@codeledger/cli 0.6.7 → 0.6.9

package/dist/review-intelligence/detectors/cjs-named-import.js

@@ -0,0 +1,134 @@
+import { parseImports } from '../engine/ast-parser.js';
+import { resolveModule } from '../engine/symbol-resolver.js';
+/**
+ * Well-known CJS-only packages that commonly cause ESM interop issues.
+ * This list covers the most frequently encountered cases.
+ */
+const KNOWN_CJS_PACKAGES = new Set([
+    'express',
+    'chalk',
+    'ora',
+    'inquirer',
+    'commander',
+    'yargs',
+    'debug',
+    'dotenv',
+    'lodash',
+    'moment',
+    'winston',
+    'morgan',
+    'cors',
+    'helmet',
+    'compression',
+    'cookie-parser',
+    'body-parser',
+    'multer',
+    'passport',
+    'jsonwebtoken',
+    'bcrypt',
+    'bcryptjs',
+    'mongoose',
+    'sequelize',
+    'knex',
+    'pg',
+    'mysql2',
+    'redis',
+    'ioredis',
+    'bull',
+    'node-cron',
+    'nodemailer',
+    'handlebars',
+    'ejs',
+    'pug',
+    'cheerio',
+    'puppeteer',
+    'sharp',
+    'jimp',
+    'uuid',
+    'shortid',
+    'nanoid',
+    'glob',
+    'minimatch',
+    'minimist',
+    'semver',
+    'rimraf',
+    'mkdirp',
+    'cross-env',
+]);
+/**
+ * INVARIANT — cjs_named_import
+ *
+ * Detect named imports from known CommonJS-only packages in ESM files.
+ * Named imports from CJS modules fail at runtime with:
+ *   SyntaxError: Named export 'X' not found. The requested module 'Y'
+ *   is a CommonJS module, which may not support all module.exports as named exports.
+ *
+ * Severity: P1 (runtime crash)
+ */
+export const cjsNamedImportDetector = {
+    name: 'build_runtime',
+    analyze(ctx) {
+        const findings = [];
+        for (const filePath of ctx.files) {
+            const content = ctx.fileContents.get(filePath);
+            if (!content)
+                continue;
+            if (!isAnalyzableFile(filePath))
+                continue;
+            // Only check ESM files
+            if (!isEsmFile(filePath, content))
+                continue;
+            const imports = parseImports(content);
+            for (const imp of imports) {
+                if (imp.isTypeOnly)
+                    continue;
+                if (imp.namedImports.length === 0)
+                    continue;
+                if (imp.isDynamic)
+                    continue;
+                const resolved = resolveModule(imp.source);
+                if (resolved.kind !== 'external')
+                    continue;
+                if (!resolved.packageName)
+                    continue;
+                if (KNOWN_CJS_PACKAGES.has(resolved.packageName)) {
+                    const namedList = imp.namedImports.join(', ');
+                    findings.push({
+                        rule_id: 'RI-CJS-001',
+                        title: 'Named import from CommonJS module',
+                        severity: 'P1',
+                        category: 'build_runtime',
+                        file: filePath,
+                        line: imp.line,
+                        trigger: `import { ${namedList} } from '${imp.source}'`,
+                        missing_companions: [
+                            `Use default import: import ${resolved.packageName.replace(/[^a-zA-Z]/g, '')} from '${imp.source}'`,
+                        ],
+                        why_it_matters: `'${resolved.packageName}' is a CommonJS module. Named imports from CJS modules ` +
+                            'may fail at runtime in ESM contexts with "SyntaxError: Named export not found". ' +
+                            'Use a default import and destructure, or use createRequire().',
+                        confidence: 'medium',
+                    });
+                }
+            }
+        }
+        return findings;
+    },
+};
+/**
+ * Check if a file is likely an ESM file.
+ */
+function isEsmFile(filePath, _content) {
+    // .mts, .mjs are always ESM
+    if (/\.m[jt]s$/.test(filePath))
+        return true;
+    // .ts and .js could be either — assume ESM in modern codebases
+    // (this is a heuristic; precise detection requires checking package.json type)
+    if (/\.(?:ts|tsx)$/.test(filePath))
+        return true;
+    return false;
+}
+function isAnalyzableFile(filePath) {
+    return /\.(?:ts|tsx|js|jsx|mts|mjs)$/.test(filePath);
+}
+//# sourceMappingURL=cjs-named-import.js.map

package/dist/review-intelligence/detectors/cjs-named-import.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cjs-named-import.js","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/cjs-named-import.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE7D;;;GAGG;AACH,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,SAAS;IACT,OAAO;IACP,KAAK;IACL,UAAU;IACV,WAAW;IACX,OAAO;IACP,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,aAAa;IACb,eAAe;IACf,aAAa;IACb,QAAQ;IACR,UAAU;IACV,cAAc;IACd,QAAQ;IACR,UAAU;IACV,UAAU;IACV,WAAW;IACX,MAAM;IACN,IAAI;IACJ,QAAQ;IACR,OAAO;IACP,SAAS;IACT,MAAM;IACN,WAAW;IACX,YAAY;IACZ,YAAY;IACZ,KAAK;IACL,KAAK;IACL,SAAS;IACT,WAAW;IACX,OAAO;IACP,MAAM;IACN,MAAM;IACN,SAAS;IACT,QAAQ;IACR,MAAM;IACN,WAAW;IACX,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,WAAW;CACZ,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAsB;IACvD,IAAI,EAAE,eAAe;IAErB,OAAO,CAAC,GAAoB;QAC1B,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1C,uBAAuB;YACvB,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC;gBAAE,SAAS;YAE5C,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YAEtC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,IAAI,GAAG,CAAC,UAAU;oBAAE,SAAS;gBAC7B,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;oBAAE,SAAS;gBAC5C,IAAI,GAAG,CAAC,SAAS;oBAAE,SAAS;gBAE5B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC3C,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU;oBAAE,SAAS;gBAC3C,IAAI,CAAC,QAAQ,CAAC,WAAW;oBAAE,SAAS;gBAEpC,IAAI,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;oBACjD,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;oBAC9C,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,YAAY;wBACrB,KAAK,EAAE,mCAAmC;wBAC1C,QAAQ,EAAE,IAAI;wBACd,QAAQ,EAAE,eAAe;wBACzB,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,YAAY,SAAS,YAAY,GAAG,CAAC,MAAM,GAAG;wBACvD,kBAAkB,EAAE;4BAClB,8BAA8B,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,UAAU,GAAG,CAAC,MAAM,GAAG;yBACpG;wBACD,cAAc,EACZ,IAAI,QAAQ,CAAC,WAAW,yDAAyD;4BACjF,kFAAkF;4BAClF,+DAA+D;wBACjE,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,SAAS,CAAC,QAAgB,EAAE,QAAgB;IACnD,4BAA4B;IAC5B,IAAI,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5C,+DAA+D;IAC/D,+EAA+E;IAC/E,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,OAAO,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACvD,CAAC"}

package/dist/review-intelligence/detectors/exact-count-assertion.d.ts

@@ -0,0 +1,17 @@
+import type { InvariantDetector } from '../types.js';
+/**
+ * INVARIANT — exact_count_assertion_risk
+ *
+ * Detect brittle exact-count assertions in test files, especially
+ * in search/filter/query tests where the exact count depends on
+ * fixture data that may change.
+ *
+ * Patterns detected:
+ *   expect(results.length).toBe(N)
+ *   expect(results).toHaveLength(N)
+ *   assert.equal(results.length, N)
+ *
+ * Severity: P2 (brittle tests that break on data changes)
+ */
+export declare const exactCountAssertionDetector: InvariantDetector;
+//# sourceMappingURL=exact-count-assertion.d.ts.map

package/dist/review-intelligence/detectors/exact-count-assertion.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exact-count-assertion.d.ts","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/exact-count-assertion.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EAGlB,MAAM,aAAa,CAAC;AAErB;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,2BAA2B,EAAE,iBA2DzC,CAAC"}

package/dist/review-intelligence/detectors/exact-count-assertion.js

@@ -0,0 +1,93 @@
+/**
+ * INVARIANT — exact_count_assertion_risk
+ *
+ * Detect brittle exact-count assertions in test files, especially
+ * in search/filter/query tests where the exact count depends on
+ * fixture data that may change.
+ *
+ * Patterns detected:
+ *   expect(results.length).toBe(N)
+ *   expect(results).toHaveLength(N)
+ *   assert.equal(results.length, N)
+ *
+ * Severity: P2 (brittle tests that break on data changes)
+ */
+export const exactCountAssertionDetector = {
+    name: 'test_integrity',
+    analyze(ctx) {
+        const findings = [];
+        for (const filePath of ctx.files) {
+            const content = ctx.fileContents.get(filePath);
+            if (!content)
+                continue;
+            // Only analyze test files
+            if (!isTestFile(filePath))
+                continue;
+            const lines = content.split('\n');
+            let inSearchContext = false;
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const trimmed = line.trim();
+                // Skip comments
+                if (trimmed.startsWith('//') || trimmed.startsWith('*'))
+                    continue;
+                // Track search/filter/query context
+                if (/\b(?:search|filter|query|find|list|getAll)\s*\(/.test(trimmed)) {
+                    inSearchContext = true;
+                }
+                // Reset context at test boundaries
+                if (/\b(?:it|test|describe)\s*\(/.test(trimmed)) {
+                    inSearchContext = false;
+                }
+                // Detect exact count assertions
+                const countMatch = detectExactCountAssertion(trimmed);
+                if (countMatch && inSearchContext) {
+                    findings.push({
+                        rule_id: 'RI-EC-001',
+                        title: 'Brittle exact count assertion in search/filter test',
+                        severity: 'P2',
+                        category: 'test_integrity',
+                        file: filePath,
+                        line: i + 1,
+                        trigger: countMatch.pattern,
+                        missing_companions: [
+                            'Use toBeGreaterThan(0), toBeGreaterThanOrEqual(N), or data-driven counts',
+                        ],
+                        why_it_matters: `Exact count assertion (${countMatch.count}) in a search/filter test is brittle. ` +
+                            'If fixture data changes, this assertion breaks even though the search logic is correct. ' +
+                            'Prefer range assertions or derive expected counts from the test data.',
+                        confidence: 'medium',
+                    });
+                }
+            }
+        }
+        return findings;
+    },
+};
+function detectExactCountAssertion(line) {
+    // expect(x.length).toBe(N)
+    const toBeLengthMatch = /expect\s*\([^)]*\.length\s*\)\s*\.toBe\s*\(\s*(\d+)\s*\)/.exec(line);
+    if (toBeLengthMatch) {
+        return { pattern: `expect(x.length).toBe(${toBeLengthMatch[1]})`, count: toBeLengthMatch[1] };
+    }
+    // expect(x).toHaveLength(N)
+    const haveLengthMatch = /expect\s*\([^)]*\)\s*\.toHaveLength\s*\(\s*(\d+)\s*\)/.exec(line);
+    if (haveLengthMatch) {
+        return { pattern: `expect(x).toHaveLength(${haveLengthMatch[1]})`, count: haveLengthMatch[1] };
+    }
+    // assert.equal(x.length, N) or assert.strictEqual(x.length, N)
+    const assertMatch = /assert\s*\.(?:equal|strictEqual)\s*\([^,]*\.length\s*,\s*(\d+)\s*\)/.exec(line);
+    if (assertMatch) {
+        return { pattern: `assert.equal(x.length, ${assertMatch[1]})`, count: assertMatch[1] };
+    }
+    // expect(x.length).toEqual(N)
+    const toEqualMatch = /expect\s*\([^)]*\.length\s*\)\s*\.toEqual\s*\(\s*(\d+)\s*\)/.exec(line);
+    if (toEqualMatch) {
+        return { pattern: `expect(x.length).toEqual(${toEqualMatch[1]})`, count: toEqualMatch[1] };
+    }
+    return undefined;
+}
+function isTestFile(filePath) {
+    return /\.(?:test|spec|e2e)\.(?:ts|tsx|js|jsx|mts|mjs)$/.test(filePath);
+}
+//# sourceMappingURL=exact-count-assertion.js.map

package/dist/review-intelligence/detectors/exact-count-assertion.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exact-count-assertion.js","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/exact-count-assertion.ts"],"names":[],"mappings":"AAMA;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAsB;IAC5D,IAAI,EAAE,gBAAgB;IAEtB,OAAO,CAAC,GAAoB;QAC1B,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,0BAA0B;YAC1B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,eAAe,GAAG,KAAK,CAAC;YAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;gBACvB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAE5B,gBAAgB;gBAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAElE,oCAAoC;gBACpC,IAAI,iDAAiD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpE,eAAe,GAAG,IAAI,CAAC;gBACzB,CAAC;gBAED,mCAAmC;gBACnC,IAAI,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAChD,eAAe,GAAG,KAAK,CAAC;gBAC1B,CAAC;gBAED,gCAAgC;gBAChC,MAAM,UAAU,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;gBACtD,IAAI,UAAU,IAAI,eAAe,EAAE,CAAC;oBAClC,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,WAAW;wBACpB,KAAK,EAAE,qDAAqD;wBAC5D,QAAQ,EAAE,IAAI;wBACd,QAAQ,EAAE,gBAAgB;wBAC1B,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE,UAAU,CAAC,OAAO;wBAC3B,kBAAkB,EAAE;4BAClB,0EAA0E;yBAC3E;wBACD,cAAc,EACZ,0BAA0B,UAAU,CAAC,KAAK,wCAAwC;4BAClF,0FAA0F;4BAC1F,uEAAuE;wBACzE,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAOF,SAAS,yBAAyB,CAAC,IAAY;IAC7C,2BAA2B;IAC3B,MAAM,eAAe,GAAG,0DAA0D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9F,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,EAAE,OAAO,EAAE,yBAAyB,eAAe,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC,CAAE,EAAE,CAAC;IACjG,CAAC;IAED,4BAA4B;IAC5B,MAAM,eAAe,GAAG,uDAAuD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3F,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,EAAE,OAAO,EAAE,0BAA0B,eAAe,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC,CAAE,EAAE,CAAC;IAClG,CAAC;IAED,+DAA+D;IAC/D,MAAM,WAAW,GAAG,qEAAqE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrG,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,EAAE,OAAO,EAAE,0BAA0B,WAAW,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC,CAAE,EAAE,CAAC;IAC1F,CAAC;IAED,8BAA8B;IAC9B,MAAM,YAAY,GAAG,6DAA6D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9F,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,EAAE,OAAO,EAAE,4BAA4B,YAAY,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,CAAE,EAAE,CAAC;IAC9F,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB;IAClC,OAAO,iDAAiD,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC1E,CAAC"}

package/dist/review-intelligence/detectors/exports-map-missing.d.ts

@@ -0,0 +1,14 @@
+import type { InvariantDetector } from '../types.js';
+/**
+ * INVARIANT — exports_map_missing
+ *
+ * Detect subpath imports from packages that have an exports map but
+ * don't include the imported subpath.
+ *
+ * Also detects workspace packages missing exports map entries for
+ * subpath imports used by other packages.
+ *
+ * Severity: P1 (causes Node.js ERR_PACKAGE_PATH_NOT_EXPORTED)
+ */
+export declare const exportsMapMissingDetector: InvariantDetector;
+//# sourceMappingURL=exports-map-missing.d.ts.map

package/dist/review-intelligence/detectors/exports-map-missing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exports-map-missing.d.ts","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/exports-map-missing.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,iBAAiB,EAGlB,MAAM,aAAa,CAAC;AAIrB;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,EAAE,iBAoDvC,CAAC"}

package/dist/review-intelligence/detectors/exports-map-missing.js

@@ -0,0 +1,131 @@
+import { readFileSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { parseImports } from '../engine/ast-parser.js';
+import { resolveModule } from '../engine/symbol-resolver.js';
+/**
+ * INVARIANT — exports_map_missing
+ *
+ * Detect subpath imports from packages that have an exports map but
+ * don't include the imported subpath.
+ *
+ * Also detects workspace packages missing exports map entries for
+ * subpath imports used by other packages.
+ *
+ * Severity: P1 (causes Node.js ERR_PACKAGE_PATH_NOT_EXPORTED)
+ */
+export const exportsMapMissingDetector = {
+    name: 'build_runtime',
+    analyze(ctx) {
+        const findings = [];
+        const exportsCache = new Map();
+        for (const filePath of ctx.files) {
+            const content = ctx.fileContents.get(filePath);
+            if (!content)
+                continue;
+            if (!isAnalyzableFile(filePath))
+                continue;
+            const imports = parseImports(content);
+            for (const imp of imports) {
+                const resolved = resolveModule(imp.source);
+                // Only check external packages with subpaths
+                if (resolved.kind !== 'external')
+                    continue;
+                if (!resolved.subpath)
+                    continue;
+                if (!resolved.packageName)
+                    continue;
+                // Check if the package has an exports map
+                const exportsMap = getPackageExportsMap(ctx.cwd, resolved.packageName, exportsCache);
+                if (exportsMap === null)
+                    continue; // No exports map = no restriction
+                // Check if the subpath is covered by the exports map
+                const subpathEntry = '.' + resolved.subpath;
+                if (!isSubpathExported(subpathEntry, exportsMap)) {
+                    findings.push({
+                        rule_id: 'RI-EM-001',
+                        title: 'Subpath not in package exports map',
+                        severity: 'P1',
+                        category: 'build_runtime',
+                        file: filePath,
+                        line: imp.line,
+                        trigger: `import '${imp.source}' — subpath '${subpathEntry}' not exported`,
+                        missing_companions: [
+                            `Add '${subpathEntry}' to the exports map of '${resolved.packageName}/package.json'`,
+                        ],
+                        why_it_matters: `The subpath '${subpathEntry}' is not listed in the exports map of '${resolved.packageName}'. ` +
+                            'Node.js will throw ERR_PACKAGE_PATH_NOT_EXPORTED at runtime. ' +
+                            'Either add the subpath to the package exports or use a different import path.',
+                        confidence: 'high',
+                    });
+                }
+            }
+        }
+        return findings;
+    },
+};
+/**
+ * Load the exports map from a package's package.json.
+ * Returns null if no exports map exists (package allows any subpath).
+ */
+function getPackageExportsMap(cwd, packageName, cache) {
+    const cached = cache.get(packageName);
+    if (cached !== undefined)
+        return cached;
+    // Look in node_modules
+    const pkgJsonPath = join(cwd, 'node_modules', packageName, 'package.json');
+    if (!existsSync(pkgJsonPath)) {
+        // Also check workspace packages
+        const workspacePath = join(cwd, 'packages', packageName.replace(/^@\w+\//, ''), 'package.json');
+        if (existsSync(workspacePath)) {
+            return loadExportsFromPath(workspacePath, packageName, cache);
+        }
+        cache.set(packageName, null);
+        return null;
+    }
+    return loadExportsFromPath(pkgJsonPath, packageName, cache);
+}
+function loadExportsFromPath(pkgJsonPath, packageName, cache) {
+    try {
+        const pkg = JSON.parse(readFileSync(pkgJsonPath, 'utf-8'));
+        const exportsField = pkg['exports'];
+        if (!exportsField || typeof exportsField !== 'object') {
+            cache.set(packageName, null);
+            return null;
+        }
+        cache.set(packageName, exportsField);
+        return exportsField;
+    }
+    catch {
+        cache.set(packageName, null);
+        return null;
+    }
+}
+/**
+ * Check if a subpath is covered by an exports map.
+ * Handles both exact matches and wildcard patterns.
+ */
+function isSubpathExported(subpath, exportsMap) {
+    // Direct match
+    if (subpath in exportsMap)
+        return true;
+    // Wildcard pattern matching (e.g. "./*" or "./lib/*")
+    for (const key of Object.keys(exportsMap)) {
+        if (key.includes('*')) {
+            const pattern = key.replace('*', '(.+)');
+            if (new RegExp(`^${pattern}$`).test(subpath)) {
+                return true;
+            }
+        }
+    }
+    // Nested condition maps (e.g. exports: { ".": { import: "...", require: "..." } })
+    // If the top-level key doesn't start with '.', it's a condition map for "."
+    const hasConditionKeys = Object.keys(exportsMap).some((k) => !k.startsWith('.') && k !== 'default');
+    if (hasConditionKeys && subpath === '.') {
+        return true;
+    }
+    return false;
+}
+function isAnalyzableFile(filePath) {
+    return /\.(?:ts|tsx|js|jsx|mts|mjs)$/.test(filePath);
+}
+//# sourceMappingURL=exports-map-missing.js.map

package/dist/review-intelligence/detectors/exports-map-missing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exports-map-missing.js","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/exports-map-missing.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAMjC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE7D;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,IAAI,EAAE,eAAe;IAErB,OAAO,CAAC,GAAoB;QAC1B,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,MAAM,YAAY,GAAG,IAAI,GAAG,EAA0C,CAAC;QAEvE,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1C,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;YAEtC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAE3C,6CAA6C;gBAC7C,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU;oBAAE,SAAS;gBAC3C,IAAI,CAAC,QAAQ,CAAC,OAAO;oBAAE,SAAS;gBAChC,IAAI,CAAC,QAAQ,CAAC,WAAW;oBAAE,SAAS;gBAEpC,0CAA0C;gBAC1C,MAAM,UAAU,GAAG,oBAAoB,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;gBACrF,IAAI,UAAU,KAAK,IAAI;oBAAE,SAAS,CAAC,kCAAkC;gBAErE,qDAAqD;gBACrD,MAAM,YAAY,GAAG,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC;gBAC5C,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,CAAC;oBACjD,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,WAAW;wBACpB,KAAK,EAAE,oCAAoC;wBAC3C,QAAQ,EAAE,IAAI;wBACd,QAAQ,EAAE,eAAe;wBACzB,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,WAAW,GAAG,CAAC,MAAM,gBAAgB,YAAY,gBAAgB;wBAC1E,kBAAkB,EAAE;4BAClB,QAAQ,YAAY,4BAA4B,QAAQ,CAAC,WAAW,gBAAgB;yBACrF;wBACD,cAAc,EACZ,gBAAgB,YAAY,0CAA0C,QAAQ,CAAC,WAAW,KAAK;4BAC/F,+DAA+D;4BAC/D,+EAA+E;wBACjF,UAAU,EAAE,MAAM;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,GAAW,EACX,WAAmB,EACnB,KAAkD;IAElD,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC;IAExC,uBAAuB;IACvB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC;IAC3E,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,gCAAgC;QAChC,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,cAAc,CAAC,CAAC;QAChG,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YAC9B,OAAO,mBAAmB,CAAC,aAAa,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QAChE,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,mBAAmB,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,mBAAmB,CAC1B,WAAmB,EACnB,WAAmB,EACnB,KAAkD;IAElD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAA4B,CAAC;QACtF,MAAM,YAAY,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC;QACpC,IAAI,CAAC,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;YACtD,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YAC7B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,YAAuC,CAAC,CAAC;QAChE,OAAO,YAAuC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CACxB,OAAe,EACf,UAAmC;IAEnC,eAAe;IACf,IAAI,OAAO,IAAI,UAAU;QAAE,OAAO,IAAI,CAAC;IAEvC,sDAAsD;IACtD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACzC,IAAI,IAAI,MAAM,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7C,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,mFAAmF;IACnF,4EAA4E;IAC5E,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CACnD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,SAAS,CAC7C,CAAC;IACF,IAAI,gBAAgB,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,OAAO,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACvD,CAAC"}

package/dist/review-intelligence/detectors/fixture-keyword-drift.d.ts

@@ -0,0 +1,12 @@
+import type { InvariantDetector } from '../types.js';
+/**
+ * INVARIANT — fixture_keyword_drift
+ *
+ * Detect test expectations that rely on specific string/keyword values
+ * that may have drifted from the actual fixture data. Common in search
+ * tests where the expected keyword must exist in the test fixtures.
+ *
+ * Severity: P2 (can cause flaky tests)
+ */
+export declare const fixtureKeywordDriftDetector: InvariantDetector;
+//# sourceMappingURL=fixture-keyword-drift.d.ts.map

package/dist/review-intelligence/detectors/fixture-keyword-drift.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fixture-keyword-drift.d.ts","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/fixture-keyword-drift.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EAGlB,MAAM,aAAa,CAAC;AAErB;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,EAAE,iBAgDzC,CAAC"}

package/dist/review-intelligence/detectors/fixture-keyword-drift.js

@@ -0,0 +1,82 @@
+/**
+ * INVARIANT — fixture_keyword_drift
+ *
+ * Detect test expectations that rely on specific string/keyword values
+ * that may have drifted from the actual fixture data. Common in search
+ * tests where the expected keyword must exist in the test fixtures.
+ *
+ * Severity: P2 (can cause flaky tests)
+ */
+export const fixtureKeywordDriftDetector = {
+    name: 'test_integrity',
+    analyze(ctx) {
+        const findings = [];
+        for (const filePath of ctx.files) {
+            const content = ctx.fileContents.get(filePath);
+            if (!content)
+                continue;
+            // Only analyze test files
+            if (!isTestFile(filePath))
+                continue;
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const trimmed = line.trim();
+                // Skip comments
+                if (trimmed.startsWith('//') || trimmed.startsWith('*'))
+                    continue;
+                // Detect hardcoded search/filter expectations
+                // Pattern: searching for a specific keyword and then asserting results contain it
+                const searchAssertMatch = detectSearchKeywordAssertion(trimmed, lines, i);
+                if (searchAssertMatch) {
+                    findings.push({
+                        rule_id: 'RI-FK-001',
+                        title: 'Test relies on hardcoded fixture keyword',
+                        severity: 'P2',
+                        category: 'test_integrity',
+                        file: filePath,
+                        line: i + 1,
+                        trigger: searchAssertMatch,
+                        missing_companions: [
+                            'Extract keyword from fixture data or use a data-driven approach',
+                        ],
+                        why_it_matters: 'Hardcoded keywords in test assertions can silently become wrong if fixture data changes. ' +
+                            'Extract the expected keyword from the fixture or seed data to keep the test robust.',
+                        confidence: 'medium',
+                    });
+                }
+            }
+        }
+        return findings;
+    },
+};
+/**
+ * Detect patterns where a test searches for a hardcoded string and then
+ * asserts on the results.
+ */
+function detectSearchKeywordAssertion(line, allLines, lineIndex) {
+    // Pattern 1: search/filter with a hardcoded string literal, followed by assertion
+    const searchPatterns = [
+        /(?:search|filter|find|query)\s*\(\s*['"]([^'"]{3,})['"]\s*\)/,
+        /(?:search|filter|find|query)\s*\(\s*\{[^}]*(?:keyword|query|term|q)\s*:\s*['"]([^'"]{3,})['"]/,
+        /(?:where|contains|includes|match)\s*\(\s*['"]([^'"]{3,})['"]\s*\)/,
+    ];
+    for (const pattern of searchPatterns) {
+        const match = pattern.exec(line);
+        if (match) {
+            // Check if there's an assertion within the next 10 lines
+            const windowEnd = Math.min(allLines.length, lineIndex + 10);
+            for (let j = lineIndex + 1; j < windowEnd; j++) {
+                const nextLine = allLines[j];
+                if (nextLine && /expect\s*\(/.test(nextLine)) {
+                    return `hardcoded search keyword '${match[1]}'`;
+                }
+            }
+        }
+    }
+    return undefined;
+}
+function isTestFile(filePath) {
+    return /\.(?:test|spec|e2e)\.(?:ts|tsx|js|jsx|mts|mjs)$/.test(filePath);
+}
+//# sourceMappingURL=fixture-keyword-drift.js.map

package/dist/review-intelligence/detectors/fixture-keyword-drift.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fixture-keyword-drift.js","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/fixture-keyword-drift.ts"],"names":[],"mappings":"AAMA;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAsB;IAC5D,IAAI,EAAE,gBAAgB;IAEtB,OAAO,CAAC,GAAoB;QAC1B,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,0BAA0B;YAC1B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAEpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;gBACvB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAE5B,gBAAgB;gBAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAElE,8CAA8C;gBAC9C,kFAAkF;gBAClF,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC1E,IAAI,iBAAiB,EAAE,CAAC;oBACtB,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,WAAW;wBACpB,KAAK,EAAE,0CAA0C;wBACjD,QAAQ,EAAE,IAAI;wBACd,QAAQ,EAAE,gBAAgB;wBAC1B,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE,iBAAiB;wBAC1B,kBAAkB,EAAE;4BAClB,iEAAiE;yBAClE;wBACD,cAAc,EACZ,2FAA2F;4BAC3F,qFAAqF;wBACvF,UAAU,EAAE,QAAQ;qBACrB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,4BAA4B,CACnC,IAAY,EACZ,QAAkB,EAClB,SAAiB;IAEjB,kFAAkF;IAClF,MAAM,cAAc,GAAG;QACrB,8DAA8D;QAC9D,+FAA+F;QAC/F,mEAAmE;KACpE,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,KAAK,EAAE,CAAC;YACV,yDAAyD;YACzD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,EAAE,CAAC,CAAC;YAC5D,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC7B,IAAI,QAAQ,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC7C,OAAO,6BAA6B,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;gBAClD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB;IAClC,OAAO,iDAAiD,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC1E,CAAC"}

package/dist/review-intelligence/detectors/optional-infra-crash.d.ts

@@ -0,0 +1,12 @@
+import type { InvariantDetector } from '../types.js';
+/**
+ * INVARIANT — optional_infra_crash
+ *
+ * Detect telemetry, metrics, tracing, or other optional infrastructure
+ * initialization that is NOT wrapped in try/catch. If these optional
+ * services are down, the application should not crash on startup.
+ *
+ * Severity: P1 (can crash production on infra issues)
+ */
+export declare const optionalInfraCrashDetector: InvariantDetector;
+//# sourceMappingURL=optional-infra-crash.d.ts.map

package/dist/review-intelligence/detectors/optional-infra-crash.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"optional-infra-crash.d.ts","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/optional-infra-crash.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EAGlB,MAAM,aAAa,CAAC;AAGrB;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B,EAAE,iBAgDxC,CAAC"}

package/dist/review-intelligence/detectors/optional-infra-crash.js

@@ -0,0 +1,97 @@
+import { isInsideTryCatch } from '../engine/dataflow.js';
+/**
+ * INVARIANT — optional_infra_crash
+ *
+ * Detect telemetry, metrics, tracing, or other optional infrastructure
+ * initialization that is NOT wrapped in try/catch. If these optional
+ * services are down, the application should not crash on startup.
+ *
+ * Severity: P1 (can crash production on infra issues)
+ */
+export const optionalInfraCrashDetector = {
+    name: 'build_runtime',
+    analyze(ctx) {
+        const findings = [];
+        for (const filePath of ctx.files) {
+            const content = ctx.fileContents.get(filePath);
+            if (!content)
+                continue;
+            if (!isAnalyzableFile(filePath))
+                continue;
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const trimmed = line.trim();
+                // Skip comments
+                if (trimmed.startsWith('//') || trimmed.startsWith('*') || trimmed.startsWith('/*'))
+                    continue;
+                if (trimmed.startsWith('import '))
+                    continue;
+                // Detect optional infra initialization patterns
+                const infraMatch = matchesInfraInit(trimmed);
+                if (!infraMatch)
+                    continue;
+                // Check if this line is inside a try/catch block
+                const tryCatchInfo = isInsideTryCatch(content, i + 1);
+                if (tryCatchInfo.isWrapped)
+                    continue;
+                findings.push({
+                    rule_id: 'RI-IC-001',
+                    title: 'Optional infrastructure init without try/catch',
+                    severity: 'P1',
+                    category: 'build_runtime',
+                    file: filePath,
+                    line: i + 1,
+                    trigger: infraMatch,
+                    missing_companions: ['Wrap in try/catch to prevent crash when infra is unavailable'],
+                    why_it_matters: 'Optional infrastructure (telemetry, metrics, tracing) should never crash the application ' +
+                        'if the backing service is unavailable. Wrap initialization in try/catch and degrade gracefully.',
+                    confidence: 'medium',
+                });
+            }
+        }
+        return findings;
+    },
+};
+/**
+ * Check if a line matches an optional infra initialization pattern.
+ * Returns the matched description or undefined.
+ */
+function matchesInfraInit(line) {
+    const patterns = [
+        {
+            pattern: /\b(?:initTelemetry|setupTelemetry|startTelemetry|initTracing|setupTracing|startTracing)\s*\(/,
+            description: 'telemetry/tracing initialization',
+        },
+        {
+            pattern: /\b(?:initMetrics|setupMetrics|startMetrics|metricsClient|statsClient)\s*[.(]/,
+            description: 'metrics initialization',
+        },
+        {
+            pattern: /\b(?:DatadogTracer|dd-trace|opentelemetry|@opentelemetry)\b/,
+            description: 'tracing SDK initialization',
+        },
+        {
+            pattern: /\b(?:StatsD|statsd|collectd|prometheus)\s*[.(]/i,
+            description: 'metrics SDK initialization',
+        },
+        {
+            pattern: /\b(?:Sentry\.init|initSentry|setupSentry|Bugsnag\.start)\s*\(/,
+            description: 'error tracking initialization',
+        },
+        {
+            pattern: /\b(?:newrelic|elasticApm|apm\.start)\b/,
+            description: 'APM initialization',
+        },
+    ];
+    for (const { pattern, description } of patterns) {
+        if (pattern.test(line)) {
+            return description;
+        }
+    }
+    return undefined;
+}
+function isAnalyzableFile(filePath) {
+    return /\.(?:ts|tsx|js|jsx|mts|mjs)$/.test(filePath);
+}
+//# sourceMappingURL=optional-infra-crash.js.map

package/dist/review-intelligence/detectors/optional-infra-crash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"optional-infra-crash.js","sourceRoot":"","sources":["../../../src/review-intelligence/detectors/optional-infra-crash.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAEzD;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAsB;IAC3D,IAAI,EAAE,eAAe;IAErB,OAAO,CAAC,GAAoB;QAC1B,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,KAAK,MAAM,QAAQ,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACjC,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC/C,IAAI,CAAC,OAAO;gBAAE,SAAS;YACvB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;gBACvB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAE5B,gBAAgB;gBAChB,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAC9F,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,SAAS;gBAE5C,gDAAgD;gBAChD,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC7C,IAAI,CAAC,UAAU;oBAAE,SAAS;gBAE1B,iDAAiD;gBACjD,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;gBACtD,IAAI,YAAY,CAAC,SAAS;oBAAE,SAAS;gBAErC,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,WAAW;oBACpB,KAAK,EAAE,gDAAgD;oBACvD,QAAQ,EAAE,IAAI;oBACd,QAAQ,EAAE,eAAe;oBACzB,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,OAAO,EAAE,UAAU;oBACnB,kBAAkB,EAAE,CAAC,8DAA8D,CAAC;oBACpF,cAAc,EACZ,2FAA2F;wBAC3F,iGAAiG;oBACnG,UAAU,EAAE,QAAQ;iBACrB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,QAAQ,GAAoD;QAChE;YACE,OAAO,EAAE,8FAA8F;YACvG,WAAW,EAAE,kCAAkC;SAChD;QACD;YACE,OAAO,EAAE,8EAA8E;YACvF,WAAW,EAAE,wBAAwB;SACtC;QACD;YACE,OAAO,EAAE,6DAA6D;YACtE,WAAW,EAAE,4BAA4B;SAC1C;QACD;YACE,OAAO,EAAE,iDAAiD;YAC1D,WAAW,EAAE,4BAA4B;SAC1C;QACD;YACE,OAAO,EAAE,+DAA+D;YACxE,WAAW,EAAE,+BAA+B;SAC7C;QACD;YACE,OAAO,EAAE,wCAAwC;YACjD,WAAW,EAAE,oBAAoB;SAClC;KACF,CAAC;IAEF,KAAK,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,QAAQ,EAAE,CAAC;QAChD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,OAAO,WAAW,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,OAAO,8BAA8B,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACvD,CAAC"}