@neurcode-ai/cli 0.9.64 → 0.9.65

package/dist/structural-rules/distributed/DS001-saga-rollback-absence.js

@@ -0,0 +1,212 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DS001SagaRollbackAbsence = void 0;
+const ts = __importStar(require("typescript"));
+function getLineAndCol(sf, pos) {
+    const lc = sf.getLineAndCharacterOfPosition(pos);
+    return { line: lc.line + 1, column: lc.character + 1 };
+}
+function getEvidenceLines(sourceText, line, extra = 1) {
+    const lines = sourceText.split('\n');
+    return lines.slice(line - 1, Math.min(line - 1 + extra, lines.length)).map(l => l.slice(0, 120)).join('\n');
+}
+/** Read-only function name prefixes — excluded from this rule. */
+const READ_ONLY_PREFIXES = ['get', 'fetch', 'load', 'read', 'query', 'find', 'list', 'search', 'check', 'count'];
+function isReadOnlyFunctionName(name) {
+    const lower = name.toLowerCase();
+    return READ_ONLY_PREFIXES.some(prefix => lower.startsWith(prefix));
+}
+/** Keywords indicating compensation/rollback logic in the catch/finally block. */
+const COMPENSATION_KEYWORDS = [
+    'rollback',
+    'revert',
+    'compensate',
+    'undo',
+    'cancel',
+    'delete',
+    'remove',
+    'cleanup',
+    'clean_up',
+];
+/** Count direct `await` expressions in a block (non-recursive into nested functions). */
+function countTopLevelAwaits(block) {
+    let count = 0;
+    function visit(node) {
+        if (ts.isAwaitExpression(node)) {
+            count++;
+        }
+        // Don't recurse into nested function bodies
+        if (ts.isFunctionDeclaration(node) ||
+            ts.isFunctionExpression(node) ||
+            ts.isArrowFunction(node) ||
+            ts.isMethodDeclaration(node)) {
+            return;
+        }
+        ts.forEachChild(node, visit);
+    }
+    ts.forEachChild(block, visit);
+    return count;
+}
+/** Check if a block has a try/catch with meaningful compensation logic, or a finally block. */
+function hasRollbackOrFinally(block, sf) {
+    let found = false;
+    function visit(node) {
+        if (found)
+            return;
+        if (ts.isTryStatement(node)) {
+            // Check for finally block
+            if (node.finallyBlock && node.finallyBlock.statements.length > 0) {
+                found = true;
+                return;
+            }
+            // Check catch clause for compensation keywords
+            if (node.catchClause) {
+                const catchText = node.catchClause.getText(sf).toLowerCase();
+                if (COMPENSATION_KEYWORDS.some(kw => catchText.includes(kw))) {
+                    found = true;
+                    return;
+                }
+            }
+        }
+        // Don't recurse into nested function bodies
+        if (ts.isFunctionDeclaration(node) ||
+            ts.isFunctionExpression(node) ||
+            ts.isArrowFunction(node) ||
+            ts.isMethodDeclaration(node)) {
+            return;
+        }
+        ts.forEachChild(node, visit);
+    }
+    ts.forEachChild(block, visit);
+    return found;
+}
+/** Get function name from a function-like node. */
+function getFunctionName(node) {
+    if (ts.isFunctionDeclaration(node) && node.name) {
+        return node.name.text;
+    }
+    if (ts.isMethodDeclaration(node) && ts.isIdentifier(node.name)) {
+        return node.name.text;
+    }
+    if (ts.isFunctionExpression(node) && node.name) {
+        return node.name.text;
+    }
+    // Variable assignment: const foo = async function/arrow
+    if ((ts.isArrowFunction(node) || ts.isFunctionExpression(node)) &&
+        node.parent &&
+        ts.isVariableDeclaration(node.parent) &&
+        ts.isIdentifier(node.parent.name)) {
+        return node.parent.name.text;
+    }
+    return undefined;
+}
+function isAsyncFunction(node) {
+    return !!(node.modifiers?.some(m => m.kind === ts.SyntaxKind.AsyncKeyword));
+}
+class DS001SagaRollbackAbsence {
+    id = 'DS001';
+    name = 'Saga rollback absence (multi-step async without compensation)';
+    policyRef = 'DS001';
+    severity = 'ADVISORY';
+    languages = ['typescript', 'javascript'];
+    description = 'Async functions with 3+ sequential await statements that modify state but have no ' +
+        'rollback, compensation, or finally cleanup — partial execution leaves the system inconsistent.';
+    check(filePath, sourceText) {
+        try {
+            const violations = [];
+            const ext = filePath.endsWith('.tsx')
+                ? ts.ScriptKind.TSX
+                : filePath.endsWith('.jsx')
+                    ? ts.ScriptKind.JSX
+                    : filePath.endsWith('.js')
+                        ? ts.ScriptKind.JS
+                        : ts.ScriptKind.TS;
+            const sf = ts.createSourceFile(filePath, sourceText, ts.ScriptTarget.Latest, true, ext);
+            const visit = (node) => {
+                const isFuncLike = ts.isFunctionDeclaration(node) ||
+                    ts.isFunctionExpression(node) ||
+                    ts.isArrowFunction(node) ||
+                    ts.isMethodDeclaration(node);
+                if (isFuncLike && ts.isFunctionLike(node) && node.body && ts.isBlock(node.body)) {
+                    if (!isAsyncFunction(node)) {
+                        ts.forEachChild(node, visit);
+                        return;
+                    }
+                    const funcName = getFunctionName(node);
+                    if (funcName && isReadOnlyFunctionName(funcName)) {
+                        ts.forEachChild(node, visit);
+                        return;
+                    }
+                    const block = node.body;
+                    const awaitCount = countTopLevelAwaits(block);
+                    if (awaitCount >= 3) {
+                        if (!hasRollbackOrFinally(block, sf)) {
+                            const { line, column } = getLineAndCol(sf, node.getStart(sf));
+                            const evidence = getEvidenceLines(sourceText, line, 3);
+                            violations.push({
+                                ruleId: this.id,
+                                ruleName: this.name,
+                                policyRef: this.policyRef,
+                                severity: this.severity,
+                                filePath,
+                                line,
+                                column,
+                                evidence,
+                                operationalRisk: 'Partial execution in a multi-step operation leaves the system in an inconsistent state. ' +
+                                    'Step 1 charges the card; step 2 creates the order; step 2 fails. Without rollback, ' +
+                                    'the customer is charged but has no order.',
+                                remediation: 'Wrap the sequential operations in a try/catch with explicit compensation calls ' +
+                                    '(rollback(), revert(), cancel()) or use a finally block to clean up. ' +
+                                    'Consider implementing the Saga pattern with a dedicated compensation registry.',
+                                determinism: 'heuristic-advisory',
+                                confidence: 0.68,
+                                language: filePath.match(/\.(js|jsx)$/) ? 'javascript' : 'typescript',
+                            });
+                        }
+                    }
+                }
+                ts.forEachChild(node, visit);
+            };
+            ts.forEachChild(sf, visit);
+            return violations;
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.DS001SagaRollbackAbsence = DS001SagaRollbackAbsence;
+//# sourceMappingURL=DS001-saga-rollback-absence.js.map

package/dist/structural-rules/distributed/DS001-saga-rollback-absence.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DS001-saga-rollback-absence.js","sourceRoot":"","sources":["../../../src/structural-rules/distributed/DS001-saga-rollback-absence.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAGjC,SAAS,aAAa,CAAC,EAAiB,EAAE,GAAW;IACnD,MAAM,EAAE,GAAG,EAAE,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,IAAY,EAAE,KAAK,GAAG,CAAC;IACnE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9G,CAAC;AAED,kEAAkE;AAClE,MAAM,kBAAkB,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAEjH,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,OAAO,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,kFAAkF;AAClF,MAAM,qBAAqB,GAAG;IAC5B,UAAU;IACV,QAAQ;IACR,YAAY;IACZ,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,UAAU;CACX,CAAC;AAEF,yFAAyF;AACzF,SAAS,mBAAmB,CAAC,KAAe;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,SAAS,KAAK,CAAC,IAAa;QAC1B,IAAI,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,KAAK,EAAE,CAAC;QACV,CAAC;QACD,4CAA4C;QAC5C,IACE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;YAC9B,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;YAC7B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACxB,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAC5B,CAAC;YACD,OAAO;QACT,CAAC;QACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,EAAE,CAAC,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+FAA+F;AAC/F,SAAS,oBAAoB,CAAC,KAAe,EAAE,EAAiB;IAC9D,IAAI,KAAK,GAAG,KAAK,CAAC;IAElB,SAAS,KAAK,CAAC,IAAa;QAC1B,IAAI,KAAK;YAAE,OAAO;QAElB,IAAI,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,0BAA0B;YAC1B,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjE,KAAK,GAAG,IAAI,CAAC;gBACb,OAAO;YACT,CAAC;YAED,+CAA+C;YAC/C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;gBAC7D,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;oBAC7D,KAAK,GAAG,IAAI,CAAC;oBACb,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IACE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;YAC9B,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;YAC7B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACxB,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAC5B,CAAC;YACD,OAAO;QACT,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,EAAE,CAAC,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC;AACf,CAAC;AAED,mDAAmD;AACnD,SAAS,eAAe,CAAC,IAAgC;IACvD,IAAI,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACxB,CAAC;IACD,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACxB,CAAC;IACD,IAAI,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;IACxB,CAAC;IACD,wDAAwD;IACxD,IACE,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,CAAC,MAAM;QACX,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC;QACrC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EACjC,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;IAC/B,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,eAAe,CAAC,IAAgC;IACvD,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,MAAa,wBAAwB;IACnC,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,+DAA+D,CAAC;IACvE,SAAS,GAAG,OAAO,CAAC;IACpB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACzD,WAAW,GACT,oFAAoF;QACpF,gGAAgG,CAAC;IAEnG,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;gBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC3B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;oBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC1B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE;wBAClB,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YAErB,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAExF,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;gBACpC,MAAM,UAAU,GACd,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;oBAC9B,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;oBAC7B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;oBACxB,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAE/B,IAAI,UAAU,IAAI,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChF,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC3B,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;oBACvC,IAAI,QAAQ,IAAI,sBAAsB,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACjD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC;oBACxB,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;oBAE9C,IAAI,UAAU,IAAI,CAAC,EAAE,CAAC;wBACpB,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC;4BACrC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;4BAC9D,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;4BACvD,UAAU,CAAC,IAAI,CAAC;gCACd,MAAM,EAAE,IAAI,CAAC,EAAE;gCACf,QAAQ,EAAE,IAAI,CAAC,IAAI;gCACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gCACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,QAAQ;gCACR,IAAI;gCACJ,MAAM;gCACN,QAAQ;gCACR,eAAe,EACb,0FAA0F;oCAC1F,qFAAqF;oCACrF,2CAA2C;gCAC7C,WAAW,EACT,iFAAiF;oCACjF,uEAAuE;oCACvE,gFAAgF;gCAClF,WAAW,EAAE,oBAAoB;gCACjC,UAAU,EAAE,IAAI;gCAChB,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY;6BACtE,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC,CAAC;YAEF,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAnFD,4DAmFC"}

package/dist/structural-rules/distributed/DS002-missing-correlation-id.d.ts

@@ -0,0 +1,11 @@
+import { StructuralRule, StructuralViolation, RuleLanguage } from '../types';
+export declare class DS002MissingCorrelationId implements StructuralRule {
+    id: string;
+    name: string;
+    policyRef: string;
+    severity: "ADVISORY";
+    languages: RuleLanguage[];
+    description: string;
+    check(filePath: string, sourceText: string): StructuralViolation[];
+}
+//# sourceMappingURL=DS002-missing-correlation-id.d.ts.map

package/dist/structural-rules/distributed/DS002-missing-correlation-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DS002-missing-correlation-id.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/distributed/DS002-missing-correlation-id.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAyH7E,qBAAa,yBAA0B,YAAW,cAAc;IAC9D,EAAE,SAAW;IACb,IAAI,SAA8D;IAClE,SAAS,SAAW;IACpB,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,YAAY,EAAE,CAAgC;IACzD,WAAW,SAEuE;IAElF,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;CA4EnE"}

package/dist/structural-rules/distributed/DS002-missing-correlation-id.js

@@ -0,0 +1,213 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DS002MissingCorrelationId = void 0;
+const ts = __importStar(require("typescript"));
+function getLineAndCol(sf, pos) {
+    const lc = sf.getLineAndCharacterOfPosition(pos);
+    return { line: lc.line + 1, column: lc.character + 1 };
+}
+function getEvidenceLines(sourceText, line, extra = 1) {
+    const lines = sourceText.split('\n');
+    return lines.slice(line - 1, Math.min(line - 1 + extra, lines.length)).map(l => l.slice(0, 120)).join('\n');
+}
+/** Inbound request parameter names commonly used in handlers. */
+const INBOUND_REQUEST_PARAMS = new Set(['req', 'request', 'ctx', 'context', 'event', 'evt']);
+/** Outbound HTTP call method/function names. */
+const OUTBOUND_HTTP_METHODS = new Set(['fetch', 'get', 'post', 'put', 'patch', 'delete', 'head', 'request']);
+/** Axios/got object names. */
+const HTTP_CLIENT_NAMES = new Set(['axios', 'got', 'http', 'https', 'superagent', 'request', 'needle', 'ky']);
+/** Correlation/trace header keywords. */
+const CORRELATION_KEYWORDS = [
+    'correlation',
+    'x-request-id',
+    'x-trace-id',
+    'traceparent',
+    'x-correlation',
+    'trace-id',
+    'request-id',
+    'x-b3-traceid',
+    'tracestate',
+];
+function containsCorrelationHeader(text) {
+    const lower = text.toLowerCase();
+    return CORRELATION_KEYWORDS.some(kw => lower.includes(kw));
+}
+/** Check if a function parameter name suggests an inbound request. */
+function hasInboundRequestParam(params) {
+    for (const param of params) {
+        if (ts.isIdentifier(param.name)) {
+            const name = param.name.text.toLowerCase();
+            if (INBOUND_REQUEST_PARAMS.has(name))
+                return true;
+            // Also check destructured: { req, res }
+        }
+        else if (ts.isObjectBindingPattern(param.name)) {
+            for (const element of param.name.elements) {
+                if (ts.isIdentifier(element.name) && INBOUND_REQUEST_PARAMS.has(element.name.text)) {
+                    return true;
+                }
+            }
+        }
+    }
+    return false;
+}
+/**
+ * Detect outbound HTTP calls in a block.
+ * Returns all call expression nodes that appear to be outbound HTTP calls.
+ */
+function findOutboundHttpCalls(block) {
+    const calls = [];
+    function visit(node) {
+        if (ts.isCallExpression(node)) {
+            const expr = node.expression;
+            // fetch(...) — top-level call
+            if (ts.isIdentifier(expr) && expr.text === 'fetch') {
+                calls.push(node);
+            }
+            // axios.get/post/put/patch/delete/request(...)
+            // got.get/post(...), http.get(...), etc.
+            if (ts.isPropertyAccessExpression(expr)) {
+                const objName = ts.isIdentifier(expr.expression) ? expr.expression.text : '';
+                const methodName = expr.name.text;
+                if (HTTP_CLIENT_NAMES.has(objName) && OUTBOUND_HTTP_METHODS.has(methodName)) {
+                    calls.push(node);
+                }
+                // Also: axios({...}) — called directly
+                if (HTTP_CLIENT_NAMES.has(objName) && !OUTBOUND_HTTP_METHODS.has(methodName)) {
+                    // not a recognized method, skip
+                }
+            }
+            // axios({...}) — called as function
+            if (ts.isIdentifier(expr) && HTTP_CLIENT_NAMES.has(expr.text)) {
+                calls.push(node);
+            }
+        }
+        // Don't recurse into nested function definitions
+        if (ts.isFunctionDeclaration(node) ||
+            ts.isFunctionExpression(node) ||
+            ts.isArrowFunction(node) ||
+            ts.isMethodDeclaration(node)) {
+            return;
+        }
+        ts.forEachChild(node, visit);
+    }
+    ts.forEachChild(block, visit);
+    return calls;
+}
+/**
+ * Check if a call expression includes a correlation/trace header.
+ * We check the text of the entire call site.
+ */
+function callIncludesCorrelationHeader(callNode, sf) {
+    const callText = callNode.getText(sf);
+    return containsCorrelationHeader(callText);
+}
+class DS002MissingCorrelationId {
+    id = 'DS002';
+    name = 'Missing correlation ID propagation in outbound HTTP call';
+    policyRef = 'DS002';
+    severity = 'ADVISORY';
+    languages = ['typescript', 'javascript'];
+    description = 'HTTP handler functions that make outbound HTTP calls without propagating a correlation/trace ID header — ' +
+        'distributed traces are broken, making incident response significantly harder.';
+    check(filePath, sourceText) {
+        try {
+            const violations = [];
+            const ext = filePath.endsWith('.tsx')
+                ? ts.ScriptKind.TSX
+                : filePath.endsWith('.jsx')
+                    ? ts.ScriptKind.JSX
+                    : filePath.endsWith('.js')
+                        ? ts.ScriptKind.JS
+                        : ts.ScriptKind.TS;
+            const sf = ts.createSourceFile(filePath, sourceText, ts.ScriptTarget.Latest, true, ext);
+            const visit = (node) => {
+                const isFuncLike = ts.isFunctionDeclaration(node) ||
+                    ts.isFunctionExpression(node) ||
+                    ts.isArrowFunction(node) ||
+                    ts.isMethodDeclaration(node);
+                if (isFuncLike && ts.isFunctionLike(node) && node.body && ts.isBlock(node.body)) {
+                    const funcNode = node;
+                    const params = funcNode.parameters;
+                    // Must have an inbound request parameter
+                    if (!hasInboundRequestParam(params)) {
+                        ts.forEachChild(node, visit);
+                        return;
+                    }
+                    const block = node.body;
+                    const outboundCalls = findOutboundHttpCalls(block);
+                    if (outboundCalls.length === 0) {
+                        ts.forEachChild(node, visit);
+                        return;
+                    }
+                    for (const callNode of outboundCalls) {
+                        if (!callIncludesCorrelationHeader(callNode, sf)) {
+                            const { line, column } = getLineAndCol(sf, callNode.getStart(sf));
+                            const evidence = getEvidenceLines(sourceText, line, 2);
+                            violations.push({
+                                ruleId: this.id,
+                                ruleName: this.name,
+                                policyRef: this.policyRef,
+                                severity: this.severity,
+                                filePath,
+                                line,
+                                column,
+                                evidence,
+                                operationalRisk: 'Distributed trace correlation is lost. A failure in the downstream service cannot be ' +
+                                    'linked to the originating request. Incident response time increases 3–5× when traces ' +
+                                    'are not propagated.',
+                                remediation: 'Forward the correlation header from the inbound request: ' +
+                                    '`fetch(url, { headers: { "x-correlation-id": req.headers["x-correlation-id"] } })`. ' +
+                                    'Or use an OpenTelemetry propagator to inject tracing context automatically.',
+                                determinism: 'heuristic-advisory',
+                                confidence: 0.65,
+                                language: filePath.match(/\.(js|jsx)$/) ? 'javascript' : 'typescript',
+                            });
+                        }
+                    }
+                }
+                ts.forEachChild(node, visit);
+            };
+            ts.forEachChild(sf, visit);
+            return violations;
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.DS002MissingCorrelationId = DS002MissingCorrelationId;
+//# sourceMappingURL=DS002-missing-correlation-id.js.map

package/dist/structural-rules/distributed/DS002-missing-correlation-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DS002-missing-correlation-id.js","sourceRoot":"","sources":["../../../src/structural-rules/distributed/DS002-missing-correlation-id.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AAGjC,SAAS,aAAa,CAAC,EAAiB,EAAE,GAAW;IACnD,MAAM,EAAE,GAAG,EAAE,CAAC,6BAA6B,CAAC,GAAG,CAAC,CAAC;IACjD,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAkB,EAAE,IAAY,EAAE,KAAK,GAAG,CAAC;IACnE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC9G,CAAC;AAED,iEAAiE;AACjE,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAE7F,gDAAgD;AAChD,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;AAE7G,8BAA8B;AAC9B,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC;AAE9G,yCAAyC;AACzC,MAAM,oBAAoB,GAAG;IAC3B,aAAa;IACb,cAAc;IACd,YAAY;IACZ,aAAa;IACb,eAAe;IACf,UAAU;IACV,YAAY;IACZ,cAAc;IACd,YAAY;CACb,CAAC;AAEF,SAAS,yBAAyB,CAAC,IAAY;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,OAAO,oBAAoB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,sEAAsE;AACtE,SAAS,sBAAsB,CAAC,MAA6C;IAC3E,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YAC3C,IAAI,sBAAsB,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YAClD,wCAAwC;QAC1C,CAAC;aAAM,IAAI,EAAE,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC1C,IAAI,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnF,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAe;IAC5C,MAAM,KAAK,GAAwB,EAAE,CAAC;IAEtC,SAAS,KAAK,CAAC,IAAa;QAC1B,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;YAE7B,8BAA8B;YAC9B,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACnD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;YAED,+CAA+C;YAC/C,yCAAyC;YACzC,IAAI,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxC,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;gBAElC,IAAI,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,qBAAqB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5E,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACnB,CAAC;gBAED,uCAAuC;gBACvC,IAAI,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7E,gCAAgC;gBAClC,CAAC;YACH,CAAC;YAED,oCAAoC;YACpC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;QACH,CAAC;QAED,iDAAiD;QACjD,IACE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;YAC9B,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;YAC7B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACxB,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAC5B,CAAC;YACD,OAAO;QACT,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,EAAE,CAAC,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,6BAA6B,CAAC,QAA2B,EAAE,EAAiB;IACnF,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACtC,OAAO,yBAAyB,CAAC,QAAQ,CAAC,CAAC;AAC7C,CAAC;AAED,MAAa,yBAAyB;IACpC,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,0DAA0D,CAAC;IAClE,SAAS,GAAG,OAAO,CAAC;IACpB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IACzD,WAAW,GACT,2GAA2G;QAC3G,+EAA+E,CAAC;IAElF,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;gBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;oBAC3B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG;oBACnB,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;wBAC1B,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE;wBAClB,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YAErB,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;YAExF,MAAM,KAAK,GAAG,CAAC,IAAa,EAAQ,EAAE;gBACpC,MAAM,UAAU,GACd,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC;oBAC9B,EAAE,CAAC,oBAAoB,CAAC,IAAI,CAAC;oBAC7B,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;oBACxB,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;gBAE/B,IAAI,UAAU,IAAI,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAChF,MAAM,QAAQ,GAAG,IAAkC,CAAC;oBACpD,MAAM,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC;oBAEnC,yCAAyC;oBACzC,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,CAAC;wBACpC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,MAAM,KAAK,GAAG,IAAI,CAAC,IAAgB,CAAC;oBACpC,MAAM,aAAa,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;oBAEnD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC/B,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;wBAC7B,OAAO;oBACT,CAAC;oBAED,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;wBACrC,IAAI,CAAC,6BAA6B,CAAC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC;4BACjD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;4BAClE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;4BACvD,UAAU,CAAC,IAAI,CAAC;gCACd,MAAM,EAAE,IAAI,CAAC,EAAE;gCACf,QAAQ,EAAE,IAAI,CAAC,IAAI;gCACnB,SAAS,EAAE,IAAI,CAAC,SAAS;gCACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gCACvB,QAAQ;gCACR,IAAI;gCACJ,MAAM;gCACN,QAAQ;gCACR,eAAe,EACb,uFAAuF;oCACvF,uFAAuF;oCACvF,qBAAqB;gCACvB,WAAW,EACT,2DAA2D;oCAC3D,sFAAsF;oCACtF,6EAA6E;gCAC/E,WAAW,EAAE,oBAAoB;gCACjC,UAAU,EAAE,IAAI;gCAChB,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY;6BACtE,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC/B,CAAC,CAAC;YAEF,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YAC3B,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAtFD,8DAsFC"}

package/dist/structural-rules/distributed/index.d.ts

@@ -0,0 +1,3 @@
+export { DS001SagaRollbackAbsence } from './DS001-saga-rollback-absence';
+export { DS002MissingCorrelationId } from './DS002-missing-correlation-id';
+//# sourceMappingURL=index.d.ts.map

package/dist/structural-rules/distributed/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/distributed/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC"}

package/dist/structural-rules/distributed/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DS002MissingCorrelationId = exports.DS001SagaRollbackAbsence = void 0;
+var DS001_saga_rollback_absence_1 = require("./DS001-saga-rollback-absence");
+Object.defineProperty(exports, "DS001SagaRollbackAbsence", { enumerable: true, get: function () { return DS001_saga_rollback_absence_1.DS001SagaRollbackAbsence; } });
+var DS002_missing_correlation_id_1 = require("./DS002-missing-correlation-id");
+Object.defineProperty(exports, "DS002MissingCorrelationId", { enumerable: true, get: function () { return DS002_missing_correlation_id_1.DS002MissingCorrelationId; } });
+//# sourceMappingURL=index.js.map

package/dist/structural-rules/distributed/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/structural-rules/distributed/index.ts"],"names":[],"mappings":";;;AAAA,6EAAyE;AAAhE,uIAAA,wBAAwB,OAAA;AACjC,+EAA2E;AAAlE,yIAAA,yBAAyB,OAAA"}

package/dist/structural-rules/engine.d.ts

@@ -0,0 +1,25 @@
+import { StructuralRule, StructuralRuleResult } from './types';
+export declare class StructuralRuleEngine {
+    private rules;
+    private suppressionEnabled;
+    register(rule: StructuralRule): void;
+    registerAll(rules: StructuralRule[]): void;
+    setSuppression(enabled: boolean): void;
+    /**
+     * Run all registered rules against the provided files.
+     * files: array of { filePath, sourceText } — caller provides content, engine doesn't do I/O.
+     * Never throws. Failed rules are caught, file is added to skippedFiles.
+     */
+    analyze(files: Array<{
+        filePath: string;
+        sourceText: string;
+    }>): StructuralRuleResult;
+    /** Run only rules whose IDs are in the filter set. */
+    analyzeWithFilter(files: Array<{
+        filePath: string;
+        sourceText: string;
+    }>, ruleIds: Set<string>): StructuralRuleResult;
+    /** Get all registered rule IDs. */
+    getRuleIds(): string[];
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/structural-rules/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/structural-rules/engine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAqC,MAAM,SAAS,CAAC;AAWlG,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,KAAK,CAAwB;IACrC,OAAO,CAAC,kBAAkB,CAAQ;IAElC,QAAQ,CAAC,IAAI,EAAE,cAAc,GAAG,IAAI;IAIpC,WAAW,CAAC,KAAK,EAAE,cAAc,EAAE,GAAG,IAAI;IAI1C,cAAc,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAItC;;;;OAIG;IACH,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,GAAG,oBAAoB;IAIrF,sDAAsD;IACtD,iBAAiB,CACf,KAAK,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,EACtD,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,GACnB,oBAAoB;IAqDvB,mCAAmC;IACnC,UAAU,IAAI,MAAM,EAAE;CAGvB"}

package/dist/structural-rules/engine.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StructuralRuleEngine = void 0;
+const suppressions_1 = require("./suppressions");
+const context_severity_1 = require("./context-severity");
+function detectLanguage(filePath) {
+    if (/\.(ts|tsx)$/.test(filePath))
+        return 'typescript';
+    if (/\.(js|jsx)$/.test(filePath))
+        return 'javascript';
+    if (/\.py$/.test(filePath))
+        return 'python';
+    return null;
+}
+class StructuralRuleEngine {
+    rules = [];
+    suppressionEnabled = true;
+    register(rule) {
+        this.rules.push(rule);
+    }
+    registerAll(rules) {
+        rules.forEach(r => this.register(r));
+    }
+    setSuppression(enabled) {
+        this.suppressionEnabled = enabled;
+    }
+    /**
+     * Run all registered rules against the provided files.
+     * files: array of { filePath, sourceText } — caller provides content, engine doesn't do I/O.
+     * Never throws. Failed rules are caught, file is added to skippedFiles.
+     */
+    analyze(files) {
+        return this.analyzeWithFilter(files, new Set(this.rules.map(r => r.id)));
+    }
+    /** Run only rules whose IDs are in the filter set. */
+    analyzeWithFilter(files, ruleIds) {
+        const startMs = Date.now();
+        const allViolations = [];
+        const skippedFiles = [];
+        const activeRules = this.rules.filter(r => ruleIds.has(r.id));
+        const appliedRuleIds = new Set();
+        const allSuppressed = [];
+        for (const { filePath, sourceText } of files) {
+            const lang = detectLanguage(filePath);
+            if (!lang)
+                continue;
+            const compatibleRules = activeRules.filter(r => r.languages.includes(lang));
+            const fileViolations = [];
+            for (const rule of compatibleRules) {
+                try {
+                    const found = rule.check(filePath, sourceText);
+                    fileViolations.push(...found);
+                    appliedRuleIds.add(rule.id);
+                }
+                catch {
+                    if (!skippedFiles.includes(filePath)) {
+                        skippedFiles.push(filePath);
+                    }
+                }
+            }
+            if (this.suppressionEnabled) {
+                const directives = (0, suppressions_1.parseSuppressionDirectives)(sourceText);
+                const { active, suppressed } = (0, suppressions_1.applySuppressions)(fileViolations, directives, filePath);
+                allViolations.push(...active);
+                allSuppressed.push(...suppressed);
+            }
+            else {
+                allViolations.push(...fileViolations);
+            }
+        }
+        // Apply contextual severity to all active violations
+        const { violations: adjustedViolations, adjustments: severityAdjustments } = (0, context_severity_1.applyContextualSeverity)(allViolations);
+        return {
+            violations: adjustedViolations,
+            filesAnalyzed: files.length,
+            analysisMs: Date.now() - startMs,
+            rulesApplied: Array.from(appliedRuleIds),
+            skippedFiles,
+            suppressedCount: allSuppressed.length,
+            suppressedViolations: allSuppressed,
+            severityAdjustments,
+        };
+    }
+    /** Get all registered rule IDs. */
+    getRuleIds() {
+        return this.rules.map(r => r.id);
+    }
+}
+exports.StructuralRuleEngine = StructuralRuleEngine;
+//# sourceMappingURL=engine.js.map

package/dist/structural-rules/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../../src/structural-rules/engine.ts"],"names":[],"mappings":";;;AACA,iDAAyG;AACzG,yDAAsF;AAEtF,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,YAAY,CAAC;IACtD,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,YAAY,CAAC;IACtD,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC5C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAa,oBAAoB;IACvB,KAAK,GAAqB,EAAE,CAAC;IAC7B,kBAAkB,GAAG,IAAI,CAAC;IAElC,QAAQ,CAAC,IAAoB;QAC3B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAED,WAAW,CAAC,KAAuB;QACjC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,cAAc,CAAC,OAAgB;QAC7B,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,KAAsD;QAC5D,OAAO,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3E,CAAC;IAED,sDAAsD;IACtD,iBAAiB,CACf,KAAsD,EACtD,OAAoB;QAEpB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,MAAM,aAAa,GAA0B,EAAE,CAAC;QAChD,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC9D,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;QACzC,MAAM,aAAa,GAA0B,EAAE,CAAC;QAEhD,KAAK,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,KAAK,EAAE,CAAC;YAC7C,MAAM,IAAI,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;YACtC,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5E,MAAM,cAAc,GAA0B,EAAE,CAAC;YAEjD,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;gBACnC,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;oBAC/C,cAAc,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;oBAC9B,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC9B,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACrC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC5B,MAAM,UAAU,GAAG,IAAA,yCAA0B,EAAC,UAAU,CAAC,CAAC;gBAC1D,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,IAAA,gCAAiB,EAAC,cAAc,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACvF,aAAa,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;gBAC9B,aAAa,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,WAAW,EAAE,mBAAmB,EAAE,GACxE,IAAA,0CAAuB,EAAC,aAAa,CAAC,CAAC;QAEzC,OAAO;YACL,UAAU,EAAE,kBAAkB;YAC9B,aAAa,EAAE,KAAK,CAAC,MAAM;YAC3B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO;YAChC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC;YACxC,YAAY;YACZ,eAAe,EAAE,aAAa,CAAC,MAAM;YACrC,oBAAoB,EAAE,aAAa;YACnC,mBAAmB;SACpB,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,UAAU;QACR,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACnC,CAAC;CACF;AAtFD,oDAsFC"}