ACCESS[platform] ?? TEXT_ACCESS.typescript;
+    const guardPat = TYPE_GUARD[platform] ?? TYPE_GUARD.typescript;
+    for (const [file, content] of sourceContent) {
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        if (/\/\/\s*vise:\s*text-only post intentional/i.test(content))
+            continue;
+        if (!RENDER_CTX.test(content))
+            continue;
+        if (!textPat.test(content))
+            continue;
+        if (guardPat.test(content))
+            continue;
+        findings.push(finding(ruleId, "warning", "Post renderer reads text data without checking post.dataType. Non-text posts (image, video, file, poll) will render as blank.", relativeFile(root, file), "Branch on the post data type before accessing content. For TypeScript/React Native: switch on post.dataType (e.g. 'text', 'image', 'video'). For Android: when (post.getData()) { is AmityPost.Data.TEXT -> … is AmityPost.Data.IMAGE -> … }. For Flutter: check post.type == AmityDataType.TEXT. For iOS: check post.dataType. Add // vise: text-only post intentional if a single datatype is intentional."));
+        break;
+    }
+    return findings;
+}
+// ── Avatar / display-identity from SDK ───────────────────────────────────────
+// Fires when a file renders community or user display identity using raw string
+// manipulation (charAt / slice on a name or raw userId) instead of the SDK-
+// provided avatar.fileUrl / avatarImage / getAvatar(). The SDK resolves the
+// avatar URL on the linked object; ignoring it shows a generated initial where
+// the user uploaded a real photo.
+function validateAvatarFromSdk(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.community.avatar-from-sdk`;
+    const INITIAL_PAT = {
+        // slice(0,1) / slice(0,2) are avatar initials; slice(0,8)+ is a userId/name
+        // truncation used as a display fallback (e.g. userId.slice(0, 8)) and must
+        // NOT be flagged as a missing avatar.
+        typescript: /(?:displayName|name|userId|postedUserId)\s*\??\.\s*(?:charAt\s*\(\s*0\s*\)|slice\s*\(\s*0\s*,\s*[12]\s*\))/,
+        "react-native": /(?:displayName|name|userId|postedUserId)\s*\??\.\s*(?:charAt\s*\(\s*0\s*\)|slice\s*\(\s*0\s*,\s*[12]\s*\))/,
+        flutter: /(?:displayName|name)\s*\??\.(?:substring\s*\(\s*0\s*,\s*1|characters\.first)/,
+        ios: /(?:displayName|name)\s*\??\s*\.?\s*prefix\s*\(\s*1\s*\)|(?:displayName|name)\s*\[.*\.startIndex/,
+        android: /(?:displayName|name)\s*\??\.\s*(?:substring\s*\(\s*0\s*,\s*1|first\(\)|take\(1\))/,
+    };
+    const AVATAR_PAT = {
+        typescript: /\bavatar\s*\??\.\s*fileUrl\b|\bavatarFileId\b|\bavatarUrl\b/,
+        "react-native": /\bavatar\s*\??\.\s*fileUrl\b|\bavatarFileId\b|\bavatarUrl\b/,
+        flutter: /\bavatarImage\b|\bavatarUrl\b|\bAmityImageSize\b/,
+        ios: /\bavatar\s*\?|\bavatarFileId\b|\bgetAvatarInfo\b/,
+        android: /\bgetAvatar\s*\(\)|\bavatarUrl\b|\bgetAvatarFileId\b/,
+    };
+    const CTX_PAT = /\bdisplayName\b|\bmembersCount\b|\bpostedUserId\b|\bAmityCommunity\b|\bAmityUser\b/;
+    const initPat = INITIAL_PAT[platform] ?? INITIAL_PAT.typescript;
+    const avatarPat = AVATAR_PAT[platform] ?? AVATAR_PAT.typescript;
+    for (const [file, content] of sourceContent) {
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        if (/\/\/\s*vise:\s*avatar fallback intentional/i.test(content))
+            continue;
+        if (!CTX_PAT.test(content))
+            continue;
+        if (!initPat.test(content))
+            continue;
+        if (avatarPat.test(content))
+            continue;
+        findings.push(finding(ruleId, "warning", "Community or user display uses a string initial instead of the SDK-provided avatar URL.", relativeFile(root, file), "Check the avatar field before falling back to initials. For TypeScript/React Native: community.avatar?.fileUrl or user.avatar?.fileUrl. For Flutter: community.avatarImage?.getUrl(AmityImageSize.MEDIUM). For iOS: community.avatar?.fileURL. For Android: community.getAvatar()?.getUrl(). Add // vise: avatar fallback intentional if no avatar field is available in your SDK version."));
+        break;
+    }
+    return findings;
+}
+function validatePollAnswerDataShape(root, platform, sourceContent) {
+    const findings = [];
+    // iOS has no poll-answer data-shape footgun: AmityPollAnswer exposes a typed
+    // `public let text: String` (and `image: AmityImageData?`) — there is no
+    // `.data` to mis-shape, and `answer.text` is the documented, correct accessor
+    // (confirmed against the SDK source; two independent agent builds both wrote
+    // it from the docs). The rule used to flag `answer.text` as wrong — a pure
+    // false positive. The TS/RN concern (`answer.data` is a string, don't read
+    // `.data.text`) doesn't translate to typed Swift. Rule de-registered for iOS.
+    if (platform === "ios")
+        return findings;
+    const ruleId = `${platform}.feed.poll-answer-data-shape`;
+    const WRONG_ACCESS = {
+        typescript: /\banswer\s*\??\.\s*data\s*(?:as\s*\{|\?\.text\b|\.text\b)|\([^)]*answer[^)]*\bas\s*\{[^}]*text/,
+        "react-native": /\banswer\s*\??\.\s*data\s*(?:as\s*\{|\?\.text\b|\.text\b)|\([^)]*answer[^)]*\bas\s*\{[^}]*text/,
+        flutter: /answer\s*\.\s*getData\s*<[^>]*>\s*\(\)\s*\??\.\s*text\b|answer\s*\.\s*data\s*\??\.\s*text\b/,
+        ios: /answer\s*\??\.\s*data\s*as\??\s*[A-Z]\w*\s*\)?\.?\s*text\b|answer\s*\??\.\s*text\b(?!\s*=)/,
+        android: /answer\s*\.\s*getData\s*\(\)\s*\??\.\s*getText\(\)|answer\s*\??\.\s*getText\(\)/,
+    };
+    const CORRECT = {
+        typescript: /\banswer\s*\.\s*data\b(?!\s*as\s*\{)(?!\s*\?\.text)(?!\s*\.text)(?!\s*\?\s*\.)/,
+        "react-native": /\banswer\s*\.\s*data\b(?!\s*as\s*\{)(?!\s*\?\.text)(?!\s*\.text)(?!\s*\?\s*\.)/,
+        flutter: /answer\s*\.\s*data\b(?!\s*\??\.\s*text)/,
+        ios: /answer\s*\.\s*data\b(?!\s*as\?)|\banswer\.data\b/,
+        android: /answer\s*\.\s*getData\s*\(\)\s*(?!\.)\b|answer\s*\.\s*data\b/,
+    };
+    const POLL_CTX = /\banswers\s*[\.\?][\.\?]?\s*map\b|\banswer\.id\b|\bpollId\b|\bPollAnswer\b|\bAmityPollAnswer\b|\bAmityPoll\b/;
+    const wrongPat = WRONG_ACCESS[platform] ?? WRONG_ACCESS.typescript;
+    const correctPat = CORRECT[platform] ?? CORRECT.typescript;
+    for (const [file, content] of sourceContent) {
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        // Escape-hatch is checked on RAW content — stripComments would delete the marker.
+        if (/\/\/\s*vise:\s*poll-answer-shape intentional/i.test(content))
+            continue;
+        const astLang = astLanguageForFile(file, platform);
+        const checkContent = astLang ? stripComments(astLang, content) : content;
+        if (!POLL_CTX.test(checkContent))
+            continue;
+        if (!wrongPat.test(checkContent))
+            continue;
+        if (correctPat.test(checkContent))
+            continue;
+        findings.push(finding(ruleId, "warning", "Poll answer text is read as an object property (.data.text or .data?.text), but PollAnswer.data is a plain string.", relativeFile(root, file), "Use answer.data directly as the display text — it is already the string content. For image answers, use answer.image?.fileUrl (TypeScript/React Native) or the linked image object. Add // vise: poll-answer-shape intentional if the data field really is an object in your SDK version."));
+        break;
+    }
+    return findings;
+}
+function validateCommentsQueryHasLimit(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.comments.query-has-limit`;
+    const GETCOMMENTS_PAT = {
+        typescript: /CommentRepository\s*\.\s*getComments\s*\(/,
+        "react-native": /CommentRepository\s*\.\s*getComments\s*\(/,
+        flutter: /AmitySocialClient\s*\.\s*newCommentRepository\s*\(\s*\)\s*\.getComments\b/,
+        ios: /AmityCommentQueryOptions\s*\(|commentRepository\s*\.\s*getComments\s*\(/,
+        android: /AmitySocialClient\s*\.\s*newCommentRepository\s*\(\s*\)\s*\.getComments\b/,
+    };
+    const HAS_LIMIT = {
+        typescript: /\blimit\s*:\s*\d+|\bpageSize\s*:\s*\d+/,
+        "react-native": /\blimit\s*:\s*\d+|\bpageSize\s*:\s*\d+/,
+        flutter: /\.setLimit\s*\(|\blimit\s*:\s*\d+|\bpageSize\s*:\s*\d+/,
+        ios: /\.pageSize\s*=\s*\d+|\bpageSize\s*:\s*\d+|setPageSize/,
+        android: /\.pageSize\s*\(\s*\d+\)|\blimit\s*\(\s*\d+\)/,
+    };
+    const COMMENT_CTX = /referenceType\s*[:=]\s*['"]?post['"]?|\breferenceId\b|\bCommentRepository\b|\bAmityComment\b/;
+    const recommendation = "Pass an explicit pageSize to the getComments params (limit is deprecated). For TypeScript/React Native: CommentRepository.getComments({ referenceId, referenceType: 'post', pageSize: 20 }, cb). For Flutter: .getLiveCollection(pageSize: 20). For iOS: AmityCommentQueryOptions(..., pageSize: 20). For Android: .pageSize(20). Add // vise: comment-limit handled if you have a deliberate reason to omit it.";
+    const message = "Comment live collection called without an explicit limit/pageSize — the SDK default may use skip/limit pagination incompatible with scrollable query types, causing a runtime 500000 error.";
+    // TypeScript / React Native: AST pass — inspect the actual getComments({...})
+    // first argument and fire only when the object literal carries neither
+    // pageSize nor limit. More precise than a text scan: ignores the token
+    // appearing in comments/strings, and won't fire when params are passed as a
+    // variable we can't statically read (conservative — avoids false positives).
+    if (platform === "typescript" || platform === "react-native") {
+        for (const [file, content] of sourceContent) {
+            if (path.basename(file).endsWith('.d.ts'))
+                continue;
+            if (/\/\/\s*vise:\s*comment-limit handled/i.test(content))
+                continue; // escape on RAW content
+            const astLang = astLanguageForFile(file, platform);
+            if (!astLang)
+                continue;
+            let tree;
+            try {
+                tree = parse(astLang, content);
+            }
+            catch {
+                continue;
+            }
+            const calls = findCallExpressions(tree, /(?:^|\.)getComments$/);
+            for (const call of calls) {
+                const objArg = call.args[0];
+                if (!objArg || objArg.type !== "object")
+                    continue; // params not a literal → can't analyze, skip
+                if (pickObjectProperty(objArg, "pageSize") || pickObjectProperty(objArg, "limit"))
+                    continue;
+                findings.push(finding(ruleId, "warning", message, relativeFile(root, file), recommendation));
+                return findings;
+            }
+        }
+        return findings;
+    }
+    // Flutter / iOS / Android: regex pass (builder chains and option structs do
+    // not fit call-argument inspection). Kotlin runs against comment-stripped
+    // source; Dart/Swift have no grammar and run against raw content.
+    const getCommentsPat = GETCOMMENTS_PAT[platform] ?? GETCOMMENTS_PAT.typescript;
+    const limitPat = HAS_LIMIT[platform] ?? HAS_LIMIT.typescript;
+    for (const [file, content] of sourceContent) {
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        if (/\/\/\s*vise:\s*comment-limit handled/i.test(content))
+            continue; // escape on RAW content
+        const astLang = astLanguageForFile(file, platform);
+        const checkContent = astLang ? stripComments(astLang, content) : content;
+        if (!COMMENT_CTX.test(checkContent))
+            continue;
+        if (!getCommentsPat.test(checkContent))
+            continue;
+        if (limitPat.test(checkContent))
+            continue;
+        findings.push(finding(ruleId, "warning", message, relativeFile(root, file), recommendation));
+        break;
+    }
+    return findings;
+}
+// ── Comment creation affordance ──────────────────────────────────────────────
+// Fires when comments are READ (getComments) but never CREATED (createComment)
+// anywhere in the codebase. A read-only comment list gives users no way to
+// participate. Mirrors the moderation-affordance-present precedent: the write
+// path may live in a sibling file, so detection is codebase-wide and an
+// attestation escape covers deliberately read-only surfaces.
+function validateCommentCreationAffordance(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.comments.creation-affordance-present`;
+    const GETCOMMENTS_PAT = {
+        typescript: /CommentRepository\s*\.\s*getComments\s*\(/,
+        "react-native": /CommentRepository\s*\.\s*getComments\s*\(/,
+        flutter: /AmitySocialClient\s*\.\s*newCommentRepository\s*\(\s*\)\s*\.getComments\b/,
+        ios: /AmityCommentQueryOptions\s*\(|commentRepository\s*\.\s*getComments\s*\(/,
+        android: /AmitySocialClient\s*\.\s*newCommentRepository\s*\(\s*\)\s*\.getComments\b/,
+    };
+    const CREATECOMMENT_PAT = {
+        typescript: /CommentRepository\s*\.\s*createComment\s*\(/,
+        "react-native": /CommentRepository\s*\.\s*createComment\s*\(/,
+        flutter: /\.createComment\s*\(/,
+        // Any receiver, not just a var literally named `commentRepository` — agents
+        // idiomatically hold the repo in `repo`/`vm`/etc. (real v8: AmityCommentRepository
+        // .createComment(with: AmityCommentCreateOptions(...))). Mirrors android/flutter.
+        ios: /AmityCommentCreateOptions\s*\(|\.createComment\s*\(/,
+        android: /\.createComment\s*\(/,
+    };
+    const getPat = GETCOMMENTS_PAT[platform] ?? GETCOMMENTS_PAT.typescript;
+    const createPat = CREATECOMMENT_PAT[platform] ?? CREATECOMMENT_PAT.typescript;
+    let readFile;
+    let hasCreate = false;
+    for (const [file, content] of sourceContent) {
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        // Escape-hatch is checked on RAW content — stripComments would delete the marker.
+        if (/\/\/\s*vise:\s*comments read-only intentional/i.test(content))
+            return findings;
+        const astLang = astLanguageForFile(file, platform);
+        const checkContent = astLang ? stripComments(astLang, content) : content;
+        if (!readFile && getPat.test(checkContent))
+            readFile = file;
+        if (createPat.test(checkContent))
+            hasCreate = true;
+    }
+    if (readFile && !hasCreate) {
+        findings.push(finding(ruleId, "warning", "Comments are read (getComments) but no comment creation (createComment) was found anywhere in the project. A read-only comment list gives users no way to participate.", relativeFile(root, readFile), "Add a comment composer that calls createComment. For TypeScript/React Native: CommentRepository.createComment({ data: { text }, referenceId, referenceType: 'post' }). For iOS: commentRepository.createComment(with: AmityCommentCreateOptions(...)). For Flutter/Android: AmitySocialClient.newCommentRepository().createComment().post(postId)...send(). Gate it behind the user's ban/permission state. Add // vise: comments read-only intentional if a read-only view is deliberate."));
+    }
+    return findings;
+}
+function validateCommunityDisplayNameFromSdk(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.community.display-name-from-sdk`;
+    const ID_AS_NAME = {
+        typescript: /displayName\s*:\s*\w*[Cc]ommunity[Ii]d\b|\bdisplayName\s*\?\?\s*\w*[Cc]ommunity[Ii]d\b|\bdisplayName\s*:\s*selected\w*[Ii]d\b|\bdisplayName\s*:\s*\w+[Cc]ommunity[Ii]d\b/,
+        "react-native": /displayName\s*:\s*\w*[Cc]ommunity[Ii]d\b|\bdisplayName\s*\?\?\s*\w*[Cc]ommunity[Ii]d\b|\bdisplayName\s*:\s*selected\w*[Ii]d\b|\bdisplayName\s*:\s*\w+[Cc]ommunity[Ii]d\b/,
+        flutter: /displayName\s*:\s*\w*[Cc]ommunity[Ii]d\b|displayName\s*\?\?\s*\w*[Cc]ommunityId\b|Text\s*\(\s*\w*[Cc]ommunity\w*\.communityId\b/,
+        ios: /displayName\s*=\s*\w*[Cc]ommunity[Ii]d\b|displayName\s*\?\?\s*\w*communityId\b|\.displayName\s*\?\s*\?\s*community\.communityId\b/,
+        android: /displayName\s*=\s*\w*[Cc]ommunity[Ii]d\b|displayName\s*\?:\s*\w*communityId\b|setText\s*\(\s*\w*communityId\b/,
+    };
+    const COMMUNITY_CTX = /\bcommunityId\b.*\b(Community|AmityCommunity|displayName)\b|\b(Community|AmityCommunity|displayName)\b.*\bcommunityId\b/s;
+    const CORRECT = /CommunityRepository\s*\.\s*getCommunity\b|community\s*\??\.\s*displayName\s*(?!:)\b/;
+    const idPat = ID_AS_NAME[platform] ?? ID_AS_NAME.typescript;
+    for (const [file, content] of sourceContent) {
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        // Escape-hatch is checked on RAW content — stripComments would delete the marker.
+        if (/\/\/\s*vise:\s*community-id display intentional/i.test(content))
+            continue;
+        const astLang = astLanguageForFile(file, platform);
+        const checkContent = astLang ? stripComments(astLang, content) : content;
+        if (!COMMUNITY_CTX.test(checkContent))
+            continue;
+        if (!idPat.test(checkContent))
+            continue;
+        if (CORRECT.test(checkContent))
+            continue;
+        findings.push(finding(ruleId, "warning", "A community ID is used as a display name fallback. The raw communityId will be shown to users instead of the community's actual display name.", relativeFile(root, file), "Pass the full Community object (not just the ID) when navigating to a community detail screen, then use community.displayName. If you only have the ID, subscribe to CommunityRepository.getCommunity(communityId, cb) to get the live display name. Add // vise: community-id display intentional only if showing the ID is truly required."));
+        break;
+    }
+    return findings;
+}
+function validateRoomPostFetched(root, platform, sourceContent) {
+    const findings = [];
+    const ruleId = `${platform}.feed.room-post-fetched`;
+    const ROOM_ID_DISPLAY = {
+        typescript: /(?:getRoomInfo\s*\(\s*\)|room)\s*\??\.\s*roomId\b(?!\s*[,;)]|\s*,\s*cb)/,
+        "react-native": /(?:getRoomInfo\s*\(\s*\)|room)\s*\??\.\s*roomId\b(?!\s*[,;)]|\s*,\s*cb)/,
+        flutter: /room\s*\??\.\s*roomId\b|getRoomInfo\s*\(\s*\)\s*\??\.\s*roomId/,
+        // Negative lookbehind for Swift string interpolation `\(room.roomId)`:
+        // that's a segment/identifier key, not a displayed name, and must not fire.
+        // Real display (`Text(room.roomId)`, `label.text = room.roomId`) still matches.
+        ios: /(?<!\\\()room\s*\??\.\s*roomId\b|getRoomInfo\s*\(\s*\)\s*\?\.?\s*roomId/,
+        android: /room\s*\??\.\s*getRoomId\s*\(\)|getRoomInfo\s*\(\s*\)\s*\??\.\s*roomId/,
+    };
+    const ROOM_FETCH = {
+        typescript: /RoomRepository\s*\.\s*getRoom\s*\(|room\s*\??\.\s*title\b/,
+        "react-native": /RoomRepository\s*\.\s*getRoom\s*\(|room\s*\??\.\s*title\b/,
+        flutter: /AmityRoomRepository\s*\(\s*\)\s*\.\s*getRoom\b|room\s*\??\.\s*title\b/,
+        ios: /AmityRoomRepository\s*\.\s*shared\s*\.\s*getRoom\b|room\s*\??\.\s*title\b/,
+        android: /AmityRoomRepository\s*\(\s*\)\s*\.\s*getRoom\b|room\s*\??\.\s*title\b/,
+    };
+    const POST_CTX = /\bpostId\b|\bAmityPost\b|\bpost\s*\??\.\s*dataType\b|\bpost\.type\b|\bpost_id\b/;
+    const roomIdPat = ROOM_ID_DISPLAY[platform] ?? ROOM_ID_DISPLAY.typescript;
+    const fetchPat = ROOM_FETCH[platform] ?? ROOM_FETCH.typescript;
+    for (const [file, content] of sourceContent) {
+        if (path.basename(file).endsWith('.d.ts'))
+            continue;
+        // Escape-hatch is checked on RAW content — stripComments would delete the marker.
+        if (/\/\/\s*vise:\s*room-display intentional/i.test(content))
+            continue;
+        const astLang = astLanguageForFile(file, platform);
+        const checkContent = astLang ? stripComments(astLang, content) : content;
+        if (!POST_CTX.test(checkContent))
+            continue;
+        if (!roomIdPat.test(checkContent))
+            continue;
+        if (fetchPat.test(checkContent))
+            continue;
+        findings.push(finding(ruleId, "warning", "Room post displays raw roomId instead of fetching room details (title) via RoomRepository.getRoom.", relativeFile(root, file), "Subscribe to RoomRepository.getRoom(roomId, callback) to get the Room object, then use room.title as the display name. The Room has title, status (idle/live/ended), and thumbnailFileId. Add // vise: room-display intentional only if showing the raw ID is intentional."));
+        break;
+    }
+    return findings;
+}
 function validateFeedTargetTypeExplicit(root, platform, sourceContent) {
     const findings = [];
     const ruleId = `${platform}.feed.target-type-explicit`;
@@ -2095,7 +2885,22 @@ function validateFeedTargetTypeExplicit(root, platform, sourceContent) {
         if (!hasCreatePost)
             continue;
         for (const pattern of TARGET_TYPE_PATTERNS) {
-            if (pattern.test(text)) {
+            const g = new RegExp(pattern.source, pattern.flags.includes("g") ? pattern.flags : pattern.flags + "g");
+            let ttm;
+            let flagged = false;
+            while ((ttm = g.exec(text)) !== null) {
+                // A literal targetType in a READ query (getPosts/getCommunityFeed params) is correct —
+                // you specify targetType:'community' + targetId to read that feed. Read-query objects
+                // carry feedType/sortBy keys; a createPost payload carries dataType/data. Only the
+                // latter is the reusability concern this rule targets.
+                const window = text.slice(Math.max(0, ttm.index - 180), ttm.index + 180);
+                const isReadQuery = /\b(?:feedType|sortBy)\s*:/.test(window) && !/\bdataType\s*:/.test(window);
+                if (!isReadQuery) {
+                    flagged = true;
+                    break;
+                }
+            }
+            if (flagged) {
                 findings.push(finding(ruleId, "warning", `A createPost call appears to hardcode targetType to a literal community or user.`, rel, "Feed targets should be passed dynamically (e.g. from props or intent extras) so the composer component is reusable. If this is intentional, add comment // vise: target-type rationale — <reason>."));
                 break;
             }