npm - @kernlang/review - Versions diffs - 3.1.6 → 3.1.8 - Mend

@kernlang/review 3.1.6 → 3.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (150) hide show

package/dist/cache.d.ts +1 -1
package/dist/cache.js +5 -3
package/dist/cache.js.map +1 -1
package/dist/call-graph.d.ts +63 -0
package/dist/call-graph.js +380 -0
package/dist/call-graph.js.map +1 -0
package/dist/concept-rules/boundary-mutation.d.ts +1 -1
package/dist/concept-rules/boundary-mutation.js.map +1 -1
package/dist/concept-rules/ignored-error.d.ts +1 -1
package/dist/concept-rules/ignored-error.js.map +1 -1
package/dist/concept-rules/illegal-dependency.d.ts +1 -1
package/dist/concept-rules/illegal-dependency.js.map +1 -1
package/dist/concept-rules/index.js +1 -6
package/dist/concept-rules/index.js.map +1 -1
package/dist/concept-rules/unguarded-effect.d.ts +1 -1
package/dist/concept-rules/unguarded-effect.js.map +1 -1
package/dist/concept-rules/unrecovered-effect.d.ts +1 -1
package/dist/concept-rules/unrecovered-effect.js +2 -1
package/dist/concept-rules/unrecovered-effect.js.map +1 -1
package/dist/confidence.js +12 -8
package/dist/confidence.js.map +1 -1
package/dist/differ.js +3 -7
package/dist/differ.js.map +1 -1
package/dist/external-tools.js +5 -6
package/dist/external-tools.js.map +1 -1
package/dist/file-context.d.ts +21 -0
package/dist/file-context.js +234 -0
package/dist/file-context.js.map +1 -0
package/dist/file-role.js +14 -7
package/dist/file-role.js.map +1 -1
package/dist/graph.d.ts +1 -1
package/dist/graph.js +24 -16
package/dist/graph.js.map +1 -1
package/dist/index.d.ts +44 -35
package/dist/index.js +210 -121
package/dist/index.js.map +1 -1
package/dist/inferrer.d.ts +8 -2
package/dist/inferrer.js +80 -47
package/dist/inferrer.js.map +1 -1
package/dist/kern-lint.d.ts +3 -4
package/dist/kern-lint.js +7 -5
package/dist/kern-lint.js.map +1 -1
package/dist/llm-bridge.d.ts +23 -7
package/dist/llm-bridge.js +267 -31
package/dist/llm-bridge.js.map +1 -1
package/dist/llm-review.d.ts +16 -2
package/dist/llm-review.js +240 -35
package/dist/llm-review.js.map +1 -1
package/dist/mappers/ts-concepts.d.ts +1 -1
package/dist/mappers/ts-concepts.js +303 -32
package/dist/mappers/ts-concepts.js.map +1 -1
package/dist/norm-miner.d.ts +31 -0
package/dist/norm-miner.js +119 -0
package/dist/norm-miner.js.map +1 -0
package/dist/obligations.d.ts +63 -0
package/dist/obligations.js +158 -0
package/dist/obligations.js.map +1 -0
package/dist/quality-rules.d.ts +3 -3
package/dist/quality-rules.js +4 -2
package/dist/quality-rules.js.map +1 -1
package/dist/reporter.d.ts +7 -2
package/dist/reporter.js +82 -51
package/dist/reporter.js.map +1 -1
package/dist/rule-eval.d.ts +1 -2
package/dist/rule-eval.js +5 -9
package/dist/rule-eval.js.map +1 -1
package/dist/rule-loader.js +16 -14
package/dist/rule-loader.js.map +1 -1
package/dist/rules/base.js +153 -69
package/dist/rules/base.js.map +1 -1
package/dist/rules/cli.js +23 -19
package/dist/rules/cli.js.map +1 -1
package/dist/rules/confidence.d.ts +1 -1
package/dist/rules/confidence.js +5 -5
package/dist/rules/confidence.js.map +1 -1
package/dist/rules/dead-code.d.ts +10 -0
package/dist/rules/dead-code.js +75 -0
package/dist/rules/dead-code.js.map +1 -0
package/dist/rules/dead-logic.js +35 -31
package/dist/rules/dead-logic.js.map +1 -1
package/dist/rules/express.d.ts +2 -1
package/dist/rules/express.js +380 -126
package/dist/rules/express.js.map +1 -1
package/dist/rules/fastapi.js +53 -19
package/dist/rules/fastapi.js.map +1 -1
package/dist/rules/ground-layer.js +3 -3
package/dist/rules/ground-layer.js.map +1 -1
package/dist/rules/index.js +574 -105
package/dist/rules/index.js.map +1 -1
package/dist/rules/ink.js +9 -8
package/dist/rules/ink.js.map +1 -1
package/dist/rules/kern-source.js +202 -63
package/dist/rules/kern-source.js.map +1 -1
package/dist/rules/nextjs.js +88 -33
package/dist/rules/nextjs.js.map +1 -1
package/dist/rules/null-safety.js +52 -26
package/dist/rules/null-safety.js.map +1 -1
package/dist/rules/nuxt.js +24 -29
package/dist/rules/nuxt.js.map +1 -1
package/dist/rules/react.js +355 -69
package/dist/rules/react.js.map +1 -1
package/dist/rules/security-v2.js +71 -57
package/dist/rules/security-v2.js.map +1 -1
package/dist/rules/security-v3.js.map +1 -1
package/dist/rules/security-v4.js +54 -27
package/dist/rules/security-v4.js.map +1 -1
package/dist/rules/security.js +35 -5
package/dist/rules/security.js.map +1 -1
package/dist/rules/terminal.js +17 -5
package/dist/rules/terminal.js.map +1 -1
package/dist/rules/vue.js +162 -107
package/dist/rules/vue.js.map +1 -1
package/dist/semantic-diff.d.ts +52 -0
package/dist/semantic-diff.js +342 -0
package/dist/semantic-diff.js.map +1 -0
package/dist/spec-checker.js +11 -10
package/dist/spec-checker.js.map +1 -1
package/dist/suppression/apply-suppression.d.ts +2 -3
package/dist/suppression/apply-suppression.js +3 -3
package/dist/suppression/apply-suppression.js.map +1 -1
package/dist/suppression/index.d.ts +2 -2
package/dist/suppression/index.js +1 -1
package/dist/suppression/index.js.map +1 -1
package/dist/suppression/parse-directives.d.ts +1 -1
package/dist/suppression/parse-directives.js +9 -4
package/dist/suppression/parse-directives.js.map +1 -1
package/dist/taint-ast.d.ts +20 -0
package/dist/taint-ast.js +427 -0
package/dist/taint-ast.js.map +1 -0
package/dist/taint-crossfile.d.ts +28 -0
package/dist/taint-crossfile.js +174 -0
package/dist/taint-crossfile.js.map +1 -0
package/dist/taint-findings.d.ts +17 -0
package/dist/taint-findings.js +131 -0
package/dist/taint-findings.js.map +1 -0
package/dist/taint-regex.d.ts +61 -0
package/dist/taint-regex.js +379 -0
package/dist/taint-regex.js.map +1 -0
package/dist/taint-types.d.ts +128 -0
package/dist/taint-types.js +174 -0
package/dist/taint-types.js.map +1 -0
package/dist/taint.d.ts +13 -107
package/dist/taint.js +16 -1067
package/dist/taint.js.map +1 -1
package/dist/template-detector.d.ts +2 -2
package/dist/template-detector.js +11 -16
package/dist/template-detector.js.map +1 -1
package/dist/types.d.ts +35 -0
package/dist/types.js.map +1 -1
package/package.json +2 -2

package/dist/rules/nuxt.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"nuxt.js","sourceRoot":"","sources":["../../src/rules/nuxt.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,OAAO,EAAE,~~iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEhD,SAAS,IAAI,CAAC,IAAY,EAAE,IAAY,EAAE,GAAG,GAAG,CAAC;IAC/C,~~OAAO,EAAE,~~IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,~~MAAM,~~EAAE~~,~~GAAG,EAAE,~~CAAC;~~AAC9E~~,CAAC;AAED,SAAS,OAAO,CACd,MAAc,EACd,QAAsC,EACtC,QAAmC,EACnC,OAAe,EACf,IAAY,EACZ,IAAY,EACZ,KAA8B;IAE9B,OAAO;QACL,MAAM,EAAE,MAAM;QACd,MAAM;QACN,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;QAC7B,WAAW,EAAE,iBAAiB,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,GAAG,KAAK;KACT,CAAC;AACJ,CAAC;AAED,2EAA2E;AAC3E,6FAA6F;AAE7F,MAAM,eAAe,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;AAE1G,SAAS,eAAe,CAAC,GAAgB;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;IAE9C,yBAAyB;IACzB,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC5F,sDAAsD;IACtD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,CAAC;IAEvD,oFAAoF;IACpF,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,MAAM,UAAU,GAAG,oFAAoF,CAAC;IACxG,IAAI,UAAU,CAAC;IACf,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,+EAA+E;QAC/E,MAAM,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QAC7D,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC;QACpB,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC;QAClB,KAAK,IAAI,CAAC,GAAG,UAAU,CAAC,KAAK,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACxB,IAAI,KAAK,KAAK,CAAC;oBAAE,UAAU,GAAG,CAAC,CAAC;gBAChC,KAAK,EAAE,CAAC;YACV,CAAC;YACD,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACxB,KAAK,EAAE,CAAC;gBACR,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;~~oBAAC~~,QAAQ,GAAG,CAAC,CAAC;~~oBAAC~~,MAAM;~~gBAAC~~,CAAC;~~YAC3C~~,CAAC;QACH,CAAC;QACD,IAAI,UAAU,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACzC,UAAU,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,YAAY,GAAG,iBAAiB,CAAC;IACvC,IAAI,YAAY,CAAC;IACjB,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7D,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,~~IAAI~~,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC;~~QAC/B~~,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;YACjC,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;~~gBAAC~~,KAAK,EAAE,CAAC;~~gBAAC~~,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;~~oBAAC~~,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;~~oBAAC~~,MAAM;~~gBAAC~~,CAAC;~~YAAC~~,CAAC;~~QAChG~~,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAEzF,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,MAAM,4CAA4C,EAAE,GAAG,CAAC,CAAC;QACxF,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC/C,IAAI,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YAEzC,0BAA0B;YAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACvG,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAClF,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1C,wCAAwC;YACxC,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,SAAS;YACnC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAErB,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YACnE,QAAQ,CAAC,IAAI,~~CAAC~~,OAAO,~~CAAC~~,mBAAmB,~~EAAE~~,OAAO,~~EAAE~~,KAAK,~~EACvD~~,IAAI,MAAM,mEAAmE,EAC7E,GAAG,CAAC,QAAQ,~~EAAE~~,IAAI,~~EAClB~~,EAAE,UAAU,EAAE,wDAAwD,EAAE,~~CAAC~~,~~CAAC~~,CAAC;~~QAC/E~~,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAC3E,wEAAwE;AAExE,SAAS,eAAe,CAAC,GAAgB;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;IAE9C,oFAAoF;IACpF,MAAM,eAAe,GAAG,4CAA4C,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxF,IAAI,CAAC,eAAe;QAAE,OAAO,QAAQ,CAAC;IAEtC,6DAA6D;IAC7D,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACtG,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,yBAAyB;IACzB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAClF,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,UAAU;YAAE,SAAS;QACvD,IAAI,IAAI,CAAC,OAAO,EAAE,KAAK,OAAO;YAAE,SAAS;QAEzC,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,~~CAAC~~,OAAO,~~CAAC~~,mBAAmB,~~EAAE~~,SAAS,~~EAAE~~,SAAS,~~EAC7D~~,uFAAuF,EACvF,GAAG,CAAC,QAAQ,~~EAAE~~,IAAI,~~EAClB~~,EAAE,UAAU,EAAE,sEAAsE,EAAE,~~CAAC~~,~~CAAC~~,CAAC;~~QAC3F~~,MAAM,CAAC,uBAAuB;IAChC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAC3E,iEAAiE;AAEjE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,~~CAAC,~~UAAU,~~EAAE,~~cAAc,~~EAAE,~~QAAQ,~~EAAE,~~OAAO,~~EAAE,~~QAAQ;~~IACvF~~,SAAS,~~EAAE,~~aAAa,~~EAAE,~~cAAc,~~EAAE,~~cAAc,~~EAAE,~~eAAe;~~IACzE~~,KAAK,~~EAAE,~~YAAY,~~EAAE,~~aAAa,CAAC,CAAC~~,CAAC~~;~~AAEvC~~,SAAS,eAAe,CAAC,GAAgB;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,iCAAiC;IACjC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE3F,MAAM,~~QAAQ~~,GAAG,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;~~IAE9C~~,0EAA0E;IAC1E,sFAAsF;IACtF,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAClF,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAE5B,0EAA0E;QAC1E,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACrC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,GAAG,CAAC,kBAAkB,EAAE,CAAC;gBACtC,QAAQ,CAAC,IAAI,~~CAAC~~,OAAO,~~CAAC~~,mBAAmB,~~EAAE~~,OAAO,~~EAAE~~,KAAK,~~EACvD~~,gCAAgC,KAAK,8CAA8C,EACnF,GAAG,CAAC,QAAQ,~~EAAE~~,IAAI,~~EAClB~~,~~EAAE~~,UAAU,EAAE,6FAA6F,~~EAAE~~,~~CAAC~~,CAAC~~,CAAC~~;~~gBAClH~~,OAAO,QAAQ,CAAC,CAAC,uBAAuB;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAE3E,MAAM,CAAC,MAAM,SAAS,GAAG~~;IACvB~~,eAAe~~;IACf~~,eAAe~~;IACf~~,eAAe~~;CAChB~~,CAAC"}
1	+ {"version":3,"file":"nuxt.js","sourceRoot":"","sources":["../../src/rules/nuxt.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAEtC,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAErC,2EAA2E;AAC3E,6FAA6F;AAE7F,MAAM,eAAe,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;AAE1G,SAAS,eAAe,CAAC,GAAgB;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;IAE9C,yBAAyB;IACzB,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC5F,sDAAsD;IACtD,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,CAAC;IAEvD,oFAAoF;IACpF,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,MAAM,UAAU,GAAG,oFAAoF,CAAC;IACxG,IAAI,UAAU,CAAC;IACf,OAAO,CAAC,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,+EAA+E;QAC/E,MAAM,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC,IAAI,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QAC7D,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC;QACpB,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC;QAClB,KAAK,IAAI,CAAC,GAAG,UAAU,CAAC,KAAK,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACxB,IAAI,KAAK,KAAK,CAAC;oBAAE,UAAU,GAAG,CAAC,CAAC;gBAChC,KAAK,EAAE,CAAC;YACV,CAAC;YACD,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACxB,KAAK,EAAE,CAAC;gBACR,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;oBAChB,QAAQ,GAAG,CAAC,CAAC;oBACb,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,UAAU,KAAK,CAAC,CAAC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACzC,UAAU,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,YAAY,GAAG,iBAAiB,CAAC;IACvC,IAAI,YAAY,CAAC;IACjB,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7D,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC;QACjC,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC7C,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,KAAK,EAAE,CAAC;YACjC,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACxB,KAAK,EAAE,CAAC;gBACR,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;oBAChB,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;oBAC5B,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAEzF,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,KAAK,MAAM,MAAM,IAAI,eAAe,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,MAAM,4CAA4C,EAAE,GAAG,CAAC,CAAC;QACxF,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAC/C,IAAI,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC;gBAAE,SAAS;YAEzC,0BAA0B;YAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACvG,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAClF,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAAE,SAAS;YAE1C,wCAAwC;YACxC,IAAI,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,SAAS;YACnC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAErB,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YACnE,QAAQ,CAAC,IAAI,CACX,OAAO,CACL,mBAAmB,EACnB,OAAO,EACP,KAAK,EACL,IAAI,MAAM,mEAAmE,EAC7E,GAAG,CAAC,QAAQ,EACZ,IAAI,EACJ,CAAC,EACD,EAAE,UAAU,EAAE,wDAAwD,EAAE,CACzE,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAC3E,wEAAwE;AAExE,SAAS,eAAe,CAAC,GAAgB;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;IAE9C,oFAAoF;IACpF,MAAM,eAAe,GAAG,4CAA4C,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxF,IAAI,CAAC,eAAe;QAAE,OAAO,QAAQ,CAAC;IAEtC,6DAA6D;IAC7D,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACtG,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,yBAAyB;IACzB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAClF,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,IAAI,IAAI,CAAC,OAAO,EAAE,KAAK,UAAU,CAAC,UAAU;YAAE,SAAS;QACvD,IAAI,IAAI,CAAC,OAAO,EAAE,KAAK,OAAO;YAAE,SAAS;QAEzC,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CACX,OAAO,CACL,mBAAmB,EACnB,SAAS,EACT,SAAS,EACT,uFAAuF,EACvF,GAAG,CAAC,QAAQ,EACZ,IAAI,EACJ,CAAC,EACD,EAAE,UAAU,EAAE,sEAAsE,EAAE,CACvF,CACF,CAAC;QACF,MAAM,CAAC,uBAAuB;IAChC,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAC3E,iEAAiE;AAEjE,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,UAAU;IACV,cAAc;IACd,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,SAAS;IACT,aAAa;IACb,cAAc;IACd,cAAc;IACd,eAAe;IACf,KAAK;IACL,YAAY;IACZ,aAAa;CACd,CAAC,CAAC;AAEH,SAAS,eAAe,CAAC,GAAgB;IACvC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,iCAAiC;IACjC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE3F,MAAM,SAAS,GAAG,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;IAE/C,0EAA0E;IAC1E,sFAAsF;IACtF,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAClF,MAAM,IAAI,GAAG,GAAG,CAAC,aAAa,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAE5B,0EAA0E;QAC1E,KAAK,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;YACrC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,GAAG,CAAC,kBAAkB,EAAE,CAAC;gBACtC,QAAQ,CAAC,IAAI,CACX,OAAO,CACL,mBAAmB,EACnB,OAAO,EACP,KAAK,EACL,gCAAgC,KAAK,8CAA8C,EACnF,GAAG,CAAC,QAAQ,EACZ,IAAI,EACJ,CAAC,EACD;oBACE,UAAU,EAAE,6FAA6F;iBAC1G,CACF,CACF,CAAC;gBACF,OAAO,QAAQ,CAAC,CAAC,uBAAuB;YAC1C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,2EAA2E;AAE3E,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,eAAe,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC"}

package/dist/rules/react.js CHANGED Viewed

@@ -3,33 +3,41 @@
  *
  * Catches React-specific bugs that KERN IR + AST can detect mechanically.
  */
-import { SyntaxKind, Node } from 'ts-morph';
-import { createFingerprint } from '../types.js';
-function span(file, line, col = 1) {
-    return { file, startLine: line, startCol: col, endLine: line, endCol: col };
-}
-function finding(ruleId, severity, category, message, file, line, extra) {
-    return {
-        source: 'kern',
-        ruleId,
-        severity,
-        category,
-        message,
-        primarySpan: span(file, line),
-        fingerprint: createFingerprint(ruleId, line, 1),
-        ...extra,
-    };
+import { Node, SyntaxKind } from 'ts-morph';
+import { finding } from './utils.js';
+/**
+ * Check if a file is actually a React file — has JSX syntax or React imports.
+ * Backend/utility files in a React-targeted project should not trigger React rules.
+ */
+function isReactFile(ctx) {
+    if (ctx.sourceFile.getDescendantsOfKind(SyntaxKind.JsxOpeningElement).length > 0)
+        return true;
+    if (ctx.sourceFile.getDescendantsOfKind(SyntaxKind.JsxSelfClosingElement).length > 0)
+        return true;
+    if (ctx.sourceFile.getImportDeclarations().some((i) => i.getModuleSpecifierValue() === 'react'))
+        return true;
+    const fullText = ctx.sourceFile.getFullText();
+    if (/\buse(?:State|Effect|Ref|Callback|Memo|Reducer|Context)\s*[<(]/.test(fullText))
+        return true;
+    return false;
 }
 // ── Rule 11: async-effect ────────────────────────────────────────────────
 // useEffect(async () => ...) — React doesn't support async effect callbacks
 function asyncEffect(ctx) {
     const findings = [];
-    const fullText = ctx.sourceFile.getFullText();
-    const asyncEffectRegex = /useEffect\s*\(\s*async\s/g;
-    let match;
-    while ((match = asyncEffectRegex.exec(fullText)) !== null) {
-        const line = fullText.substring(0, match.index).split('\n').length;
-        findings.push(finding('async-effect', 'error', 'bug', 'useEffect callback must not be async — use an inner async function instead', ctx.filePath, line, { suggestion: 'useEffect(() => { async function run() { ... } run(); }, [])' }));
+    for (const call of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.CallExpression)) {
+        const callee = call.getExpression().getText();
+        if (callee !== 'useEffect' && callee !== 'React.useEffect' && callee !== 'useLayoutEffect')
+            continue;
+        const args = call.getArguments();
+        if (args.length === 0)
+            continue;
+        const callback = args[0];
+        if (Node.isArrowFunction(callback) || Node.isFunctionExpression(callback)) {
+            if (callback.isAsync()) {
+                findings.push(finding('async-effect', 'error', 'bug', 'useEffect callback must not be async — use an inner async function instead', ctx.filePath, callback.getStartLineNumber(), 1, { suggestion: 'useEffect(() => { async function run() { ... } run(); }, [])' }));
+            }
+        }
     }
     return findings;
 }
@@ -37,6 +45,9 @@ function asyncEffect(ctx) {
 // setState or fetch called directly in render body (outside hooks/handlers)
 function renderSideEffect(ctx) {
     const findings = [];
+    // Gate: skip non-React files
+    if (!isReactFile(ctx))
+        return findings;
     function checkBlock(block, name) {
         for (const stmt of block.getStatements()) {
             if (stmt.getKind() === SyntaxKind.ReturnStatement)
@@ -52,12 +63,14 @@ function renderSideEffect(ctx) {
             const exprText = exprStmt.getExpression().getText();
             if (/\b(useEffect|useLayoutEffect|useCallback|useMemo|useInsertionEffect)\s*\(/.test(exprText))
                 continue;
-            if (/\bset[A-Z]\w*\(/.test(exprText) && !exprText.includes('useState') &&
+            if (/\bset[A-Z]\w*\(/.test(exprText) &&
+                !exprText.includes('useState') &&
                 !/\b(setTimeout|setInterval|setImmediate|setAttribute|setProperty|setHeader|setRequestHeader|setItem|setCustomValidity)\s*\(/.test(exprText)) {
-                findings.push(finding('render-side-effect', 'error', 'bug', `setState called in render body of '${name}' — move to useEffect or event handler`, ctx.filePath, stmt.getStartLineNumber()));
+                findings.push(finding('render-side-effect', 'error', 'bug', `setState called in render body of '${name}' — move to useEffect or event handler`, ctx.filePath, stmt.getStartLineNumber(), 1));
             }
-            if (/\bfetch\s*\(/.test(exprText)) {
-                findings.push(finding('render-side-effect', 'error', 'bug', `fetch() called in render body of '${name}' — move to useEffect or event handler`, ctx.filePath, stmt.getStartLineNumber()));
+            const expr = exprStmt.getExpression();
+            if (Node.isCallExpression(expr) && expr.getExpression().getText() === 'fetch') {
+                findings.push(finding('render-side-effect', 'error', 'bug', `fetch() called in render body of '${name}' — move to useEffect or event handler`, ctx.filePath, stmt.getStartLineNumber(), 1));
             }
         }
     }
@@ -108,8 +121,7 @@ function unstableKey(ctx) {
         if (args.length === 0)
             continue;
         const callback = args[0];
-        if (callback.getKind() !== SyntaxKind.ArrowFunction &&
-            callback.getKind() !== SyntaxKind.FunctionExpression)
+        if (callback.getKind() !== SyntaxKind.ArrowFunction && callback.getKind() !== SyntaxKind.FunctionExpression)
             continue;
         // Get the index parameter (second param of the callback)
         const params = callback.getKind() === SyntaxKind.ArrowFunction
@@ -152,10 +164,12 @@ function unstableKey(ctx) {
             break;
         }
         if (usesIndexKey) {
-            findings.push(finding('unstable-key', 'warning', 'bug', `key={${indexParam}} uses array index — use a stable identifier instead`, ctx.filePath, line, { suggestion: 'Use a unique ID from the data (e.g., key={item.id})' }));
+            findings.push(finding('unstable-key', 'warning', 'bug', `key={${indexParam}} uses array index — use a stable identifier instead`, ctx.filePath, line, 1, { suggestion: 'Use a unique ID from the data (e.g., key={item.id})' }));
         }
         else if (!hasKey) {
-            findings.push(finding('unstable-key', 'warning', 'bug', 'JSX in .map() is missing a key prop', ctx.filePath, line, { suggestion: 'Add key={item.id} to the root JSX element in .map()' }));
+            findings.push(finding('unstable-key', 'warning', 'bug', 'JSX in .map() is missing a key prop', ctx.filePath, line, 1, {
+                suggestion: 'Add key={item.id} to the root JSX element in .map()',
+            }));
         }
     }
     return findings;
@@ -164,28 +178,26 @@ function unstableKey(ctx) {
 // Timer captures state not in dependency array
 function staleClosure(ctx) {
     const findings = [];
-    // AST-based: find useEffect() calls and analyze deps + timer usage
     for (const call of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.CallExpression)) {
-        const callee = call.getExpression();
-        if (callee.getText() !== 'useEffect')
+        const callee = call.getExpression().getText();
+        if (callee !== 'useEffect' && callee !== 'useLayoutEffect')
             continue;
         const args = call.getArguments();
         if (args.length < 2)
             continue;
-        // First arg: the effect callback
-        const callbackText = args[0].getText();
-        // Second arg: deps array
+        const callback = args[0];
         const depsArg = args[1];
-        if (depsArg.getKind() !== SyntaxKind.ArrayLiteralExpression)
-            continue;
-        const depsArray = depsArg;
-        const deps = depsArray.getElements();
-        // Empty deps [] + timer in callback = stale closure risk
-        if (deps.length === 0) {
-            const hasTimer = /\b(?:setInterval|setTimeout)\s*\(/.test(callbackText);
-            if (hasTimer) {
-                findings.push(finding('stale-closure', 'warning', 'bug', 'Timer in useEffect with empty deps [] may capture stale state', ctx.filePath, call.getStartLineNumber(), { suggestion: 'Use a ref for the latest value or add dependencies' }));
-            }
+        if (!Node.isArrayLiteralExpression(depsArg))
+            continue;
+        if (depsArg.getElements().length !== 0)
+            continue;
+        // Pure AST: find setInterval/setTimeout calls inside the callback
+        const timers = callback.getDescendantsOfKind(SyntaxKind.CallExpression).filter((c) => {
+            const name = c.getExpression().getText();
+            return name === 'setInterval' || name === 'setTimeout';
+        });
+        if (timers.length > 0) {
+            findings.push(finding('stale-closure', 'warning', 'bug', 'Timer in useEffect with empty deps [] may capture stale state', ctx.filePath, call.getStartLineNumber(), 1, { suggestion: 'Use a ref for the latest value or add dependencies' }));
         }
     }
     return findings;
@@ -194,29 +206,29 @@ function staleClosure(ctx) {
 // >5 useState calls in a single component — should be useReducer or machine
 function stateExplosion(ctx) {
     const findings = [];
-    const fullText = ctx.sourceFile.getFullText();
+    function checkFn(fn, name) {
+        const useStates = fn.getDescendantsOfKind(SyntaxKind.CallExpression).filter((c) => {
+            const text = c.getExpression().getText();
+            return text === 'useState' || text === 'React.useState';
+        });
+        if (useStates.length > 5) {
+            findings.push(finding('state-explosion', 'warning', 'pattern', `Component '${name}' has ${useStates.length} useState calls — consider useReducer or a state machine`, ctx.filePath, fn.getStartLineNumber(), 1, { suggestion: 'Use useReducer for complex state, or a KERN machine node for state transitions' }));
+        }
+    }
     for (const fn of ctx.sourceFile.getFunctions()) {
         const name = fn.getName() || '';
         if (!name || name[0] !== name[0].toUpperCase())
             continue;
-        const body = fn.getBody()?.getText() || '';
-        const useStateCount = (body.match(/useState\s*[<(]/g) || []).length;
-        if (useStateCount > 5) {
-            findings.push(finding('state-explosion', 'warning', 'pattern', `Component '${name}' has ${useStateCount} useState calls — consider useReducer or a state machine`, ctx.filePath, fn.getStartLineNumber(), { suggestion: 'Use useReducer for complex state, or a KERN machine node for state transitions' }));
-        }
+        checkFn(fn, name);
     }
-    // Also check arrow function components
     for (const stmt of ctx.sourceFile.getVariableStatements()) {
         for (const decl of stmt.getDeclarations()) {
             const name = decl.getName();
             if (!name || name[0] !== name[0].toUpperCase())
                 continue;
-            const init = decl.getInitializer()?.getText() || '';
-            if (!init.includes('=>'))
-                continue;
-            const useStateCount = (init.match(/useState\s*[<(]/g) || []).length;
-            if (useStateCount > 5) {
-                findings.push(finding('state-explosion', 'warning', 'pattern', `Component '${name}' has ${useStateCount} useState calls — consider useReducer or a state machine`, ctx.filePath, stmt.getStartLineNumber()));
+            const init = decl.getInitializer();
+            if (init && Node.isArrowFunction(init)) {
+                checkFn(init, name);
             }
         }
     }
@@ -224,10 +236,23 @@ function stateExplosion(ctx) {
 }
 // ── Rule 16: hook-order ──────────────────────────────────────────────────
 // Conditional hook calls (hooks inside if/loop/early return)
-const HOOK_NAMES = new Set(['useState', 'useEffect', 'useCallback', 'useMemo', 'useRef',
-    'useContext', 'useReducer', 'useLayoutEffect', 'useImperativeHandle',
-    'useDebugValue', 'useDeferredValue', 'useTransition', 'useId',
-    'useSyncExternalStore', 'useInsertionEffect']);
+const HOOK_NAMES = new Set([
+    'useState',
+    'useEffect',
+    'useCallback',
+    'useMemo',
+    'useRef',
+    'useContext',
+    'useReducer',
+    'useLayoutEffect',
+    'useImperativeHandle',
+    'useDebugValue',
+    'useDeferredValue',
+    'useTransition',
+    'useId',
+    'useSyncExternalStore',
+    'useInsertionEffect',
+]);
 function hookOrder(ctx) {
     const findings = [];
     // Collect all control-flow nodes (if/for/while/do)
@@ -241,9 +266,9 @@ function hookOrder(ctx) {
     ];
     for (const cfNode of controlFlowNodes) {
         // Only flag hooks inside components (capitalized) or custom hooks (use*)
-        let enclosingFn = cfNode.getFirstAncestorByKind(SyntaxKind.FunctionDeclaration)
-            || cfNode.getFirstAncestorByKind(SyntaxKind.ArrowFunction)
-            || cfNode.getFirstAncestorByKind(SyntaxKind.FunctionExpression);
+        const enclosingFn = cfNode.getFirstAncestorByKind(SyntaxKind.FunctionDeclaration) ||
+            cfNode.getFirstAncestorByKind(SyntaxKind.ArrowFunction) ||
+            cfNode.getFirstAncestorByKind(SyntaxKind.FunctionExpression);
         if (!enclosingFn)
             continue;
         const fnName = enclosingFn.getName?.() || '';
@@ -263,7 +288,7 @@ function hookOrder(ctx) {
             if (reported.has(hookName))
                 continue;
             reported.add(hookName);
-            findings.push(finding('hook-order', 'error', 'bug', `Hook '${hookName}' called inside ${label} — violates Rules of Hooks`, ctx.filePath, cfNode.getStartLineNumber(), { suggestion: 'Move hook call to top level of component' }));
+            findings.push(finding('hook-order', 'error', 'bug', `Hook '${hookName}' called inside ${label} — violates Rules of Hooks`, ctx.filePath, cfNode.getStartLineNumber(), 1, { suggestion: 'Move hook call to top level of component' }));
         }
     }
     return findings;
@@ -303,7 +328,7 @@ function effectSelfUpdateLoop(ctx) {
             continue;
         if (!Node.isArrayLiteralExpression(depsArg))
             continue;
-        const deps = new Set(depsArg.getElements().map(el => el.getText()));
+        const deps = new Set(depsArg.getElements().map((el) => el.getText()));
         // Find setter calls in the effect body
         for (const innerCall of callbackArg.getDescendantsOfKind(SyntaxKind.CallExpression)) {
             const expr = innerCall.getExpression();
@@ -325,7 +350,263 @@ function effectSelfUpdateLoop(ctx) {
             }
             if (isNested)
                 continue;
-            findings.push(finding('effect-self-update-loop', 'error', 'bug', `useEffect updates '${stateName}' via ${setterName}() while '${stateName}' is in deps — infinite re-render loop`, ctx.filePath, innerCall.getStartLineNumber(), { suggestion: `Move the write behind a guard or use a ref to break the cycle` }));
+            findings.push(finding('effect-self-update-loop', 'error', 'bug', `useEffect updates '${stateName}' via ${setterName}() while '${stateName}' is in deps — infinite re-render loop`, ctx.filePath, innerCall.getStartLineNumber(), 1, { suggestion: `Move the write behind a guard or use a ref to break the cycle` }));
+        }
+    }
+    return findings;
+}
+// ── Rule: missing-effect-cleanup ─────────────────────────────────────────
+// useEffect with setInterval/addEventListener but no cleanup return function
+function missingEffectCleanup(ctx) {
+    const findings = [];
+    for (const call of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.CallExpression)) {
+        const callee = call.getExpression().getText();
+        if (callee !== 'useEffect' && callee !== 'useLayoutEffect')
+            continue;
+        const args = call.getArguments();
+        if (args.length === 0)
+            continue;
+        const callback = args[0];
+        if (!Node.isArrowFunction(callback) && !Node.isFunctionExpression(callback))
+            continue;
+        const body = callback.getBody();
+        let hasCleanup = false;
+        if (Node.isBlock(body)) {
+            hasCleanup = body.getStatements().some((s) => {
+                if (!Node.isReturnStatement(s))
+                    return false;
+                const expr = s.getExpression();
+                return (expr != null && (Node.isArrowFunction(expr) || Node.isFunctionExpression(expr) || Node.isIdentifier(expr)));
+            });
+        }
+        if (hasCleanup)
+            continue;
+        const leakyCalls = callback.getDescendantsOfKind(SyntaxKind.CallExpression).filter((c) => {
+            const name = c.getExpression().getText();
+            return (name === 'setInterval' || name === 'setTimeout' || name.endsWith('.addEventListener') || name.endsWith('.on'));
+        });
+        if (leakyCalls.length > 0) {
+            findings.push(finding('missing-effect-cleanup', 'warning', 'bug', `useEffect uses '${leakyCalls[0].getExpression().getText()}' but is missing a cleanup return function`, ctx.filePath, call.getStartLineNumber(), 1, { suggestion: 'Return a cleanup function: return () => clearInterval(id);' }));
+        }
+    }
+    return findings;
+}
+// ── Rule: inline-context-value ───────────────────────────────────────────
+// <Context.Provider value={{...}}> causes re-renders on every parent render
+function inlineContextValue(ctx) {
+    const findings = [];
+    for (const jsx of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.JsxOpeningElement)) {
+        const name = jsx.getTagNameNode().getText();
+        if (!name.endsWith('.Provider'))
+            continue;
+        for (const attr of jsx.getAttributes()) {
+            if (!Node.isJsxAttribute(attr) || attr.getNameNode().getText() !== 'value')
+                continue;
+            const init = attr.getInitializer();
+            if (!init || !Node.isJsxExpression(init))
+                continue;
+            const expr = init.getExpression();
+            if (!expr)
+                continue;
+            if (Node.isObjectLiteralExpression(expr) || Node.isArrayLiteralExpression(expr)) {
+                findings.push(finding('inline-context-value', 'warning', 'pattern', 'Inline object/array passed to Context.Provider value — causes all consumers to re-render', ctx.filePath, jsx.getStartLineNumber(), 1, { suggestion: 'Memoize the value with useMemo' }));
+            }
+        }
+    }
+    return findings;
+}
+// ── Rule: ref-in-render ──────────────────────────────────────────────────
+// Reading or writing ref.current during render — breaks React purity rules
+// Source: react.dev/reference/react/useRef, eslint-plugin-react-hooks/refs
+function refInRender(ctx) {
+    if (!isReactFile(ctx))
+        return [];
+    const findings = [];
+    // Collect useRef variable names: const myRef = useRef(...)
+    const refVars = new Set();
+    for (const decl of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.VariableDeclaration)) {
+        const init = decl.getInitializer();
+        if (!init || !Node.isCallExpression(init))
+            continue;
+        const callee = init.getExpression().getText();
+        if (callee === 'useRef' || callee === 'React.useRef') {
+            refVars.add(decl.getName());
+        }
+    }
+    if (refVars.size === 0)
+        return findings;
+    // Identify safe scopes: useEffect/useLayoutEffect/useCallback/event handler callbacks
+    const SAFE_CALLEE = new Set(['useEffect', 'useLayoutEffect', 'useCallback', 'useInsertionEffect']);
+    function isInSafeScope(node) {
+        let cur = node.getParent();
+        while (cur) {
+            // Inside a useEffect/useCallback callback
+            if ((Node.isArrowFunction(cur) || Node.isFunctionExpression(cur)) && cur.getParent()) {
+                const parent = cur.getParent();
+                if (Node.isCallExpression(parent)) {
+                    const calleeName = parent.getExpression().getText();
+                    if (SAFE_CALLEE.has(calleeName))
+                        return true;
+                }
+            }
+            // Inside an event handler in JSX: onClick={() => ref.current = ...}
+            if ((Node.isArrowFunction(cur) || Node.isFunctionExpression(cur)) && cur.getParent()) {
+                const parent = cur.getParent();
+                if (Node.isJsxExpression(parent))
+                    return true;
+            }
+            // Inside a cleanup return function
+            if ((Node.isArrowFunction(cur) || Node.isFunctionExpression(cur)) && cur.getParent()) {
+                const parent = cur.getParent();
+                if (Node.isReturnStatement(parent))
+                    return true;
+            }
+            cur = cur.getParent();
+        }
+        return false;
+    }
+    // Find .current access on ref variables
+    for (const prop of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.PropertyAccessExpression)) {
+        if (prop.getName() !== 'current')
+            continue;
+        const obj = prop.getExpression();
+        if (!Node.isIdentifier(obj))
+            continue;
+        if (!refVars.has(obj.getText()))
+            continue;
+        // Skip if inside safe scope (effect, handler, callback)
+        if (isInSafeScope(prop))
+            continue;
+        // Skip lazy initialization pattern: if (ref.current === null) ref.current = x
+        // React explicitly allows this during render (react.dev/reference/react/useRef)
+        const ifAncestor = prop.getFirstAncestorByKind(SyntaxKind.IfStatement);
+        if (ifAncestor) {
+            const condText = ifAncestor.getExpression().getText();
+            const refName = obj.getText();
+            if (condText.includes(`${refName}.current`) &&
+                (condText.includes('null') || condText.includes('undefined') || condText.startsWith('!'))) {
+                continue;
+            }
+        }
+        // Check if this is a read or write
+        const parent = prop.getParent();
+        const isWrite = parent &&
+            Node.isBinaryExpression(parent) &&
+            parent.getLeft() === prop &&
+            parent.getOperatorToken().getKind() === SyntaxKind.EqualsToken;
+        const action = isWrite ? 'written to' : 'read';
+        findings.push(finding('ref-in-render', 'error', 'bug', `ref.current ${action} during render — refs are not tracked by React and may be stale`, ctx.filePath, prop.getStartLineNumber(), 1, {
+            suggestion: isWrite
+                ? 'Move ref writes to useEffect or event handlers'
+                : 'Use useState instead if the value affects rendering',
+        }));
+    }
+    return findings;
+}
+// ── Rule: missing-memo-deps ──────────────────────────────────────────────
+// useMemo/useCallback called without dependency array — recomputes every render
+// Source: react.dev/reference/react/useMemo, react.dev/reference/react/useCallback
+const MEMO_HOOKS = new Set(['useMemo', 'useCallback', 'React.useMemo', 'React.useCallback']);
+function missingMemoDeps(ctx) {
+    const findings = [];
+    for (const call of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.CallExpression)) {
+        const callee = call.getExpression().getText();
+        if (!MEMO_HOOKS.has(callee))
+            continue;
+        const args = call.getArguments();
+        if (args.length === 0)
+            continue;
+        // First arg should be the function, second should be deps array
+        if (args.length < 2) {
+            const hookName = callee.includes('.') ? callee.split('.')[1] : callee;
+            findings.push(finding('missing-memo-deps', 'warning', 'bug', `${hookName} called without dependency array — will recompute on every render, defeating memoization`, ctx.filePath, call.getStartLineNumber(), 1, { suggestion: `Add a dependency array as the second argument: ${hookName}(fn, [dep1, dep2])` }));
+        }
+    }
+    return findings;
+}
+// ── Rule: reducer-mutation ──────────────────────────────────────────────
+// Direct state mutation inside useReducer reducer function
+// Source: react.dev/reference/react/useReducer
+function reducerMutation(ctx) {
+    const findings = [];
+    // Find useReducer calls and get the reducer function
+    for (const call of ctx.sourceFile.getDescendantsOfKind(SyntaxKind.CallExpression)) {
+        const callee = call.getExpression().getText();
+        if (callee !== 'useReducer' && callee !== 'React.useReducer')
+            continue;
+        const args = call.getArguments();
+        if (args.length === 0)
+            continue;
+        const reducer = args[0];
+        // Reducer can be inline or a reference — handle both
+        let reducerBody;
+        let stateParam;
+        if (Node.isArrowFunction(reducer) || Node.isFunctionExpression(reducer)) {
+            reducerBody = reducer.getBody();
+            const params = reducer.getParameters();
+            if (params.length > 0)
+                stateParam = params[0].getName();
+        }
+        else if (Node.isIdentifier(reducer)) {
+            const name = reducer.getText();
+            const fn = ctx.sourceFile.getFunction(name);
+            if (fn) {
+                reducerBody = fn.getBody();
+                const params = fn.getParameters();
+                if (params.length > 0)
+                    stateParam = params[0].getName();
+            }
+        }
+        if (!reducerBody || !stateParam)
+            continue;
+        // Look for direct mutations: state.prop = ..., state.prop++, state.push(...)
+        const mutationMethods = new Set(['push', 'pop', 'shift', 'unshift', 'splice', 'sort', 'reverse']);
+        for (const bin of reducerBody.getDescendantsOfKind(SyntaxKind.BinaryExpression)) {
+            const op = bin.getOperatorToken().getKind();
+            if (op !== SyntaxKind.EqualsToken && op !== SyntaxKind.PlusEqualsToken && op !== SyntaxKind.MinusEqualsToken)
+                continue;
+            const left = bin.getLeft();
+            if (!Node.isPropertyAccessExpression(left))
+                continue;
+            const root = left.getExpression();
+            if (Node.isIdentifier(root) && root.getText() === stateParam) {
+                findings.push(finding('reducer-mutation', 'error', 'bug', `Reducer mutates '${stateParam}.${left.getName()}' directly — return a new object instead`, ctx.filePath, bin.getStartLineNumber(), 1, { suggestion: `return { ...${stateParam}, ${left.getName()}: newValue }` }));
+                break; // One finding per reducer
+            }
+        }
+        // Check for state.method() mutations
+        for (const methodCall of reducerBody.getDescendantsOfKind(SyntaxKind.CallExpression)) {
+            const expr = methodCall.getExpression();
+            if (!Node.isPropertyAccessExpression(expr))
+                continue;
+            if (!mutationMethods.has(expr.getName()))
+                continue;
+            const obj = expr.getExpression();
+            // state.push() or state.items.push()
+            if (Node.isIdentifier(obj) && obj.getText() === stateParam) {
+                findings.push(finding('reducer-mutation', 'error', 'bug', `Reducer mutates '${stateParam}' via .${expr.getName()}() — return a new object instead`, ctx.filePath, methodCall.getStartLineNumber(), 1, { suggestion: `Return new state: return { ...${stateParam}, ... }` }));
+                break;
+            }
+            if (Node.isPropertyAccessExpression(obj)) {
+                const root = obj.getExpression();
+                if (Node.isIdentifier(root) && root.getText() === stateParam) {
+                    findings.push(finding('reducer-mutation', 'error', 'bug', `Reducer mutates '${stateParam}.${obj.getName()}' via .${expr.getName()}() — use immutable update`, ctx.filePath, methodCall.getStartLineNumber(), 1, {
+                        suggestion: `return { ...${stateParam}, ${obj.getName()}: [...${stateParam}.${obj.getName()}, newItem] }`,
+                    }));
+                    break;
+                }
+            }
+        }
+        // Check for state.prop++ / ++state.prop
+        for (const postfix of reducerBody.getDescendantsOfKind(SyntaxKind.PostfixUnaryExpression)) {
+            const operand = postfix.getOperand();
+            if (!Node.isPropertyAccessExpression(operand))
+                continue;
+            const root = operand.getExpression();
+            if (Node.isIdentifier(root) && root.getText() === stateParam) {
+                findings.push(finding('reducer-mutation', 'error', 'bug', `Reducer mutates '${stateParam}.${operand.getName()}' via ++ — return a new object instead`, ctx.filePath, postfix.getStartLineNumber(), 1, { suggestion: `return { ...${stateParam}, ${operand.getName()}: ${stateParam}.${operand.getName()} + 1 }` }));
+                break;
+            }
         }
     }
     return findings;
@@ -339,5 +620,10 @@ export const reactRules = [
     stateExplosion,
     hookOrder,
     effectSelfUpdateLoop,
+    missingEffectCleanup,
+    inlineContextValue,
+    refInRender,
+    missingMemoDeps,
+    reducerMutation,
 ];
 //# sourceMappingURL=react.js.map