@rigour-labs/core 2.21.2 → 3.0.0

package/dist/gates/inconsistent-error-handling.js

@@ -0,0 +1,236 @@
+/**
+ * Inconsistent Error Handling Gate
+ *
+ * Detects when the same error type is handled differently across the codebase.
+ * This is an AI-specific failure mode — each agent session writes error handling
+ * from scratch, leading to 4 different patterns for the same error type.
+ *
+ * Detection strategy:
+ * 1. Extract all try-catch blocks and error handling patterns
+ * 2. Cluster by caught error type (e.g. "Error", "TypeError", custom errors)
+ * 3. Compare handling strategies within each cluster
+ * 4. Flag types with >2 distinct handling patterns across files
+ *
+ * Examples of inconsistency:
+ * - File A: catch(e) { console.log(e) }
+ * - File B: catch(e) { throw new AppError(e) }
+ * - File C: catch(e) { return null }
+ * - File D: catch(e) { [empty] }
+ *
+ * @since v2.16.0
+ */
+import { Gate } from './base.js';
+import { FileScanner } from '../utils/scanner.js';
+import { Logger } from '../utils/logger.js';
+import fs from 'fs-extra';
+import path from 'path';
+export class InconsistentErrorHandlingGate extends Gate {
+    config;
+    constructor(config = {}) {
+        super('inconsistent-error-handling', 'Inconsistent Error Handling Detection');
+        this.config = {
+            enabled: config.enabled ?? true,
+            max_strategies_per_type: config.max_strategies_per_type ?? 2,
+            min_occurrences: config.min_occurrences ?? 3,
+            ignore_empty_catches: config.ignore_empty_catches ?? false,
+        };
+    }
+    get provenance() { return 'ai-drift'; }
+    async run(context) {
+        if (!this.config.enabled)
+            return [];
+        const failures = [];
+        const handlers = [];
+        const files = await FileScanner.findFiles({
+            cwd: context.cwd,
+            patterns: ['**/*.{ts,js,tsx,jsx}'],
+            ignore: [...(context.ignore || []), '**/node_modules/**', '**/dist/**', '**/*.test.*', '**/*.spec.*'],
+        });
+        Logger.info(`Inconsistent Error Handling: Scanning ${files.length} files`);
+        for (const file of files) {
+            try {
+                const content = await fs.readFile(path.join(context.cwd, file), 'utf-8');
+                this.extractErrorHandlers(content, file, handlers);
+            }
+            catch (e) { }
+        }
+        // Group by error type
+        const byType = new Map();
+        for (const handler of handlers) {
+            const existing = byType.get(handler.errorType) || [];
+            existing.push(handler);
+            byType.set(handler.errorType, existing);
+        }
+        // Analyze each error type for inconsistent handling
+        for (const [errorType, typeHandlers] of byType) {
+            if (typeHandlers.length < this.config.min_occurrences)
+                continue;
+            // Count unique strategies
+            const strategies = new Map();
+            for (const handler of typeHandlers) {
+                const existing = strategies.get(handler.strategy) || [];
+                existing.push(handler);
+                strategies.set(handler.strategy, existing);
+            }
+            // Filter out empty catches if configured
+            const activeStrategies = this.config.ignore_empty_catches
+                ? new Map([...strategies].filter(([k]) => k !== 'swallow'))
+                : strategies;
+            if (activeStrategies.size > this.config.max_strategies_per_type) {
+                // Only flag if handlers span multiple files
+                const uniqueFiles = new Set(typeHandlers.map(h => h.file));
+                if (uniqueFiles.size < 2)
+                    continue;
+                const strategyBreakdown = [...activeStrategies.entries()]
+                    .map(([strategy, handlers]) => {
+                    const files = [...new Set(handlers.map(h => h.file))].slice(0, 3);
+                    return `  • ${strategy} (${handlers.length}x): ${files.join(', ')}`;
+                })
+                    .join('\n');
+                failures.push(this.createFailure(`Inconsistent error handling for '${errorType}': ${activeStrategies.size} different strategies found across ${uniqueFiles.size} files:\n${strategyBreakdown}`, [...uniqueFiles].slice(0, 5), `Standardize error handling for '${errorType}'. Create a shared error handler or establish a project convention. AI agents often write error handling from scratch each session, leading to divergent patterns.`, 'Inconsistent Error Handling', typeHandlers[0].line, undefined, 'high'));
+            }
+        }
+        return failures;
+    }
+    extractErrorHandlers(content, file, handlers) {
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            // Match catch clauses: catch (e), catch (error: Error), catch (e: TypeError)
+            const catchMatch = lines[i].match(/\bcatch\s*\(\s*(\w+)(?:\s*:\s*(\w+))?\s*\)/);
+            if (!catchMatch)
+                continue;
+            const varName = catchMatch[1];
+            const explicitType = catchMatch[2] || 'any';
+            // Extract catch body (up to next closing brace at same level)
+            const body = this.extractCatchBody(lines, i);
+            if (!body)
+                continue;
+            const strategy = this.classifyStrategy(body, varName);
+            const rawPattern = body.split('\n')[0]?.trim() || '';
+            handlers.push({
+                file,
+                line: i + 1,
+                errorType: explicitType,
+                strategy,
+                rawPattern,
+            });
+        }
+        // Also detect .catch() promise patterns
+        for (let i = 0; i < lines.length; i++) {
+            const catchMatch = lines[i].match(/\.catch\s*\(\s*(?:async\s+)?(?:\(\s*)?(\w+)/);
+            if (!catchMatch)
+                continue;
+            const varName = catchMatch[1];
+            // Extract the callback body
+            const body = this.extractCatchCallbackBody(lines, i);
+            if (!body)
+                continue;
+            const strategy = this.classifyStrategy(body, varName);
+            handlers.push({
+                file,
+                line: i + 1,
+                errorType: 'Promise',
+                strategy,
+                rawPattern: body.split('\n')[0]?.trim() || '',
+            });
+        }
+    }
+    classifyStrategy(body, varName) {
+        const trimmed = body.trim();
+        // Empty catch (swallow)
+        if (!trimmed || trimmed === '{}' || trimmed === '') {
+            return 'swallow';
+        }
+        // Re-throw
+        if (/\bthrow\b/.test(trimmed)) {
+            if (/\bthrow\s+new\b/.test(trimmed))
+                return 'wrap-and-throw';
+            if (new RegExp(`\\bthrow\\s+${varName}\\b`).test(trimmed))
+                return 'rethrow';
+            return 'throw-new';
+        }
+        // Return patterns
+        if (/\breturn\s+null\b/.test(trimmed))
+            return 'return-null';
+        if (/\breturn\s+undefined\b/.test(trimmed) || /\breturn\s*;/.test(trimmed))
+            return 'return-undefined';
+        if (/\breturn\s+\[\s*\]/.test(trimmed))
+            return 'return-empty-array';
+        if (/\breturn\s+\{\s*\}/.test(trimmed))
+            return 'return-empty-object';
+        if (/\breturn\s+false\b/.test(trimmed))
+            return 'return-false';
+        if (/\breturn\s+/.test(trimmed))
+            return 'return-value';
+        // Logging patterns
+        if (/console\.(error|warn)\b/.test(trimmed))
+            return 'log-error';
+        if (/console\.log\b/.test(trimmed))
+            return 'log-info';
+        if (/\blogger\b/i.test(trimmed) || /\blog\b/i.test(trimmed))
+            return 'log-custom';
+        // Process.exit
+        if (/process\.exit\b/.test(trimmed))
+            return 'exit';
+        // Response patterns (Express/HTTP)
+        if (/\bres\s*\.\s*status\b/.test(trimmed) || /\bres\s*\.\s*json\b/.test(trimmed))
+            return 'http-response';
+        // Notification patterns
+        if (/\bnotif|toast|alert|modal\b/i.test(trimmed))
+            return 'user-notification';
+        return 'other';
+    }
+    extractCatchBody(lines, catchLine) {
+        let braceDepth = 0;
+        let started = false;
+        const body = [];
+        for (let i = catchLine; i < lines.length; i++) {
+            for (const ch of lines[i]) {
+                if (ch === '{') {
+                    braceDepth++;
+                    started = true;
+                }
+                if (ch === '}')
+                    braceDepth--;
+            }
+            if (started && i > catchLine)
+                body.push(lines[i]);
+            if (started && braceDepth === 0)
+                break;
+        }
+        return body.length > 0 ? body.join('\n') : null;
+    }
+    extractCatchCallbackBody(lines, startLine) {
+        // Detect if this is an arrow function (.catch(e => { ... }))
+        const hasArrow = lines[startLine]?.includes('=>');
+        let braceDepth = 0;
+        let started = false;
+        const body = [];
+        for (let i = startLine; i < Math.min(startLine + 20, lines.length); i++) {
+            for (const ch of lines[i]) {
+                // For arrow functions, only track braces (not parens) for body extraction
+                if (hasArrow) {
+                    if (ch === '{') {
+                        braceDepth++;
+                        started = true;
+                    }
+                    if (ch === '}')
+                        braceDepth--;
+                }
+                else {
+                    if (ch === '{' || ch === '(') {
+                        braceDepth++;
+                        started = true;
+                    }
+                    if (ch === '}' || ch === ')')
+                        braceDepth--;
+                }
+            }
+            if (started && i > startLine)
+                body.push(lines[i]);
+            if (started && braceDepth <= 0)
+                break;
+        }
+        return body.length > 0 ? body.join('\n') : null;
+    }
+}

package/dist/gates/promise-safety.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Async & Error Safety Gate (Multi-Language)
+ *
+ * Detects unsafe async/promise/error patterns that AI code generators commonly produce.
+ * LLMs understand synchronous control flow well but frequently produce incomplete
+ * async and error-handling patterns across all languages.
+ *
+ * Supported languages:
+ *   - JS/TS: .then() without .catch(), JSON.parse without try/catch, async without await, fetch without error handling
+ *   - Python: json.loads without try/except, async def without await, requests/httpx without error handling, bare except
+ *   - Go: ignored error returns (_, err pattern), json.Unmarshal without error check, http calls without error check
+ *   - Ruby: JSON.parse without begin/rescue, Net::HTTP without begin/rescue
+ *   - C#/.NET: JsonSerializer without try/catch, HttpClient without try/catch, async without await, .Result/.Wait() deadlocks
+ *
+ * @since v2.17.0
+ */
+import { Gate, GateContext } from './base.js';
+import { Failure, Provenance } from '../types/index.js';
+export interface PromiseSafetyConfig {
+    enabled?: boolean;
+    check_unhandled_then?: boolean;
+    check_unsafe_parse?: boolean;
+    check_async_without_await?: boolean;
+    check_unsafe_fetch?: boolean;
+    ignore_patterns?: string[];
+}
+export declare class PromiseSafetyGate extends Gate {
+    private config;
+    constructor(config?: PromiseSafetyConfig);
+    protected get provenance(): Provenance;
+    run(context: GateContext): Promise<Failure[]>;
+    private scanFile;
+    private scanJS;
+    private detectUnhandledThen;
+    private detectUnsafeParseJS;
+    private detectAsyncWithoutAwaitJS;
+    private detectUnsafeFetchJS;
+    private scanPython;
+    private detectUnsafeParsePython;
+    private detectAsyncWithoutAwaitPython;
+    private detectUnsafeFetchPython;
+    private detectBareExceptPython;
+    private scanGo;
+    private detectUnsafeParseGo;
+    private detectUnsafeFetchGo;
+    private detectIgnoredErrorsGo;
+    private scanRuby;
+    private detectUnsafeParseRuby;
+    private detectUnsafeFetchRuby;
+    private scanCSharp;
+    private detectUnsafeParseCSharp;
+    private detectUnsafeFetchCSharp;
+    private detectAsyncWithoutAwaitCSharp;
+    private detectDeadlockRiskCSharp;
+    private extractBraceBody;
+    /** Extract Python indented body after a colon */
+    private extractIndentedBody;
+    /** Check if line is inside try block (JS/TS/C# — brace-based) */
+    private isInsideTryBlock;
+    /** Check if line is inside Python try block (indent-based) */
+    private isInsidePythonTry;
+    /** Check if line is inside Ruby begin/rescue block */
+    private isInsideRubyRescue;
+    private hasCatchAhead;
+    private hasStatusCheckAhead;
+    private stripStrings;
+    private buildFailures;
+}