@neurcode-ai/cli 0.9.49 → 0.9.59

package/dist/patch-engine/generator.d.ts

@@ -0,0 +1,13 @@
+import { type PatternKind } from './patterns';
+export type PatchInput = {
+    filePath: string;
+    issue: string;
+    policy: string;
+    fileContent: string;
+    patternKind: PatternKind;
+};
+export type PatchResult = {
+    updatedContent: string;
+} | null;
+export declare function generatePatch(input: PatchInput): PatchResult;
+//# sourceMappingURL=generator.d.ts.map

package/dist/patch-engine/generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../../src/patch-engine/generator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAE7D,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,WAAW,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,cAAc,EAAE,MAAM,CAAC;CACxB,GAAG,IAAI,CAAC;AAgCT,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,WAAW,CAqB5D"}

package/dist/patch-engine/generator.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generatePatch = generatePatch;
+const patterns_1 = require("./patterns");
+function leadingWhitespace(line) {
+    return line.match(/^(\s*)/)?.[1] ?? '';
+}
+// Replace the matched DB call line with a service-layer redirect comment.
+function applyDbAccessFix(lines, lineIndex) {
+    const indent = leadingWhitespace(lines[lineIndex]);
+    const updated = [...lines];
+    updated[lineIndex] = `${indent}// [NEURCODE] Move to service layer — replace direct DB call with a service method`;
+    return updated;
+}
+// Insert a validation reminder line immediately before the req.body/params/query access.
+function applyValidationFix(lines, lineIndex) {
+    const indent = leadingWhitespace(lines[lineIndex]);
+    const comment = `${indent}// [NEURCODE] Add validation — e.g. const { error } = schema.validate(req.body); ` +
+        `if (error) return res.status(400).json({ error: error.message });`;
+    const updated = [...lines];
+    updated.splice(lineIndex, 0, comment);
+    return updated;
+}
+// Remove the TODO/FIXME comment line entirely.
+function applyTodoRemoval(lines, lineIndex) {
+    const updated = [...lines];
+    updated.splice(lineIndex, 1);
+    return updated;
+}
+function generatePatch(input) {
+    const lines = input.fileContent.split('\n');
+    const lineIndex = (0, patterns_1.detectPattern)(input.fileContent, input.patternKind);
+    if (lineIndex === null)
+        return null;
+    let updatedLines;
+    switch (input.patternKind) {
+        case 'db_in_ui':
+            updatedLines = applyDbAccessFix(lines, lineIndex);
+            break;
+        case 'missing_validation':
+            updatedLines = applyValidationFix(lines, lineIndex);
+            break;
+        case 'todo_fixme':
+            updatedLines = applyTodoRemoval(lines, lineIndex);
+            break;
+        default:
+            return null;
+    }
+    return { updatedContent: updatedLines.join('\n') };
+}
+//# sourceMappingURL=generator.js.map

package/dist/patch-engine/generator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generator.js","sourceRoot":"","sources":["../../src/patch-engine/generator.ts"],"names":[],"mappings":";;AA4CA,sCAqBC;AAjED,yCAA6D;AAc7D,SAAS,iBAAiB,CAAC,IAAY;IACrC,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AACzC,CAAC;AAED,0EAA0E;AAC1E,SAAS,gBAAgB,CAAC,KAAe,EAAE,SAAiB;IAC1D,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IAC3B,OAAO,CAAC,SAAS,CAAC,GAAG,GAAG,MAAM,oFAAoF,CAAC;IACnH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,yFAAyF;AACzF,SAAS,kBAAkB,CAAC,KAAe,EAAE,SAAiB;IAC5D,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;IACnD,MAAM,OAAO,GACX,GAAG,MAAM,mFAAmF;QAC5F,mEAAmE,CAAC;IACtE,MAAM,OAAO,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;IACtC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+CAA+C;AAC/C,SAAS,gBAAgB,CAAC,KAAe,EAAE,SAAiB;IAC1D,MAAM,OAAO,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAC7B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAgB,aAAa,CAAC,KAAiB;IAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAA,wBAAa,EAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IACtE,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAEpC,IAAI,YAAsB,CAAC;IAC3B,QAAQ,KAAK,CAAC,WAAW,EAAE,CAAC;QAC1B,KAAK,UAAU;YACb,YAAY,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAClD,MAAM;QACR,KAAK,oBAAoB;YACvB,YAAY,GAAG,kBAAkB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YACpD,MAAM;QACR,KAAK,YAAY;YACf,YAAY,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAClD,MAAM;QACR;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;AACrD,CAAC"}

package/dist/patch-engine/index.d.ts

@@ -0,0 +1,47 @@
+import { type PatternKind } from './patterns';
+export type { PatternKind };
+export type PatchConfidence = 'high' | 'medium' | 'low';
+export type SuggestionPatch = {
+    file: string;
+    diff: string;
+    patchConfidence: PatchConfidence;
+};
+/**
+ * Apply a unified diff (as produced by generateUnifiedDiff) to fileContent.
+ *
+ * Parses the single-hunk diff format, verifies every context and removal line
+ * matches the current file, then reconstructs the updated content.
+ *
+ * Returns null when:
+ *  - no hunk header found
+ *  - a context or removal line does not match current file content (file changed)
+ */
+export declare function applyUnifiedDiff(fileContent: string, diff: string): string | null;
+/**
+ * Detect the first matching patchable pattern in fileContent and return the
+ * updated content. Tries patterns in priority order: db_in_ui → missing_validation
+ * → todo_fixme. Validates safety before returning.
+ *
+ * Used by `neurcode patch --file` to apply a patch without needing suggestion metadata.
+ */
+export declare function applyFirstMatchingPatch(filePath: string, fileContent: string): {
+    updatedContent: string;
+    patternKind: PatternKind;
+    patchConfidence: PatchConfidence;
+} | null;
+/**
+ * Given a fix suggestion and the current content of suggestion.file,
+ * attempts to generate a deterministic, safety-validated code patch.
+ *
+ * Returns null when:
+ *  - the violation type has no patchable pattern
+ *  - the pattern is not found in the file content
+ *  - the generated patch produces no diff
+ *  - the patch fails the safety gate (isPatchSafe)
+ */
+export declare function generatePatchForSuggestion(suggestion: {
+    file: string;
+    issue: string;
+    policy: string;
+}, fileContent: string): SuggestionPatch | null;
+//# sourceMappingURL=index.d.ts.map

package/dist/patch-engine/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/patch-engine/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,YAAY,CAAC;AAIjE,YAAY,EAAE,WAAW,EAAE,CAAC;AAE5B,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAExD,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,eAAe,CAAC;CAClC,CAAC;AAqCF;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAiEjF;AAED;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,GAClB;IAAE,cAAc,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,WAAW,CAAC;IAAC,eAAe,EAAE,eAAe,CAAA;CAAE,GAAG,IAAI,CA0B/F;AAED;;;;;;;;;GASG;AACH,wBAAgB,0BAA0B,CACxC,UAAU,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,EAC3D,WAAW,EAAE,MAAM,GAClB,eAAe,GAAG,IAAI,CAuBxB"}

package/dist/patch-engine/index.js

@@ -0,0 +1,182 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyUnifiedDiff = applyUnifiedDiff;
+exports.applyFirstMatchingPatch = applyFirstMatchingPatch;
+exports.generatePatchForSuggestion = generatePatchForSuggestion;
+const patterns_1 = require("./patterns");
+const generator_1 = require("./generator");
+const diff_1 = require("./diff");
+// Patterns that must appear in original content for a patch to be considered safe.
+const PATCHABLE_PATTERN_RE = /db\.(query|execute|run|find[A-Za-z]*)\b|prisma\.\w+\.\w+\b|new\s+Pool\s*\(|knex\s*\(|TODO|FIXME|\bvalidat/i;
+/**
+ * A patch is safe when:
+ *  - updated content is non-empty
+ *  - the diff is non-empty (something actually changed)
+ *  - total added + removed lines ≤ 5 (not a full-file rewrite)
+ *  - the original file contains at least one recognizable patchable pattern
+ */
+function isPatchSafe(original, updated) {
+    if (!updated || !updated.trim())
+        return false;
+    const diff = (0, diff_1.generateUnifiedDiff)('', original, updated);
+    if (!diff)
+        return false;
+    let changed = 0;
+    for (const line of diff.split('\n')) {
+        if (line.startsWith('-') && !line.startsWith('---'))
+            changed++;
+        if (line.startsWith('+') && !line.startsWith('+++'))
+            changed++;
+    }
+    if (changed > 5)
+        return false;
+    if (!PATCHABLE_PATTERN_RE.test(original))
+        return false;
+    return true;
+}
+function scorePatchConfidence(kind) {
+    if (kind === 'db_in_ui')
+        return 'high';
+    if (kind === 'missing_validation')
+        return 'medium';
+    return 'low'; // todo_fixme — simple removal, lowest confidence
+}
+/**
+ * Apply a unified diff (as produced by generateUnifiedDiff) to fileContent.
+ *
+ * Parses the single-hunk diff format, verifies every context and removal line
+ * matches the current file, then reconstructs the updated content.
+ *
+ * Returns null when:
+ *  - no hunk header found
+ *  - a context or removal line does not match current file content (file changed)
+ */
+function applyUnifiedDiff(fileContent, diff) {
+    if (!diff)
+        return null;
+    const diffLines = diff.split('\n');
+    // Locate the hunk header (skip --- / +++ file headers)
+    let hunkIdx = -1;
+    for (let i = 0; i < diffLines.length; i++) {
+        if (diffLines[i].startsWith('@@')) {
+            hunkIdx = i;
+            break;
+        }
+    }
+    if (hunkIdx === -1)
+        return null;
+    // Parse @@ -oldStart[,oldCount] +newStart[,newCount] @@
+    const match = diffLines[hunkIdx].match(/^@@ -(\d+)(?:,\d+)? \+(\d+)(?:,\d+)? @@/);
+    if (!match)
+        return null;
+    // Diff uses 1-indexed lines; convert to 0-indexed
+    const origStart = parseInt(match[1], 10) - 1;
+    const origLines = fileContent.split('\n');
+    const output = [];
+    // Lines before the hunk are copied unchanged
+    for (let i = 0; i < origStart; i++) {
+        output.push(origLines[i] ?? '');
+    }
+    let origIdx = origStart;
+    for (let i = hunkIdx + 1; i < diffLines.length; i++) {
+        const line = diffLines[i];
+        // A trailing empty string from split('\n') signals end of diff
+        if (line.length === 0 && i === diffLines.length - 1)
+            break;
+        const prefix = line[0];
+        const content = line.slice(1);
+        if (prefix === ' ') {
+            // Context: must match current file — abort on mismatch (file changed)
+            if (origIdx >= origLines.length || origLines[origIdx] !== content)
+                return null;
+            output.push(content);
+            origIdx++;
+        }
+        else if (prefix === '-') {
+            // Removal: must match current file — abort on mismatch
+            if (origIdx >= origLines.length || origLines[origIdx] !== content)
+                return null;
+            origIdx++; // consume original line without adding to output
+        }
+        else if (prefix === '+') {
+            // Addition: inject into output without consuming original
+            output.push(content);
+        }
+        else {
+            break; // unexpected prefix — stop hunk processing
+        }
+    }
+    // Copy remaining original lines after the hunk
+    while (origIdx < origLines.length) {
+        output.push(origLines[origIdx]);
+        origIdx++;
+    }
+    return output.join('\n');
+}
+/**
+ * Detect the first matching patchable pattern in fileContent and return the
+ * updated content. Tries patterns in priority order: db_in_ui → missing_validation
+ * → todo_fixme. Validates safety before returning.
+ *
+ * Used by `neurcode patch --file` to apply a patch without needing suggestion metadata.
+ */
+function applyFirstMatchingPatch(filePath, fileContent) {
+    const kinds = ['db_in_ui', 'missing_validation', 'todo_fixme'];
+    for (const kind of kinds) {
+        const result = (0, generator_1.generatePatch)({
+            filePath,
+            issue: '',
+            policy: '',
+            fileContent,
+            patternKind: kind,
+        });
+        if (!result)
+            continue;
+        const diff = (0, diff_1.generateUnifiedDiff)(filePath, fileContent, result.updatedContent);
+        if (!diff)
+            continue;
+        if (!isPatchSafe(fileContent, result.updatedContent))
+            continue;
+        return {
+            updatedContent: result.updatedContent,
+            patternKind: kind,
+            patchConfidence: scorePatchConfidence(kind),
+        };
+    }
+    return null;
+}
+/**
+ * Given a fix suggestion and the current content of suggestion.file,
+ * attempts to generate a deterministic, safety-validated code patch.
+ *
+ * Returns null when:
+ *  - the violation type has no patchable pattern
+ *  - the pattern is not found in the file content
+ *  - the generated patch produces no diff
+ *  - the patch fails the safety gate (isPatchSafe)
+ */
+function generatePatchForSuggestion(suggestion, fileContent) {
+    const kind = (0, patterns_1.classifyViolation)(suggestion.issue, suggestion.policy);
+    if (!kind)
+        return null;
+    const result = (0, generator_1.generatePatch)({
+        filePath: suggestion.file,
+        issue: suggestion.issue,
+        policy: suggestion.policy,
+        fileContent,
+        patternKind: kind,
+    });
+    if (!result)
+        return null;
+    const diff = (0, diff_1.generateUnifiedDiff)(suggestion.file, fileContent, result.updatedContent);
+    if (!diff)
+        return null;
+    if (!isPatchSafe(fileContent, result.updatedContent))
+        return null;
+    return {
+        file: suggestion.file,
+        diff,
+        patchConfidence: scorePatchConfidence(kind),
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/patch-engine/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/patch-engine/index.ts"],"names":[],"mappings":";;AA2DA,4CAiEC;AASD,0DA6BC;AAYD,gEA0BC;AAxMD,yCAAiE;AACjE,2CAA4C;AAC5C,iCAA6C;AAY7C,mFAAmF;AACnF,MAAM,oBAAoB,GACxB,4GAA4G,CAAC;AAE/G;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAe;IACpD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IAE9C,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAExB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QAC/D,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAE9B,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAEvD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAiB;IAC7C,IAAI,IAAI,KAAK,UAAU;QAAE,OAAO,MAAM,CAAC;IACvC,IAAI,IAAI,KAAK,oBAAoB;QAAE,OAAO,QAAQ,CAAC;IACnD,OAAO,KAAK,CAAC,CAAC,iDAAiD;AACjE,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAAC,WAAmB,EAAE,IAAY;IAChE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEnC,uDAAuD;IACvD,IAAI,OAAO,GAAG,CAAC,CAAC,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,OAAO,GAAG,CAAC,CAAC;YACZ,MAAM;QACR,CAAC;IACH,CAAC;IACD,IAAI,OAAO,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhC,wDAAwD;IACxD,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAClF,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,kDAAkD;IAClD,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,6CAA6C;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,IAAI,OAAO,GAAG,SAAS,CAAC;IAExB,KAAK,IAAI,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAE1B,+DAA+D;QAC/D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM;QAE3D,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE9B,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YACnB,sEAAsE;YACtE,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC/E,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,EAAE,CAAC;QACZ,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,uDAAuD;YACvD,IAAI,OAAO,IAAI,SAAS,CAAC,MAAM,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,OAAO;gBAAE,OAAO,IAAI,CAAC;YAC/E,OAAO,EAAE,CAAC,CAAC,iDAAiD;QAC9D,CAAC;aAAM,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,0DAA0D;YAC1D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,2CAA2C;QACpD,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,OAAO,OAAO,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAChC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,QAAgB,EAChB,WAAmB;IAEnB,MAAM,KAAK,GAAkB,CAAC,UAAU,EAAE,oBAAoB,EAAE,YAAY,CAAC,CAAC;IAE9E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAA,yBAAa,EAAC;YAC3B,QAAQ;YACR,KAAK,EAAE,EAAE;YACT,MAAM,EAAE,EAAE;YACV,WAAW;YACX,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;QAC/E,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC;YAAE,SAAS;QAE/D,OAAO;YACL,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,WAAW,EAAE,IAAI;YACjB,eAAe,EAAE,oBAAoB,CAAC,IAAI,CAAC;SAC5C,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,0BAA0B,CACxC,UAA2D,EAC3D,WAAmB;IAEnB,MAAM,IAAI,GAAG,IAAA,4BAAiB,EAAC,UAAU,CAAC,KAAK,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;IACpE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,MAAM,GAAG,IAAA,yBAAa,EAAC;QAC3B,QAAQ,EAAE,UAAU,CAAC,IAAI;QACzB,KAAK,EAAE,UAAU,CAAC,KAAK;QACvB,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,WAAW;QACX,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IACH,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,MAAM,IAAI,GAAG,IAAA,0BAAmB,EAAC,UAAU,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACtF,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC;QAAE,OAAO,IAAI,CAAC;IAElE,OAAO;QACL,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,IAAI;QACJ,eAAe,EAAE,oBAAoB,CAAC,IAAI,CAAC;KAC5C,CAAC;AACJ,CAAC"}

package/dist/patch-engine/patterns.d.ts

@@ -0,0 +1,4 @@
+export type PatternKind = 'db_in_ui' | 'missing_validation' | 'todo_fixme';
+export declare function classifyViolation(issue: string, policy: string): PatternKind | null;
+export declare function detectPattern(content: string, kind: PatternKind): number | null;
+//# sourceMappingURL=patterns.d.ts.map

package/dist/patch-engine/patterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/patch-engine/patterns.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,oBAAoB,GAAG,YAAY,CAAC;AAM3E,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAsBnF;AA2ED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,GAAG,MAAM,GAAG,IAAI,CAO/E"}

package/dist/patch-engine/patterns.js

@@ -0,0 +1,99 @@
+"use strict";
+// Detection rules for deterministic patch generation.
+// Each function returns the 0-based line index of the first match, or null.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.classifyViolation = classifyViolation;
+exports.detectPattern = detectPattern;
+// ---------------------------------------------------------------------------
+// Classifiy a fix suggestion into a patchable pattern kind
+// ---------------------------------------------------------------------------
+function classifyViolation(issue, policy) {
+    const combined = `${issue} ${policy}`.toLowerCase();
+    if (combined.includes('todo') || combined.includes('fixme'))
+        return 'todo_fixme';
+    if (combined.includes('db') || combined.includes('database') ||
+        combined.includes('query') || combined.includes('data access') ||
+        combined.includes('direct access') ||
+        policy.includes('layer') || policy.includes('layering') || policy.includes('db')) {
+        return 'db_in_ui';
+    }
+    if (combined.includes('validation') || combined.includes('validate') ||
+        combined.includes('input') || policy.includes('validation')) {
+        return 'missing_validation';
+    }
+    return null;
+}
+// ---------------------------------------------------------------------------
+// Pattern detectors (work on pre-split line arrays)
+// ---------------------------------------------------------------------------
+const DB_ACCESS_PATTERNS = [
+    /\bdb\s*\.\s*query\s*\(/,
+    /\bdb\s*\.\s*execute\s*\(/,
+    /\bdb\s*\.\s*run\s*\(/,
+    /\bdb\s*\.\s*find\b/,
+    /\bdb\s*\.\s*findOne\s*\(/,
+    /\bprisma\s*\.\s*\w+\s*\.\s*find/,
+    /\bprisma\s*\.\s*\w+\s*\.\s*create\s*\(/,
+    /\bprisma\s*\.\s*\w+\s*\.\s*update\s*\(/,
+    /\bprisma\s*\.\s*\w+\s*\.\s*delete\s*\(/,
+    /\bnew\s+Pool\s*\(/,
+    /\bknex\s*\(/,
+];
+const VALIDATION_PATTERNS = [
+    /\.validate\s*\(/,
+    /schema\.parse\s*\(/,
+    /\bJoi\s*\./,
+    /\byup\s*\./,
+    /\bzod\s*\./,
+    /\bajv\s*\.\s*compile/,
+];
+// Matches the request/response parameter pair in a handler signature
+const REQ_HANDLER_RE = /\b(?:req|request)\s*,\s*(?:res|response|reply)\b/;
+// Matches direct access to incoming data without a prior validation call
+const REQ_INPUT_RE = /\b(?:req|request)\.(?:body|params|query)\b/;
+const TODO_FIXME_RE = /\/\/\s*(?:TODO|FIXME)\b/;
+// ---------------------------------------------------------------------------
+function findDbAccessLine(lines) {
+    for (let i = 0; i < lines.length; i++) {
+        const trimmed = lines[i].trimStart();
+        // Skip lines that are themselves comments
+        if (trimmed.startsWith('//') || trimmed.startsWith('*'))
+            continue;
+        if (DB_ACCESS_PATTERNS.some((re) => re.test(lines[i])))
+            return i;
+    }
+    return null;
+}
+function findMissingValidationLine(lines) {
+    let handlerStartIndex = -1;
+    for (let i = 0; i < lines.length; i++) {
+        if (REQ_HANDLER_RE.test(lines[i])) {
+            handlerStartIndex = i;
+        }
+        if (handlerStartIndex !== -1 && REQ_INPUT_RE.test(lines[i])) {
+            // Look backward from this line (within the handler) for a validation call
+            const searchFrom = Math.max(handlerStartIndex, i - 30);
+            const priorLines = lines.slice(searchFrom, i);
+            const hasValidation = priorLines.some((l) => VALIDATION_PATTERNS.some((re) => re.test(l)));
+            if (!hasValidation)
+                return i;
+        }
+    }
+    return null;
+}
+function findTodoLine(lines) {
+    for (let i = 0; i < lines.length; i++) {
+        if (TODO_FIXME_RE.test(lines[i]))
+            return i;
+    }
+    return null;
+}
+function detectPattern(content, kind) {
+    const lines = content.split('\n');
+    switch (kind) {
+        case 'db_in_ui': return findDbAccessLine(lines);
+        case 'missing_validation': return findMissingValidationLine(lines);
+        case 'todo_fixme': return findTodoLine(lines);
+    }
+}
+//# sourceMappingURL=patterns.js.map

package/dist/patch-engine/patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/patch-engine/patterns.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD,4EAA4E;;AAQ5E,8CAsBC;AA2ED,sCAOC;AA5GD,8EAA8E;AAC9E,2DAA2D;AAC3D,8EAA8E;AAE9E,SAAgB,iBAAiB,CAAC,KAAa,EAAE,MAAc;IAC7D,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC;IAEpD,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,YAAY,CAAC;IAEjF,IACE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;QACxD,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC;QAC9D,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAChF,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IACE,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;QAChE,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAC3D,CAAC;QACD,OAAO,oBAAoB,CAAC;IAC9B,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,oDAAoD;AACpD,8EAA8E;AAE9E,MAAM,kBAAkB,GAAa;IACnC,wBAAwB;IACxB,0BAA0B;IAC1B,sBAAsB;IACtB,oBAAoB;IACpB,0BAA0B;IAC1B,iCAAiC;IACjC,wCAAwC;IACxC,wCAAwC;IACxC,wCAAwC;IACxC,mBAAmB;IACnB,aAAa;CACd,CAAC;AAEF,MAAM,mBAAmB,GAAa;IACpC,iBAAiB;IACjB,oBAAoB;IACpB,YAAY;IACZ,YAAY;IACZ,YAAY;IACZ,sBAAsB;CACvB,CAAC;AAEF,qEAAqE;AACrE,MAAM,cAAc,GAAG,kDAAkD,CAAC;AAE1E,yEAAyE;AACzE,MAAM,YAAY,GAAG,4CAA4C,CAAC;AAElE,MAAM,aAAa,GAAG,yBAAyB,CAAC;AAEhD,8EAA8E;AAE9E,SAAS,gBAAgB,CAAC,KAAe;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;QACrC,0CAA0C;QAC1C,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAClE,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAe;IAChD,IAAI,iBAAiB,GAAG,CAAC,CAAC,CAAC;IAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAClC,iBAAiB,GAAG,CAAC,CAAC;QACxB,CAAC;QAED,IAAI,iBAAiB,KAAK,CAAC,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,0EAA0E;YAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;YACvD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;YAC9C,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3F,IAAI,CAAC,aAAa;gBAAE,OAAO,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,KAAe;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,aAAa,CAAC,OAAe,EAAE,IAAiB;IAC9D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,UAAU,CAAC,CAAC,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAChD,KAAK,oBAAoB,CAAC,CAAC,OAAO,yBAAyB,CAAC,KAAK,CAAC,CAAC;QACnE,KAAK,YAAY,CAAC,CAAC,OAAO,YAAY,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;AACH,CAAC"}

package/dist/utils/ai-debt-budget.d.ts

@@ -16,11 +16,12 @@ export interface AiDebtMetrics {
     bloatFiles: number;
 }
 export interface AiDebtViolation {
-    code: 'added_todo_fixme' | 'added_console_logs' | 'added_any_types' | 'large_files_touched' | 'bloat_files';
-    metric: keyof AiDebtMetrics;
+    code: 'added_todo_fixme' | 'added_console_logs' | 'added_any_types' | 'large_files_touched' | 'bloat_files' | 'db_in_ui' | 'missing_validation';
+    metric: keyof AiDebtMetrics | 'architectural';
     observed: number;
     budget: number;
     message: string;
+    files?: string[];
 }
 export interface AiDebtBudgetConfig {
     mode: AiDebtMode;

package/dist/utils/ai-debt-budget.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ai-debt-budget.d.ts","sourceRoot":"","sources":["../../src/utils/ai-debt-budget.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAIzD,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,UAAU,GAAG,SAAS,CAAC;AAExD,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EACA,kBAAkB,GAClB,oBAAoB,GACpB,iBAAiB,GACjB,qBAAqB,GACrB,aAAa,CAAC;IAClB,MAAM,EAAE,MAAM,aAAa,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,UAAU,CAAC;IACjB,UAAU,EAAE,gBAAgB,CAAC;IAC7B,MAAM,EAAE,UAAU,GAAG,KAAK,GAAG,MAAM,GAAG,UAAU,CAAC;CAClD;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,UAAU,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,aAAa,CAAC;IACvB,UAAU,EAAE,gBAAgB,CAAC;IAC7B,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,MAAM,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;CACtC;AAoBD,UAAU,mBAAmB;IAC3B,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,kBAAkB,CAAC;CAC5B;AAgFD,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;IACvE,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,GAAG,kBAAkB,CAsDrB;AAiHD,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,mBAAmB,GAAG,gBAAgB,CAqBjF"}
+{"version":3,"file":"ai-debt-budget.d.ts","sourceRoot":"","sources":["../../src/utils/ai-debt-budget.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAIzD,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,UAAU,GAAG,SAAS,CAAC;AAExD,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EACA,kBAAkB,GAClB,oBAAoB,GACpB,iBAAiB,GACjB,qBAAqB,GACrB,aAAa,GACb,UAAU,GACV,oBAAoB,CAAC;IACzB,MAAM,EAAE,MAAM,aAAa,GAAG,eAAe,CAAC;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,UAAU,CAAC;IACjB,UAAU,EAAE,gBAAgB,CAAC;IAC7B,MAAM,EAAE,UAAU,GAAG,KAAK,GAAG,MAAM,GAAG,UAAU,CAAC;CAClD;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,UAAU,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,aAAa,CAAC;IACvB,UAAU,EAAE,gBAAgB,CAAC;IAC7B,UAAU,EAAE,eAAe,EAAE,CAAC;IAC9B,MAAM,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC;CACtC;AA4BD,UAAU,mBAAmB;IAC3B,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,kBAAkB,CAAC;CAC5B;AAgFD,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;IACvE,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,GAAG,kBAAkB,CAsDrB;AAqMD,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,mBAAmB,GAAG,gBAAgB,CAwBjF"}

package/dist/utils/ai-debt-budget.js

@@ -7,6 +7,13 @@ const path_1 = require("path");
 const TODO_FIXME_PATTERN = /\b(?:TODO|FIXME)\b/i;
 const CONSOLE_LOG_PATTERN = /\bconsole\.log\s*\(/;
 const ANY_TYPE_PATTERN = /(:\s*any\b|<\s*any\s*>|\bArray<any>\b|\bPromise<any>\b)/i;
+// Architectural pattern detection
+const DB_IMPORT_PATTERN = /import\s+.*from\s+['"][^'"]*\/(db|database|prisma|knex|sequelize|drizzle)[^'"]*['"]/i;
+const DB_CALL_PATTERN = /\b(db|prisma|knex|sequelize|drizzle|pool|client)\s*\.\s*(query|execute|findMany|findOne|findFirst|findUnique|create|update|delete|upsert|raw|select|insert)\s*\(/;
+const UI_PATH_PATTERN = /(\/|^)(components?|pages?|views?|screens?|containers?|app|ui)[/\\]|\.tsx$/i;
+const VALIDATION_PATTERN = /\b(zod|joi|yup|valibot|ajv|class-validator|express-validator|validate|sanitize|schema\.parse|\.validate\()\b/i;
+const REQ_BODY_PATTERN = /\breq\.body\b/;
+const API_PATH_PATTERN = /(\/|^)(routes?|controllers?|handlers?|api|endpoints?)[/\\]/i;
 const DEFAULT_THRESHOLDS = {
     maxAddedTodoFixme: 0,
     maxAddedConsoleLogs: 0,
@@ -125,11 +132,20 @@ function buildMetrics(diffFiles, bloatCount, thresholds) {
     let addedConsoleLogs = 0;
     let addedAnyTypes = 0;
     let largeFilesTouched = 0;
+    const todoFixmeFiles = [];
+    const consoleLogFiles = [];
+    const anyTypeFiles = [];
+    const largeFiles = [];
     for (const file of diffFiles) {
+        const filePath = file.path || 'unknown';
         const fileDelta = Math.max(0, Number(file.addedLines || 0)) + Math.max(0, Number(file.removedLines || 0));
         if (fileDelta >= thresholds.largeFileDeltaLines) {
             largeFilesTouched += 1;
+            largeFiles.push(filePath);
         }
+        let fileTodo = false;
+        let fileConsole = false;
+        let fileAny = false;
         for (const hunk of file.hunks || []) {
             for (const line of hunk.lines || []) {
                 if (line.type !== 'added') {
@@ -138,15 +154,24 @@ function buildMetrics(diffFiles, bloatCount, thresholds) {
                 const content = String(line.content || '');
                 if (TODO_FIXME_PATTERN.test(content)) {
                     addedTodoFixme += 1;
+                    fileTodo = true;
                 }
                 if (CONSOLE_LOG_PATTERN.test(content)) {
                     addedConsoleLogs += 1;
+                    fileConsole = true;
                 }
                 if (ANY_TYPE_PATTERN.test(content)) {
                     addedAnyTypes += 1;
+                    fileAny = true;
                 }
             }
         }
+        if (fileTodo)
+            todoFixmeFiles.push(filePath);
+        if (fileConsole)
+            consoleLogFiles.push(filePath);
+        if (fileAny)
+            anyTypeFiles.push(filePath);
     }
     return {
         addedTodoFixme,
@@ -154,6 +179,10 @@ function buildMetrics(diffFiles, bloatCount, thresholds) {
         addedAnyTypes,
         largeFilesTouched,
         bloatFiles: Math.max(0, Math.floor(bloatCount)),
+        todoFixmeFiles,
+        consoleLogFiles,
+        anyTypeFiles,
+        largeFiles,
     };
 }
 function buildViolations(metrics, thresholds) {
@@ -165,6 +194,7 @@ function buildViolations(metrics, thresholds) {
             observed: metrics.addedTodoFixme,
             budget: thresholds.maxAddedTodoFixme,
             message: `Added TODO/FIXME markers (${metrics.addedTodoFixme}) exceed budget (${thresholds.maxAddedTodoFixme}).`,
+            files: metrics.todoFixmeFiles,
         });
     }
     if (metrics.addedConsoleLogs > thresholds.maxAddedConsoleLogs) {
@@ -174,6 +204,7 @@ function buildViolations(metrics, thresholds) {
             observed: metrics.addedConsoleLogs,
             budget: thresholds.maxAddedConsoleLogs,
             message: `Added console.log statements (${metrics.addedConsoleLogs}) exceed budget (${thresholds.maxAddedConsoleLogs}).`,
+            files: metrics.consoleLogFiles,
         });
     }
     if (metrics.addedAnyTypes > thresholds.maxAddedAnyTypes) {
@@ -183,6 +214,7 @@ function buildViolations(metrics, thresholds) {
             observed: metrics.addedAnyTypes,
             budget: thresholds.maxAddedAnyTypes,
             message: `Added TypeScript any usages (${metrics.addedAnyTypes}) exceed budget (${thresholds.maxAddedAnyTypes}).`,
+            files: metrics.anyTypeFiles,
         });
     }
     if (metrics.largeFilesTouched > thresholds.maxLargeFilesTouched) {
@@ -193,6 +225,7 @@ function buildViolations(metrics, thresholds) {
             budget: thresholds.maxLargeFilesTouched,
             message: `Large file churn (${metrics.largeFilesTouched} file(s) >= ${thresholds.largeFileDeltaLines} lines) ` +
                 `exceeds budget (${thresholds.maxLargeFilesTouched}).`,
+            files: metrics.largeFiles,
         });
     }
     if (metrics.bloatFiles > thresholds.maxBloatFiles) {
@@ -219,22 +252,70 @@ function computeScore(metrics, thresholds) {
         overBloat * 18;
     return Math.max(0, Math.min(100, 100 - weightedPenalty));
 }
+function detectArchitecturalViolations(diffFiles) {
+    const dbInUiFiles = [];
+    const missingValidationFiles = [];
+    for (const file of diffFiles) {
+        const filePath = String(file.path || '');
+        const addedLines = (file.hunks || [])
+            .flatMap((h) => h.lines || [])
+            .filter((l) => l.type === 'added')
+            .map((l) => String(l.content || ''));
+        const addedText = addedLines.join('\n');
+        // db_in_ui: UI component file that imports from or directly calls DB
+        if (UI_PATH_PATTERN.test(filePath)) {
+            if (DB_IMPORT_PATTERN.test(addedText) || DB_CALL_PATTERN.test(addedText)) {
+                dbInUiFiles.push(filePath);
+            }
+        }
+        // missing_validation: API handler file that reads req.body without any validation library
+        if (API_PATH_PATTERN.test(filePath) || filePath.endsWith('.ts') || filePath.endsWith('.js')) {
+            if (REQ_BODY_PATTERN.test(addedText) && !VALIDATION_PATTERN.test(addedText)) {
+                missingValidationFiles.push(filePath);
+            }
+        }
+    }
+    const violations = [];
+    if (dbInUiFiles.length > 0) {
+        violations.push({
+            code: 'db_in_ui',
+            metric: 'architectural',
+            observed: dbInUiFiles.length,
+            budget: 0,
+            message: `Direct database access in UI component (${dbInUiFiles.length} file${dbInUiFiles.length > 1 ? 's' : ''}). DB calls belong in the service/repository layer.`,
+            files: [...new Set(dbInUiFiles)],
+        });
+    }
+    if (missingValidationFiles.length > 0) {
+        violations.push({
+            code: 'missing_validation',
+            metric: 'architectural',
+            observed: missingValidationFiles.length,
+            budget: 0,
+            message: `API handler reads req.body without input validation (${missingValidationFiles.length} file${missingValidationFiles.length > 1 ? 's' : ''}). All inputs must be validated at the API boundary.`,
+            files: [...new Set(missingValidationFiles)],
+        });
+    }
+    return violations;
+}
 function evaluateAiDebtBudget(input) {
     const metrics = buildMetrics(input.diffFiles, input.bloatCount, input.config.thresholds);
     const violations = buildViolations(metrics, input.config.thresholds);
+    const archViolations = detectArchitecturalViolations(input.diffFiles);
     const score = computeScore(metrics, input.config.thresholds);
+    const allViolations = [...violations, ...archViolations];
     const pass = input.config.mode === 'off'
         ? true
         : input.config.mode === 'advisory'
             ? true
-            : violations.length === 0;
+            : allViolations.length === 0;
     return {
         mode: input.config.mode,
         pass,
         score,
         metrics,
         thresholds: input.config.thresholds,
-        violations,
+        violations: allViolations,
         source: input.config.source,
     };
 }