@flow-scanner/lightning-flow-scanner-core 6.18.0 → 6.19.0

package/README.md

@@ -70,20 +70,13 @@ Executing DML operations (insert, update, delete) inside a loop is a high-risk a
 **Class Name:** _[DMLStatementInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/DMLStatementInLoop.ts)_
 **Severity:** 🔴 *Error*
 
-#### Hardcoded Salesforce Id
+#### Hardcoded Id
 Avoid hard-coding record IDs, as they are unique to a specific org and will not work in other environments. Instead, store IDs in variables—such as merge-field URL parameters or a **Get Records** element—to make the Flow portable, maintainable, and flexible.
 
 **Rule ID:** `hardcoded-id`
 **Class Name:** _[HardcodedId](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedId.ts)_
 **Severity:** 🔴 *Error*
 
-#### Hardcoded Salesforce Url
-Avoid hard-coding URLs, as they may change between environments or over time. Instead, store URLs in variables or custom settings to make the Flow adaptable, maintainable, and environment-independent.
-
-**Rule ID:** `hardcoded-url`
-**Class Name:** _[HardcodedUrl](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedUrl.ts)_
-**Severity:** 🔴 *Error*
-
 #### Hardcoded Secret ![Beta](https://img.shields.io/badge/status-beta-yellow)
 Avoid hardcoding secrets, API keys, tokens, or credentials in Flows. These should be stored securely in Named Credentials, Custom Settings, Custom Metadata, or external secret management systems.
 
@@ -91,6 +84,13 @@ Avoid hardcoding secrets, API keys, tokens, or credentials in Flows. These shoul
 **Class Name:** _[HardcodedSecret](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedSecret.ts)_
 **Severity:** 🔴 *Error*
 
+#### Hardcoded Url
+Avoid hard-coding URLs, as they may change between environments or over time. Instead, store URLs in variables or custom settings to make the Flow adaptable, maintainable, and environment-independent.
+
+**Rule ID:** `hardcoded-url`
+**Class Name:** _[HardcodedUrl](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedUrl.ts)_
+**Severity:** 🔴 *Error*
+
 #### Process Builder
 Process Builder is retired. Continuing to use it increases maintenance overhead and risks future compatibility issues. Migrating automation to Flow reduces risk and improves maintainability.
 
@@ -167,13 +167,18 @@ Inactive Flows should be deleted or archived to reduce risk. Even when inactive,
 **Class Name:** _[InactiveFlow](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/InactiveFlow.ts)_
 **Severity:** 🟡 *Warning*
 
-#### Invalid API Version
+#### Invalid API Version ![Auto-Fix](https://img.shields.io/badge/-auto--fix-green)
 Flows running on outdated API versions may behave inconsistently when newer platform features or components are used. From API version 50.0 onward, the API Version attribute explicitly controls Flow runtime behavior. Keeping Flows aligned with a supported API version helps prevent compatibility issues and ensures predictable execution.
 
 **Rule ID:** `invalid-api-version`
 **Class Name:** _[APIVersion](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/APIVersion.ts)_
 **Severity:** 🟡 *Warning*
 
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| expression | expression | `>= 50` | Comparison expression for API version (e.g., `>= 58`, `< 50`, `=== 60`) |
+
+
 #### Missing Filter Record Trigger ![Beta](https://img.shields.io/badge/status-beta-yellow)
 Record-triggered Flows without filters on changed fields or entry conditions execute on every record change. Adding filters ensures the Flow runs only when needed, improving performance.
 
@@ -188,6 +193,18 @@ Before-save Flows can safely update the triggering record directly via $Record,
 **Class Name:** _[SameRecordFieldUpdates](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/SameRecordFieldUpdates.ts)_
 **Severity:** 🟡 *Warning*
 
+#### Cognitive Complexity
+Flows with deeply nested loops and decisions are hard to understand. Unlike cyclomatic complexity which counts paths, cognitive complexity penalizes nesting depth. Consider extracting nested logic into subflows.
+
+**Rule ID:** `cognitive-complexity`
+**Class Name:** _[CognitiveComplexity](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/CognitiveComplexity.ts)_
+**Severity:** 🔵 *Note*
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| threshold | number | `15` | Maximum cognitive complexity score before triggering a violation |
+
+
 #### Excessive Cyclomatic Complexity
 High numbers of loops and decision elements increase a Flow's cyclomatic complexity. To maintain simplicity and readability, consider using subflows or splitting a Flow into smaller, ordered Flows.
 
@@ -195,6 +212,11 @@ High numbers of loops and decision elements increase a Flow's cyclomatic complex
 **Class Name:** _[CyclomaticComplexity](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/CyclomaticComplexity.ts)_
 **Severity:** 🔵 *Note*
 
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| threshold | number | `25` | Maximum cyclomatic complexity score before triggering a violation |
+
+
 #### Missing Trigger Order
 Record-triggered Flows without a specified Trigger Order may execute in an unpredictable sequence. Setting a Trigger Order ensures your Flows run in the intended order.
 
@@ -229,6 +251,11 @@ Using clear and consistent Flow names improves readability, discoverability, and
 **Class Name:** _[FlowName](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/FlowName.ts)_
 **Severity:** 🔴 *Error*
 
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| expression | expression | `[A-Za-z0-9]+_[A-Za-z0-9]+` | Regex pattern for valid Flow names |
+
+
 #### Missing Flow Description
 Flow descriptions are essential for documentation and maintainability. Include a description for each Flow, explaining its purpose and where it's used.
 
@@ -250,21 +277,21 @@ Elements with unclear or duplicated API names, like Copy_X_Of_Element, reduce Fl
 **Class Name:** _[CopyAPIName](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/CopyAPIName.ts)_
 **Severity:** 🟡 *Warning*
 
-#### Unreachable Element
+#### Unreachable Element ![Auto-Fix](https://img.shields.io/badge/-auto--fix-green)
 Unconnected elements never execute and add unnecessary clutter. Remove or connect unused Flow elements to keep Flows clean and efficient.
 
 **Rule ID:** `unreachable-element`
 **Class Name:** _[UnconnectedElement](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/UnconnectedElement.ts)_
 **Severity:** 🟡 *Warning*
 
-#### Unused Variable
+#### Unused Variable ![Auto-Fix](https://img.shields.io/badge/-auto--fix-green)
 Unused variables are never referenced and add unnecessary clutter. Remove them to keep Flows efficient and easy to maintain.
 
 **Rule ID:** `unused-variable`
 **Class Name:** _[UnusedVariable](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/UnusedVariable.ts)_
 **Severity:** 🟡 *Warning*
 
-#### Missing Auto Layout
+#### Missing Auto Layout ![Auto-Fix](https://img.shields.io/badge/-auto--fix-green)
 Auto-Layout automatically arranges and aligns Flow elements, keeping the canvas organized and easier to maintain. Enabling it saves time and improves readability.
 
 **Rule ID:** `missing-auto-layout`
@@ -340,9 +367,9 @@ Available values for severity are `error`, `warning` and `note`. If no severity
 }
 ```
 
-#### Override Expressions
+#### Customize Rules
 
-Some rules are configurable and allow overriding their default expressions. You configure these overrides the same way as severity, as shown in the examples below.
+Some rules are configurable and allow overriding their default expressions, or setting a threshold as shown in the examples below.
 
 ```json
 {
@@ -352,12 +379,15 @@ Some rules are configurable and allow overriding their default expressions. You
     },
     "invalid-naming-convention": {
       "expression": "[A-Za-z0-9]" // regular expression
+    },
+    "excessive-cyclomatic-complexity": {
+      "threshold": 10 // threshold
     }
   }
 }
 ```
 
-#### Customize Messages
+#### Customize Rule Messages
 
 If not provided, `message` shows the standard rule summary and `messageUrl` links to the README; providing either overrides the default behavior.
 

package/main/config/RuleRegistry.js

@@ -11,6 +11,7 @@ Object.defineProperty(exports, "ruleRegistry", {
 const _ActionCallsInLoop = require("../rules/ActionCallsInLoop");
 const _APIVersion = require("../rules/APIVersion");
 const _AutoLayout = require("../rules/AutoLayout");
+const _CognitiveComplexity = require("../rules/CognitiveComplexity");
 const _CopyAPIName = require("../rules/CopyAPIName");
 const _CyclomaticComplexity = require("../rules/CyclomaticComplexity");
 const _DMLStatementInLoop = require("../rules/DMLStatementInLoop");
@@ -181,6 +182,7 @@ registry.register("action-call-in-loop", _ActionCallsInLoop.ActionCallsInLoop, "
 registry.register("invalid-api-version", _APIVersion.APIVersion, "APIVersion");
 registry.register("missing-auto-layout", _AutoLayout.AutoLayout, "AutoLayout");
 registry.register("unclear-api-naming", _CopyAPIName.CopyAPIName, "CopyAPIName");
+registry.register("cognitive-complexity", _CognitiveComplexity.CognitiveComplexity, "CognitiveComplexity");
 registry.register("excessive-cyclomatic-complexity", _CyclomaticComplexity.CyclomaticComplexity, "CyclomaticComplexity");
 registry.register("dml-in-loop", _DMLStatementInLoop.DMLStatementInLoop, "DMLStatementInLoop");
 registry.register("duplicate-dml", _DuplicateDMLOperation.DuplicateDMLOperation, "DuplicateDMLOperation");

package/main/interfaces/IRuleDefinition.d.ts

@@ -1,4 +1,5 @@
 import { Flow, RuleResult } from "../internals/internals";
+import { ConfigurableOption } from "../models/RuleInfo";
 export interface IRuleDefinition {
     ruleId: string;
     category?: 'problem' | 'suggestion' | 'layout' | 'system';
@@ -10,6 +11,8 @@ export interface IRuleDefinition {
     }>;
     execute(flow: Flow, options?: object, suppressions?: string[]): RuleResult;
     isConfigurable: boolean;
+    configurableOptions?: ConfigurableOption[];
+    isFixable: boolean;
     label: string;
     name: string;
     severity?: string;

package/main/internals/internals.d.ts

@@ -5,6 +5,7 @@ import { FlatViolation } from "../models/FlatViolation";
 import { Flow } from "../models/Flow";
 import { FlowAttribute } from "../models/FlowAttribute";
 import { FlowElement } from "../models/FlowElement";
+import { FlowGraph } from "../models/FlowGraph";
 import { FlowNode } from "../models/FlowNode";
 import { FlowResource } from "../models/FlowResource";
 import { FlowType } from "../models/FlowType";
@@ -14,5 +15,5 @@ import { RuleCommon } from "../models/RuleCommon";
 import { RuleResult } from "../models/RuleResult";
 import { ScanResult } from "../models/ScanResult";
 import { Violation } from "../models/Violation";
-export { FlowAttribute, FlowElement, FlowNode, FlowType, FlowVariable, FlowResource, Flow, Compiler, ScanResult, RuleResult, Violation, RuleCommon, ParsedFlow, };
+export { FlowAttribute, FlowElement, FlowGraph, FlowNode, FlowType, FlowVariable, FlowResource, Flow, Compiler, ScanResult, RuleResult, Violation, RuleCommon, ParsedFlow, };
 export type { IRuleDefinition, IRulesConfig, FlatViolation };

package/main/internals/internals.js

@@ -21,6 +21,9 @@ _export(exports, {
     get FlowElement () {
         return _FlowElement.FlowElement;
     },
+    get FlowGraph () {
+        return _FlowGraph.FlowGraph;
+    },
     get FlowNode () {
         return _FlowNode.FlowNode;
     },
@@ -53,6 +56,7 @@ const _Compiler = require("../libs/Compiler");
 const _Flow = require("../models/Flow");
 const _FlowAttribute = require("../models/FlowAttribute");
 const _FlowElement = require("../models/FlowElement");
+const _FlowGraph = require("../models/FlowGraph");
 const _FlowNode = require("../models/FlowNode");
 const _FlowResource = require("../models/FlowResource");
 const _FlowType = require("../models/FlowType");

package/main/libs/FixFlows.d.ts

@@ -1,5 +1,5 @@
 import * as core from "../internals/internals";
-export declare function fix(results: core.ScanResult[]): core.ScanResult[];
+export declare function fix(results: core.ScanResult[], ruleOptions?: Map<string, unknown>): core.ScanResult[];
 /**
  * @deprecated Use fix() instead which modifies flows in place.
  * Kept for backward compatibility.

package/main/libs/FixFlows.js

@@ -58,17 +58,24 @@ function _interop_require_wildcard(obj, nodeInterop) {
     }
     return newObj;
 }
-function fix(results) {
+function fix(results, ruleOptions) {
     const newResults = [];
     for (const result of results){
         if (!result.ruleResults || result.ruleResults.length === 0) continue;
-        const fixables = result.ruleResults.filter((r)=>r.ruleName === "UnusedVariable" && r.occurs || r.ruleName === "UnconnectedElement" && r.occurs || r.ruleName === "AutoLayout" && r.occurs);
+        const fixables = result.ruleResults.filter((r)=>r.ruleName === "UnusedVariable" && r.occurs || r.ruleName === "UnconnectedElement" && r.occurs || r.ruleName === "AutoLayout" && r.occurs || r.ruleName === "APIVersion" && r.occurs);
         if (fixables.length === 0) continue;
         // Handle AutoLayout fix separately (modifies metadata, not elements)
         const autoLayoutFix = fixables.find((r)=>r.ruleName === "AutoLayout");
         if (autoLayoutFix) {
             applyAutoLayoutFix(result.flow);
         }
+        // Handle APIVersion fix (modifies apiVersion attribute)
+        const apiVersionFix = fixables.find((r)=>r.ruleName === "APIVersion");
+        if (apiVersionFix) {
+            var _ruleOptions_get;
+            const options = (_ruleOptions_get = ruleOptions === null || ruleOptions === void 0 ? void 0 : ruleOptions.get("invalid-api-version")) !== null && _ruleOptions_get !== void 0 ? _ruleOptions_get : ruleOptions === null || ruleOptions === void 0 ? void 0 : ruleOptions.get("APIVersion");
+            applyAPIVersionFix(result.flow, options);
+        }
         // Handle element-based fixes (UnusedVariable, UnconnectedElement)
         // These modify xmldata in place to preserve element order and formatting
         const elementFixables = fixables.filter((r)=>r.ruleName !== "AutoLayout");
@@ -107,6 +114,39 @@ function applyAutoLayoutFix(flow) {
     // Update the flow's processMetadataValues property
     flow.processMetadataValues = flow.xmldata.processMetadataValues;
 }
+/**
+ * Parse an API version expression and return the target version for auto-fix.
+ * Fixable expressions: >= N, === N, > N
+ * Returns undefined for unfixable expressions (<, <=, !==)
+ */ function parseAPIVersionExpression(expression) {
+    if (!expression) {
+        // Default behavior: >= 50
+        return 50;
+    }
+    const match = expression.match(/^\s*(>=|<=|>|<|===|!==)\s*(\d+)\s*$/);
+    if (!match) return undefined;
+    const [, operator, versionStr] = match;
+    const version = parseInt(versionStr, 10);
+    switch(operator){
+        case '>=':
+        case '===':
+            return version;
+        case '>':
+            return version + 1;
+        // These don't have a clear target version
+        case '<':
+        case '<=':
+        case '!==':
+        default:
+            return undefined;
+    }
+}
+function applyAPIVersionFix(flow, options) {
+    if (!flow.xmldata) return;
+    const targetVersion = parseAPIVersionExpression(options === null || options === void 0 ? void 0 : options.expression);
+    if (targetVersion === undefined) return;
+    flow.xmldata.apiVersion = targetVersion.toString();
+}
 /**
  * Apply element-based fixes (UnusedVariable, UnconnectedElement) by modifying xmldata in place.
  * This preserves element order and formatting from the original file.

package/main/libs/ScanFlows.js

@@ -116,5 +116,17 @@ function ScanFlows(flows, ruleOptions) {
             });
         });
     }
+    // Apply threshold filtering if specified
+    const threshold = ruleOptions === null || ruleOptions === void 0 ? void 0 : ruleOptions.threshold;
+    if (threshold && threshold !== 'never') {
+        for (const scanResult of flowResults){
+            scanResult.ruleResults = scanResult.ruleResults.filter((ruleResult)=>{
+                // Get effective severity (config override or rule default)
+                const config = getRuleConfigByIdOrName(ruleResult.ruleDefinition, ruleOptions === null || ruleOptions === void 0 ? void 0 : ruleOptions.rules);
+                const severity = (config === null || config === void 0 ? void 0 : config.severity) || ruleResult.severity || 'warning';
+                return (0, _IRulesConfig.meetsThreshold)(severity, threshold);
+            });
+        }
+    }
     return flowResults;
 }

package/main/models/RuleCommon.d.ts

@@ -1,4 +1,4 @@
-import { RuleInfo } from "./RuleInfo";
+import { RuleInfo, ConfigurableOption } from "./RuleInfo";
 import * as core from "../internals/internals";
 export declare abstract class RuleCommon {
     category?: 'problem' | 'suggestion' | 'layout' | 'system';
@@ -9,6 +9,8 @@ export declare abstract class RuleCommon {
         path: string;
     }>;
     isConfigurable: boolean;
+    configurableOptions?: ConfigurableOption[];
+    isFixable: boolean;
     label: string;
     name: string;
     severity?: string;

package/main/models/RuleCommon.js

@@ -132,6 +132,8 @@ let RuleCommon = class RuleCommon {
         _define_property(this, "summary", void 0);
         _define_property(this, "docRefs", []);
         _define_property(this, "isConfigurable", void 0);
+        _define_property(this, "configurableOptions", void 0);
+        _define_property(this, "isFixable", void 0);
         _define_property(this, "label", void 0);
         _define_property(this, "name", void 0);
         _define_property(this, "severity", void 0);
@@ -147,13 +149,10 @@ let RuleCommon = class RuleCommon {
         this.summary = info.summary;
         this.uri = `https://github.com/Lightning-Flow-Scanner/lightning-flow-scanner/tree/main/src/main/rules/${info.name}.ts`;
         this.docRefs = info.docRefs;
-        const checkImpl = this.check;
-        if (typeof checkImpl === "function") {
-            const source = checkImpl.toString();
-            this.isConfigurable = /options[.\?]/.test(source);
-        } else {
-            this.isConfigurable = false;
-        }
+        this.configurableOptions = info.configurableOptions;
+        this.isConfigurable = !!(info.configurableOptions && info.configurableOptions.length > 0);
+        var _info_isFixable;
+        this.isFixable = (_info_isFixable = info.isFixable) !== null && _info_isFixable !== void 0 ? _info_isFixable : false;
         var _optional_severity;
         this.severity = (_optional_severity = optional === null || optional === void 0 ? void 0 : optional.severity) !== null && _optional_severity !== void 0 ? _optional_severity : "warning";
     }

package/main/models/RuleInfo.d.ts

@@ -3,6 +3,15 @@ export type RuleDefinitionExpression = {
         expression?: unknown;
     };
 };
+/**
+ * Describes a configurable option for a rule.
+ */
+export interface ConfigurableOption {
+    name: string;
+    type: 'number' | 'string' | 'boolean' | 'expression';
+    description: string;
+    defaultValue?: unknown;
+}
 /**
  * Represents a rule metadata; this contains properties to describe the rule
  */
@@ -45,4 +54,13 @@ export declare class RuleInfo {
      * Use defined types in @see FlowType
      */
     supportedTypes: string[];
+    /**
+     * Configurable options for this rule.
+     * Used for documentation generation.
+     */
+    configurableOptions?: ConfigurableOption[];
+    /**
+     * Whether this rule supports auto-fix.
+     */
+    isFixable?: boolean;
 }

package/main/models/RuleInfo.js

@@ -50,5 +50,12 @@ let RuleInfo = class RuleInfo {
    * The types supported by this rule (e.g., Flow, Process).
    * Use defined types in @see FlowType
    */ _define_property(this, "supportedTypes", void 0);
+        /**
+   * Configurable options for this rule.
+   * Used for documentation generation.
+   */ _define_property(this, "configurableOptions", void 0);
+        /**
+   * Whether this rule supports auto-fix.
+   */ _define_property(this, "isFixable", void 0);
     }
 };

package/main/rules/APIVersion.js

@@ -120,7 +120,16 @@ let APIVersion = class APIVersion extends _RuleCommon.RuleCommon {
             description: "Flows running on outdated API versions may behave inconsistently when newer platform features or components are used. From API version 50.0 onward, the API Version attribute explicitly controls Flow runtime behavior. Keeping Flows aligned with a supported API version helps prevent compatibility issues and ensures predictable execution.",
             summary: "Outdated API versions risk compatibility issues",
             supportedTypes: _internals.FlowType.allTypes(),
-            docRefs: []
+            docRefs: [],
+            configurableOptions: [
+                {
+                    name: "expression",
+                    type: "expression",
+                    description: "Comparison expression for API version (e.g., `>= 58`, `< 50`, `=== 60`)",
+                    defaultValue: ">= 50"
+                }
+            ],
+            isFixable: true
         });
     }
 };

package/main/rules/AutoLayout.js

@@ -72,7 +72,8 @@ let AutoLayout = class AutoLayout extends _RuleCommon.RuleCommon {
             description: "Auto-Layout automatically arranges and aligns Flow elements, keeping the canvas organized and easier to maintain. Enabling it saves time and improves readability.",
             summary: "Auto-Layout improves canvas organization and readability",
             supportedTypes: _internals.FlowType.allTypes(),
-            docRefs: []
+            docRefs: [],
+            isFixable: true
         }, {
             severity: "note"
         });

package/main/rules/CognitiveComplexity.d.ts

@@ -0,0 +1,33 @@
+import * as core from "../internals/internals";
+import { RuleCommon } from "../models/RuleCommon";
+import { IRuleDefinition } from "../interfaces/IRuleDefinition";
+/**
+ * Cognitive Complexity Rule
+ *
+ * Unlike cyclomatic complexity which counts paths, cognitive complexity
+ * measures how hard a flow is to understand by penalizing:
+ * - Control flow structures (loops, decisions) +1 each
+ * - Nesting depth: each level of nesting adds extra penalty
+ *
+ * A decision inside a loop is harder to understand than a flat sequence.
+ */
+export declare class CognitiveComplexity extends RuleCommon implements IRuleDefinition {
+    private defaultThreshold;
+    constructor();
+    protected check(flow: core.Flow, options: {
+        threshold?: number;
+    } | undefined): core.Violation[];
+    /**
+     * Calculate cognitive complexity for a flow.
+     *
+     * Algorithm:
+     * 1. Find all loops and decisions
+     * 2. Calculate nesting depth for each (how many loops/decisions contain it)
+     * 3. Add 1 + nesting_depth for each control structure
+     */
+    private calculateCognitiveComplexity;
+    /**
+     * Count how many parent loops contain this loop
+     */
+    private countParentLoops;
+}

package/main/rules/CognitiveComplexity.js

@@ -0,0 +1,175 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "CognitiveComplexity", {
+    enumerable: true,
+    get: function() {
+        return CognitiveComplexity;
+    }
+});
+const _internals = /*#__PURE__*/ _interop_require_wildcard(require("../internals/internals"));
+const _RuleCommon = require("../models/RuleCommon");
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _getRequireWildcardCache(nodeInterop) {
+    if (typeof WeakMap !== "function") return null;
+    var cacheBabelInterop = new WeakMap();
+    var cacheNodeInterop = new WeakMap();
+    return (_getRequireWildcardCache = function(nodeInterop) {
+        return nodeInterop ? cacheNodeInterop : cacheBabelInterop;
+    })(nodeInterop);
+}
+function _interop_require_wildcard(obj, nodeInterop) {
+    if (!nodeInterop && obj && obj.__esModule) {
+        return obj;
+    }
+    if (obj === null || typeof obj !== "object" && typeof obj !== "function") {
+        return {
+            default: obj
+        };
+    }
+    var cache = _getRequireWildcardCache(nodeInterop);
+    if (cache && cache.has(obj)) {
+        return cache.get(obj);
+    }
+    var newObj = {
+        __proto__: null
+    };
+    var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor;
+    for(var key in obj){
+        if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) {
+            var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null;
+            if (desc && (desc.get || desc.set)) {
+                Object.defineProperty(newObj, key, desc);
+            } else {
+                newObj[key] = obj[key];
+            }
+        }
+    }
+    newObj.default = obj;
+    if (cache) {
+        cache.set(obj, newObj);
+    }
+    return newObj;
+}
+let CognitiveComplexity = class CognitiveComplexity extends _RuleCommon.RuleCommon {
+    check(flow, options) {
+        var _options_threshold;
+        const threshold = (_options_threshold = options === null || options === void 0 ? void 0 : options.threshold) !== null && _options_threshold !== void 0 ? _options_threshold : this.defaultThreshold;
+        const complexity = this.calculateCognitiveComplexity(flow);
+        if (complexity > threshold) {
+            return [
+                new _internals.Violation(new _internals.FlowAttribute(`${complexity}`, "CognitiveComplexity", `>${threshold}`))
+            ];
+        }
+        return [];
+    }
+    /**
+   * Calculate cognitive complexity for a flow.
+   *
+   * Algorithm:
+   * 1. Find all loops and decisions
+   * 2. Calculate nesting depth for each (how many loops/decisions contain it)
+   * 3. Add 1 + nesting_depth for each control structure
+   */ calculateCognitiveComplexity(flow) {
+        let complexity = 0;
+        const graph = flow.graph;
+        // Get all loops and decisions
+        const loops = flow.elements.filter((e)=>e.subtype === "loops");
+        const decisions = flow.elements.filter((e)=>e.subtype === "decisions");
+        // Build a map of which elements are contained within which control structures
+        const nestingDepth = new Map();
+        // Calculate nesting depth for each element
+        for (const element of flow.elements){
+            if (!(element instanceof _internals.FlowNode)) continue;
+            let depth = 0;
+            // Check if inside any loop
+            if (graph.isInLoop(element.name)) {
+                depth++;
+                // Check for nested loops (loop inside loop)
+                const containingLoop = graph.getContainingLoop(element.name);
+                if (containingLoop && containingLoop !== element.name) {
+                    // Check if the containing loop is itself inside another loop
+                    depth += this.countParentLoops(containingLoop, graph, loops);
+                }
+            }
+            nestingDepth.set(element.name, depth);
+        }
+        // Add complexity for each loop: 1 + nesting depth
+        for (const loop of loops){
+            var _nestingDepth_get;
+            const depth = (_nestingDepth_get = nestingDepth.get(loop.name)) !== null && _nestingDepth_get !== void 0 ? _nestingDepth_get : 0;
+            complexity += 1 + depth;
+        }
+        // Add complexity for each decision: 1 + nesting depth
+        // Also count additional branches beyond 2 (if-else is base, more adds complexity)
+        for (const decision of decisions){
+            var _decision_rules;
+            var _nestingDepth_get1;
+            const depth = (_nestingDepth_get1 = nestingDepth.get(decision.name)) !== null && _nestingDepth_get1 !== void 0 ? _nestingDepth_get1 : 0;
+            var _decision_rules_length;
+            const rulesCount = (_decision_rules_length = (_decision_rules = decision.rules) === null || _decision_rules === void 0 ? void 0 : _decision_rules.length) !== null && _decision_rules_length !== void 0 ? _decision_rules_length : 0;
+            // Base complexity: 1 + nesting depth
+            complexity += 1 + depth;
+            // Additional complexity for multiple branches (beyond binary decision)
+            // Each additional rule beyond the first adds complexity
+            if (rulesCount > 1) {
+                complexity += rulesCount - 1;
+            }
+        }
+        return complexity;
+    }
+    /**
+   * Count how many parent loops contain this loop
+   */ countParentLoops(loopName, graph, allLoops) {
+        let count = 0;
+        for (const parentLoop of allLoops){
+            if (parentLoop.name === loopName) continue;
+            // Check if loopName is within this parent loop's body
+            const loopElements = graph.getLoopElements(parentLoop.name);
+            if (loopElements.has(loopName)) {
+                count++;
+            }
+        }
+        return count;
+    }
+    constructor(){
+        super({
+            ruleId: "cognitive-complexity",
+            category: "suggestion",
+            name: "CognitiveComplexity",
+            label: "Cognitive Complexity",
+            description: "Flows with deeply nested loops and decisions are hard to understand. Unlike cyclomatic complexity which counts paths, cognitive complexity penalizes nesting depth. Consider extracting nested logic into subflows.",
+            summary: "Deeply nested logic harms readability",
+            supportedTypes: _internals.FlowType.backEndTypes,
+            docRefs: [
+                {
+                    label: "Cognitive Complexity is a measure of how difficult code is to understand, as opposed to Cyclomatic Complexity which measures testability.",
+                    path: "https://www.sonarsource.com/docs/CognitiveComplexity.pdf"
+                }
+            ],
+            configurableOptions: [
+                {
+                    name: "threshold",
+                    type: "number",
+                    description: "Maximum cognitive complexity score before triggering a violation",
+                    defaultValue: 15
+                }
+            ]
+        }, {
+            severity: "note"
+        }), _define_property(this, "defaultThreshold", 15);
+    }
+};

package/main/rules/CyclomaticComplexity.js

@@ -67,7 +67,8 @@ function _interop_require_wildcard(obj, nodeInterop) {
 let CyclomaticComplexity = class CyclomaticComplexity extends _RuleCommon.RuleCommon {
     check(flow, options) {
         var _flow_elements, _flow_elements1;
-        const threshold = (options === null || options === void 0 ? void 0 : options.threshold) || this.defaultThreshold;
+        var _options_threshold;
+        const threshold = (_options_threshold = options === null || options === void 0 ? void 0 : options.threshold) !== null && _options_threshold !== void 0 ? _options_threshold : this.defaultThreshold;
         let cyclomaticComplexity = 1;
         const flowDecisions = flow === null || flow === void 0 ? void 0 : (_flow_elements = flow.elements) === null || _flow_elements === void 0 ? void 0 : _flow_elements.filter((node)=>node.subtype === "decisions");
         const flowLoops = flow === null || flow === void 0 ? void 0 : (_flow_elements1 = flow.elements) === null || _flow_elements1 === void 0 ? void 0 : _flow_elements1.filter((node)=>node.subtype === "loops");
@@ -99,6 +100,14 @@ let CyclomaticComplexity = class CyclomaticComplexity extends _RuleCommon.RuleCo
                     label: `Cyclomatic complexity is a software metric used to indicate the complexity of a program. It is a quantitative measure of the number of linearly independent paths through a program's source code.`,
                     path: "https://en.wikipedia.org/wiki/Cyclomatic_complexity"
                 }
+            ],
+            configurableOptions: [
+                {
+                    name: "threshold",
+                    type: "number",
+                    description: "Maximum cyclomatic complexity score before triggering a violation",
+                    defaultValue: 25
+                }
             ]
         }, {
             severity: "note"

package/main/rules/FlowName.js

@@ -91,7 +91,15 @@ let FlowName = class FlowName extends _RuleCommon.RuleCommon {
             ],
             label: "Flow Naming Convention",
             name: "FlowName",
-            supportedTypes: _internals.FlowType.allTypes()
+            supportedTypes: _internals.FlowType.allTypes(),
+            configurableOptions: [
+                {
+                    name: "expression",
+                    type: "expression",
+                    description: "Regex pattern for valid Flow names",
+                    defaultValue: "[A-Za-z0-9]+_[A-Za-z0-9]+"
+                }
+            ]
         }, {
             severity: "error"
         }), _define_property(this, "regexRule", new _regexscanner.NamingConvention());

package/main/rules/HardcodedId.js

@@ -80,7 +80,7 @@ let HardcodedId = class HardcodedId extends _RuleCommon.RuleCommon {
             ruleId: "hardcoded-id",
             name: "HardcodedId",
             category: "problem",
-            label: "Hardcoded Salesforce Id",
+            label: "Hardcoded Id",
             description: "Avoid hard-coding record IDs, as they are unique to a specific org and will not work in other environments. Instead, store IDs in variables—such as merge-field URL parameters or a **Get Records** element—to make the Flow portable, maintainable, and flexible.",
             summary: "Hardcoded IDs break portability across environments",
             supportedTypes: _internals.FlowType.allTypes(),

package/main/rules/HardcodedUrl.js

@@ -50,7 +50,7 @@ let HardcodedUrl = class HardcodedUrl extends _RuleCommon.RuleCommon {
                     path: "https://admin.salesforce.com/blog/2021/why-you-should-avoid-hard-coding-and-three-alternative-solutions"
                 }
             ],
-            label: "Hardcoded Salesforce Url",
+            label: "Hardcoded Url",
             name: "HardcodedUrl",
             supportedTypes: _internals.FlowType.allTypes()
         }, {

package/main/rules/UnconnectedElement.js

@@ -71,7 +71,8 @@ let UnconnectedElement = class UnconnectedElement extends _RuleCommon.RuleCommon
             supportedTypes: [
                 ..._internals.FlowType.backEndTypes,
                 ..._internals.FlowType.visualTypes
-            ]
+            ],
+            isFixable: true
         });
     }
 };

package/main/rules/UnusedVariable.js

@@ -89,7 +89,8 @@ let UnusedVariable = class UnusedVariable extends _RuleCommon.RuleCommon {
                 ..._internals.FlowType.backEndTypes,
                 ..._internals.FlowType.visualTypes
             ],
-            docRefs: []
+            docRefs: [],
+            isFixable: true
         });
     }
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@flow-scanner/lightning-flow-scanner-core",
   "description": "A lightweight engine for Flow metadata in Node.js, and browser environments. Assess and enhance Salesforce Flow automations for best practices, security, governor limits, and performance issues.",
-  "version": "6.18.0",
+  "version": "6.19.0",
   "main": "index.js",
   "exports": {
     ".": {
@@ -20,7 +20,7 @@
     "directory": "packages/core"
   },
   "dependencies": {
-    "@flow-scanner/regex-scanner": "1.0.0",
+    "@flow-scanner/regex-scanner": "1.1.0",
     "fast-xml-parser": "^5.3.0"
   },
   "homepage": "https://flow-scanner.github.io/lightning-flow-scanner/",