@kernlang/review 2.0.0 → 3.0.0

package/dist/concept-rules/boundary-mutation.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Rule: boundary-mutation
+ *
+ * Fires when a state mutation targets global/shared scope.
+ * Works on any language that emits state_mutation concepts.
+ *
+ * TS: mutating a global cache or shared singleton
+ * Python: mutating a shared module-level dict
+ * Go: mutating shared package-level state
+ */
+import type { ConceptRuleContext } from './index.js';
+import type { ReviewFinding } from '../types.js';
+export declare function boundaryMutation(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/boundary-mutation.js

@@ -0,0 +1,40 @@
+/**
+ * Rule: boundary-mutation
+ *
+ * Fires when a state mutation targets global/shared scope.
+ * Works on any language that emits state_mutation concepts.
+ *
+ * TS: mutating a global cache or shared singleton
+ * Python: mutating a shared module-level dict
+ * Go: mutating shared package-level state
+ */
+import { createFingerprint } from '../types.js';
+export function boundaryMutation(ctx) {
+    const findings = [];
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'state_mutation')
+            continue;
+        if (node.payload.kind !== 'state_mutation')
+            continue;
+        if (node.payload.scope !== 'global' && node.payload.scope !== 'shared')
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'boundary-mutation',
+            severity: 'warning',
+            category: 'pattern',
+            message: `Global/shared state mutation — consider encapsulating in a store or module`,
+            primarySpan: {
+                file: node.primarySpan.file,
+                startLine: node.primarySpan.startLine,
+                startCol: node.primarySpan.startCol,
+                endLine: node.primarySpan.endLine,
+                endCol: node.primarySpan.endCol,
+            },
+            fingerprint: createFingerprint('boundary-mutation', node.primarySpan.startLine, node.primarySpan.startCol),
+            confidence: node.confidence,
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=boundary-mutation.js.map

package/dist/concept-rules/boundary-mutation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"boundary-mutation.js","sourceRoot":"","sources":["../../src/concept-rules/boundary-mutation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,UAAU,gBAAgB,CAAC,GAAuB;IACtD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,gBAAgB;YAAE,SAAS;QAC7C,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,gBAAgB;YAAE,SAAS;QACrD,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,KAAK,QAAQ;YAAE,SAAS;QAEjF,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,SAAS;YACnB,OAAO,EAAE,4EAA4E;YACrF,WAAW,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;gBAC3B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;gBACnC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;gBACjC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM;aAChC;YACD,WAAW,EAAE,iBAAiB,CAAC,mBAAmB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC1G,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/ignored-error.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Rule: ignored-error
+ *
+ * Fires when an error is caught/received but not handled.
+ * Works on any language that emits error_handle concepts.
+ *
+ * TS: catch (e) {}
+ * Python: except: pass
+ * Go: if err != nil {}
+ */
+import type { ConceptRuleContext } from './index.js';
+import type { ReviewFinding } from '../types.js';
+export declare function ignoredError(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/ignored-error.js

@@ -0,0 +1,40 @@
+/**
+ * Rule: ignored-error
+ *
+ * Fires when an error is caught/received but not handled.
+ * Works on any language that emits error_handle concepts.
+ *
+ * TS: catch (e) {}
+ * Python: except: pass
+ * Go: if err != nil {}
+ */
+import { createFingerprint } from '../types.js';
+export function ignoredError(ctx) {
+    const findings = [];
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'error_handle')
+            continue;
+        if (node.payload.kind !== 'error_handle')
+            continue;
+        if (node.payload.disposition !== 'ignored')
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'ignored-error',
+            severity: 'error',
+            category: 'bug',
+            message: `Error is caught but ignored — handle, log, or rethrow`,
+            primarySpan: {
+                file: node.primarySpan.file,
+                startLine: node.primarySpan.startLine,
+                startCol: node.primarySpan.startCol,
+                endLine: node.primarySpan.endLine,
+                endCol: node.primarySpan.endCol,
+            },
+            fingerprint: createFingerprint('ignored-error', node.primarySpan.startLine, node.primarySpan.startCol),
+            confidence: node.confidence,
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=ignored-error.js.map

package/dist/concept-rules/ignored-error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ignored-error.js","sourceRoot":"","sources":["../../src/concept-rules/ignored-error.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,UAAU,YAAY,CAAC,GAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc;YAAE,SAAS;QAC3C,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,cAAc;YAAE,SAAS;QACnD,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,KAAK,SAAS;YAAE,SAAS;QAErD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,eAAe;YACvB,QAAQ,EAAE,OAAO;YACjB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,uDAAuD;YAChE,WAAW,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;gBAC3B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;gBACnC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;gBACjC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM;aAChC;YACD,WAAW,EAAE,iBAAiB,CAAC,eAAe,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YACtG,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/illegal-dependency.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Rule: illegal-dependency
+ *
+ * Fires when an internal dependency reaches too far up the directory tree.
+ * Works on any language that emits dependency concepts.
+ *
+ * TS: import x from '../../../shared/module'
+ * Python: from ...core.shared import x
+ * Go: internal import path that walks too far upward
+ */
+import type { ConceptRuleContext } from './index.js';
+import type { ReviewFinding } from '../types.js';
+export declare function illegalDependency(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/illegal-dependency.js

@@ -0,0 +1,49 @@
+/**
+ * Rule: illegal-dependency
+ *
+ * Fires when an internal dependency reaches too far up the directory tree.
+ * Works on any language that emits dependency concepts.
+ *
+ * TS: import x from '../../../shared/module'
+ * Python: from ...core.shared import x
+ * Go: internal import path that walks too far upward
+ */
+import { createFingerprint } from '../types.js';
+export function illegalDependency(ctx) {
+    const findings = [];
+    for (const edge of ctx.concepts.edges) {
+        if (edge.kind !== 'dependency')
+            continue;
+        if (edge.payload.kind !== 'dependency')
+            continue;
+        if (edge.payload.subtype !== 'internal')
+            continue;
+        const upLevels = countUpLevels(edge.payload.specifier);
+        if (upLevels <= 2)
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'illegal-dependency',
+            severity: 'warning',
+            category: 'structure',
+            message: `Deep cross-boundary import — may violate module architecture`,
+            primarySpan: {
+                file: edge.primarySpan.file,
+                startLine: edge.primarySpan.startLine,
+                startCol: edge.primarySpan.startCol,
+                endLine: edge.primarySpan.endLine,
+                endCol: edge.primarySpan.endCol,
+            },
+            fingerprint: createFingerprint('illegal-dependency', edge.primarySpan.startLine, edge.primarySpan.startCol),
+            confidence: edge.confidence * 0.8, // lower confidence since this is a path-depth heuristic
+        });
+    }
+    return findings;
+}
+function countUpLevels(specifier) {
+    const match = specifier.match(/^(\.\.\/)+/);
+    if (!match)
+        return 0;
+    return match[0].length / 3;
+}
+//# sourceMappingURL=illegal-dependency.js.map

package/dist/concept-rules/illegal-dependency.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"illegal-dependency.js","sourceRoot":"","sources":["../../src/concept-rules/illegal-dependency.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,UAAU,iBAAiB,CAAC,GAAuB;IACvD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QACzC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QACjD,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU;YAAE,SAAS;QAElD,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACvD,IAAI,QAAQ,IAAI,CAAC;YAAE,SAAS;QAE5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,oBAAoB;YAC5B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,WAAW;YACrB,OAAO,EAAE,8DAA8D;YACvE,WAAW,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;gBAC3B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;gBACnC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;gBACjC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM;aAChC;YACD,WAAW,EAAE,iBAAiB,CAAC,oBAAoB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC3G,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,GAAG,EAAE,wDAAwD;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB;IACtC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,OAAO,CAAC,CAAC;IACrB,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AAC7B,CAAC"}

package/dist/concept-rules/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Concept Rules — universal rules that operate on ConceptMap.
+ *
+ * These rules work on any language that emits concepts.
+ * Language-agnostic by design.
+ */
+import type { ConceptMap } from '@kernlang/core';
+import type { ReviewFinding } from '../types.js';
+export interface ConceptRuleContext {
+    concepts: ConceptMap;
+    filePath: string;
+}
+export type ConceptRule = (ctx: ConceptRuleContext) => ReviewFinding[];
+export declare const conceptRules: ConceptRule[];
+export declare function runConceptRules(concepts: ConceptMap, filePath: string): ReviewFinding[];

package/dist/concept-rules/index.js

@@ -0,0 +1,27 @@
+/**
+ * Concept Rules — universal rules that operate on ConceptMap.
+ *
+ * These rules work on any language that emits concepts.
+ * Language-agnostic by design.
+ */
+import { boundaryMutation } from './boundary-mutation.js';
+import { ignoredError } from './ignored-error.js';
+import { illegalDependency } from './illegal-dependency.js';
+import { unguardedEffect } from './unguarded-effect.js';
+import { unrecoveredEffect } from './unrecovered-effect.js';
+export const conceptRules = [
+    boundaryMutation,
+    ignoredError,
+    illegalDependency,
+    unguardedEffect,
+    unrecoveredEffect,
+];
+export function runConceptRules(concepts, filePath) {
+    const ctx = { concepts, filePath };
+    const findings = [];
+    for (const rule of conceptRules) {
+        findings.push(...rule(ctx));
+    }
+    return findings;
+}
+//# sourceMappingURL=index.js.map

package/dist/concept-rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/concept-rules/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAS5D,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,gBAAgB;IAChB,YAAY;IACZ,iBAAiB;IACjB,eAAe;IACf,iBAAiB;CAClB,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,QAAoB,EAAE,QAAgB;IACpE,MAAM,GAAG,GAAuB,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IACvD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/unguarded-effect.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Rule: unguarded-effect
+ *
+ * Fires when a network/db effect has no auth/validation guard in the same container.
+ * Works on any language that emits effect + guard concepts.
+ *
+ * TS: fetch() in a route handler without auth/validation
+ * Python: requests.get() in a view without auth/validation
+ * Go: db.Query() in a handler without auth/validation
+ */
+import type { ConceptRuleContext } from './index.js';
+import type { ReviewFinding } from '../types.js';
+export declare function unguardedEffect(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/unguarded-effect.js

@@ -0,0 +1,58 @@
+/**
+ * Rule: unguarded-effect
+ *
+ * Fires when a network/db effect has no auth/validation guard in the same container.
+ * Works on any language that emits effect + guard concepts.
+ *
+ * TS: fetch() in a route handler without auth/validation
+ * Python: requests.get() in a view without auth/validation
+ * Go: db.Query() in a handler without auth/validation
+ */
+import { createFingerprint } from '../types.js';
+const GUARD_SUBTYPES = new Set(['auth', 'validation']);
+export function unguardedEffect(ctx) {
+    const findings = [];
+    // Build a set of containerIds that have auth/validation guards
+    const guardedContainers = new Set();
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'guard')
+            continue;
+        if (node.payload.kind !== 'guard')
+            continue;
+        if (!GUARD_SUBTYPES.has(node.payload.subtype))
+            continue;
+        if (node.containerId) {
+            guardedContainers.add(node.containerId);
+        }
+    }
+    // Find network/db effects without a guard in the same container
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'effect')
+            continue;
+        if (node.payload.kind !== 'effect')
+            continue;
+        const { subtype } = node.payload;
+        if (subtype !== 'network' && subtype !== 'db')
+            continue;
+        if (node.containerId && guardedContainers.has(node.containerId))
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'unguarded-effect',
+            severity: 'warning',
+            category: 'bug',
+            message: `Network/DB effect without auth/validation guard`,
+            primarySpan: {
+                file: node.primarySpan.file,
+                startLine: node.primarySpan.startLine,
+                startCol: node.primarySpan.startCol,
+                endLine: node.primarySpan.endLine,
+                endCol: node.primarySpan.endCol,
+            },
+            fingerprint: createFingerprint('unguarded-effect', node.primarySpan.startLine, node.primarySpan.startCol),
+            confidence: node.confidence * 0.8, // lower confidence since container scoping is heuristic
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=unguarded-effect.js.map

package/dist/concept-rules/unguarded-effect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unguarded-effect.js","sourceRoot":"","sources":["../../src/concept-rules/unguarded-effect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC,CAAC;AAEvD,MAAM,UAAU,eAAe,CAAC,GAAuB;IACrD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,+DAA+D;IAC/D,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;YAAE,SAAS;QACpC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,OAAO;YAAE,SAAS;QAC5C,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,SAAS;QACxD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;YAAE,SAAS;QACrC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;YAAE,SAAS;QAE7C,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QACjC,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI;YAAE,SAAS;QAExD,IAAI,IAAI,CAAC,WAAW,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;YAAE,SAAS;QAE1E,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,iDAAiD;YAC1D,WAAW,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;gBAC3B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;gBACnC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;gBACjC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM;aAChC;YACD,WAAW,EAAE,iBAAiB,CAAC,kBAAkB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YACzG,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,GAAG,EAAE,wDAAwD;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/concept-rules/unrecovered-effect.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Rule: unrecovered-effect
+ *
+ * Fires when a network/db effect has no error recovery ancestor.
+ * Works on any language that emits effect + error_handle concepts.
+ *
+ * TS: fetch() without try/catch
+ * Python: requests.get() without try/except
+ * Go: http.Get() with err ignored
+ */
+import type { ConceptRuleContext } from './index.js';
+import type { ReviewFinding } from '../types.js';
+export declare function unrecoveredEffect(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/unrecovered-effect.js

@@ -0,0 +1,61 @@
+/**
+ * Rule: unrecovered-effect
+ *
+ * Fires when a network/db effect has no error recovery ancestor.
+ * Works on any language that emits effect + error_handle concepts.
+ *
+ * TS: fetch() without try/catch
+ * Python: requests.get() without try/except
+ * Go: http.Get() with err ignored
+ */
+import { createFingerprint } from '../types.js';
+const RECOVERABLE_DISPOSITIONS = new Set(['wrapped', 'returned', 'rethrown', 'retried']);
+export function unrecoveredEffect(ctx) {
+    const findings = [];
+    // Build a set of containerIds that have error recovery
+    const recoveredContainers = new Set();
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'error_handle')
+            continue;
+        if (node.payload.kind !== 'error_handle')
+            continue;
+        if (RECOVERABLE_DISPOSITIONS.has(node.payload.disposition) && node.containerId) {
+            recoveredContainers.add(node.containerId);
+        }
+    }
+    // Find effects without recovery in the same container
+    for (const node of ctx.concepts.nodes) {
+        if (node.kind !== 'effect')
+            continue;
+        if (node.payload.kind !== 'effect')
+            continue;
+        const { subtype } = node.payload;
+        if (subtype !== 'network' && subtype !== 'db')
+            continue;
+        // Check if the container function has error recovery
+        if (node.containerId && recoveredContainers.has(node.containerId))
+            continue;
+        // Also check if there's any error_handle in the same container (even logged)
+        const hasAnyHandler = ctx.concepts.nodes.some(n => n.kind === 'error_handle' && n.containerId === node.containerId);
+        if (hasAnyHandler)
+            continue;
+        findings.push({
+            source: 'kern',
+            ruleId: 'unrecovered-effect',
+            severity: 'warning',
+            category: 'bug',
+            message: `${subtype} effect without error recovery — wrap in try/catch or add .catch()`,
+            primarySpan: {
+                file: node.primarySpan.file,
+                startLine: node.primarySpan.startLine,
+                startCol: node.primarySpan.startCol,
+                endLine: node.primarySpan.endLine,
+                endCol: node.primarySpan.endCol,
+            },
+            fingerprint: createFingerprint('unrecovered-effect', node.primarySpan.startLine, node.primarySpan.startCol),
+            confidence: node.confidence * 0.8, // lower confidence since container scoping is heuristic
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=unrecovered-effect.js.map

package/dist/concept-rules/unrecovered-effect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unrecovered-effect.js","sourceRoot":"","sources":["../../src/concept-rules/unrecovered-effect.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;AAEzF,MAAM,UAAU,iBAAiB,CAAC,GAAuB;IACvD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,uDAAuD;IACvD,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc;YAAE,SAAS;QAC3C,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,cAAc;YAAE,SAAS;QACnD,IAAI,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/E,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;YAAE,SAAS;QACrC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;YAAE,SAAS;QAE7C,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC;QACjC,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI;YAAE,SAAS;QAExD,qDAAqD;QACrD,IAAI,IAAI,CAAC,WAAW,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC;YAAE,SAAS;QAE5E,6EAA6E;QAC7E,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAChD,CAAC,CAAC,IAAI,KAAK,cAAc,IAAI,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,WAAW,CAChE,CAAC;QACF,IAAI,aAAa;YAAE,SAAS;QAE5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,oBAAoB;YAC5B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,GAAG,OAAO,oEAAoE;YACvF,WAAW,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;gBAC3B,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS;gBACrC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;gBACnC,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,OAAO;gBACjC,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM;aAChC;YACD,WAAW,EAAE,iBAAiB,CAAC,oBAAoB,EAAE,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC3G,UAAU,EAAE,IAAI,CAAC,UAAU,GAAG,GAAG,EAAE,wDAAwD;SAC5F,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/confidence.d.ts

@@ -0,0 +1,92 @@
+/**
+ * Confidence Graph — Layer 5 propagation engine
+ *
+ * Builds a directed graph of confidence dependencies between KERN IR nodes,
+ * then propagates confidence values using Kahn's topological sort.
+ *
+ * Supports single-file and multi-file graphs. Cross-file resolution allows
+ * `confidence=from:authMethod` to resolve across .kern files.
+ *
+ * Strategies:
+ *   - literal: confidence=0.7 — direct value
+ *   - from:X  — inherits from one source (min strategy)
+ *   - min:X,Y — inherits from multiple sources (weakest link)
+ */
+import type { IRNode } from '@kernlang/core';
+export interface ConfidenceSpec {
+    kind: 'literal' | 'inherited';
+    value?: number;
+    strategy: 'min';
+    sources?: string[];
+}
+export interface ConfidenceNode {
+    name: string;
+    nodeRef: {
+        type: string;
+        line: number;
+    };
+    sourceFile?: string;
+    spec: ConfidenceSpec;
+    resolved: number | null;
+    dependsOn: string[];
+    dependedBy: string[];
+    needs: NeedsEntry[];
+    inCycle: boolean;
+}
+export interface NeedsEntry {
+    what: string;
+    wouldRaiseTo: number | undefined;
+    resolved: boolean;
+}
+export interface ConfidenceGraph {
+    nodes: Map<string, ConfidenceNode>;
+    topoOrder: string[];
+    cycles: string[][];
+}
+export interface DuplicateNameEntry {
+    name: string;
+    files: string[];
+}
+export interface MultiFileConfidenceGraph extends ConfidenceGraph {
+    duplicates: DuplicateNameEntry[];
+}
+/** Serializable form of the graph (no IRNode references) */
+export interface SerializedConfidenceGraph {
+    nodes: Array<{
+        name: string;
+        nodeRef: {
+            type: string;
+            line: number;
+        };
+        sourceFile?: string;
+        spec: ConfidenceSpec;
+        resolved: number | null;
+        dependsOn: string[];
+        needs: NeedsEntry[];
+        inCycle: boolean;
+    }>;
+    topoOrder: string[];
+    cycles: string[][];
+    duplicates?: DuplicateNameEntry[];
+}
+export interface ConfidenceSummary {
+    high: number;
+    medium: number;
+    low: number;
+    unresolved: number;
+    unresolvedNeeds: number;
+}
+/** Parse a raw confidence prop value into a spec. Returns undefined for malformed. */
+export declare function parseConfidence(raw: unknown): ConfidenceSpec | undefined;
+/** Build confidence graph from flat list of IR nodes. O(n). */
+export declare function buildConfidenceGraph(irNodes: IRNode[]): ConfidenceGraph;
+/** Build confidence graph from multiple .kern files. Resolves cross-file from: references. */
+export declare function buildMultiFileConfidenceGraph(fileMap: Map<string, IRNode[]>): MultiFileConfidenceGraph;
+/** Resolve base confidence for a literal node, applying resolved needs. */
+export declare function resolveBaseConfidence(node: ConfidenceNode): number;
+/** Propagate confidence values through the graph in topological order. */
+export declare function propagateConfidence(graph: ConfidenceGraph): void;
+/** Serialize a confidence graph (strips Map, uses arrays). */
+export declare function serializeGraph(graph: ConfidenceGraph): SerializedConfidenceGraph;
+/** Compute confidence summary bands. */
+export declare function computeConfidenceSummary(graph: ConfidenceGraph): ConfidenceSummary;