@hatem427/code-guard-ci 3.2.0 → 3.4.0

package/scripts/utils/naming-validator.ts

@@ -163,105 +163,6 @@ const frameworkNamingRules: Record<ProjectType, NamingRule[]> = {
   ],
 
   node: [...baseNamingRules],
-
-  nestjs: [
-    ...baseNamingRules,
-    {
-      filePattern: /\.module\.ts$/,
-      convention: 'kebab-case',
-      description: 'NestJS modules should use kebab-case: users.module.ts',
-    },
-    {
-      filePattern: /\.controller\.(ts|spec\.ts)$/,
-      convention: 'kebab-case',
-      description: 'NestJS controllers should use kebab-case: users.controller.ts',
-    },
-    {
-      filePattern: /\.service\.(ts|spec\.ts)$/,
-      convention: 'kebab-case',
-      description: 'NestJS services should use kebab-case: users.service.ts',
-    },
-    {
-      filePattern: /\.dto\.ts$/,
-      convention: 'kebab-case',
-      description: 'NestJS DTOs should use kebab-case: create-user.dto.ts',
-    },
-    {
-      filePattern: /\.guard\.ts$/,
-      convention: 'kebab-case',
-      description: 'NestJS guards should use kebab-case: auth.guard.ts',
-    },
-    {
-      filePattern: /\.pipe\.ts$/,
-      convention: 'kebab-case',
-      description: 'NestJS pipes should use kebab-case: parse-id.pipe.ts',
-    },
-    {
-      filePattern: /\.interceptor\.ts$/,
-      convention: 'kebab-case',
-      description: 'NestJS interceptors should use kebab-case: logging.interceptor.ts',
-    },
-    {
-      filePattern: /\.filter\.ts$/,
-      convention: 'kebab-case',
-      description: 'NestJS exception filters should use kebab-case: http-exception.filter.ts',
-    },
-    {
-      filePattern: /\.decorator\.ts$/,
-      convention: 'kebab-case',
-      description: 'NestJS decorators should use kebab-case: current-user.decorator.ts',
-    },
-  ],
-
-  fastify: [
-    ...baseNamingRules,
-    {
-      filePattern: /\.route\.ts$/,
-      convention: 'kebab-case',
-      description: 'Fastify route files should use kebab-case: users.route.ts',
-    },
-    {
-      filePattern: /\.plugin\.ts$/,
-      convention: 'kebab-case',
-      description: 'Fastify plugins should use kebab-case: auth.plugin.ts',
-    },
-    {
-      filePattern: /\.schema\.ts$/,
-      convention: 'kebab-case',
-      description: 'Schema files should use kebab-case: create-user.schema.ts',
-    },
-  ],
-
-  hono: [
-    ...baseNamingRules,
-    {
-      filePattern: /\.route\.ts$/,
-      convention: 'kebab-case',
-      description: 'Hono route files should use kebab-case: users.route.ts',
-    },
-    {
-      filePattern: /\.handler\.ts$/,
-      convention: 'kebab-case',
-      description: 'Hono handler files should use kebab-case: create-user.handler.ts',
-    },
-    {
-      filePattern: /\.middleware\.ts$/,
-      convention: 'kebab-case',
-      description: 'Hono middleware files should use kebab-case: auth.middleware.ts',
-    },
-    {
-      filePattern: /\.schema\.ts$/,
-      convention: 'kebab-case',
-      description: 'Schema files should use kebab-case: user.schema.ts',
-    },
-  ],
-
-  // Python frameworks use snake_case for all files
-  python:  [...baseNamingRules],
-  django:  [...baseNamingRules],
-  fastapi: [...baseNamingRules],
-  flask:   [...baseNamingRules],
-
   unknown: [...baseNamingRules],
 };
 
@@ -372,12 +273,9 @@ export function validateNaming(
 }
 
 function getNameWithoutExtensions(fileName: string): string {
-  // Remove all known suffixes before checking the convention
+  // Remove all known suffixes: .component.ts, .test.tsx, .service.ts, etc.
   return fileName
-    .replace(
-      /\.(component|service|module|pipe|directive|guard|interceptor|filter|decorator|controller|dto|handler|plugin|route|schema|test|spec|util|constants?|types?|middleware)\./g,
-      '.'
-    )
+    .replace(/\.(component|service|module|pipe|directive|guard|interceptor|test|spec|util|constants?|types?)\./g, '.')
     .replace(/\.[^.]+$/, ''); // Remove final extension
 }
 

package/scripts/utils/project-detector.ts

@@ -21,14 +21,7 @@ export type ProjectType =
   | 'vue'
   | 'nuxt'
   | 'svelte'
-  | 'nestjs'
-  | 'fastify'
-  | 'hono'
   | 'node'
-  | 'django'
-  | 'fastapi'
-  | 'flask'
-  | 'python'
   | 'unknown';
 
 export type MonorepoType = 'nx' | 'turborepo' | 'lerna' | 'pnpm-workspaces' | 'none';
@@ -169,17 +162,14 @@ function detectExistingTooling(dir: string, pkg: Record<string, any>): ExistingT
  * Detect the project type based on the nearest package.json.
  *
  * Priority order (first match wins):
- *   1.  Nuxt     — has `nuxt` as a dependency
- *   2.  NextJS   — has `next` as a dependency
- *   3.  Angular  — has `@angular/core` as a dependency
- *   4.  Svelte   — has `svelte` as a dependency
- *   5.  Vue      — has `vue` as a dependency
- *   6.  React    — has `react` as a dependency
- *   7.  NestJS   — has `@nestjs/core` as a dependency
- *   8.  Fastify  — has `fastify` as a dependency
- *   9.  Hono     — has `hono` as a dependency
- *   10. Node     — has `express`/`koa` or other Node.js frameworks
- *   11. Unknown  — none of the above
+ *   1. Nuxt     — has `nuxt` as a dependency
+ *   2. NextJS   — has `next` as a dependency
+ *   3. Angular  — has `@angular/core` as a dependency
+ *   4. Svelte   — has `svelte` as a dependency
+ *   5. Vue      — has `vue` as a dependency
+ *   6. React    — has `react` as a dependency
+ *   7. Node     — has `express`/`fastify`/`koa`/`nestjs`
+ *   8. Unknown  — none of the above
  */
 export function detectProject(startDir: string = process.cwd()): DetectionResult {
   const result = findPackageJson(startDir);
@@ -242,24 +232,9 @@ export function detectProject(startDir: string = process.cwd()): DetectionResult
     return { ...base, type: 'react', label: 'React' };
   }
 
-  // NestJS check (before generic Node)
-  if (hasDep(pkg, '@nestjs/core')) {
-    return { ...base, type: 'nestjs', label: 'NestJS' };
-  }
-
-  // Fastify check
-  if (hasDep(pkg, 'fastify')) {
-    return { ...base, type: 'fastify', label: 'Fastify' };
-  }
-
-  // Hono check
-  if (hasDep(pkg, 'hono')) {
-    return { ...base, type: 'hono', label: 'Hono' };
-  }
-
-  // Generic Node.js backend check (Express, Koa, etc.)
-  if (hasDep(pkg, 'express') || hasDep(pkg, 'koa')) {
-    return { ...base, type: 'node', label: 'Express (Node.js)' };
+  // Node.js backend check
+  if (hasDep(pkg, 'express') || hasDep(pkg, 'fastify') || hasDep(pkg, '@nestjs/core') || hasDep(pkg, 'koa')) {
+    return { ...base, type: 'node', label: 'Node.js Backend' };
   }
 
   // Fallback — additional heuristics
@@ -279,47 +254,5 @@ export function detectProject(startDir: string = process.cwd()): DetectionResult
     return { ...base, type: 'vue', label: 'Vue.js (heuristic)' };
   }
 
-  // ── Python project detection ─────────────────────────────────────────────
-  // Python projects have no package.json; detection is purely filesystem-based.
-
-  // Django — has manage.py at the root (the canonical Django project marker)
-  if (fs.existsSync(path.join(dir, 'manage.py'))) {
-    return { ...base, type: 'django', label: 'Django' };
-  }
-
-  // FastAPI — check pyproject.toml or requirements.txt for fastapi dependency
-  const requirementsFiles = ['requirements.txt', 'requirements-dev.txt', 'requirements/base.txt'];
-  const hasFastApi = requirementsFiles.some((f) => {
-    const fp = path.join(dir, f);
-    if (!fs.existsSync(fp)) return false;
-    const content = fs.readFileSync(fp, 'utf-8').toLowerCase();
-    return content.includes('fastapi');
-  });
-  if (hasFastApi) {
-    return { ...base, type: 'fastapi', label: 'FastAPI' };
-  }
-
-  // Flask — check requirements files for flask dependency
-  const hasFlask = requirementsFiles.some((f) => {
-    const fp = path.join(dir, f);
-    if (!fs.existsSync(fp)) return false;
-    const content = fs.readFileSync(fp, 'utf-8').toLowerCase();
-    return content.includes('flask');
-  });
-  if (hasFlask) {
-    return { ...base, type: 'flask', label: 'Flask' };
-  }
-
-  // Generic Python — has pyproject.toml, Pipfile, setup.py, or any .py files at root
-  if (
-    fs.existsSync(path.join(dir, 'pyproject.toml')) ||
-    fs.existsSync(path.join(dir, 'Pipfile')) ||
-    fs.existsSync(path.join(dir, 'setup.py')) ||
-    fs.existsSync(path.join(dir, 'setup.cfg')) ||
-    requirementsFiles.some((f) => fs.existsSync(path.join(dir, f)))
-  ) {
-    return { ...base, type: 'python', label: 'Python' };
-  }
-
   return { ...base, type: 'unknown', label: 'Unknown Project' };
 }

package/scripts/utils/report-generator.ts

@@ -261,11 +261,10 @@ function buildViolationSection(violations: Violation[]): string {
 
       ruleItems.forEach((v, idx) => {
         const line = v.line !== null ? String(v.line) : '—';
-        // Extract first line only for table (before "Why:" or newline)
-        const firstLine = v.message.split(/\n|Why:/).filter(Boolean)[0].trim();
-        let shortMsg = firstLine
+        // Truncate long messages for the table, escape pipes
+        let shortMsg = v.message
           .replace(/\|/g, '\\|')
-          .substring(0, 100);
+          .substring(0, 120);
           
         // Add quick fix hint if available
         const hint = getQuickFixHint(v.ruleId);
@@ -278,22 +277,9 @@ function buildViolationSection(violations: Violation[]): string {
 
       sections.push('');
 
-      // Full message details with examples — shown once per rule
-      const hasDetailedMessage = ruleItems.some(v => v.message.includes('Why:') || v.message.includes('\n'));
-      
-      if (hasDetailedMessage) {
-        sections.push(`<details>`);
-        sections.push(`<summary>💡 How to fix (click to expand)</summary>\n`);
-        sections.push('```');
-        // Get the full message from the first item
-        sections.push(ruleItems[0].message);
-        sections.push('```');
-        sections.push(`\n</details>\n`);
-      }
-      
-      // Additional solution example from solution-examples.ts
+      // Solution example — shown once per rule
       const solution = getSolutionExample(ruleId);
-      if (solution && !hasDetailedMessage) {
+      if (solution) {
         sections.push(`<details>`);
         sections.push(`<summary>💡 How to fix (click to expand)</summary>\n`);
         sections.push(solution);

package/scripts/utils/structure-validator.ts

@@ -114,60 +114,6 @@ const frameworkStructures: Record<ProjectType, FolderRule[]> = {
     { path: 'src/__tests__', required: false, description: 'Test files' },
   ],
 
-  nestjs: [
-    { path: 'src', required: true, description: 'Source code root' },
-    { path: 'src/modules', required: false, description: 'Feature modules (each domain gets a module)' },
-    { path: 'src/common', required: false, description: 'Shared utilities across modules' },
-    { path: 'src/common/guards', required: false, description: 'Global authentication/authorization guards' },
-    { path: 'src/common/interceptors', required: false, description: 'Global interceptors (logging, response transform)' },
-    { path: 'src/common/pipes', required: false, description: 'Global validation/transformation pipes' },
-    { path: 'src/common/filters', required: false, description: 'Global exception filters' },
-    { path: 'src/common/decorators', required: false, description: 'Custom parameter/class decorators' },
-    { path: 'src/config', required: false, description: 'App configuration (ConfigModule setup)' },
-    { path: 'test', required: false, description: 'End-to-end tests' },
-  ],
-
-  fastify: [
-    { path: 'src', required: true, description: 'Source code root' },
-    { path: 'src/routes', required: false, description: 'Fastify route plugins' },
-    { path: 'src/plugins', required: false, description: 'Shared Fastify plugins (db, auth, etc.)' },
-    { path: 'src/schemas', required: false, description: 'JSON/TypeBox schemas for validation & serialization' },
-    { path: 'src/services', required: false, description: 'Business logic services' },
-    { path: 'src/hooks', required: false, description: 'Shared lifecycle hooks' },
-    { path: 'src/config', required: false, description: 'Configuration and env validation' },
-  ],
-
-  hono: [
-    { path: 'src', required: true, description: 'Source code root' },
-    { path: 'src/routes', required: false, description: 'Hono sub-app route files' },
-    { path: 'src/middleware', required: false, description: 'Custom middleware functions' },
-    { path: 'src/handlers', required: false, description: 'Route handler functions' },
-    { path: 'src/schemas', required: false, description: 'Zod schemas for request/response validation' },
-    { path: 'src/config', required: false, description: 'Configuration and env validation' },
-  ],
-
-  // Python project structures
-  python: [
-    { path: 'src', required: false, description: 'Source code root (or top-level package)' },
-    { path: 'tests', required: false, description: 'Test suite' },
-  ],
-  django: [
-    { path: 'manage.py', required: true, description: 'Django management entry point' },
-    { path: 'tests', required: false, description: 'Test suite' },
-  ],
-  fastapi: [
-    { path: 'app', required: false, description: 'FastAPI application package' },
-    { path: 'app/routers', required: false, description: 'Route modules (APIRouter instances)' },
-    { path: 'app/schemas', required: false, description: 'Pydantic request/response schemas' },
-    { path: 'app/services', required: false, description: 'Business logic layer' },
-    { path: 'tests', required: false, description: 'Test suite' },
-  ],
-  flask: [
-    { path: 'app', required: false, description: 'Flask application package' },
-    { path: 'app/blueprints', required: false, description: 'Flask Blueprint modules' },
-    { path: 'tests', required: false, description: 'Test suite' },
-  ],
-
   unknown: [...baseStructure],
 };
 

package/config/fastify.config.ts

@@ -1,326 +0,0 @@
-/**
- * ============================================================================
- * fastify.config.ts — Fastify-specific coding rules
- * ============================================================================
- *
- * Registers rules that apply to Fastify projects:
- *   - Schema-first validation enforcement
- *   - Plugin scope correctness
- *   - Async handler patterns
- *   - Security: CORS, helmet, rate limiting
- *   - Error response shape
- *   - Hook lifecycle usage
- */
-
-import { registerRules, Rule } from './guidelines.config';
-
-const fastifyRules: Rule[] = [
-
-  // ── Schema-First Validation ───────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: fastify-schema-required
-  // ROLE: Enforce schema definitions on all routes
-  // PURPOSE: Fastify uses JSON Schema / TypeBox for both request validation
-  //          and response serialization. Without schemas, inputs are not
-  //          validated and responses include all properties (potential data leak).
-  //          Schemas also enable Fastify's fast-json-stringify for ~2× serialization speed.
-  // EXAMPLE:
-  //   WRONG:
-  //     fastify.post('/users', async (req, reply) => {
-  //       return userService.create(req.body);
-  //     });
-  //   RIGHT:
-  //     fastify.post('/users', {
-  //       schema: {
-  //         body: CreateUserSchema,
-  //         response: { 201: UserResponseSchema },
-  //       },
-  //     }, async (req, reply) => {
-  //       return userService.create(req.body);
-  //     });
-  // ─────────────────────────────────────────
-  {
-    id: 'fastify-schema-required',
-    label: 'Define schema for every route (body, params, response)',
-    description:
-      'Every Fastify route must define a schema object with at minimum body/params validation and response schemas. This enables validation, serialization speed, and prevents data leaks.',
-    severity: 'error',
-    fileExtensions: ['ts', 'js'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      if (
-        !file.relativePath.includes('/routes/') &&
-        !file.relativePath.endsWith('.route.ts') &&
-        !file.relativePath.endsWith('.routes.ts')
-      ) {
-        return [];
-      }
-
-      // Look for fastify.post/put/patch/delete without a schema key
-      const routeRegex = /fastify\.\s*(?:post|put|patch|delete)\s*\(\s*['"`][^'"]+['"`]\s*,\s*async/g;
-      let match;
-      while ((match = routeRegex.exec(file.content)) !== null) {
-        const near = file.content.slice(Math.max(0, match.index - 200), match.index + 50);
-        if (!near.includes('schema')) {
-          const lineNum = file.content.slice(0, match.index).split('\n').length;
-          violations.push({
-            line: lineNum,
-            message:
-              'Mutating route (POST/PUT/PATCH/DELETE) is missing a schema definition. Add body validation schema and response schema.',
-          });
-        }
-      }
-
-      return violations;
-    },
-    applicableTo: ['fastify'],
-    category: 'Validation',
-  },
-
-  // ─────────────────────────────────────────
-  // RULE: fastify-response-schema
-  // ROLE: Enforce response schema definitions
-  // PURPOSE: Without a response schema, Fastify falls back to slow JSON.stringify
-  //          and may expose internal fields. Response schemas activate fast-json-stringify
-  //          and act as a serialisation allowlist.
-  // EXAMPLE:
-  //   WRONG:
-  //     fastify.get('/users/:id', async (req, reply) => { return user; });
-  //   RIGHT:
-  //     fastify.get('/users/:id', {
-  //       schema: { response: { 200: UserResponseSchema } },
-  //     }, async (req, reply) => { return user; });
-  // ─────────────────────────────────────────
-  {
-    id: 'fastify-response-schema',
-    label: 'Always define a response schema',
-    description:
-      'Define response schemas for all routes to enable fast-json-stringify serialization and prevent accidental exposure of sensitive fields.',
-    severity: 'warning',
-    fileExtensions: ['ts', 'js'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      if (
-        !file.relativePath.includes('/routes/') &&
-        !file.relativePath.endsWith('.route.ts') &&
-        !file.relativePath.endsWith('.routes.ts')
-      ) {
-        return [];
-      }
-
-      const hasSchema = /schema\s*:\s*\{/.test(file.content);
-      const hasResponseSchema = /response\s*:\s*\{/.test(file.content);
-
-      if (hasSchema && !hasResponseSchema) {
-        violations.push({
-          line: null,
-          message:
-            'Route schema found but no response schema defined. Add response: { 200: Schema } to enable fast serialization and prevent data leaks.',
-        });
-      }
-
-      return violations;
-    },
-    applicableTo: ['fastify'],
-    category: 'Validation',
-  },
-
-  // ── Plugin Architecture ────────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: fastify-use-fastify-plugin
-  // ROLE: Enforce plugin scope correctness
-  // PURPOSE: In Fastify, plugins registered without fastify-plugin are
-  //          scoped to a child context — decorations, hooks, and routes
-  //          added inside won't be visible to siblings or the root instance.
-  //          Shared utilities (auth, db) must use fastify-plugin to break scope.
-  // EXAMPLE:
-  //   WRONG:
-  //     export async function authPlugin(fastify: FastifyInstance) {
-  //       fastify.decorate('verifyToken', verifyToken);
-  //     }
-  //   RIGHT:
-  //     import fp from 'fastify-plugin';
-  //     export default fp(async function authPlugin(fastify: FastifyInstance) {
-  //       fastify.decorate('verifyToken', verifyToken);
-  //     });
-  // ─────────────────────────────────────────
-  {
-    id: 'fastify-use-fastify-plugin',
-    label: 'Shared plugins must use fastify-plugin (fp)',
-    description:
-      'Plugins that add decorations, hooks, or services used by other plugins must be wrapped with fastify-plugin (fp) to share scope with the parent context.',
-    severity: 'warning',
-    fileExtensions: ['ts', 'js'],
-    pattern: null,
-    customCheck: (file) => {
-      if (
-        !file.relativePath.includes('/plugins/') &&
-        !file.relativePath.endsWith('.plugin.ts') &&
-        !file.relativePath.endsWith('.plugin.js')
-      ) {
-        return [];
-      }
-
-      const usesDecorate = /fastify\.decorate\s*\(/.test(file.content);
-      const usesFastifyPlugin = /fastify-plugin|fp\s*\(/.test(file.content);
-
-      if (usesDecorate && !usesFastifyPlugin) {
-        return [
-          {
-            line: null,
-            message:
-              'Plugin adds decorators but is not wrapped with fastify-plugin (fp). Other plugins/routes will not see these decorations.',
-          },
-        ];
-      }
-
-      return [];
-    },
-    applicableTo: ['fastify'],
-    category: 'Architecture',
-  },
-
-  // ── Async Handler Patterns ────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: fastify-async-handler
-  // ROLE: Enforce async handler pattern
-  // PURPOSE: Mixing reply.send() with async return values causes double-send
-  //          errors in Fastify. Async handlers should return the value;
-  //          Fastify handles serialization. Use reply.send() OR return, not both.
-  // EXAMPLE:
-  //   WRONG:
-  //     fastify.get('/users', async (req, reply) => {
-  //       const users = await userService.findAll();
-  //       reply.send(users);   // + implicit return → double send!
-  //     });
-  //   RIGHT:
-  //     fastify.get('/users', async (req, reply) => {
-  //       return userService.findAll();  // Fastify handles send automatically
-  //     });
-  // ─────────────────────────────────────────
-  {
-    id: 'fastify-async-handler',
-    label: 'Return values from async handlers — avoid reply.send() + return',
-    description:
-      'In async Fastify handlers, return the response value directly. Calling reply.send() AND returning a value causes a double-send error.',
-    severity: 'error',
-    fileExtensions: ['ts', 'js'],
-    pattern: null,
-    customCheck: (file) => {
-      const violations: Array<{ line: number | null; message: string }> = [];
-
-      if (
-        !file.relativePath.includes('/routes/') &&
-        !file.relativePath.endsWith('.route.ts')
-      ) {
-        return [];
-      }
-
-      for (let i = 0; i < file.lines.length; i++) {
-        if (/reply\.send\s*\(/.test(file.lines[i])) {
-          // Check if there's a return after send on same or next line
-          const nearby = file.lines.slice(i, i + 3).join(' ');
-          if (/reply\.send[^;]*;\s*(?:return|})/.test(nearby)) {
-            violations.push({
-              line: i + 1,
-              message:
-                'reply.send() followed by implicit return in async handler. Use: return myValue; instead of reply.send(myValue).',
-            });
-          }
-        }
-      }
-
-      return violations;
-    },
-    applicableTo: ['fastify'],
-    category: 'Async Patterns',
-  },
-
-  // ── Security ──────────────────────────────────────────────────────────────
-
-  // ─────────────────────────────────────────
-  // RULE: fastify-use-helmet
-  // ROLE: Enforce security headers
-  // PURPOSE: @fastify/helmet sets a baseline of secure HTTP headers.
-  //          Without it, Fastify serves responses without X-Frame-Options,
-  //          Content-Security-Policy, or HSTS headers.
-  // EXAMPLE:
-  //   WRONG:
-  //     const fastify = Fastify();
-  //     fastify.register(cors);
-  //   RIGHT:
-  //     const fastify = Fastify();
-  //     fastify.register(helmet);
-  //     fastify.register(cors, { origin: allowedOrigins });
-  // ─────────────────────────────────────────
-  {
-    id: 'fastify-use-helmet',
-    label: 'Register @fastify/helmet for security headers',
-    description:
-      'Register @fastify/helmet to add baseline security headers (HSTS, X-Frame-Options, CSP, etc.) to all responses.',
-    severity: 'error',
-    fileExtensions: ['ts', 'js'],
-    pattern: null,
-    customCheck: (file) => {
-      if (
-        !file.relativePath.endsWith('server.ts') &&
-        !file.relativePath.endsWith('app.ts') &&
-        !file.relativePath.endsWith('index.ts')
-      ) {
-        return [];
-      }
-
-      const hasFastify = /Fastify\s*\(|fastify\s*\(\s*\)/.test(file.content);
-      const hasHelmet = /helmet/.test(file.content);
-
-      if (hasFastify && !hasHelmet) {
-        return [
-          {
-            line: null,
-            message:
-              'Fastify server missing @fastify/helmet. Register it: fastify.register(import("@fastify/helmet")).',
-          },
-        ];
-      }
-
-      return [];
-    },
-    applicableTo: ['fastify'],
-    category: 'Security',
-  },
-
-  // ─────────────────────────────────────────
-  // RULE: fastify-cors-options
-  // ROLE: Enforce CORS configuration
-  // PURPOSE: Registering @fastify/cors without an origin restriction allows
-  //          cross-origin requests from any domain, defeating CORS entirely.
-  // EXAMPLE:
-  //   WRONG:
-  //     fastify.register(cors);   // allows all origins
-  //   RIGHT:
-  //     fastify.register(cors, { origin: ['https://myapp.com'] });
-  // ─────────────────────────────────────────
-  {
-    id: 'fastify-cors-options',
-    label: '@fastify/cors must restrict origin',
-    description:
-      'Do not register @fastify/cors without an explicit origin allowlist. An unrestricted CORS policy allows any website to make authenticated requests to your API.',
-    severity: 'warning',
-    fileExtensions: ['ts', 'js'],
-    pattern: /register\s*\(\s*cors\s*\)/g,
-    applicableTo: ['fastify'],
-    category: 'Security',
-  },
-];
-
-// Register all Fastify-specific rules
-registerRules('fastify', fastifyRules);
-
-export { fastifyRules };