@kernlang/review 3.4.3-canary.7.1.88c06dcc → 3.4.3

package/dist/concept-rules/error-contract-drift.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Rule: error-contract-drift
+ *
+ * Cross-stack rule — fires when a server route declares a literal HTTP error
+ * status that the matched frontend call-site does not branch on, AND the
+ * call-site already branches on at least one OTHER status this route emits
+ * (proving the dispatch is endpoint-specific, not incidental).
+ *
+ * Phase 2 of the error-contract work. Phase 1 (#208) shipped the client-side
+ * `handledErrorStatusCodes` extraction; this rule consumes it.
+ *
+ * The 0.9 evidence gate (campfire 2026-05-04 — Codex/Gemini/OpenCode unanimous):
+ *   - Path + method match (one server route, exact verb).
+ *   - Server `errorStatusCodes` is non-empty after the semantic-only filter.
+ *   - Client `handledErrorStatusCodes` is non-empty (call-site has explicit
+ *     literal-status dispatch — not generic `catch` or `response.ok` only).
+ *   - Client already branches on at least ONE pre-existing server status for
+ *     this endpoint. Without this overlap the rule would fire on every legacy
+ *     mismatch where the client's specific status check happens to be unrelated
+ *     to the server's set.
+ *
+ * Excluded statuses (v1):
+ *   - 500 / 502 / 503 — server emits these via `next(err)` and unresolved
+ *     `throw`, which are not stable client contracts. Codex called this out
+ *     explicitly: "I would explicitly exclude inferred 500s from v1, because
+ *     generic `throw` / `next(err)` is not a stable client contract."
+ *   - Anything outside the 4xx/429 range. Phase-3 work will surface these
+ *     once we have an `errorStatusCodesResolved` completeness bit on the server.
+ *
+ * Confidence: `CROSS_STACK_EXACT_CONFIDENCE` (0.9). The rule's static gates
+ * already approximate this; kern-guard's `isNew` ratchet handles "did this
+ * mismatch just appear in the PR diff" suppression.
+ */
+import type { ReviewFinding } from '../types.js';
+import type { ConceptRuleContext } from './index.js';
+export declare function errorContractDrift(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/error-contract-drift.js

@@ -0,0 +1,127 @@
+/**
+ * Rule: error-contract-drift
+ *
+ * Cross-stack rule — fires when a server route declares a literal HTTP error
+ * status that the matched frontend call-site does not branch on, AND the
+ * call-site already branches on at least one OTHER status this route emits
+ * (proving the dispatch is endpoint-specific, not incidental).
+ *
+ * Phase 2 of the error-contract work. Phase 1 (#208) shipped the client-side
+ * `handledErrorStatusCodes` extraction; this rule consumes it.
+ *
+ * The 0.9 evidence gate (campfire 2026-05-04 — Codex/Gemini/OpenCode unanimous):
+ *   - Path + method match (one server route, exact verb).
+ *   - Server `errorStatusCodes` is non-empty after the semantic-only filter.
+ *   - Client `handledErrorStatusCodes` is non-empty (call-site has explicit
+ *     literal-status dispatch — not generic `catch` or `response.ok` only).
+ *   - Client already branches on at least ONE pre-existing server status for
+ *     this endpoint. Without this overlap the rule would fire on every legacy
+ *     mismatch where the client's specific status check happens to be unrelated
+ *     to the server's set.
+ *
+ * Excluded statuses (v1):
+ *   - 500 / 502 / 503 — server emits these via `next(err)` and unresolved
+ *     `throw`, which are not stable client contracts. Codex called this out
+ *     explicitly: "I would explicitly exclude inferred 500s from v1, because
+ *     generic `throw` / `next(err)` is not a stable client contract."
+ *   - Anything outside the 4xx/429 range. Phase-3 work will surface these
+ *     once we have an `errorStatusCodesResolved` completeness bit on the server.
+ *
+ * Confidence: `CROSS_STACK_EXACT_CONFIDENCE` (0.9). The rule's static gates
+ * already approximate this; kern-guard's `isNew` ratchet handles "did this
+ * mismatch just appear in the PR diff" suppression.
+ */
+import { createFingerprint } from '../types.js';
+import { API_PATH_RE, CROSS_STACK_EXACT_CONFIDENCE, collectRoutesAcrossGraph, findHighConfidenceRouteForMethod, normalizeClientUrl, } from './cross-stack-utils.js';
+import { apiCallRootCause } from './root-cause.js';
+// Codex/Gemini/OpenCode all converged on this set as the "stable" semantic
+// statuses where a server contract change is meaningful for the client. 429
+// is included because real audiofacets/web-viewer code branches on it (phase-1
+// probe found 429×1) and rate-limit handling is a legitimate UX concern.
+const SEMANTIC_ERROR_STATUSES = new Set([401, 403, 404, 409, 422, 429]);
+export function errorContractDrift(ctx) {
+    if (!ctx.allConcepts || ctx.allConcepts.size === 0)
+        return [];
+    const serverRoutes = collectRoutesAcrossGraph(ctx.allConcepts);
+    if (serverRoutes.length === 0)
+        return [];
+    const clientCalls = collectExplicitDispatchCalls(ctx);
+    if (clientCalls.length === 0)
+        return [];
+    const findings = [];
+    for (const call of clientCalls) {
+        if (call.node.primarySpan.file !== ctx.filePath)
+            continue;
+        const route = findHighConfidenceRouteForMethod(call.normalizedPath, call.method, serverRoutes);
+        if (!route?.node)
+            continue;
+        if (route.node.payload.kind !== 'entrypoint')
+            continue;
+        const serverCodes = route.node.payload.errorStatusCodes;
+        if (!serverCodes || serverCodes.length === 0)
+            continue;
+        const semanticServer = serverCodes.filter((c) => SEMANTIC_ERROR_STATUSES.has(c));
+        if (semanticServer.length === 0)
+            continue;
+        const handledSet = new Set(call.handled);
+        // The strongest 0.9 gate from the buddy round: client must already
+        // branch on at least ONE server status for this endpoint. Without
+        // this, a client that handles 401 globally (auth interceptor) but
+        // never anything endpoint-specific would fire on every route the
+        // server adds a 404 to. The overlap proves the dispatch is wired
+        // to THIS endpoint's contract.
+        const overlap = semanticServer.filter((c) => handledSet.has(c));
+        if (overlap.length === 0)
+            continue;
+        const unhandled = semanticServer.filter((c) => !handledSet.has(c));
+        if (unhandled.length === 0)
+            continue;
+        const codeList = unhandled.join(', ');
+        const handledList = call.handled.filter((c) => SEMANTIC_ERROR_STATUSES.has(c)).join(', ');
+        findings.push({
+            source: 'kern',
+            ruleId: 'error-contract-drift',
+            severity: 'warning',
+            category: 'bug',
+            message: `Server route \`${call.method} ${route.path}\` emits status${unhandled.length === 1 ? '' : 'es'} ` +
+                `[${codeList}] but this client call-site only branches on [${handledList}]. ` +
+                `Add an explicit \`response.status === ${unhandled[0]}\` (or \`case ${unhandled[0]}:\`) branch, or ` +
+                `confirm the generic fallback handles ${unhandled.length === 1 ? 'it' : 'them'} the same way as ${handledList}.`,
+            primarySpan: call.node.primarySpan,
+            fingerprint: createFingerprint('error-contract-drift', call.node.primarySpan.startLine, call.node.primarySpan.startCol),
+            confidence: call.node.confidence * CROSS_STACK_EXACT_CONFIDENCE,
+            rootCause: apiCallRootCause(call.node, call.normalizedPath, call.method, route.node),
+        });
+    }
+    return findings;
+}
+function collectExplicitDispatchCalls(ctx) {
+    const calls = [];
+    if (!ctx.allConcepts)
+        return calls;
+    for (const [, conceptMap] of ctx.allConcepts) {
+        for (const node of conceptMap.nodes) {
+            if (node.kind !== 'effect')
+                continue;
+            if (node.payload.kind !== 'effect')
+                continue;
+            if (node.payload.subtype !== 'network')
+                continue;
+            const target = node.payload.target;
+            const method = node.payload.method;
+            const handled = node.payload.handledErrorStatusCodes;
+            if (typeof target !== 'string')
+                continue;
+            if (typeof method !== 'string')
+                continue;
+            if (!handled || handled.length === 0)
+                continue;
+            const normalized = normalizeClientUrl(target);
+            if (!normalized || !API_PATH_RE.test(normalized))
+                continue;
+            calls.push({ target, normalizedPath: normalized, method, handled, node });
+        }
+    }
+    return calls;
+}
+//# sourceMappingURL=error-contract-drift.js.map

package/dist/concept-rules/error-contract-drift.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-contract-drift.js","sourceRoot":"","sources":["../../src/concept-rules/error-contract-drift.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EACL,WAAW,EACX,4BAA4B,EAC5B,wBAAwB,EACxB,gCAAgC,EAChC,kBAAkB,GACnB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAUnD,2EAA2E;AAC3E,4EAA4E;AAC5E,+EAA+E;AAC/E,yEAAyE;AACzE,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAExE,MAAM,UAAU,kBAAkB,CAAC,GAAuB;IACxD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,MAAM,YAAY,GAAG,wBAAwB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEzC,MAAM,WAAW,GAAG,4BAA4B,CAAC,GAAG,CAAC,CAAC;IACtD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAExC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ;YAAE,SAAS;QAE1D,MAAM,KAAK,GAAG,gCAAgC,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAC/F,IAAI,CAAC,KAAK,EAAE,IAAI;YAAE,SAAS;QAC3B,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;YAAE,SAAS;QACvD,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACxD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEvD,MAAM,cAAc,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjF,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAE1C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzC,mEAAmE;QACnE,kEAAkE;QAClE,kEAAkE;QAClE,iEAAiE;QACjE,iEAAiE;QACjE,+BAA+B;QAC/B,MAAM,OAAO,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAChE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAEnC,MAAM,SAAS,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACnE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAErC,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1F,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,sBAAsB;YAC9B,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,KAAK;YACf,OAAO,EACL,kBAAkB,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,kBAAkB,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG;gBAClG,IAAI,QAAQ,iDAAiD,WAAW,KAAK;gBAC7E,yCAAyC,SAAS,CAAC,CAAC,CAAC,iBAAiB,SAAS,CAAC,CAAC,CAAC,kBAAkB;gBACpG,wCAAwC,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,oBAAoB,WAAW,GAAG;YAClH,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;YAClC,WAAW,EAAE,iBAAiB,CAC5B,sBAAsB,EACtB,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,EAC/B,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAC/B;YACD,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,4BAA4B;YAC/D,SAAS,EAAE,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC;SACrF,CAAC,CAAC;IACL,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,4BAA4B,CAAC,GAAuB;IAC3D,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,IAAI,CAAC,GAAG,CAAC,WAAW;QAAE,OAAO,KAAK,CAAC;IACnC,KAAK,MAAM,CAAC,EAAE,UAAU,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YACrC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YAC7C,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;gBAAE,SAAS;YACjD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,uBAAuB,CAAC;YACrD,IAAI,OAAO,MAAM,KAAK,QAAQ;gBAAE,SAAS;YACzC,IAAI,OAAO,MAAM,KAAK,QAAQ;gBAAE,SAAS;YACzC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAC/C,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAC9C,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;gBAAE,SAAS;YAC3D,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/concept-rules/index.js

@@ -12,8 +12,10 @@ import { boundaryMutation } from './boundary-mutation.js';
 import { contractDrift } from './contract-drift.js';
 import { contractMethodDrift } from './contract-method-drift.js';
 import { duplicateRoute } from './duplicate-route.js';
+import { errorContractDrift } from './error-contract-drift.js';
 import { ignoredError } from './ignored-error.js';
 import { missingResponseModel } from './missing-response-model.js';
+import { mixedHostSameEndpoint } from './mixed-host-same-endpoint.js';
 import { mutationWithoutIdempotency } from './mutation-without-idempotency.js';
 import { orphanRoute } from './orphan-route.js';
 import { paramNameSwap } from './param-name-swap.js';
@@ -34,8 +36,10 @@ export const conceptRules = [
     contractDrift,
     contractMethodDrift,
     duplicateRoute,
+    errorContractDrift,
     ignoredError,
     missingResponseModel,
+    mixedHostSameEndpoint,
     mutationWithoutIdempotency,
     orphanRoute,
     paramNameSwap,

package/dist/concept-rules/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/concept-rules/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAe1E,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,SAAS;IACT,oBAAoB;IACpB,cAAc;IACd,gBAAgB;IAChB,aAAa;IACb,mBAAmB;IACnB,cAAc;IACd,YAAY;IACZ,oBAAoB;IACpB,0BAA0B;IAC1B,WAAW;IACX,aAAa;IACb,sBAAsB;IACtB,iBAAiB;IACjB,iBAAiB;IACjB,wBAAwB;IACxB,eAAe;IACf,sBAAsB;IACtB,iBAAiB;IACjB,kBAAkB;IAClB,uBAAuB;CACxB,CAAC;AAEF,MAAM,UAAU,eAAe,CAC7B,QAAoB,EACpB,QAAgB,EAChB,WAAqC,EACrC,YAAoC,EACpC,MAA6C;IAE7C,MAAM,GAAG,GAAuB;QAC9B,QAAQ;QACR,QAAQ;QACR,WAAW;QACX,YAAY;QACZ,cAAc,EAAE,MAAM,EAAE,cAAc;KACvC,CAAC;IACF,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/concept-rules/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAe1E,MAAM,CAAC,MAAM,YAAY,GAAkB;IACzC,SAAS;IACT,oBAAoB;IACpB,cAAc;IACd,gBAAgB;IAChB,aAAa;IACb,mBAAmB;IACnB,cAAc;IACd,kBAAkB;IAClB,YAAY;IACZ,oBAAoB;IACpB,qBAAqB;IACrB,0BAA0B;IAC1B,WAAW;IACX,aAAa;IACb,sBAAsB;IACtB,iBAAiB;IACjB,iBAAiB;IACjB,wBAAwB;IACxB,eAAe;IACf,sBAAsB;IACtB,iBAAiB;IACjB,kBAAkB;IAClB,uBAAuB;CACxB,CAAC;AAEF,MAAM,UAAU,eAAe,CAC7B,QAAoB,EACpB,QAAgB,EAChB,WAAqC,EACrC,YAAoC,EACpC,MAA6C;IAE7C,MAAM,GAAG,GAAuB;QAC9B,QAAQ;QACR,QAAQ;QACR,WAAW;QACX,YAAY;QACZ,cAAc,EAAE,MAAM,EAAE,cAAc;KACvC,CAAC;IACF,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC"}

package/dist/concept-rules/mixed-host-same-endpoint.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Rule: mixed-host-same-endpoint
+ *
+ * Cross-file rule (single source — runs against the reviewed repo, no
+ * cross-stack partner needed). Fires when the same `(method, path)` is
+ * fetched against two or more *different* non-dev hosts in the codebase.
+ *
+ * Concrete example:
+ *
+ *   // src/lib/users.ts
+ *   await fetch(`https://api.example.com/api/users/${id}`);
+ *
+ *   // src/admin/legacy.ts
+ *   await fetch(`https://beta-api.example.com/api/users/${id}`);
+ *
+ * Same path+method, different production hosts. Almost always a stale
+ * base-URL — someone copy-pasted across a host migration or hardcoded
+ * the old URL. The rule fires on every call-site that participates in
+ * the divergence and lives in the file currently under review.
+ *
+ * This rule is built on top of the +41pp `host` data unlocked by
+ * phase-1.5 (env-fallback const resolution). Without populated `host`,
+ * the rule has nothing to compare and stays silent.
+ *
+ * FP gates:
+ *   - Both/all hosts must be populated and absolute (relative URLs are
+ *     intentionally same-origin; can't be inconsistent).
+ *   - Dev-shaped hosts (localhost, 127.0.0.1, 0.0.0.0, *.local, *.test,
+ *     and explicit ports on loopback) are skipped — `localhost` vs
+ *     `api.prod.com` is normal env-aware code, not a bug.
+ *   - Path must look internal (`/api/…`) so that random third-party SDK
+ *     calls don't produce noise.
+ *   - At least 2 different non-dev hosts must agree on path + method.
+ *     Doesn't fire on single-call endpoints.
+ *
+ * Confidence: CROSS_STACK_HEURISTIC_CONFIDENCE (0.7). The match is
+ * structural (same path + method, different host) but the intent
+ * (migration vs intentional cross-region routing) needs human review.
+ */
+import type { ReviewFinding } from '../types.js';
+import type { ConceptRuleContext } from './index.js';
+export declare function mixedHostSameEndpoint(ctx: ConceptRuleContext): ReviewFinding[];

package/dist/concept-rules/mixed-host-same-endpoint.js

@@ -0,0 +1,117 @@
+/**
+ * Rule: mixed-host-same-endpoint
+ *
+ * Cross-file rule (single source — runs against the reviewed repo, no
+ * cross-stack partner needed). Fires when the same `(method, path)` is
+ * fetched against two or more *different* non-dev hosts in the codebase.
+ *
+ * Concrete example:
+ *
+ *   // src/lib/users.ts
+ *   await fetch(`https://api.example.com/api/users/${id}`);
+ *
+ *   // src/admin/legacy.ts
+ *   await fetch(`https://beta-api.example.com/api/users/${id}`);
+ *
+ * Same path+method, different production hosts. Almost always a stale
+ * base-URL — someone copy-pasted across a host migration or hardcoded
+ * the old URL. The rule fires on every call-site that participates in
+ * the divergence and lives in the file currently under review.
+ *
+ * This rule is built on top of the +41pp `host` data unlocked by
+ * phase-1.5 (env-fallback const resolution). Without populated `host`,
+ * the rule has nothing to compare and stays silent.
+ *
+ * FP gates:
+ *   - Both/all hosts must be populated and absolute (relative URLs are
+ *     intentionally same-origin; can't be inconsistent).
+ *   - Dev-shaped hosts (localhost, 127.0.0.1, 0.0.0.0, *.local, *.test,
+ *     and explicit ports on loopback) are skipped — `localhost` vs
+ *     `api.prod.com` is normal env-aware code, not a bug.
+ *   - Path must look internal (`/api/…`) so that random third-party SDK
+ *     calls don't produce noise.
+ *   - At least 2 different non-dev hosts must agree on path + method.
+ *     Doesn't fire on single-call endpoints.
+ *
+ * Confidence: CROSS_STACK_HEURISTIC_CONFIDENCE (0.7). The match is
+ * structural (same path + method, different host) but the intent
+ * (migration vs intentional cross-region routing) needs human review.
+ */
+import { createFingerprint } from '../types.js';
+import { API_PATH_RE, CROSS_STACK_HEURISTIC_CONFIDENCE, normalizeClientUrl } from './cross-stack-utils.js';
+import { apiCallRootCause } from './root-cause.js';
+// Hosts we exclude from the divergence check. These are normal in
+// dev/test code and not signs of a stale base URL.
+const DEV_HOST_RE = /^(localhost|127\.0\.0\.1|0\.0\.0\.0|host\.docker\.internal)(:\d+)?$/i;
+const DEV_TLD_RE = /\.(local|test|localhost)(:\d+)?$/i;
+function isDevHost(host) {
+    return DEV_HOST_RE.test(host) || DEV_TLD_RE.test(host);
+}
+export function mixedHostSameEndpoint(ctx) {
+    if (!ctx.allConcepts || ctx.allConcepts.size === 0)
+        return [];
+    // Group every populated-host network call by `<METHOD> <path>`.
+    const byEndpoint = new Map();
+    for (const [, conceptMap] of ctx.allConcepts) {
+        for (const node of conceptMap.nodes) {
+            if (node.kind !== 'effect')
+                continue;
+            if (node.payload.kind !== 'effect')
+                continue;
+            if (node.payload.subtype !== 'network')
+                continue;
+            const host = node.payload.host;
+            if (!host)
+                continue;
+            if (isDevHost(host))
+                continue;
+            const method = node.payload.method;
+            if (!method)
+                continue;
+            const target = node.payload.target;
+            if (!target)
+                continue;
+            const path = normalizeClientUrl(target);
+            if (!path)
+                continue;
+            if (!API_PATH_RE.test(path))
+                continue;
+            const key = `${method.toUpperCase()} ${path}`;
+            const arr = byEndpoint.get(key);
+            if (arr)
+                arr.push({ node, host, method, path });
+            else
+                byEndpoint.set(key, [{ node, host, method, path }]);
+        }
+    }
+    const findings = [];
+    for (const [endpoint, calls] of byEndpoint) {
+        const distinctHosts = new Set(calls.map((c) => c.host));
+        if (distinctHosts.size < 2)
+            continue;
+        // Fire on the calls that live in the file currently being reviewed.
+        // A repo-wide rule still routes findings through the per-file context.
+        for (const call of calls) {
+            if (call.node.primarySpan.file !== ctx.filePath)
+                continue;
+            const otherHosts = [...distinctHosts].filter((h) => h !== call.host).sort();
+            const allHosts = [...distinctHosts].sort();
+            findings.push({
+                source: 'kern',
+                ruleId: 'mixed-host-same-endpoint',
+                severity: 'warning',
+                category: 'bug',
+                message: `\`${endpoint}\` is fetched against multiple hosts in this codebase: [${allHosts.join(', ')}]. ` +
+                    `This call uses \`${call.host}\`; ${otherHosts.length === 1 ? 'another call uses' : 'other calls use'} ` +
+                    `\`${otherHosts.join(', ')}\`. ` +
+                    `Likely a stale base URL — confirm both hosts are intentional or unify them behind a single config const.`,
+                primarySpan: call.node.primarySpan,
+                fingerprint: createFingerprint('mixed-host-same-endpoint', call.node.primarySpan.startLine, call.node.primarySpan.startCol),
+                confidence: call.node.confidence * CROSS_STACK_HEURISTIC_CONFIDENCE,
+                rootCause: apiCallRootCause(call.node, call.path, call.method),
+            });
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=mixed-host-same-endpoint.js.map

package/dist/concept-rules/mixed-host-same-endpoint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mixed-host-same-endpoint.js","sourceRoot":"","sources":["../../src/concept-rules/mixed-host-same-endpoint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAIH,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,gCAAgC,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE3G,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAEnD,kEAAkE;AAClE,mDAAmD;AACnD,MAAM,WAAW,GAAG,sEAAsE,CAAC;AAC3F,MAAM,UAAU,GAAG,mCAAmC,CAAC;AASvD,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,GAAuB;IAC3D,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAE9D,gEAAgE;IAChE,MAAM,UAAU,GAAG,IAAI,GAAG,EAAsB,CAAC;IACjD,KAAK,MAAM,CAAC,EAAE,UAAU,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;QAC7C,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YACrC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,QAAQ;gBAAE,SAAS;YAC7C,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS;gBAAE,SAAS;YACjD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;YAC/B,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,IAAI,SAAS,CAAC,IAAI,CAAC;gBAAE,SAAS;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;YACnC,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,MAAM,IAAI,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACxC,IAAI,CAAC,IAAI;gBAAE,SAAS;YACpB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEtC,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC;YAC9C,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,GAAG;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;;gBAC3C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACxD,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC;YAAE,SAAS;QAErC,oEAAoE;QACpE,uEAAuE;QACvE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,GAAG,CAAC,QAAQ;gBAAE,SAAS;YAC1D,MAAM,UAAU,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5E,MAAM,QAAQ,GAAG,CAAC,GAAG,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC;gBACZ,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,0BAA0B;gBAClC,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,KAAK;gBACf,OAAO,EACL,KAAK,QAAQ,2DAA2D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;oBAChG,oBAAoB,IAAI,CAAC,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,iBAAiB,GAAG;oBACxG,KAAK,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM;oBAChC,0GAA0G;gBAC5G,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;gBAClC,WAAW,EAAE,iBAAiB,CAC5B,0BAA0B,EAC1B,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,EAC/B,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAC/B;gBACD,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,gCAAgC;gBACnE,SAAS,EAAE,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC;aAC/D,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}