@guardrail-ai/rules 0.1.0

package/dist/any-type-abuse.js

@@ -0,0 +1,37 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const traverse_1 = __importDefault(require("@babel/traverse"));
+const anyTypeAbuseRule = {
+    id: 'ai-codegen/any-type-abuse',
+    name: 'Any Type Abuse',
+    description: 'Detects explicit `: any` type annotations and `as any` casts in TypeScript files',
+    severity: 'warning',
+    category: 'ai-codegen',
+    detect(context) {
+        const violations = [];
+        const { ast, filePath } = context;
+        // Only check TypeScript files
+        if (!/\.tsx?$/.test(filePath))
+            return violations;
+        (0, traverse_1.default)(ast, {
+            TSAnyKeyword(path) {
+                violations.push({
+                    ruleId: 'ai-codegen/any-type-abuse',
+                    severity: 'warning',
+                    message: 'Explicit `any` type — use a specific type, `unknown`, or a generic instead.',
+                    location: {
+                        file: filePath,
+                        line: path.node.loc?.start.line ?? 0,
+                        column: path.node.loc?.start.column ?? 0,
+                    },
+                });
+            },
+        });
+        return violations;
+    },
+};
+exports.default = anyTypeAbuseRule;
+//# sourceMappingURL=any-type-abuse.js.map

package/dist/any-type-abuse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"any-type-abuse.js","sourceRoot":"","sources":["../src/any-type-abuse.ts"],"names":[],"mappings":";;;;;AAAA,+DAAuC;AAGvC,MAAM,gBAAgB,GAAS;IAC7B,EAAE,EAAE,2BAA2B;IAC/B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EACT,kFAAkF;IACpF,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,YAAY;IAEtB,MAAM,CAAC,OAAoB;QACzB,MAAM,UAAU,GAAgB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAElC,8BAA8B;QAC9B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,UAAU,CAAC;QAEjD,IAAA,kBAAQ,EAAC,GAAG,EAAE;YACZ,YAAY,CAAC,IAAI;gBACf,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,2BAA2B;oBACnC,QAAQ,EAAE,SAAS;oBACnB,OAAO,EACL,6EAA6E;oBAC/E,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wBACpC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;qBACzC;iBACF,CAAC,CAAC;YACL,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC;AAEF,kBAAe,gBAAgB,CAAC"}

package/dist/console-log-spam.d.ts

@@ -0,0 +1,4 @@
+import type { Rule } from '@guardrail-ai/core';
+declare const consoleLogSpamRule: Rule;
+export default consoleLogSpamRule;
+//# sourceMappingURL=console-log-spam.d.ts.map

package/dist/console-log-spam.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"console-log-spam.d.ts","sourceRoot":"","sources":["../src/console-log-spam.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAA0B,MAAM,oBAAoB,CAAC;AAIvE,QAAA,MAAM,kBAAkB,EAAE,IAyDzB,CAAC;AAEF,eAAe,kBAAkB,CAAC"}

package/dist/console-log-spam.js

@@ -0,0 +1,60 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const traverse_1 = __importDefault(require("@babel/traverse"));
+const DEBUG_METHODS = new Set(['log', 'debug', 'info', 'trace', 'dir', 'table']);
+const consoleLogSpamRule = {
+    id: 'ai-codegen/console-log-spam',
+    name: 'Console Log Spam',
+    description: 'Detects console.log/debug/info calls that should be removed or replaced with proper logging',
+    severity: 'info',
+    category: 'ai-codegen',
+    detect(context) {
+        const violations = [];
+        const { ast, filePath } = context;
+        (0, traverse_1.default)(ast, {
+            CallExpression(path) {
+                const callee = path.node.callee;
+                if (callee.type === 'MemberExpression' &&
+                    callee.object.type === 'Identifier' &&
+                    callee.object.name === 'console' &&
+                    callee.property.type === 'Identifier' &&
+                    DEBUG_METHODS.has(callee.property.name)) {
+                    const stmt = path.findParent((p) => p.isExpressionStatement());
+                    const stmtNode = stmt?.node;
+                    violations.push({
+                        ruleId: 'ai-codegen/console-log-spam',
+                        severity: 'info',
+                        message: `console.${callee.property.name}() call — remove or replace with a proper logger.`,
+                        location: {
+                            file: filePath,
+                            line: path.node.loc?.start.line ?? 0,
+                            column: path.node.loc?.start.column ?? 0,
+                        },
+                        fix: stmtNode?.loc
+                            ? {
+                                description: `Remove console.${callee.property.name}() statement`,
+                                range: {
+                                    start: {
+                                        line: stmtNode.loc.start.line,
+                                        column: stmtNode.loc.start.column,
+                                    },
+                                    end: {
+                                        line: stmtNode.loc.end.line,
+                                        column: stmtNode.loc.end.column,
+                                    },
+                                },
+                                replacement: '',
+                            }
+                            : undefined,
+                    });
+                }
+            },
+        });
+        return violations;
+    },
+};
+exports.default = consoleLogSpamRule;
+//# sourceMappingURL=console-log-spam.js.map

package/dist/console-log-spam.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"console-log-spam.js","sourceRoot":"","sources":["../src/console-log-spam.ts"],"names":[],"mappings":";;;;;AAAA,+DAAuC;AAGvC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAEjF,MAAM,kBAAkB,GAAS;IAC/B,EAAE,EAAE,6BAA6B;IACjC,IAAI,EAAE,kBAAkB;IACxB,WAAW,EACT,6FAA6F;IAC/F,QAAQ,EAAE,MAAM;IAChB,QAAQ,EAAE,YAAY;IAEtB,MAAM,CAAC,OAAoB;QACzB,MAAM,UAAU,GAAgB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAElC,IAAA,kBAAQ,EAAC,GAAG,EAAE;YACZ,cAAc,CAAC,IAAI;gBACjB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;gBAChC,IACE,MAAM,CAAC,IAAI,KAAK,kBAAkB;oBAClC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,YAAY;oBACnC,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;oBAChC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY;oBACrC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EACvC,CAAC;oBACD,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,qBAAqB,EAAE,CAAC,CAAC;oBAC/D,MAAM,QAAQ,GAAG,IAAI,EAAE,IAAI,CAAC;oBAE5B,UAAU,CAAC,IAAI,CAAC;wBACd,MAAM,EAAE,6BAA6B;wBACrC,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,WAAW,MAAM,CAAC,QAAQ,CAAC,IAAI,mDAAmD;wBAC3F,QAAQ,EAAE;4BACR,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BACpC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;yBACzC;wBACD,GAAG,EAAE,QAAQ,EAAE,GAAG;4BAChB,CAAC,CAAC;gCACE,WAAW,EAAE,kBAAkB,MAAM,CAAC,QAAQ,CAAC,IAAI,cAAc;gCACjE,KAAK,EAAE;oCACL,KAAK,EAAE;wCACL,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI;wCAC7B,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM;qCAClC;oCACD,GAAG,EAAE;wCACH,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI;wCAC3B,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM;qCAChC;iCACF;gCACD,WAAW,EAAE,EAAE;6BAChB;4BACH,CAAC,CAAC,SAAS;qBACd,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;SACF,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC;AAEF,kBAAe,kBAAkB,CAAC"}

package/dist/data/hallucinated-packages.json

@@ -0,0 +1,212 @@
+[
+    "@openai/api",
+    "@openai/sdk",
+    "@openai/client",
+    "@anthropic/sdk",
+    "@anthropic/client",
+    "langchain-core",
+    "langchain-community",
+    "langchain-openai",
+    "react-native-ai",
+    "react-ai",
+    "express-middleware",
+    "express-utils",
+    "express-helpers",
+    "lodash-utils",
+    "lodash-helpers",
+    "node-utils",
+    "node-helpers",
+    "crypto-utils",
+    "auth-utils",
+    "auth-helpers",
+    "api-utils",
+    "api-helpers",
+    "db-utils",
+    "database-utils",
+    "mongoose-utils",
+    "prisma-utils",
+    "nextjs-utils",
+    "next-utils",
+    "react-query-utils",
+    "redux-helpers",
+    "graphql-helpers",
+    "graphql-utils",
+    "socket-utils",
+    "websocket-utils",
+    "firebase-utils",
+    "firebase-helpers",
+    "aws-utils",
+    "aws-helpers",
+    "gcp-utils",
+    "azure-utils",
+    "docker-utils",
+    "kubernetes-utils",
+    "ml-utils",
+    "ai-utils",
+    "data-utils",
+    "string-utils",
+    "array-utils",
+    "object-utils",
+    "file-utils",
+    "path-utils",
+    "url-utils",
+    "http-utils",
+    "validation-utils",
+    "test-utils",
+    "testing-utils",
+    "mock-utils",
+    "logger-utils",
+    "config-utils",
+    "env-utils",
+    "cache-utils",
+    "queue-utils",
+    "email-utils",
+    "payment-utils",
+    "stripe-utils",
+    "@stripe/utils",
+    "image-utils",
+    "video-utils",
+    "audio-utils",
+    "pdf-utils",
+    "csv-utils",
+    "json-utils",
+    "xml-utils",
+    "yaml-utils",
+    "markdown-utils",
+    "html-utils",
+    "css-utils",
+    "tailwind-utils",
+    "styled-utils",
+    "animation-utils",
+    "date-utils",
+    "time-utils",
+    "math-utils",
+    "crypto-helpers",
+    "security-utils",
+    "permission-utils",
+    "role-utils",
+    "session-utils",
+    "token-utils",
+    "jwt-utils",
+    "oauth-utils",
+    "passport-utils",
+    "bcrypt-utils",
+    "encryption-utils",
+    "hash-utils",
+    "random-utils",
+    "uuid-utils",
+    "id-utils",
+    "slug-utils",
+    "format-utils",
+    "parse-utils",
+    "convert-utils",
+    "transform-utils",
+    "merge-utils",
+    "deep-merge-utils",
+    "clone-utils",
+    "compare-utils",
+    "sort-utils",
+    "filter-utils",
+    "search-utils",
+    "pagination-utils",
+    "scroll-utils",
+    "dom-utils",
+    "event-utils",
+    "storage-utils",
+    "cookie-utils",
+    "browser-utils",
+    "mobile-utils",
+    "responsive-utils",
+    "seo-utils",
+    "analytics-utils",
+    "tracking-utils",
+    "notification-utils",
+    "push-utils",
+    "webhook-utils",
+    "cron-utils",
+    "scheduler-utils",
+    "worker-utils",
+    "thread-utils",
+    "stream-utils",
+    "buffer-utils",
+    "encoding-utils",
+    "compression-utils",
+    "upload-utils",
+    "download-utils",
+    "migration-utils",
+    "seed-utils",
+    "fixture-utils",
+    "factory-utils",
+    "builder-utils",
+    "generator-utils",
+    "template-utils",
+    "render-utils",
+    "compile-utils",
+    "bundle-utils",
+    "deploy-utils",
+    "ci-utils",
+    "git-utils",
+    "npm-utils",
+    "cli-utils",
+    "terminal-utils",
+    "console-utils",
+    "debug-utils",
+    "error-utils",
+    "exception-utils",
+    "retry-utils",
+    "timeout-utils",
+    "delay-utils",
+    "async-utils",
+    "promise-utils",
+    "observable-utils",
+    "state-utils",
+    "context-utils",
+    "hook-utils",
+    "middleware-utils",
+    "plugin-utils",
+    "extension-utils",
+    "addon-utils",
+    "module-utils",
+    "package-utils",
+    "dependency-utils",
+    "version-utils",
+    "changelog-utils",
+    "release-utils",
+    "publish-utils",
+    "docs-utils",
+    "readme-utils",
+    "comment-utils",
+    "annotation-utils",
+    "type-utils",
+    "schema-utils",
+    "model-utils",
+    "entity-utils",
+    "dto-utils",
+    "mapper-utils",
+    "serializer-utils",
+    "deserializer-utils",
+    "encoder-utils",
+    "decoder-utils",
+    "validator-utils",
+    "sanitizer-utils",
+    "normalizer-utils",
+    "formatter-utils",
+    "localization-utils",
+    "i18n-utils",
+    "translation-utils",
+    "currency-utils",
+    "number-utils",
+    "color-utils",
+    "icon-utils",
+    "font-utils",
+    "theme-utils",
+    "layout-utils",
+    "grid-utils",
+    "flex-utils",
+    "spacing-utils",
+    "border-utils",
+    "shadow-utils",
+    "gradient-utils",
+    "transition-utils",
+    "keyframe-utils"
+]

package/dist/dead-code.d.ts

@@ -0,0 +1,10 @@
+import type { Rule } from '@guardrail-ai/core';
+/**
+ * Detects dead code patterns:
+ *   - Unreachable code after return/throw/break/continue
+ *   - Unused function declarations (within module scope)
+ *   - Empty catch blocks that swallow errors
+ */
+declare const deadCodeRule: Rule;
+export default deadCodeRule;
+//# sourceMappingURL=dead-code.d.ts.map

package/dist/dead-code.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dead-code.d.ts","sourceRoot":"","sources":["../src/dead-code.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAA0B,MAAM,oBAAoB,CAAC;AAEvE;;;;;GAKG;AAEH,QAAA,MAAM,YAAY,EAAE,IAmKnB,CAAC;AAEF,eAAe,YAAY,CAAC"}

package/dist/dead-code.js

@@ -0,0 +1,152 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const traverse_1 = __importDefault(require("@babel/traverse"));
+/**
+ * Detects dead code patterns:
+ *   - Unreachable code after return/throw/break/continue
+ *   - Unused function declarations (within module scope)
+ *   - Empty catch blocks that swallow errors
+ */
+const deadCodeRule = {
+    id: 'quality/dead-code',
+    name: 'Dead Code',
+    description: 'Detects unreachable code, unused declarations, and empty error handlers',
+    severity: 'warning',
+    category: 'quality',
+    detect(context) {
+        const violations = [];
+        const { ast, filePath, source } = context;
+        // Track function declarations and their references
+        const declaredFunctions = new Map();
+        const exportedNames = new Set();
+        (0, traverse_1.default)(ast, {
+            // Detect unreachable code after return/throw
+            'ReturnStatement|ThrowStatement|BreakStatement|ContinueStatement'(path) {
+                const siblings = path.container;
+                if (!Array.isArray(siblings))
+                    return;
+                const idx = siblings.indexOf(path.node);
+                if (idx === -1 || idx >= siblings.length - 1)
+                    return;
+                const nextSibling = siblings[idx + 1];
+                // Skip if next is a function/class declaration (hoisted)
+                if (nextSibling.type === 'FunctionDeclaration' ||
+                    nextSibling.type === 'ClassDeclaration') {
+                    return;
+                }
+                violations.push({
+                    ruleId: 'quality/dead-code',
+                    severity: 'warning',
+                    message: `Unreachable code after ${path.node.type.replace('Statement', '').toLowerCase()} statement`,
+                    location: {
+                        file: filePath,
+                        line: nextSibling.loc?.start.line ?? 0,
+                        column: nextSibling.loc?.start.column ?? 0,
+                    },
+                    fix: {
+                        description: 'Remove unreachable code',
+                        range: {
+                            start: {
+                                line: nextSibling.loc?.start.line ?? 0,
+                                column: nextSibling.loc?.start.column ?? 0,
+                            },
+                            end: {
+                                line: nextSibling.loc?.end.line ?? 0,
+                                column: nextSibling.loc?.end.column ?? 0,
+                            },
+                        },
+                        replacement: '',
+                    },
+                });
+            },
+            // Track exports
+            ExportNamedDeclaration(path) {
+                const decl = path.node.declaration;
+                if (decl?.type === 'FunctionDeclaration' && decl.id) {
+                    exportedNames.add(decl.id.name);
+                }
+                if (decl?.type === 'VariableDeclaration') {
+                    for (const d of decl.declarations) {
+                        if (d.id.type === 'Identifier') {
+                            exportedNames.add(d.id.name);
+                        }
+                    }
+                }
+                for (const spec of path.node.specifiers) {
+                    if (spec.type === 'ExportSpecifier' && spec.exported.type === 'Identifier') {
+                        exportedNames.add(spec.exported.name);
+                    }
+                }
+            },
+            ExportDefaultDeclaration(path) {
+                const decl = path.node.declaration;
+                if (decl.type === 'Identifier') {
+                    exportedNames.add(decl.name);
+                }
+                if ((decl.type === 'FunctionDeclaration' ||
+                    decl.type === 'ClassDeclaration') &&
+                    decl.id) {
+                    exportedNames.add(decl.id.name);
+                }
+            },
+            // Track function declarations at module level
+            FunctionDeclaration(path) {
+                if (path.parent.type === 'Program' &&
+                    path.node.id) {
+                    const name = path.node.id.name;
+                    declaredFunctions.set(name, {
+                        line: path.node.loc?.start.line ?? 0,
+                        column: path.node.loc?.start.column ?? 0,
+                        binding: path.scope.getBinding(name),
+                    });
+                }
+            },
+            // Detect empty catch blocks
+            CatchClause(path) {
+                if (path.node.body.body.length === 0) {
+                    // Check if there's at least a comment
+                    const startLine = path.node.body.loc?.start.line ?? 0;
+                    const endLine = path.node.body.loc?.end.line ?? 0;
+                    const lines = source.split('\n').slice(startLine - 1, endLine);
+                    const hasComment = lines.some((l) => /\/\/|\/\*/.test(l));
+                    if (!hasComment) {
+                        violations.push({
+                            ruleId: 'quality/dead-code',
+                            severity: 'warning',
+                            message: 'Empty catch block swallows errors silently. Add error handling or a comment explaining why.',
+                            location: {
+                                file: filePath,
+                                line: path.node.loc?.start.line ?? 0,
+                                column: path.node.loc?.start.column ?? 0,
+                            },
+                        });
+                    }
+                }
+            },
+        });
+        // Check for unused module-level functions
+        for (const [name, info] of declaredFunctions) {
+            if (exportedNames.has(name))
+                continue;
+            const binding = info.binding;
+            if (binding && binding.references === 0) {
+                violations.push({
+                    ruleId: 'quality/dead-code',
+                    severity: 'warning',
+                    message: `Function "${name}" is declared but never used`,
+                    location: {
+                        file: filePath,
+                        line: info.line,
+                        column: info.column,
+                    },
+                });
+            }
+        }
+        return violations;
+    },
+};
+exports.default = deadCodeRule;
+//# sourceMappingURL=dead-code.js.map

package/dist/dead-code.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dead-code.js","sourceRoot":"","sources":["../src/dead-code.ts"],"names":[],"mappings":";;;;;AAAA,+DAAuC;AAGvC;;;;;GAKG;AAEH,MAAM,YAAY,GAAS;IACzB,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,WAAW;IACjB,WAAW,EACT,yEAAyE;IAC3E,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,SAAS;IAEnB,MAAM,CAAC,OAAoB;QACzB,MAAM,UAAU,GAAgB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAE1C,mDAAmD;QACnD,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAG9B,CAAC;QACJ,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QAExC,IAAA,kBAAQ,EAAC,GAAG,EAAE;YACZ,6CAA6C;YAC7C,iEAAiE,CAC/D,IAAI;gBAEJ,MAAM,QAAQ,GAAI,IAAI,CAAC,SAAmB,CAAC;gBAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;oBAAE,OAAO;gBAErC,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACxC,IAAI,GAAG,KAAK,CAAC,CAAC,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;oBAAE,OAAO;gBAErD,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;gBACtC,yDAAyD;gBACzD,IACE,WAAW,CAAC,IAAI,KAAK,qBAAqB;oBAC1C,WAAW,CAAC,IAAI,KAAK,kBAAkB,EACvC,CAAC;oBACD,OAAO;gBACT,CAAC;gBAED,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ,EAAE,SAAS;oBACnB,OAAO,EAAE,0BAA0B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,YAAY;oBACpG,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wBACtC,MAAM,EAAE,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;qBAC3C;oBACD,GAAG,EAAE;wBACH,WAAW,EAAE,yBAAyB;wBACtC,KAAK,EAAE;4BACL,KAAK,EAAE;gCACL,IAAI,EAAE,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;gCACtC,MAAM,EAAE,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;6BAC3C;4BACD,GAAG,EAAE;gCACH,IAAI,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC;gCACpC,MAAM,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,IAAI,CAAC;6BACzC;yBACF;wBACD,WAAW,EAAE,EAAE;qBAChB;iBACF,CAAC,CAAC;YACL,CAAC;YAED,gBAAgB;YAChB,sBAAsB,CAAC,IAAI;gBACzB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;gBACnC,IAAI,IAAI,EAAE,IAAI,KAAK,qBAAqB,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;oBACpD,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBAClC,CAAC;gBACD,IAAI,IAAI,EAAE,IAAI,KAAK,qBAAqB,EAAE,CAAC;oBACzC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClC,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;4BAC/B,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;wBAC/B,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBACxC,IAAI,IAAI,CAAC,IAAI,KAAK,iBAAiB,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;wBAC3E,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACxC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wBAAwB,CAAC,IAAI;gBAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;gBACnC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAC/B,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/B,CAAC;gBACD,IACE,CAAC,IAAI,CAAC,IAAI,KAAK,qBAAqB;oBAClC,IAAI,CAAC,IAAI,KAAK,kBAAkB,CAAC;oBACnC,IAAI,CAAC,EAAE,EACP,CAAC;oBACD,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;gBAClC,CAAC;YACH,CAAC;YAED,8CAA8C;YAC9C,mBAAmB,CAAC,IAAI;gBACtB,IACE,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;oBAC9B,IAAI,CAAC,IAAI,CAAC,EAAE,EACZ,CAAC;oBACD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;oBAC/B,iBAAiB,CAAC,GAAG,CAAC,IAAI,EAAE;wBAC1B,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;wBACpC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;wBACxC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;qBACrC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,4BAA4B;YAC5B,WAAW,CAAC,IAAI;gBACd,IACE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAChC,CAAC;oBACD,sCAAsC;oBACtC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;oBACtD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC;oBAClD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;oBAC/D,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;oBAE1D,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,UAAU,CAAC,IAAI,CAAC;4BACd,MAAM,EAAE,mBAAmB;4BAC3B,QAAQ,EAAE,SAAS;4BACnB,OAAO,EACL,6FAA6F;4BAC/F,QAAQ,EAAE;gCACR,IAAI,EAAE,QAAQ;gCACd,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;gCACpC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;6BACzC;yBACF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC,CAAC;QAEH,0CAA0C;QAC1C,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,iBAAiB,EAAE,CAAC;YAC7C,IAAI,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;YAC7B,IAAI,OAAO,IAAI,OAAO,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBACxC,UAAU,CAAC,IAAI,CAAC;oBACd,MAAM,EAAE,mBAAmB;oBAC3B,QAAQ,EAAE,SAAS;oBACnB,OAAO,EAAE,aAAa,IAAI,8BAA8B;oBACxD,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,IAAI,CAAC,IAAI;wBACf,MAAM,EAAE,IAAI,CAAC,MAAM;qBACpB;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC;AAEF,kBAAe,YAAY,CAAC"}

package/dist/duplicate-logic.d.ts

@@ -0,0 +1,4 @@
+import type { Rule } from '@guardrail-ai/core';
+declare const duplicateLogicRule: Rule;
+export default duplicateLogicRule;
+//# sourceMappingURL=duplicate-logic.d.ts.map

package/dist/duplicate-logic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"duplicate-logic.d.ts","sourceRoot":"","sources":["../src/duplicate-logic.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAA0B,MAAM,oBAAoB,CAAC;AAyBvE,QAAA,MAAM,kBAAkB,EAAE,IA8EzB,CAAC;AAEF,eAAe,kBAAkB,CAAC"}

package/dist/duplicate-logic.js

@@ -0,0 +1,90 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const traverse_1 = __importDefault(require("@babel/traverse"));
+const generator_1 = __importDefault(require("@babel/generator"));
+/**
+ * Detects duplicate logic by comparing normalized AST representations
+ * of function bodies and significant code blocks.
+ *
+ * Two functions with identical normalized bodies are flagged.
+ */
+const MIN_BODY_LENGTH = 50; // Minimum characters to consider
+function normalizeName(code) {
+    // Replace all identifiers with generic placeholders
+    // This is a simplified normalization — a production version would
+    // walk the AST and alpha-rename variables
+    return code.replace(/\s+/g, ' ').trim();
+}
+const duplicateLogicRule = {
+    id: 'quality/duplicate-logic',
+    name: 'Duplicate Logic',
+    description: 'Detects functions with identical or near-identical logic that could be refactored',
+    severity: 'warning',
+    category: 'quality',
+    detect(context) {
+        const violations = [];
+        const { ast, filePath } = context;
+        const functions = [];
+        (0, traverse_1.default)(ast, {
+            'FunctionDeclaration|FunctionExpression|ArrowFunctionExpression'(path) {
+                const node = path.node;
+                let name = 'anonymous';
+                if (node.type === 'FunctionDeclaration' && node.id) {
+                    name = node.id.name;
+                }
+                else if (path.parent.type === 'VariableDeclarator' &&
+                    path.parent.id.type === 'Identifier') {
+                    name = path.parent.id.name;
+                }
+                const body = 'body' in node ? node.body : null;
+                if (!body)
+                    return;
+                try {
+                    const generated = (0, generator_1.default)(body, { compact: true }).code;
+                    const normalized = normalizeName(generated);
+                    if (normalized.length >= MIN_BODY_LENGTH) {
+                        functions.push({
+                            name,
+                            normalizedBody: normalized,
+                            line: node.loc?.start.line ?? 0,
+                            column: node.loc?.start.column ?? 0,
+                        });
+                    }
+                }
+                catch {
+                    // Skip if generation fails
+                }
+            },
+        });
+        // Compare all pairs
+        const reported = new Set();
+        for (let i = 0; i < functions.length; i++) {
+            for (let j = i + 1; j < functions.length; j++) {
+                const a = functions[i];
+                const b = functions[j];
+                if (a.normalizedBody === b.normalizedBody) {
+                    const key = `${a.line}:${b.line}`;
+                    if (reported.has(key))
+                        continue;
+                    reported.add(key);
+                    violations.push({
+                        ruleId: 'quality/duplicate-logic',
+                        severity: 'warning',
+                        message: `Function "${b.name}" (line ${b.line}) has identical logic to "${a.name}" (line ${a.line}). Consider refactoring into a shared function.`,
+                        location: {
+                            file: filePath,
+                            line: b.line,
+                            column: b.column,
+                        },
+                    });
+                }
+            }
+        }
+        return violations;
+    },
+};
+exports.default = duplicateLogicRule;
+//# sourceMappingURL=duplicate-logic.js.map

package/dist/duplicate-logic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"duplicate-logic.js","sourceRoot":"","sources":["../src/duplicate-logic.ts"],"names":[],"mappings":";;;;;AAAA,+DAAuC;AACvC,iEAAwC;AAIxC;;;;;GAKG;AAEH,MAAM,eAAe,GAAG,EAAE,CAAC,CAAC,iCAAiC;AAS7D,SAAS,aAAa,CAAC,IAAY;IACjC,oDAAoD;IACpD,kEAAkE;IAClE,0CAA0C;IAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,kBAAkB,GAAS;IAC/B,EAAE,EAAE,yBAAyB;IAC7B,IAAI,EAAE,iBAAiB;IACvB,WAAW,EACT,mFAAmF;IACrF,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,SAAS;IAEnB,MAAM,CAAC,OAAoB;QACzB,MAAM,UAAU,GAAgB,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAClC,MAAM,SAAS,GAAwB,EAAE,CAAC;QAE1C,IAAA,kBAAQ,EAAC,GAAG,EAAE;YACZ,gEAAgE,CAC9D,IAAI;gBAEJ,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;gBAEvB,IAAI,IAAI,GAAG,WAAW,CAAC;gBACvB,IAAI,IAAI,CAAC,IAAI,KAAK,qBAAqB,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;oBACnD,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC;gBACtB,CAAC;qBAAM,IACL,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,oBAAoB;oBACzC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,YAAY,EACpC,CAAC;oBACD,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC;gBAC7B,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC/C,IAAI,CAAC,IAAI;oBAAE,OAAO;gBAElB,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,IAAA,mBAAQ,EAAC,IAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;oBAChE,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;oBAE5C,IAAI,UAAU,CAAC,MAAM,IAAI,eAAe,EAAE,CAAC;wBACzC,SAAS,CAAC,IAAI,CAAC;4BACb,IAAI;4BACJ,cAAc,EAAE,UAAU;4BAC1B,IAAI,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC;4BAC/B,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,IAAI,CAAC;yBACpC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,2BAA2B;gBAC7B,CAAC;YACH,CAAC;SACF,CAAC,CAAC;QAEH,oBAAoB;QACpB,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBACvB,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBAEvB,IAAI,CAAC,CAAC,cAAc,KAAK,CAAC,CAAC,cAAc,EAAE,CAAC;oBAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClC,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;wBAAE,SAAS;oBAChC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;oBAElB,UAAU,CAAC,IAAI,CAAC;wBACd,MAAM,EAAE,yBAAyB;wBACjC,QAAQ,EAAE,SAAS;wBACnB,OAAO,EAAE,aAAa,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,IAAI,6BAA6B,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,IAAI,iDAAiD;wBAClJ,QAAQ,EAAE;4BACR,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,CAAC,CAAC,IAAI;4BACZ,MAAM,EAAE,CAAC,CAAC,MAAM;yBACjB;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC;AAEF,kBAAe,kBAAkB,CAAC"}

package/dist/env-var-leak.d.ts

@@ -0,0 +1,4 @@
+import type { Rule } from '@guardrail-ai/core';
+declare const envVarLeakRule: Rule;
+export default envVarLeakRule;
+//# sourceMappingURL=env-var-leak.d.ts.map

package/dist/env-var-leak.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-var-leak.d.ts","sourceRoot":"","sources":["../src/env-var-leak.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAA0B,MAAM,oBAAoB,CAAC;AAKvE,QAAA,MAAM,cAAc,EAAE,IAmDrB,CAAC;AAiCF,eAAe,cAAc,CAAC"}