@neurcode-ai/cli 0.9.65 → 0.9.66

package/dist/structural-rules/python/PY011-thread-lifecycle.js

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PY011ThreadLifecycle = void 0;
+/**
+ * PY011 — Thread Lifecycle Governance
+ *
+ * Detects threading.Thread() usage without daemon=True and/or without
+ * a stored reference for later join/stop. In long-running services (e.g.,
+ * Airflow scheduler, API workers), non-daemon threads prevent graceful
+ * shutdown under SIGTERM. Detached thread references cannot be joined,
+ * making stop() semantically unreliable.
+ *
+ * BLOCKING: non-daemon threads in service code cause zombie accumulation
+ * across pod restarts in Kubernetes environments.
+ */
+const THREAD_CREATE_RE = /\bthreading\.Thread\s*\(/;
+const DAEMON_TRUE_RE = /\bdaemon\s*=\s*True\b/;
+const THREAD_INLINE_START_RE = /\bthreading\.Thread\s*\(.*\)\s*\.start\s*\(\)/;
+class PY011ThreadLifecycle {
+    id = 'PY011';
+    name = 'Thread created without daemon=True or without stored reference';
+    policyRef = 'PY011';
+    severity = 'BLOCKING';
+    languages = ['python'];
+    description = 'threading.Thread() without daemon=True prevents graceful shutdown under SIGTERM. ' +
+        'Threads created without storing the reference cannot be joined or stopped.';
+    check(filePath, sourceText) {
+        try {
+            const violations = [];
+            const lines = sourceText.replace(/\r\n/g, '\n').replace(/\r/g, '\n').split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                if (!THREAD_CREATE_RE.test(line))
+                    continue;
+                // Inline .start() — reference immediately lost
+                if (THREAD_INLINE_START_RE.test(line)) {
+                    violations.push({
+                        ruleId: this.id,
+                        ruleName: this.name,
+                        policyRef: this.policyRef,
+                        severity: this.severity,
+                        filePath,
+                        line: i + 1,
+                        column: line.indexOf('threading.Thread') + 1,
+                        evidence: line.trim(),
+                        operationalRisk: 'Thread started inline without storing reference: cannot be joined or stopped. ' +
+                            'Under K8s SIGTERM, this thread becomes a zombie blocking clean shutdown.',
+                        remediation: 'Store the thread reference: self._thread = threading.Thread(..., daemon=True)\n' +
+                            'Then call self._thread.join(timeout=5) in your stop/cleanup method.',
+                        determinism: 'deterministic-structural',
+                        confidence: 0.88,
+                        language: 'python',
+                    });
+                    continue;
+                }
+                // Check if daemon=True appears within the next 8 lines
+                const searchAhead = Math.min(i + 8, lines.length);
+                let hasDaemon = DAEMON_TRUE_RE.test(line);
+                if (!hasDaemon) {
+                    for (let j = i + 1; j < searchAhead; j++) {
+                        if (DAEMON_TRUE_RE.test(lines[j])) {
+                            hasDaemon = true;
+                            break;
+                        }
+                        if (/\)\s*$/.test(lines[j].trimEnd()))
+                            break;
+                    }
+                }
+                if (!hasDaemon) {
+                    violations.push({
+                        ruleId: this.id,
+                        ruleName: this.name,
+                        policyRef: this.policyRef,
+                        severity: this.severity,
+                        filePath,
+                        line: i + 1,
+                        column: line.indexOf('threading.Thread') + 1,
+                        evidence: line.trim(),
+                        operationalRisk: 'Non-daemon thread blocks process exit under SIGTERM. ' +
+                            'In Kubernetes, pods will hang at termination until the thread finishes naturally.',
+                        remediation: 'Add daemon=True: threading.Thread(target=..., daemon=True)\n' +
+                            'Store the reference and call .join(timeout=5) in stop/cleanup.',
+                        determinism: 'deterministic-structural',
+                        confidence: 0.88,
+                        language: 'python',
+                    });
+                }
+            }
+            return violations;
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.PY011ThreadLifecycle = PY011ThreadLifecycle;
+//# sourceMappingURL=PY011-thread-lifecycle.js.map

package/dist/structural-rules/python/PY011-thread-lifecycle.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PY011-thread-lifecycle.js","sourceRoot":"","sources":["../../../src/structural-rules/python/PY011-thread-lifecycle.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;GAWG;AAEH,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AACpD,MAAM,cAAc,GAAG,uBAAuB,CAAC;AAC/C,MAAM,sBAAsB,GAAG,+CAA+C,CAAC;AAE/E,MAAa,oBAAoB;IAC/B,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,gEAAgE,CAAC;IACxE,SAAS,GAAG,OAAO,CAAC;IACpB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,QAAQ,CAAC,CAAC;IACvC,WAAW,GACT,mFAAmF;QACnF,4EAA4E,CAAC;IAE/E,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAE3C,+CAA+C;gBAC/C,IAAI,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtC,UAAU,CAAC,IAAI,CAAC;wBACd,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;wBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ;wBACR,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC;wBAC5C,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;wBACrB,eAAe,EACb,gFAAgF;4BAChF,0EAA0E;wBAC5E,WAAW,EACT,iFAAiF;4BACjF,qEAAqE;wBACvE,WAAW,EAAE,0BAAmC;wBAChD,UAAU,EAAE,IAAI;wBAChB,QAAQ,EAAE,QAAQ;qBACnB,CAAC,CAAC;oBACH,SAAS;gBACX,CAAC;gBAED,uDAAuD;gBACvD,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;gBAClD,IAAI,SAAS,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;wBACzC,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BAAC,SAAS,GAAG,IAAI,CAAC;4BAAC,MAAM;wBAAC,CAAC;wBAC/D,IAAI,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;4BAAE,MAAM;oBAC/C,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,UAAU,CAAC,IAAI,CAAC;wBACd,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;wBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ;wBACR,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC;wBAC5C,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;wBACrB,eAAe,EACb,uDAAuD;4BACvD,mFAAmF;wBACrF,WAAW,EACT,8DAA8D;4BAC9D,gEAAgE;wBAClE,WAAW,EAAE,0BAAmC;wBAChD,UAAU,EAAE,IAAI;wBAChB,QAAQ,EAAE,QAAQ;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAjFD,oDAiFC"}

package/dist/structural-rules/python/PY012-asyncio-run-misuse.d.ts

@@ -0,0 +1,11 @@
+import { StructuralRule, StructuralViolation, RuleLanguage } from '../types';
+export declare class PY012AsyncioRunMisuse implements StructuralRule {
+    id: string;
+    name: string;
+    policyRef: string;
+    severity: "BLOCKING";
+    languages: RuleLanguage[];
+    description: string;
+    check(filePath: string, sourceText: string): StructuralViolation[];
+}
+//# sourceMappingURL=PY012-asyncio-run-misuse.d.ts.map

package/dist/structural-rules/python/PY012-asyncio-run-misuse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PY012-asyncio-run-misuse.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/python/PY012-asyncio-run-misuse.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAmB7E,qBAAa,qBAAsB,YAAW,cAAc;IAC1D,EAAE,SAAW;IACb,IAAI,SAA2C;IAC/C,SAAS,SAAW;IACpB,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,YAAY,EAAE,CAAc;IACvC,WAAW,SAEiD;IAE5D,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;CA+DnE"}

package/dist/structural-rules/python/PY012-asyncio-run-misuse.js

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PY012AsyncioRunMisuse = void 0;
+/**
+ * PY012 — asyncio.run() Misuse Inside Async Context
+ *
+ * asyncio.run() creates a new event loop and runs until the coroutine completes.
+ * Calling it inside an already-running event loop raises RuntimeError.
+ *
+ * BLOCKING: causes RuntimeError at startup in FastAPI, Airflow, Jupyter, and
+ * any other async runtime environment.
+ */
+const ASYNC_DEF_RE = /^(\s*)async\s+def\s+\w+\s*\(/;
+const ASYNCIO_RUN_RE = /\basyncio\.run\s*\(/;
+function getIndent(line) {
+    return line.length - line.trimStart().length;
+}
+class PY012AsyncioRunMisuse {
+    id = 'PY012';
+    name = 'asyncio.run() called inside async def';
+    policyRef = 'PY012';
+    severity = 'BLOCKING';
+    languages = ['python'];
+    description = 'asyncio.run() inside an async def raises RuntimeError: "This event loop is already running." ' +
+        'Use await coroutine() or asyncio.create_task() instead.';
+    check(filePath, sourceText) {
+        try {
+            const violations = [];
+            const lines = sourceText.replace(/\r\n/g, '\n').replace(/\r/g, '\n').split('\n');
+            const asyncScopes = [];
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const trimmed = line.trimStart();
+                // Track async def entries
+                const asyncMatch = ASYNC_DEF_RE.exec(line);
+                if (asyncMatch) {
+                    asyncScopes.push({ startLine: i, indent: asyncMatch[1].length });
+                }
+                // Pop scopes that have ended
+                if (asyncScopes.length > 0 && trimmed.length > 0 && !trimmed.startsWith('#')) {
+                    const currentIndent = getIndent(line);
+                    while (asyncScopes.length > 0 &&
+                        currentIndent <= asyncScopes[asyncScopes.length - 1].indent &&
+                        i > asyncScopes[asyncScopes.length - 1].startLine) {
+                        if (/^(def |async def |class |@|if |for |while |with |try:|except|finally:|else:|elif )/.test(trimmed)) {
+                            asyncScopes.pop();
+                        }
+                        else {
+                            break;
+                        }
+                    }
+                }
+                // Detect asyncio.run() inside an async scope
+                if (asyncScopes.length > 0 && ASYNCIO_RUN_RE.test(line)) {
+                    const scope = asyncScopes[asyncScopes.length - 1];
+                    violations.push({
+                        ruleId: this.id,
+                        ruleName: this.name,
+                        policyRef: this.policyRef,
+                        severity: this.severity,
+                        filePath,
+                        line: i + 1,
+                        column: line.indexOf('asyncio.run') + 1,
+                        evidence: line.trim(),
+                        operationalRisk: `asyncio.run() called inside async def (started at line ${scope.startLine + 1}). ` +
+                            'Raises RuntimeError: "This event loop is already running" in FastAPI, Airflow, and Jupyter.',
+                        remediation: 'Replace asyncio.run(coro()) with: await coro()\n' +
+                            'Or if called from module-level code, restructure to avoid calling from inside an async function.',
+                        determinism: 'deterministic-structural',
+                        confidence: 0.85,
+                        language: 'python',
+                    });
+                }
+            }
+            return violations;
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.PY012AsyncioRunMisuse = PY012AsyncioRunMisuse;
+//# sourceMappingURL=PY012-asyncio-run-misuse.js.map

package/dist/structural-rules/python/PY012-asyncio-run-misuse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PY012-asyncio-run-misuse.js","sourceRoot":"","sources":["../../../src/structural-rules/python/PY012-asyncio-run-misuse.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;GAQG;AAEH,MAAM,YAAY,GAAG,8BAA8B,CAAC;AACpD,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAE7C,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC;AAC/C,CAAC;AAED,MAAa,qBAAqB;IAChC,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,uCAAuC,CAAC;IAC/C,SAAS,GAAG,OAAO,CAAC;IACpB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,QAAQ,CAAC,CAAC;IACvC,WAAW,GACT,+FAA+F;QAC/F,yDAAyD,CAAC;IAE5D,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEjF,MAAM,WAAW,GAAiD,EAAE,CAAC;YAErE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBAEjC,0BAA0B;gBAC1B,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3C,IAAI,UAAU,EAAE,CAAC;oBACf,WAAW,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;gBACnE,CAAC;gBAED,6BAA6B;gBAC7B,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7E,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;oBACtC,OACE,WAAW,CAAC,MAAM,GAAG,CAAC;wBACtB,aAAa,IAAI,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM;wBAC3D,CAAC,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,EACjD,CAAC;wBACD,IAAI,oFAAoF,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;4BACvG,WAAW,CAAC,GAAG,EAAE,CAAC;wBACpB,CAAC;6BAAM,CAAC;4BACN,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,6CAA6C;gBAC7C,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBAClD,UAAU,CAAC,IAAI,CAAC;wBACd,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;wBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ;wBACR,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC;wBACvC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;wBACrB,eAAe,EACb,0DAA0D,KAAK,CAAC,SAAS,GAAG,CAAC,KAAK;4BAClF,6FAA6F;wBAC/F,WAAW,EACT,kDAAkD;4BAClD,kGAAkG;wBACpG,WAAW,EAAE,0BAAmC;wBAChD,UAAU,EAAE,IAAI;wBAChB,QAAQ,EAAE,QAAQ;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAzED,sDAyEC"}

package/dist/structural-rules/python/PY013-mutable-default-arg.d.ts

@@ -0,0 +1,11 @@
+import { StructuralRule, StructuralViolation, RuleLanguage } from '../types';
+export declare class PY013MutableDefaultArg implements StructuralRule {
+    id: string;
+    name: string;
+    policyRef: string;
+    severity: "ADVISORY";
+    languages: RuleLanguage[];
+    description: string;
+    check(filePath: string, sourceText: string): StructuralViolation[];
+}
+//# sourceMappingURL=PY013-mutable-default-arg.d.ts.map

package/dist/structural-rules/python/PY013-mutable-default-arg.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PY013-mutable-default-arg.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/python/PY013-mutable-default-arg.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAe7E,qBAAa,sBAAuB,YAAW,cAAc;IAC3D,EAAE,SAAW;IACb,IAAI,SAAqD;IACzD,SAAS,SAAW;IACpB,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,YAAY,EAAE,CAAc;IACvC,WAAW,SAEsD;IAEjE,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAqDnE"}

package/dist/structural-rules/python/PY013-mutable-default-arg.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PY013MutableDefaultArg = void 0;
+/**
+ * PY013 — Mutable Default Argument
+ *
+ * Python function default arguments are evaluated ONCE at function definition
+ * time. Using mutable objects (dict, list, set) as defaults creates a shared
+ * object across all calls. Classic Python gotcha reliably reproduced by LLMs.
+ *
+ * ADVISORY: correctness bug but not immediately fatal.
+ */
+const PARAM_MUTABLE_RE = /(?::\s*\w+(?:\[.*?\])?\s*)?=\s*(\{\}|\[\]|set\s*\(\s*\))/;
+const DEF_RE = /^(\s*)(?:async\s+)?def\s+\w+\s*\(/;
+class PY013MutableDefaultArg {
+    id = 'PY013';
+    name = 'Mutable default argument in function definition';
+    policyRef = 'PY013';
+    severity = 'ADVISORY';
+    languages = ['python'];
+    description = 'Mutable default arguments ({}, [], set()) are shared across all calls. ' +
+        'Use None as default and initialize inside the function body.';
+    check(filePath, sourceText) {
+        try {
+            const violations = [];
+            const lines = sourceText.replace(/\r\n/g, '\n').replace(/\r/g, '\n').split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                if (!DEF_RE.test(line))
+                    continue;
+                // Collect full signature (may span multiple lines)
+                let sig = line;
+                if (!sig.includes(')')) {
+                    for (let j = i + 1; j < Math.min(i + 10, lines.length); j++) {
+                        sig += ' ' + lines[j];
+                        if (lines[j].includes(')'))
+                            break;
+                    }
+                }
+                const mutableMatch = PARAM_MUTABLE_RE.exec(sig);
+                if (mutableMatch) {
+                    const defaultVal = mutableMatch[1];
+                    const label = defaultVal === '{}' ? 'dict {}' :
+                        defaultVal === '[]' ? 'list []' :
+                            'set()';
+                    violations.push({
+                        ruleId: this.id,
+                        ruleName: this.name,
+                        policyRef: this.policyRef,
+                        severity: this.severity,
+                        filePath,
+                        line: i + 1,
+                        column: line.indexOf('def') + 1,
+                        evidence: line.trim(),
+                        operationalRisk: `Mutable default argument (${label}) is shared across all calls to this function. ` +
+                            'Mutations in one call persist to subsequent calls, causing unpredictable behavior.',
+                        remediation: `Use None as default: def f(x=None):\\n    x = x or ${defaultVal === '[]' ? '[]' : '{}'}\n` +
+                            'This ensures each call gets a fresh mutable object.',
+                        determinism: 'deterministic-structural',
+                        confidence: 0.92,
+                        language: 'python',
+                    });
+                }
+            }
+            return violations;
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.PY013MutableDefaultArg = PY013MutableDefaultArg;
+//# sourceMappingURL=PY013-mutable-default-arg.js.map

package/dist/structural-rules/python/PY013-mutable-default-arg.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PY013-mutable-default-arg.js","sourceRoot":"","sources":["../../../src/structural-rules/python/PY013-mutable-default-arg.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;GAQG;AAEH,MAAM,gBAAgB,GAAG,0DAA0D,CAAC;AACpF,MAAM,MAAM,GAAG,mCAAmC,CAAC;AAEnD,MAAa,sBAAsB;IACjC,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,iDAAiD,CAAC;IACzD,SAAS,GAAG,OAAO,CAAC;IACpB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,QAAQ,CAAC,CAAC;IACvC,WAAW,GACT,yEAAyE;QACzE,8DAA8D,CAAC;IAEjE,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAEjC,mDAAmD;gBACnD,IAAI,GAAG,GAAG,IAAI,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvB,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC5D,GAAG,IAAI,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;wBACtB,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC;4BAAE,MAAM;oBACpC,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAChD,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;oBACnC,MAAM,KAAK,GACT,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;wBACjC,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;4BACjC,OAAO,CAAC;oBAEV,UAAU,CAAC,IAAI,CAAC;wBACd,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;wBACnB,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;wBACvB,QAAQ;wBACR,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;wBAC/B,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;wBACrB,eAAe,EACb,6BAA6B,KAAK,iDAAiD;4BACnF,oFAAoF;wBACtF,WAAW,EACT,sDAAsD,UAAU,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;4BAC3F,qDAAqD;wBACvD,WAAW,EAAE,0BAAmC;wBAChD,UAAU,EAAE,IAAI;wBAChB,QAAQ,EAAE,QAAQ;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA/DD,wDA+DC"}

package/dist/structural-rules/python/PY014-fixed-sleep-retry.d.ts

@@ -0,0 +1,11 @@
+import { StructuralRule, StructuralViolation, RuleLanguage } from '../types';
+export declare class PY014FixedSleepRetry implements StructuralRule {
+    id: string;
+    name: string;
+    policyRef: string;
+    severity: "BLOCKING";
+    languages: RuleLanguage[];
+    description: string;
+    check(filePath: string, sourceText: string): StructuralViolation[];
+}
+//# sourceMappingURL=PY014-fixed-sleep-retry.d.ts.map

package/dist/structural-rules/python/PY014-fixed-sleep-retry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PY014-fixed-sleep-retry.d.ts","sourceRoot":"","sources":["../../../src/structural-rules/python/PY014-fixed-sleep-retry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AA8C7E,qBAAa,oBAAqB,YAAW,cAAc;IACzD,EAAE,SAAW;IACb,IAAI,SAAmD;IACvD,SAAS,SAAW;IACpB,QAAQ,EAAG,UAAU,CAAU;IAC/B,SAAS,EAAE,YAAY,EAAE,CAAc;IACvC,WAAW,SAE8B;IAEzC,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAuEnE"}

package/dist/structural-rules/python/PY014-fixed-sleep-retry.js

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PY014FixedSleepRetry = void 0;
+/**
+ * PY014 — Fixed-Sleep Retry Without Exponential Backoff
+ *
+ * Retry loops that use a constant time.sleep() delay cause thundering herd
+ * against downstream services when many workers fail simultaneously.
+ *
+ * Detection: for/while loop + except clause + time.sleep(constant literal)
+ * with no exponential calculation visible nearby.
+ *
+ * BLOCKING: fixed retry sleep = synchronized retry storms on partial outage.
+ */
+const LOOP_START_RE = /^(\s*)(?:for\s+\w+|while\s+)/;
+const EXCEPT_RE = /^\s*except\b/;
+const FIXED_SLEEP_RE = /\btime\.sleep\s*\(\s*(\d+(?:\.\d+)?)\s*\)/;
+const EXPONENTIAL_MARKERS = [
+    /\*\*\s*\d/,
+    /\*=\s*2/,
+    /\bmin\s*\(/,
+    /\brandom\.uniform/,
+    /\bjitter\b/,
+    /\bbackoff\b/,
+    /\bexponential\b/,
+    /sleep\s*\*\s*\d/,
+    /\battempt\s*\*/,
+    /\* attempt/,
+];
+function hasExponentialNearby(lines, center, radius = 12) {
+    const start = Math.max(0, center - radius);
+    const end = Math.min(lines.length - 1, center + radius);
+    for (let i = start; i <= end; i++) {
+        for (const re of EXPONENTIAL_MARKERS) {
+            if (re.test(lines[i]))
+                return true;
+        }
+    }
+    return false;
+}
+function getIndent(line) {
+    return line.length - line.trimStart().length;
+}
+class PY014FixedSleepRetry {
+    id = 'PY014';
+    name = 'Fixed-sleep retry without exponential backoff';
+    policyRef = 'PY014';
+    severity = 'BLOCKING';
+    languages = ['python'];
+    description = 'time.sleep() with a constant value inside a retry loop creates thundering herd. ' +
+        'Use exponential backoff with jitter.';
+    check(filePath, sourceText) {
+        try {
+            const violations = [];
+            const lines = sourceText.replace(/\r\n/g, '\n').replace(/\r/g, '\n').split('\n');
+            const loopScopes = [];
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const trimmed = line.trimStart();
+                // Track loop starts
+                const loopMatch = LOOP_START_RE.exec(line);
+                if (loopMatch) {
+                    loopScopes.push({ startLine: i, indent: loopMatch[1].length, hasExcept: false });
+                }
+                // Pop exited scopes
+                if (loopScopes.length > 0 && trimmed.length > 0 && !trimmed.startsWith('#')) {
+                    const currentIndent = getIndent(line);
+                    while (loopScopes.length > 0 &&
+                        currentIndent < loopScopes[loopScopes.length - 1].indent &&
+                        i > loopScopes[loopScopes.length - 1].startLine) {
+                        loopScopes.pop();
+                    }
+                }
+                // Mark loop scope as containing an except
+                if (EXCEPT_RE.test(line) && loopScopes.length > 0) {
+                    loopScopes[loopScopes.length - 1].hasExcept = true;
+                }
+                // Detect fixed sleep inside retry loop
+                const sleepMatch = FIXED_SLEEP_RE.exec(line);
+                if (sleepMatch && loopScopes.length > 0) {
+                    const scope = loopScopes[loopScopes.length - 1];
+                    if (scope.hasExcept && !hasExponentialNearby(lines, i)) {
+                        const sleepVal = sleepMatch[1];
+                        violations.push({
+                            ruleId: this.id,
+                            ruleName: this.name,
+                            policyRef: this.policyRef,
+                            severity: this.severity,
+                            filePath,
+                            line: i + 1,
+                            column: line.indexOf('time.sleep') + 1,
+                            evidence: line.trim(),
+                            operationalRisk: `Fixed retry sleep time.sleep(${sleepVal}) inside retry loop (loop at line ${scope.startLine + 1}). ` +
+                                'Under partial outage, all workers retry simultaneously after the same delay, ' +
+                                'creating a thundering herd that overwhelms the recovering service.',
+                            remediation: `Replace with exponential backoff:\n` +
+                                `  import random\n` +
+                                `  sleep_time = min(${sleepVal} * (2 ** attempt) + random.uniform(0, 1), max_sleep)\n` +
+                                `  time.sleep(sleep_time)`,
+                            determinism: 'deterministic-structural',
+                            confidence: 0.82,
+                            language: 'python',
+                        });
+                    }
+                }
+            }
+            return violations;
+        }
+        catch {
+            return [];
+        }
+    }
+}
+exports.PY014FixedSleepRetry = PY014FixedSleepRetry;
+//# sourceMappingURL=PY014-fixed-sleep-retry.js.map

package/dist/structural-rules/python/PY014-fixed-sleep-retry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PY014-fixed-sleep-retry.js","sourceRoot":"","sources":["../../../src/structural-rules/python/PY014-fixed-sleep-retry.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;GAUG;AAEH,MAAM,aAAa,GAAG,8BAA8B,CAAC;AACrD,MAAM,SAAS,GAAG,cAAc,CAAC;AACjC,MAAM,cAAc,GAAG,2CAA2C,CAAC;AAEnE,MAAM,mBAAmB,GAAG;IAC1B,WAAW;IACX,SAAS;IACT,YAAY;IACZ,mBAAmB;IACnB,YAAY;IACZ,aAAa;IACb,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IAChB,YAAY;CACb,CAAC;AAEF,SAAS,oBAAoB,CAAC,KAAe,EAAE,MAAc,EAAE,MAAM,GAAG,EAAE;IACxE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,CAAC;IACxD,KAAK,IAAI,CAAC,GAAG,KAAK,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,KAAK,MAAM,EAAE,IAAI,mBAAmB,EAAE,CAAC;YACrC,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;QACrC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC;AAC/C,CAAC;AAED,MAAa,oBAAoB;IAC/B,EAAE,GAAG,OAAO,CAAC;IACb,IAAI,GAAG,+CAA+C,CAAC;IACvD,SAAS,GAAG,OAAO,CAAC;IACpB,QAAQ,GAAG,UAAmB,CAAC;IAC/B,SAAS,GAAmB,CAAC,QAAQ,CAAC,CAAC;IACvC,WAAW,GACT,kFAAkF;QAClF,sCAAsC,CAAC;IAEzC,KAAK,CAAC,QAAgB,EAAE,UAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAA0B,EAAE,CAAC;YAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAEjF,MAAM,UAAU,GAAqE,EAAE,CAAC;YAExF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBAEjC,oBAAoB;gBACpB,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC3C,IAAI,SAAS,EAAE,CAAC;oBACd,UAAU,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;gBACnF,CAAC;gBAED,oBAAoB;gBACpB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC5E,MAAM,aAAa,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;oBACtC,OACE,UAAU,CAAC,MAAM,GAAG,CAAC;wBACrB,aAAa,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM;wBACxD,CAAC,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,EAC/C,CAAC;wBACD,UAAU,CAAC,GAAG,EAAE,CAAC;oBACnB,CAAC;gBACH,CAAC;gBAED,0CAA0C;gBAC1C,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClD,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC;gBACrD,CAAC;gBAED,uCAAuC;gBACvC,MAAM,UAAU,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7C,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxC,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;oBAChD,IAAI,KAAK,CAAC,SAAS,IAAI,CAAC,oBAAoB,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC;wBACvD,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;wBAC/B,UAAU,CAAC,IAAI,CAAC;4BACd,MAAM,EAAE,IAAI,CAAC,EAAE;4BACf,QAAQ,EAAE,IAAI,CAAC,IAAI;4BACnB,SAAS,EAAE,IAAI,CAAC,SAAS;4BACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;4BACvB,QAAQ;4BACR,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC;4BACtC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE;4BACrB,eAAe,EACb,gCAAgC,QAAQ,qCAAqC,KAAK,CAAC,SAAS,GAAG,CAAC,KAAK;gCACrG,+EAA+E;gCAC/E,oEAAoE;4BACtE,WAAW,EACT,qCAAqC;gCACrC,mBAAmB;gCACnB,sBAAsB,QAAQ,wDAAwD;gCACtF,0BAA0B;4BAC5B,WAAW,EAAE,0BAAmC;4BAChD,UAAU,EAAE,IAAI;4BAChB,QAAQ,EAAE,QAAQ;yBACnB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAjFD,oDAiFC"}

package/dist/structural-rules/types.d.ts

@@ -19,6 +19,18 @@ export interface StructuralViolation {
     determinism: DeterminismLevel;
     confidence: number;
     language: RuleLanguage;
+    /**
+     * Phase 2 — Diff-scoped enforcement.
+     * true  → violation is on a line modified in the current diff (BLOCKING eligible)
+     * false → violation is on an untouched historical line (demoted to ADVISORY + legacyDebt)
+     * undefined → diff-scope not applied (e.g. --strict-full-file mode)
+     */
+    introducedOnModifiedLine?: boolean;
+    /**
+     * true when the violation is demoted from BLOCKING to ADVISORY because it
+     * exists on an unmodified line. Tagged for reviewer visibility and telemetry.
+     */
+    legacyDebt?: boolean;
 }
 export interface StructuralRuleResult {
     violations: StructuralViolation[];

package/dist/structural-rules/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/structural-rules/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,YAAY,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,MAAM,gBAAgB,GACxB,0BAA0B,GAC1B,wBAAwB,GACxB,oBAAoB,GACpB,uBAAuB,CAAC;AAE5B,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,UAAU,CAAC;AACnD,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,YAAY,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAY,MAAM,CAAC;IACzB,QAAQ,EAAU,MAAM,CAAC;IACzB,SAAS,EAAS,MAAM,CAAC;IACzB,QAAQ,EAAU,YAAY,CAAC;IAC/B,QAAQ,EAAU,MAAM,CAAC;IACzB,IAAI,EAAc,MAAM,CAAC;IACzB,MAAM,EAAY,MAAM,CAAC;IACzB,QAAQ,EAAU,MAAM,CAAC;IACzB,eAAe,EAAG,MAAM,CAAC;IACzB,WAAW,EAAO,MAAM,CAAC;IACzB,WAAW,EAAO,gBAAgB,CAAC;IACnC,UAAU,EAAQ,MAAM,CAAC;IACzB,QAAQ,EAAU,YAAY,CAAC;CAChC;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAY,mBAAmB,EAAE,CAAC;IAC5C,aAAa,EAAS,MAAM,CAAC;IAC7B,UAAU,EAAY,MAAM,CAAC;IAC7B,YAAY,EAAU,MAAM,EAAE,CAAC;IAC/B,YAAY,EAAU,MAAM,EAAE,CAAC;IAC/B,eAAe,EAAO,MAAM,CAAC;IAC7B,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;IAC5C,mBAAmB,EAAG,kBAAkB,EAAE,CAAC;CAC5C;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAS,MAAM,CAAC;IAClB,IAAI,EAAO,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAG,YAAY,CAAC;IACxB,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE,CAAC;CACpE"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/structural-rules/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,YAAY,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,MAAM,gBAAgB,GACxB,0BAA0B,GAC1B,wBAAwB,GACxB,oBAAoB,GACpB,uBAAuB,CAAC;AAE5B,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,UAAU,CAAC;AACnD,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,QAAQ,GAAG,YAAY,CAAC;AAElE,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAY,MAAM,CAAC;IACzB,QAAQ,EAAU,MAAM,CAAC;IACzB,SAAS,EAAS,MAAM,CAAC;IACzB,QAAQ,EAAU,YAAY,CAAC;IAC/B,QAAQ,EAAU,MAAM,CAAC;IACzB,IAAI,EAAc,MAAM,CAAC;IACzB,MAAM,EAAY,MAAM,CAAC;IACzB,QAAQ,EAAU,MAAM,CAAC;IACzB,eAAe,EAAG,MAAM,CAAC;IACzB,WAAW,EAAO,MAAM,CAAC;IACzB,WAAW,EAAO,gBAAgB,CAAC;IACnC,UAAU,EAAQ,MAAM,CAAC;IACzB,QAAQ,EAAU,YAAY,CAAC;IAC/B;;;;;OAKG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC;;;OAGG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAY,mBAAmB,EAAE,CAAC;IAC5C,aAAa,EAAS,MAAM,CAAC;IAC7B,UAAU,EAAY,MAAM,CAAC;IAC7B,YAAY,EAAU,MAAM,EAAE,CAAC;IAC/B,YAAY,EAAU,MAAM,EAAE,CAAC;IAC/B,eAAe,EAAO,MAAM,CAAC;IAC7B,oBAAoB,EAAE,mBAAmB,EAAE,CAAC;IAC5C,mBAAmB,EAAG,kBAAkB,EAAE,CAAC;CAC5C;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAS,MAAM,CAAC;IAClB,IAAI,EAAO,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAG,YAAY,CAAC;IACxB,SAAS,EAAE,YAAY,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,KAAK,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,mBAAmB,EAAE,CAAC;CACpE"}

package/dist/utils/verify-runtime-stability.d.ts

@@ -0,0 +1,142 @@
+/**
+ * Verify Runtime Stability (Phase 4 — Verify Runtime Stability)
+ *
+ * Bounded execution guarantees for enterprise CI environments.
+ *
+ * Provides:
+ * 1. Hard execution timeouts with graceful partial-result preservation
+ * 2. Large repo detection and cache-build recommendations
+ * 3. Memory pressure tracking with layered degradation
+ * 4. Runtime transparency — every degraded mode is explicitly reported
+ *
+ * Layered degradation order (when memory or time pressure is detected):
+ *   1. Semantic layer first (LLM-assisted planning, intent expansion)
+ *   2. Advisory systems second (heuristic signals, advisory-only rules)
+ *   3. NEVER structural governance — AST-backed structural verification
+ *      MUST remain operational even under full degradation
+ *
+ * Design constraints:
+ *   - All timeouts are configurable via environment variables
+ *   - Degradation is explicit and reported in verify output
+ *   - Partial findings are always preserved (never silently dropped)
+ *   - Structural governance is protected by construction
+ */
+/** Local verify max wall-clock time (90s default) */
+export declare const LOCAL_VERIFY_MAX_MS: number;
+/** CI verify max wall-clock time (180s default) */
+export declare const CI_VERIFY_MAX_MS: number;
+/** Repo size threshold for large-repo warning (10,000 files) */
+export declare const LARGE_REPO_FILE_THRESHOLD: number;
+/** Heap usage fraction above which semantic layer is degraded (0.75 = 75%) */
+export declare const MEMORY_DEGRADE_SEMANTIC_THRESHOLD = 0.75;
+/** Heap usage fraction above which advisory layer is degraded (0.90 = 90%) */
+export declare const MEMORY_DEGRADE_ADVISORY_THRESHOLD = 0.9;
+export type DegradedLayer = 'semantic' | 'advisory';
+export interface VerifyRuntimeContext {
+    /** Whether running in CI mode */
+    isCI: boolean;
+    /** Effective timeout in milliseconds */
+    timeoutMs: number;
+    /** Timestamp when verify started */
+    startedAt: number;
+    /** Set of layers that have been degraded */
+    degradedLayers: Set<DegradedLayer>;
+    /** Degradation reasons */
+    degradationReasons: string[];
+    /** Skipped subsystems due to degradation */
+    skippedSubsystems: string[];
+    /** Whether large-repo mode was triggered */
+    largeRepoMode: boolean;
+    /** Estimated file count (if detectable) */
+    estimatedFileCount: number | null;
+}
+export interface VerifyRuntimeReport {
+    degraded: boolean;
+    degradedLayers: DegradedLayer[];
+    degradationReasons: string[];
+    skippedSubsystems: string[];
+    largeRepoMode: boolean;
+    estimatedFileCount: number | null;
+    elapsedMs: number;
+    timeoutMs: number;
+    remainingMs: number;
+    memoryUsageMb: number;
+    heapUsedFraction: number;
+    structuralGovernanceOperational: true;
+}
+/**
+ * Create a new verify runtime context.
+ * Call once at the start of verify execution.
+ */
+export declare function createVerifyRuntimeContext(isCI: boolean): VerifyRuntimeContext;
+/**
+ * Check if the verify execution has exceeded its time budget.
+ *
+ * @returns true if timeout has been exceeded
+ */
+export declare function isTimedOut(ctx: VerifyRuntimeContext): boolean;
+/**
+ * Get elapsed time in milliseconds since verify started.
+ */
+export declare function elapsedMs(ctx: VerifyRuntimeContext): number;
+/**
+ * Get remaining time in milliseconds before timeout.
+ */
+export declare function remainingMs(ctx: VerifyRuntimeContext): number;
+/**
+ * Check if remaining time is below a given threshold.
+ * Use to preemptively skip expensive operations.
+ *
+ * @param ctx        Runtime context
+ * @param thresholdMs  Time threshold in ms (default: 5000ms)
+ */
+export declare function isTimePressure(ctx: VerifyRuntimeContext, thresholdMs?: number): boolean;
+/**
+ * Get current heap usage as a fraction of heap limit.
+ * Returns 0 if measurement is unavailable.
+ */
+export declare function getHeapUsedFraction(): number;
+/**
+ * Check memory pressure and apply layered degradation if needed.
+ *
+ * Degradation order:
+ *   1. 75% heap: degrade semantic layer (LLM intent expansion etc.)
+ *   2. 90% heap: degrade advisory layer (heuristic signals etc.)
+ *   Structural governance is NEVER degraded by memory pressure.
+ *
+ * @param ctx  Runtime context (mutated to record degradation)
+ */
+export declare function applyMemoryPressureDegradation(ctx: VerifyRuntimeContext): void;
+/**
+ * Estimate the number of tracked files in the git repository.
+ * Returns null if git is unavailable or the command fails.
+ */
+export declare function estimateRepoFileCount(projectRoot: string): number | null;
+/**
+ * Check if the repo qualifies as a large repo and apply appropriate guidance.
+ *
+ * If file count exceeds LARGE_REPO_FILE_THRESHOLD:
+ *   - Sets ctx.largeRepoMode = true
+ *   - Adds a cache-build recommendation to degradationReasons
+ *   - Does NOT degrade structural governance
+ *
+ * @param ctx          Runtime context (mutated)
+ * @param projectRoot  Project root path
+ */
+export declare function applyLargeRepoProtection(ctx: VerifyRuntimeContext, projectRoot: string): void;
+/**
+ * Return true if the semantic layer should be skipped.
+ * Call before any LLM-assisted or semantic expansion operations.
+ */
+export declare function shouldSkipSemanticLayer(ctx: VerifyRuntimeContext): boolean;
+/**
+ * Return true if the advisory layer should be skipped.
+ * Call before any heuristic or advisory-only operations.
+ */
+export declare function shouldSkipAdvisoryLayer(ctx: VerifyRuntimeContext): boolean;
+/**
+ * Build a runtime transparency report from the context.
+ * Include this in verify JSON output when --ci flag is set.
+ */
+export declare function buildVerifyRuntimeReport(ctx: VerifyRuntimeContext): VerifyRuntimeReport;
+//# sourceMappingURL=verify-runtime-stability.d.ts.map

package/dist/utils/verify-runtime-stability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-runtime-stability.d.ts","sourceRoot":"","sources":["../../src/utils/verify-runtime-stability.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAQH,qDAAqD;AACrD,eAAO,MAAM,mBAAmB,QAC4C,CAAC;AAE7E,mDAAmD;AACnD,eAAO,MAAM,gBAAgB,QAC6C,CAAC;AAE3E,gEAAgE;AAChE,eAAO,MAAM,yBAAyB,QACsC,CAAC;AAE7E,8EAA8E;AAC9E,eAAO,MAAM,iCAAiC,OAAO,CAAC;AAEtD,8EAA8E;AAC9E,eAAO,MAAM,iCAAiC,MAAO,CAAC;AAItD,MAAM,MAAM,aAAa,GAAG,UAAU,GAAG,UAAU,CAAC;AAEpD,MAAM,WAAW,oBAAoB;IACnC,iCAAiC;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,cAAc,EAAE,GAAG,CAAC,aAAa,CAAC,CAAC;IACnC,0BAA0B;IAC1B,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,4CAA4C;IAC5C,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,4CAA4C;IAC5C,aAAa,EAAE,OAAO,CAAC;IACvB,2CAA2C;IAC3C,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,cAAc,EAAE,aAAa,EAAE,CAAC;IAChC,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,aAAa,EAAE,OAAO,CAAC;IACvB,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,+BAA+B,EAAE,IAAI,CAAC;CACvC;AAID;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,OAAO,GAAG,oBAAoB,CAW9E;AAID;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAE7D;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,oBAAoB,GAAG,MAAM,CAE3D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,oBAAoB,GAAG,MAAM,CAE7D;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,oBAAoB,EAAE,WAAW,SAAQ,GAAG,OAAO,CAEtF;AAID;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAU5C;AAED;;;;;;;;;GASG;AACH,wBAAgB,8BAA8B,CAAC,GAAG,EAAE,oBAAoB,GAAG,IAAI,CAoB9E;AAID;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAaxE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CACtC,GAAG,EAAE,oBAAoB,EACzB,WAAW,EAAE,MAAM,GAClB,IAAI,CAiBN;AAID;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAE1E;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAE1E;AAID;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,oBAAoB,GAAG,mBAAmB,CAuBvF"}