@kernlang/review 3.1.6 → 3.1.8

package/dist/norm-miner.js

@@ -0,0 +1,119 @@
+/**
+ * Norm Miner — discovers implicit coding norms from peer function clusters.
+ *
+ * Groups function_declaration concepts by their child concept profile (e.g.,
+ * "has effect + error_handle" vs "has effect, no error_handle") and flags
+ * outliers that violate the majority pattern.
+ *
+ * Softened peer norms: clusters of 2 are allowed for effect-bearing functions
+ * (MIN_CLUSTER_SIZE = 2 for *:effect, 3 for *:pure).
+ */
+// ── Constants ───────────────────────────────────────────────────────────
+/** Minimum cluster size: 2 for effect-bearing functions, 3 for pure */
+function minClusterSize(hasEffect) {
+    return hasEffect ? 2 : 3;
+}
+/** Minimum prevalence threshold: what fraction of peers must exhibit a pattern */
+const MIN_PREVALENCE = 0.75;
+/** Concept kinds that define a function's "profile" for clustering */
+const PROFILE_KINDS = ['effect', 'error_handle', 'guard', 'error_raise'];
+// ── Core ────────────────────────────────────────────────────────────────
+/**
+ * Build a child-concept profile for a function, matching by containerId prefix.
+ * Returns a set of concept kinds that appear as children of this function.
+ */
+function buildProfileByPrefix(prefix, allNodes) {
+    const kinds = new Set();
+    for (const node of allNodes) {
+        if (node.containerId?.startsWith(prefix) && PROFILE_KINDS.includes(node.kind)) {
+            kinds.add(node.kind);
+        }
+    }
+    return kinds;
+}
+/**
+ * Cluster key: deterministic string encoding which profile kinds are present.
+ * We cluster by EFFECT presence (the primary dimension) + effect subtype.
+ */
+function clusterKey(profile, effectSubtype) {
+    const hasEffect = profile.has('effect');
+    if (!hasEffect)
+        return 'pure';
+    return `effect:${effectSubtype || 'unknown'}`;
+}
+/**
+ * Get the effect subtype for a function (if any), matching by containerId prefix.
+ */
+function getEffectSubtypeByPrefix(prefix, allNodes) {
+    for (const node of allNodes) {
+        if (node.containerId?.startsWith(prefix) && node.kind === 'effect' && node.payload.kind === 'effect') {
+            return node.payload.subtype;
+        }
+    }
+    return undefined;
+}
+/**
+ * Mine peer norms from a set of concept maps.
+ * Clusters functions by their effect profile, then checks whether
+ * the majority pattern (e.g., "has error_handle") is violated by outliers.
+ */
+export function mineNorms(allConcepts) {
+    const violations = [];
+    // Collect all function profiles across all files
+    const profiles = [];
+    for (const [, concepts] of allConcepts) {
+        const fnNodes = concepts.nodes.filter((n) => n.kind === 'function_declaration');
+        for (const fnNode of fnNodes) {
+            const fnName = fnNode.payload.kind === 'function_declaration' ? fnNode.payload.name : 'anonymous';
+            // getContainerId format: filePath#fn:name@charOffset
+            // Match children by prefix: any containerId starting with "filePath#fn:name@"
+            const prefix = `${concepts.filePath}#fn:${fnName}@`;
+            const profile = buildProfileByPrefix(prefix, concepts.nodes);
+            const effectSubtype = getEffectSubtypeByPrefix(prefix, concepts.nodes);
+            profiles.push({ fnNode, containerId: prefix, profile, effectSubtype });
+        }
+    }
+    // Group by cluster key
+    const clusters = new Map();
+    for (const p of profiles) {
+        const key = clusterKey(p.profile, p.effectSubtype);
+        const arr = clusters.get(key) || [];
+        arr.push(p);
+        clusters.set(key, arr);
+    }
+    // For each cluster, find the majority pattern and flag outliers
+    for (const [key, cluster] of clusters) {
+        const hasEffect = key !== 'pure';
+        const minSize = minClusterSize(hasEffect);
+        if (cluster.length < minSize)
+            continue;
+        // For each profile kind, count how many functions have it
+        for (const kind of PROFILE_KINDS) {
+            if (kind === 'effect')
+                continue; // effect is the clustering dimension, skip
+            const withKind = cluster.filter((p) => p.profile.has(kind));
+            let prevalence = withKind.length / cluster.length;
+            // Softened norms: multiply prevalence by 0.8 when cluster is small
+            if (cluster.length === 2) {
+                prevalence *= 0.8;
+            }
+            if (prevalence < MIN_PREVALENCE)
+                continue;
+            // Functions that DON'T have this kind are violating the norm
+            const violators = cluster.filter((p) => !p.profile.has(kind));
+            for (const v of violators) {
+                const normDesc = `functions with ${key} should have ${kind}`;
+                violations.push({
+                    functionNode: v.fnNode,
+                    norm: normDesc,
+                    missingKind: kind,
+                    peerCount: withKind.length,
+                    prevalence,
+                    weakNorm: cluster.length < 3 ? true : undefined,
+                });
+            }
+        }
+    }
+    return violations;
+}
+//# sourceMappingURL=norm-miner.js.map

package/dist/norm-miner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"norm-miner.js","sourceRoot":"","sources":["../src/norm-miner.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAqBH,2EAA2E;AAE3E,uEAAuE;AACvE,SAAS,cAAc,CAAC,SAAkB;IACxC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED,kFAAkF;AAClF,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B,sEAAsE;AACtE,MAAM,aAAa,GAAsB,CAAC,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AAE5F,2EAA2E;AAE3E;;;GAGG;AACH,SAAS,oBAAoB,CAAC,MAAc,EAAE,QAAuB;IACnE,MAAM,KAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;IACzC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,MAAM,CAAC,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9E,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,OAA6B,EAAE,aAAiC;IAClF,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,OAAO,MAAM,CAAC;IAC9B,OAAO,UAAU,aAAa,IAAI,SAAS,EAAE,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,MAAc,EAAE,QAAuB;IACvE,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrG,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AASD;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,WAAoC;IAC5D,MAAM,UAAU,GAAoB,EAAE,CAAC;IAEvC,iDAAiD;IACjD,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,MAAM,CAAC,EAAE,QAAQ,CAAC,IAAI,WAAW,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC;QAC7F,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC;YAClG,qDAAqD;YACrD,8EAA8E;YAC9E,MAAM,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,OAAO,MAAM,GAAG,CAAC;YACpD,MAAM,OAAO,GAAG,oBAAoB,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;YAEvE,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA6B,CAAC;IACtD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,aAAa,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACpC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,gEAAgE;IAChE,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,QAAQ,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,GAAG,KAAK,MAAM,CAAC;QACjC,MAAM,OAAO,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,OAAO,CAAC,MAAM,GAAG,OAAO;YAAE,SAAS;QAEvC,0DAA0D;QAC1D,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,IAAI,KAAK,QAAQ;gBAAE,SAAS,CAAC,2CAA2C;YAE5E,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5D,IAAI,UAAU,GAAG,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAElD,mEAAmE;YACnE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,UAAU,IAAI,GAAG,CAAC;YACpB,CAAC;YAED,IAAI,UAAU,GAAG,cAAc;gBAAE,SAAS;YAE1C,6DAA6D;YAC7D,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAC9D,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC1B,MAAM,QAAQ,GAAG,kBAAkB,GAAG,gBAAgB,IAAI,EAAE,CAAC;gBAC7D,UAAU,CAAC,IAAI,CAAC;oBACd,YAAY,EAAE,CAAC,CAAC,MAAM;oBACtB,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,IAAI;oBACjB,SAAS,EAAE,QAAQ,CAAC,MAAM;oBAC1B,UAAU;oBACV,QAAQ,EAAE,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;iBAChD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/obligations.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Proof Obligations — generated from structure and peer norms.
+ *
+ * A ProofObligation is something a reviewer (human or LLM) must verify.
+ * Two sources:
+ *   1. Structural: derived from concept graph topology (no peers needed)
+ *   2. Norm-violation: derived from peer function comparison (norm-miner)
+ *
+ * Obligations are deduped: when a norm violation and a structural obligation
+ * target the same function + missing concept kind, the norm violation wins
+ * (it has stronger evidence).
+ */
+import type { ConceptMap, ConceptNodeKind } from '@kernlang/core';
+import type { NormViolation } from './norm-miner.js';
+import type { FileContext } from './types.js';
+export type ObligationType = 'norm-violation' | 'structural';
+export interface ProofObligation {
+    /** Unique ID for this obligation */
+    id: string;
+    /** What kind of evidence produced this obligation */
+    type: ObligationType;
+    /** The function this obligation targets */
+    functionId: string;
+    /** Human-readable function name */
+    functionName: string;
+    /** What concept kind is expected but missing */
+    missingKind: ConceptNodeKind;
+    /** Human-readable claim the reviewer must verify */
+    claim: string;
+    /** Priority: 1 = highest (norm-violation), 3 = lowest (structural) */
+    priority: number;
+    /** File path where the function lives */
+    filePath: string;
+    /** Line number of the function */
+    line: number;
+    /** Evidence supporting the claim */
+    evidence_for: string[];
+    /** Evidence against the claim */
+    evidence_against: string[];
+    /** How common this pattern is among peer functions (0-1) */
+    prevalence?: number;
+    /** Suggested verification action for the reviewer */
+    suggested_check: string;
+}
+/**
+ * Generate obligations from concept graph topology — no peer comparison needed.
+ *
+ * Rules:
+ * (A) Function has effect children but no error_handle child
+ * (B) Function is in boundary 'api' and has effect children but no guard child
+ * (C) Function has effect with subtype 'db' and no guard with subtype 'validation'
+ */
+export declare function obligationsFromStructure(allConcepts: Map<string, ConceptMap>, fileContextMap: Map<string, FileContext> | undefined, filePath: string): ProofObligation[];
+/**
+ * Convert norm violations into proof obligations.
+ */
+export declare function obligationsFromNorms(violations: NormViolation[]): ProofObligation[];
+/**
+ * Produce the final list of proof obligations for a file.
+ * Merges structural + norm obligations, deduplicating: when both sources
+ * target the same function + missing kind, the norm violation wins.
+ */
+export declare function synthesizeObligations(allConcepts: Map<string, ConceptMap>, fileContextMap: Map<string, FileContext> | undefined, filePath: string, normViolations: NormViolation[]): ProofObligation[];

package/dist/obligations.js

@@ -0,0 +1,158 @@
+/**
+ * Proof Obligations — generated from structure and peer norms.
+ *
+ * A ProofObligation is something a reviewer (human or LLM) must verify.
+ * Two sources:
+ *   1. Structural: derived from concept graph topology (no peers needed)
+ *   2. Norm-violation: derived from peer function comparison (norm-miner)
+ *
+ * Obligations are deduped: when a norm violation and a structural obligation
+ * target the same function + missing concept kind, the norm violation wins
+ * (it has stronger evidence).
+ */
+// ── Priority ────────────────────────────────────────────────────────────
+const TYPE_PRIORITY = {
+    'norm-violation': 2,
+    structural: 3,
+};
+// ── Structural obligations ──────────────────────────────────────────────
+/**
+ * Generate obligations from concept graph topology — no peer comparison needed.
+ *
+ * Rules:
+ * (A) Function has effect children but no error_handle child
+ * (B) Function is in boundary 'api' and has effect children but no guard child
+ * (C) Function has effect with subtype 'db' and no guard with subtype 'validation'
+ */
+export function obligationsFromStructure(allConcepts, fileContextMap, filePath) {
+    const obligations = [];
+    const concepts = allConcepts.get(filePath);
+    if (!concepts)
+        return obligations;
+    // Find all function declarations in this file
+    const fnNodes = concepts.nodes.filter((n) => n.kind === 'function_declaration');
+    for (const fnNode of fnNodes) {
+        const fnName = fnNode.payload.kind === 'function_declaration' ? fnNode.payload.name : 'anonymous';
+        const fnId = fnNode.id;
+        // Build the containerId that children would reference
+        // Match the getContainerId format: filePath#fn:name@offset
+        const containerPrefix = `${filePath}#fn:${fnName}@`;
+        // Find children of this function
+        const children = concepts.nodes.filter((n) => n.containerId?.startsWith(containerPrefix));
+        const effects = children.filter((n) => n.kind === 'effect');
+        const errorHandles = children.filter((n) => n.kind === 'error_handle');
+        const guards = children.filter((n) => n.kind === 'guard');
+        // (A) Function has effect children but no error_handle child
+        if (effects.length > 0 && errorHandles.length === 0) {
+            const effectSubtypes = [
+                ...new Set(effects
+                    .map((e) => (e.payload.kind === 'effect' ? e.payload.subtype : undefined))
+                    .filter((s) => s !== undefined)),
+            ];
+            obligations.push({
+                id: `struct-errh-${fnId}`,
+                type: 'structural',
+                functionId: fnId,
+                functionName: fnName,
+                missingKind: 'error_handle',
+                claim: `This function performs ${effectSubtypes.join(', ')} effects but has no error handling`,
+                priority: TYPE_PRIORITY.structural,
+                filePath,
+                line: fnNode.primarySpan.startLine,
+                evidence_for: [`Has ${effects.length} effect(s): ${effectSubtypes.join(', ')}`],
+                evidence_against: [],
+                suggested_check: 'Verify error handling is truly missing, not handled by a parent caller',
+            });
+        }
+        // (B) Function is in boundary 'api' and has effect children but no guard child
+        const fileCtx = fileContextMap?.get(filePath);
+        if (fileCtx?.boundary === 'api' && effects.length > 0 && guards.length === 0) {
+            const effectDescs = effects
+                .map((e) => (e.payload.kind === 'effect' ? e.payload.subtype : undefined))
+                .filter((s) => s !== undefined);
+            obligations.push({
+                id: `struct-guard-${fnId}`,
+                type: 'structural',
+                functionId: fnId,
+                functionName: fnName,
+                missingKind: 'guard',
+                claim: `This API handler reaches ${[...new Set(effectDescs)].join(', ')} effects without input validation`,
+                priority: TYPE_PRIORITY.structural,
+                filePath,
+                line: fnNode.primarySpan.startLine,
+                evidence_for: [`API boundary function with ${effects.length} unguarded effect(s)`],
+                evidence_against: [],
+                suggested_check: 'Check if validation is handled by middleware or a parent router',
+            });
+        }
+        // (C) Function has effect with subtype 'db' and no guard with subtype 'validation'
+        const hasDbEffect = effects.some((e) => e.payload.kind === 'effect' && e.payload.subtype === 'db');
+        const hasValidationGuard = guards.some((g) => g.payload.kind === 'guard' && g.payload.subtype === 'validation');
+        if (hasDbEffect && !hasValidationGuard) {
+            obligations.push({
+                id: `struct-dbval-${fnId}`,
+                type: 'structural',
+                functionId: fnId,
+                functionName: fnName,
+                missingKind: 'guard',
+                claim: 'DB write without input validation',
+                priority: TYPE_PRIORITY.structural,
+                filePath,
+                line: fnNode.primarySpan.startLine,
+                evidence_for: ['Has DB effect without validation guard'],
+                evidence_against: [],
+                suggested_check: 'Verify no ORM-level or middleware validation exists',
+            });
+        }
+    }
+    return obligations;
+}
+// ── Norm-based obligations ──────────────────────────────────────────────
+/**
+ * Convert norm violations into proof obligations.
+ */
+export function obligationsFromNorms(violations) {
+    return violations.map((v) => {
+        let claim = `Norm: ${v.norm} (${v.peerCount} peers, ${Math.round(v.prevalence * 100)}% prevalence)`;
+        if (v.weakNorm) {
+            claim += ' (Note: limited peer evidence — 1 matching peer)';
+        }
+        const fnName = v.functionNode.payload.kind === 'function_declaration' ? v.functionNode.payload.name : 'anonymous';
+        return {
+            id: `norm-${v.functionNode.id}-${v.missingKind}`,
+            type: 'norm-violation',
+            functionId: v.functionNode.id,
+            functionName: fnName,
+            missingKind: v.missingKind,
+            claim,
+            priority: TYPE_PRIORITY['norm-violation'],
+            filePath: v.functionNode.primarySpan.file,
+            line: v.functionNode.primarySpan.startLine,
+            evidence_for: [`${v.peerCount} peer(s) have this pattern, ${Math.round(v.prevalence * 100)}% prevalence`],
+            evidence_against: v.weakNorm ? ['Limited peer evidence — only 1 matching peer'] : [],
+            prevalence: v.prevalence,
+            suggested_check: `Verify ${v.missingKind} is truly needed here, not handled elsewhere`,
+        };
+    });
+}
+// ── Synthesize + Dedup ──────────────────────────────────────────────────
+/**
+ * Produce the final list of proof obligations for a file.
+ * Merges structural + norm obligations, deduplicating: when both sources
+ * target the same function + missing kind, the norm violation wins.
+ */
+export function synthesizeObligations(allConcepts, fileContextMap, filePath, normViolations) {
+    // Structural obligations for this file
+    const structural = obligationsFromStructure(allConcepts, fileContextMap, filePath);
+    // Norm-based obligations (already scoped to specific functions)
+    const fileNormViolations = normViolations.filter((v) => v.functionNode.primarySpan.file === filePath);
+    const normObligations = obligationsFromNorms(fileNormViolations);
+    // Dedup: norm obligations take precedence over structural for same function+missingKind
+    const normKeys = new Set(normObligations.map((o) => `${o.functionId}::${o.missingKind}`));
+    const dedupedStructural = structural.filter((o) => !normKeys.has(`${o.functionId}::${o.missingKind}`));
+    // Merge and sort by priority (lower = higher priority)
+    const all = [...normObligations, ...dedupedStructural];
+    all.sort((a, b) => a.priority - b.priority || a.line - b.line);
+    return all;
+}
+//# sourceMappingURL=obligations.js.map

package/dist/obligations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"obligations.js","sourceRoot":"","sources":["../src/obligations.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAuCH,2EAA2E;AAE3E,MAAM,aAAa,GAAmC;IACpD,gBAAgB,EAAE,CAAC;IACnB,UAAU,EAAE,CAAC;CACd,CAAC;AAEF,2EAA2E;AAE3E;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CACtC,WAAoC,EACpC,cAAoD,EACpD,QAAgB;IAEhB,MAAM,WAAW,GAAsB,EAAE,CAAC;IAC1C,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3C,IAAI,CAAC,QAAQ;QAAE,OAAO,WAAW,CAAC;IAElC,8CAA8C;IAC9C,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC;IAE7F,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC;QAClG,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC;QAEvB,sDAAsD;QACtD,2DAA2D;QAC3D,MAAM,eAAe,GAAG,GAAG,QAAQ,OAAO,MAAM,GAAG,CAAC;QAEpD,iCAAiC;QACjC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;QAEvG,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACzE,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC;QACpF,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC;QAEvE,6DAA6D;QAC7D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,cAAc,GAAG;gBACrB,GAAG,IAAI,GAAG,CACR,OAAO;qBACJ,GAAG,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;qBACtF,MAAM,CAAC,CAAC,CAAqB,EAAe,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CACnE;aACF,CAAC;YACF,WAAW,CAAC,IAAI,CAAC;gBACf,EAAE,EAAE,eAAe,IAAI,EAAE;gBACzB,IAAI,EAAE,YAAY;gBAClB,UAAU,EAAE,IAAI;gBAChB,YAAY,EAAE,MAAM;gBACpB,WAAW,EAAE,cAAc;gBAC3B,KAAK,EAAE,0BAA0B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,oCAAoC;gBAC9F,QAAQ,EAAE,aAAa,CAAC,UAAU;gBAClC,QAAQ;gBACR,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,SAAS;gBAClC,YAAY,EAAE,CAAC,OAAO,OAAO,CAAC,MAAM,eAAe,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/E,gBAAgB,EAAE,EAAE;gBACpB,eAAe,EAAE,wEAAwE;aAC1F,CAAC,CAAC;QACL,CAAC;QAED,+EAA+E;QAC/E,MAAM,OAAO,GAAG,cAAc,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,QAAQ,KAAK,KAAK,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7E,MAAM,WAAW,GAAG,OAAO;iBACxB,GAAG,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;iBACtF,MAAM,CAAC,CAAC,CAAqB,EAAe,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;YACnE,WAAW,CAAC,IAAI,CAAC;gBACf,EAAE,EAAE,gBAAgB,IAAI,EAAE;gBAC1B,IAAI,EAAE,YAAY;gBAClB,UAAU,EAAE,IAAI;gBAChB,YAAY,EAAE,MAAM;gBACpB,WAAW,EAAE,OAAO;gBACpB,KAAK,EAAE,4BAA4B,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,mCAAmC;gBAC1G,QAAQ,EAAE,aAAa,CAAC,UAAU;gBAClC,QAAQ;gBACR,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,SAAS;gBAClC,YAAY,EAAE,CAAC,8BAA8B,OAAO,CAAC,MAAM,sBAAsB,CAAC;gBAClF,gBAAgB,EAAE,EAAE;gBACpB,eAAe,EAAE,iEAAiE;aACnF,CAAC,CAAC;QACL,CAAC;QAED,mFAAmF;QACnF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,KAAK,IAAI,CAAC,CAAC;QAChH,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CACpC,CAAC,CAAc,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,KAAK,YAAY,CACrF,CAAC;QACF,IAAI,WAAW,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACvC,WAAW,CAAC,IAAI,CAAC;gBACf,EAAE,EAAE,gBAAgB,IAAI,EAAE;gBAC1B,IAAI,EAAE,YAAY;gBAClB,UAAU,EAAE,IAAI;gBAChB,YAAY,EAAE,MAAM;gBACpB,WAAW,EAAE,OAAO;gBACpB,KAAK,EAAE,mCAAmC;gBAC1C,QAAQ,EAAE,aAAa,CAAC,UAAU;gBAClC,QAAQ;gBACR,IAAI,EAAE,MAAM,CAAC,WAAW,CAAC,SAAS;gBAClC,YAAY,EAAE,CAAC,wCAAwC,CAAC;gBACxD,gBAAgB,EAAE,EAAE;gBACpB,eAAe,EAAE,qDAAqD;aACvE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,2EAA2E;AAE3E;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAA2B;IAC9D,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC1B,IAAI,KAAK,GAAG,SAAS,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,SAAS,WAAW,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,eAAe,CAAC;QACpG,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YACf,KAAK,IAAI,kDAAkD,CAAC;QAC9D,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC;QAClH,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC,WAAW,EAAE;YAChD,IAAI,EAAE,gBAAyB;YAC/B,UAAU,EAAE,CAAC,CAAC,YAAY,CAAC,EAAE;YAC7B,YAAY,EAAE,MAAM;YACpB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,KAAK;YACL,QAAQ,EAAE,aAAa,CAAC,gBAAgB,CAAC;YACzC,QAAQ,EAAE,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI;YACzC,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC,SAAS;YAC1C,YAAY,EAAE,CAAC,GAAG,CAAC,CAAC,SAAS,+BAA+B,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,cAAc,CAAC;YACzG,gBAAgB,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,8CAA8C,CAAC,CAAC,CAAC,CAAC,EAAE;YACpF,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,eAAe,EAAE,UAAU,CAAC,CAAC,WAAW,8CAA8C;SACvF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2EAA2E;AAE3E;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,WAAoC,EACpC,cAAoD,EACpD,QAAgB,EAChB,cAA+B;IAE/B,uCAAuC;IACvC,MAAM,UAAU,GAAG,wBAAwB,CAAC,WAAW,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;IAEnF,gEAAgE;IAChE,MAAM,kBAAkB,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;IACtG,MAAM,eAAe,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IAEjE,wFAAwF;IACxF,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAC1F,MAAM,iBAAiB,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IAEvG,uDAAuD;IACvD,MAAM,GAAG,GAAG,CAAC,GAAG,eAAe,EAAE,GAAG,iBAAiB,CAAC,CAAC;IACvD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;IAE/D,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/quality-rules.d.ts

@@ -3,10 +3,10 @@
  *
  * v2: Thin orchestrator. Actual rules live in ./rules/*.ts
  */
-import type { SourceFile } from 'ts-morph';
-import type { InferResult, TemplateMatch, ReviewConfig, ReviewFinding, FileRole } from './types.js';
+import type { Project, SourceFile } from 'ts-morph';
+import type { FileRole, InferResult, ReviewConfig, ReviewFinding, TemplateMatch } from './types.js';
 /**
  * Run all active quality rules against a source file.
  * Returns unified ReviewFinding[] (sorting is done by caller via sortAndDedup).
  */
-export declare function runQualityRules(sourceFile: SourceFile, inferred: InferResult[], templateMatches: TemplateMatch[], config?: ReviewConfig, fileRole?: FileRole): ReviewFinding[];
+export declare function runQualityRules(sourceFile: SourceFile, inferred: InferResult[], templateMatches: TemplateMatch[], config?: ReviewConfig, fileRole?: FileRole, project?: Project): ReviewFinding[];

package/dist/quality-rules.js

@@ -8,12 +8,14 @@ import { getActiveRules } from './rules/index.js';
  * Run all active quality rules against a source file.
  * Returns unified ReviewFinding[] (sorting is done by caller via sortAndDedup).
  */
-export function runQualityRules(sourceFile, inferred, templateMatches, config, fileRole = 'runtime') {
+export function runQualityRules(sourceFile, inferred, templateMatches, config, fileRole = 'runtime', project) {
     const filePath = sourceFile.getFilePath() || 'input.ts';
     const rules = getActiveRules(config?.target);
+    // Resolve file context from import graph (if available)
+    const fileContext = config?.fileContextMap?.get(filePath);
     const findings = [];
     for (const rule of rules) {
-        findings.push(...rule({ sourceFile, inferred, templateMatches, config, filePath, fileRole }));
+        findings.push(...rule({ sourceFile, project, inferred, templateMatches, config, filePath, fileRole, fileContext }));
     }
     return findings;
 }

package/dist/quality-rules.js.map

@@ -1 +1 @@
-{"version":3,"file":"quality-rules.js","sourceRoot":"","sources":["../src/quality-rules.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,UAAsB,EACtB,QAAuB,EACvB,eAAgC,EAChC,MAAqB,EACrB,WAAqB,SAAS;IAE9B,MAAM,QAAQ,GAAG,UAAU,CAAC,WAAW,EAAE,IAAI,UAAU,CAAC;IACxD,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7C,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IAChG,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"quality-rules.js","sourceRoot":"","sources":["../src/quality-rules.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAGlD;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,UAAsB,EACtB,QAAuB,EACvB,eAAgC,EAChC,MAAqB,EACrB,WAAqB,SAAS,EAC9B,OAAiB;IAEjB,MAAM,QAAQ,GAAG,UAAU,CAAC,WAAW,EAAE,IAAI,UAAU,CAAC;IACxD,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE7C,wDAAwD;IACxD,MAAM,WAAW,GAAG,MAAM,EAAE,cAAc,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;IAE1D,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;IACtH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/reporter.d.ts

@@ -4,8 +4,13 @@
  * v2: Unified multi-source report with source tags [kern] [eslint] [tsc] [llm].
  *     Dedup across sources. Fingerprint-based cross-run stability.
  */
-import type { ReviewReport, ReviewStats, ReviewFinding, InferResult, TemplateMatch, EnforceResult, ReviewConfig } from './types.js';
-export declare function calculateStats(inferred: InferResult[], templateMatches: TemplateMatch[], findings: ReviewFinding[], totalLines: number): ReviewStats;
+import type { EnforceResult, InferResult, ReviewConfig, ReviewFinding, ReviewReport, ReviewStats, TemplateMatch } from './types.js';
+/**
+ * Assign calibrated confidence scores to findings that don't already have one.
+ * Call after all phases, before filtering/display.
+ */
+export declare function assignDefaultConfidence(findings: ReviewFinding[]): void;
+export declare function calculateStats(inferred: InferResult[], templateMatches: TemplateMatch[], _findings: ReviewFinding[], totalLines: number): ReviewStats;
 /**
  * Deduplicate findings using fingerprint + message hash.
  * Fingerprint alone can collide when a rule emits multiple findings at the same location