@rigour-labs/core 4.2.3 → 4.3.1

package/dist/gates/deep-analysis.js

@@ -11,6 +11,7 @@
 import { Gate } from './base.js';
 import { createProvider } from '../inference/index.js';
 import { extractFacts, factsToPromptString, chunkFacts, buildAnalysisPrompt, buildCrossFilePrompt, verifyFindings } from '../deep/index.js';
+import { checkLocalPatterns } from '../storage/local-memory.js';
 import { Logger } from '../utils/logger.js';
 /** Max files to analyze before truncating (prevents OOM on huge repos) */
 const MAX_ANALYZABLE_FILES = 500;
@@ -62,9 +63,15 @@ export class DeepAnalysisGate extends Gate {
             const agentCount = this.config.options.agents || 1;
             const isCloud = !!this.config.options.apiKey;
             onProgress?.(`  Found ${allFacts.length} files to analyze${agentCount > 1 ? ` with ${agentCount} parallel agents` : ''}.`);
+            // Step 1.5: Check local project memory for known patterns (instant, no LLM)
+            const fileList = allFacts.map(f => f.path).filter(Boolean);
+            const localFindings = checkLocalPatterns(context.cwd, fileList);
+            if (localFindings.length > 0) {
+                onProgress?.(`  🧠 Local memory: ${localFindings.length} known pattern(s) matched instantly.`);
+            }
             // Step 2: LLM interprets facts (in chunks)
             const chunks = chunkFacts(allFacts);
-            const allFindings = [];
+            const allFindings = [...localFindings];
             let failedChunks = 0;
             if (agentCount > 1 && isCloud) {
                 // ── Multi-agent mode: partition chunks across N agents, analyze in parallel ──

package/dist/gates/runner.js

@@ -1,5 +1,6 @@
 import { SEVERITY_WEIGHTS } from '../types/index.js';
 import { DeepAnalysisGate } from './deep-analysis.js';
+import { persistAndReinforce } from '../storage/local-memory.js';
 import { FileGate } from './file.js';
 import { ContentGate } from './content.js';
 import { StructureGate } from './structure.js';
@@ -22,6 +23,7 @@ import { PromiseSafetyGate } from './promise-safety.js';
 import { PhantomApisGate } from './phantom-apis.js';
 import { DeprecatedApisGate } from './deprecated-apis.js';
 import { TestQualityGate } from './test-quality.js';
+import { SideEffectAnalysisGate } from './side-effect-analysis.js';
 import { execa } from 'execa';
 import { Logger } from '../utils/logger.js';
 export class GateRunner {
@@ -92,6 +94,10 @@ export class GateRunner {
         if (this.config.gates.test_quality?.enabled !== false) {
             this.gates.push(new TestQualityGate(this.config.gates.test_quality));
         }
+        // v4.3+ Side-Effect Safety Analysis (enabled by default)
+        if (this.config.gates.side_effect_analysis?.enabled !== false) {
+            this.gates.push(new SideEffectAnalysisGate(this.config.gates.side_effect_analysis));
+        }
         // Environment Alignment Gate (Should be prioritized)
         if (this.config.gates.environment?.enabled) {
             this.gates.unshift(new EnvironmentGate(this.config.gates));
@@ -254,7 +260,8 @@ export class GateRunner {
                     break;
             }
         }
-        return {
+        // Persist findings + reinforce patterns in local SQLite (fire-and-forget)
+        const report = {
             status,
             summary,
             failures,
@@ -269,5 +276,16 @@ export class GateRunner {
                 ...(deepStats ? { deep: deepStats } : {}),
             },
         };
+        // Store findings + reinforce patterns in local SQLite (non-blocking)
+        try {
+            persistAndReinforce(cwd, report, deepStats ? {
+                deepTier: deepStats.tier,
+                deepModel: deepStats.model,
+            } : undefined);
+        }
+        catch {
+            // Silent — local memory is advisory, never blocks scans
+        }
+        return report;
     }
 }

package/dist/gates/side-effect-analysis.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Side-Effect Analysis Gate
+ *
+ * Context-aware detection of code patterns with real-world consequences:
+ * unbounded process spawns, runaway timers, missing circuit breakers,
+ * circular file watchers, resource leaks, and auto-restart bombs.
+ *
+ * SMART DETECTION APPROACH (not hardcoded regex):
+ * ───────────────────────────────────────────────
+ * 1. VARIABLE BINDING TRACKING: Tracks `const id = setInterval(...)` and
+ *    verifies `clearInterval(id)` exists — not just "does clearInterval
+ *    appear somewhere in the file?"
+ *
+ * 2. SCOPE-AWARE ANALYSIS: Checks cleanup is in the same function scope
+ *    as creation. A clearInterval in a completely different function doesn't
+ *    help the one that created the timer.
+ *
+ * 3. FRAMEWORK AWARENESS: Understands React useEffect cleanup returns,
+ *    Go `defer f.Close()` idiom, Python `with open()` context managers,
+ *    Java try-with-resources, C# using statements, Ruby block form.
+ *
+ * 4. PATH OVERLAP ANALYSIS: For circular triggers, extracts actual paths
+ *    from watch() and writeFile() calls and checks if they overlap.
+ *
+ * 5. BASE CASE ORDERING: For recursion, checks that the base case
+ *    (return/break) comes BEFORE the recursive call, not just that
+ *    both exist somewhere in the function.
+ *
+ * Follows the architectural patterns of:
+ * - hallucinated-imports (build context → scan → resolve → report)
+ * - promise-safety (scope-aware helpers, extractBraceBody, isInsideTryBlock)
+ *
+ * This is a CORE gate (enabled by default, provenance: ai-drift).
+ * Supports: JS/TS, Python, Go, Rust, C#, Java, Ruby
+ *
+ * @since v4.3.0
+ */
+import { Gate, GateContext } from './base.js';
+import { Failure, Provenance } from '../types/index.js';
+export interface SideEffectAnalysisConfig {
+    enabled?: boolean;
+    check_unbounded_timers?: boolean;
+    check_unbounded_loops?: boolean;
+    check_process_lifecycle?: boolean;
+    check_recursive_depth?: boolean;
+    check_resource_lifecycle?: boolean;
+    check_retry_without_limit?: boolean;
+    check_circular_triggers?: boolean;
+    check_auto_restart?: boolean;
+    ignore_patterns?: string[];
+}
+export declare class SideEffectAnalysisGate extends Gate {
+    private cfg;
+    constructor(config?: SideEffectAnalysisConfig);
+    protected get provenance(): Provenance;
+    run(context: GateContext): Promise<Failure[]>;
+    private scanFile;
+    private checkUnboundedTimers;
+    private checkProcessLifecycle;
+    private checkUnboundedLoops;
+    private checkRetryWithoutLimit;
+    private checkCircularTriggers;
+    private checkResourceLifecycle;
+    private checkRecursiveDepth;
+    private checkAutoRestart;
+    private buildFailures;
+}