@rigour-labs/core 4.3.0 → 4.3.1

package/dist/gates/side-effect-rules.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Side-Effect Analysis Rules
+ *
+ * Pattern definitions for detecting unbounded side effects that cause
+ * real-world consequences: process spawns, resource exhaustion, circular
+ * triggers, missing circuit breakers.
+ *
+ * Each rule has:
+ * - regex patterns per language
+ * - a check function that verifies context (surrounding lines)
+ * - severity and description
+ *
+ * @since v4.3.0
+ */
+export type SideEffectLang = 'js' | 'ts' | 'py' | 'go' | 'rs' | 'cs' | 'java' | 'rb';
+export interface SideEffectViolation {
+    rule: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    file: string;
+    line: number;
+    match: string;
+    description: string;
+    hint: string;
+}
+export declare const LANG_MAP: Record<string, SideEffectLang>;
+export declare const FILE_GLOBS: string[];
+export declare const TIMER_CREATE_PATTERNS: Record<string, RegExp[]>;
+export declare const TIMER_CLEANUP_PATTERNS: Record<string, RegExp[]>;
+export declare const PROCESS_SPAWN_PATTERNS: Record<string, RegExp[]>;
+export declare const PROCESS_EXIT_PATTERNS: Record<string, RegExp[]>;
+export declare const UNBOUNDED_LOOP_PATTERNS: Record<string, RegExp[]>;
+export declare const IO_PATTERNS: Record<string, RegExp[]>;
+export declare const RETRY_PATTERNS: Record<string, RegExp[]>;
+export declare const MAX_RETRY_INDICATORS: RegExp[];
+export declare const WATCHER_PATTERNS: Record<string, RegExp[]>;
+export declare const WRITE_PATTERNS: Record<string, RegExp[]>;
+export declare const RESOURCE_OPEN_PATTERNS: Record<string, RegExp[]>;
+export declare const RESOURCE_CLOSE_PATTERNS: Record<string, RegExp[]>;
+export declare const AUTO_RESTART_PATTERNS: Record<string, RegExp[]>;

package/dist/gates/side-effect-rules.js

@@ -0,0 +1,302 @@
+/**
+ * Side-Effect Analysis Rules
+ *
+ * Pattern definitions for detecting unbounded side effects that cause
+ * real-world consequences: process spawns, resource exhaustion, circular
+ * triggers, missing circuit breakers.
+ *
+ * Each rule has:
+ * - regex patterns per language
+ * - a check function that verifies context (surrounding lines)
+ * - severity and description
+ *
+ * @since v4.3.0
+ */
+// ── Language detection ──
+export const LANG_MAP = {
+    '.ts': 'ts', '.tsx': 'ts', '.mts': 'ts',
+    '.js': 'js', '.jsx': 'js', '.mjs': 'js', '.cjs': 'js',
+    '.py': 'py',
+    '.go': 'go',
+    '.rs': 'rs',
+    '.cs': 'cs',
+    '.java': 'java',
+    '.rb': 'rb',
+};
+export const FILE_GLOBS = [
+    '**/*.{ts,tsx,mts,js,jsx,mjs,cjs}',
+    '**/*.py',
+    '**/*.go',
+    '**/*.rs',
+    '**/*.cs',
+    '**/*.java',
+    '**/*.rb',
+];
+// ── Timer patterns (setInterval/setTimeout without cleanup) ──
+export const TIMER_CREATE_PATTERNS = {
+    js: [
+        /\bsetInterval\s*\(/,
+        /\bsetTimeout\s*\(/,
+    ],
+    ts: [
+        /\bsetInterval\s*\(/,
+        /\bsetTimeout\s*\(/,
+    ],
+    py: [
+        /\bscheduler\.enter\s*\(/,
+        /\bTimer\s*\(/,
+        /\bschedule\.every\b/,
+    ],
+    go: [
+        /\btime\.NewTicker\s*\(/,
+        /\btime\.Tick\s*\(/,
+    ],
+    java: [
+        /\bScheduledExecutorService\b/,
+        /\bTimer\(\)\.schedule\b/,
+        /\bTimer\(\)\.scheduleAtFixedRate\b/,
+    ],
+    rs: [],
+    cs: [
+        /\bnew\s+Timer\s*\(/,
+        /\bSetInterval\s*\(/,
+    ],
+    rb: [],
+};
+export const TIMER_CLEANUP_PATTERNS = {
+    js: [/\bclearInterval\s*\(/, /\bclearTimeout\s*\(/],
+    ts: [/\bclearInterval\s*\(/, /\bclearTimeout\s*\(/],
+    py: [/\.cancel\s*\(/],
+    go: [/\.Stop\s*\(/],
+    java: [/\.shutdown\s*\(/, /\.cancel\s*\(/],
+    rs: [],
+    cs: [/\.Dispose\s*\(/, /\.Stop\s*\(/],
+    rb: [],
+};
+// ── Process spawn patterns ──
+export const PROCESS_SPAWN_PATTERNS = {
+    js: [
+        /\bchild_process\.\w+\s*\(/,
+        /\bspawn\s*\(/,
+        /\bexec\s*\(/,
+        /\bexecFile\s*\(/,
+        /\bfork\s*\(/,
+        /\bexeca\s*\(/,
+    ],
+    ts: [
+        /\bchild_process\.\w+\s*\(/,
+        /\bspawn\s*\(/,
+        /\bexec\s*\(/,
+        /\bexecFile\s*\(/,
+        /\bfork\s*\(/,
+        /\bexeca\s*\(/,
+    ],
+    py: [
+        /\bsubprocess\.\w+\s*\(/,
+        /\bPopen\s*\(/,
+        /\bos\.system\s*\(/,
+        /\bos\.exec\w*\s*\(/,
+        /\bos\.spawn\w*\s*\(/,
+    ],
+    go: [
+        /\bexec\.Command\s*\(/,
+        /\bos\/exec\b/,
+        /\bcmd\.Start\s*\(/,
+        /\bcmd\.Run\s*\(/,
+    ],
+    java: [
+        /\bProcessBuilder\b/,
+        /\bRuntime\.getRuntime\(\)\.exec\s*\(/,
+    ],
+    rs: [
+        /\bCommand::new\s*\(/,
+        /\bstd::process::Command\b/,
+    ],
+    cs: [
+        /\bProcess\.Start\s*\(/,
+        /\bnew\s+ProcessStartInfo\b/,
+    ],
+    rb: [
+        /\bsystem\s*\(/,
+        /\bspawn\s*\(/,
+        /\b`[^`]+`/,
+        /\bIO\.popen\s*\(/,
+    ],
+};
+export const PROCESS_EXIT_PATTERNS = {
+    js: [/\.on\s*\(\s*['"](?:exit|close)['"]/, /\.kill\s*\(/, /\.disconnect\s*\(/],
+    ts: [/\.on\s*\(\s*['"](?:exit|close)['"]/, /\.kill\s*\(/, /\.disconnect\s*\(/],
+    py: [/\.wait\s*\(/, /\.terminate\s*\(/, /\.kill\s*\(/, /\.communicate\s*\(/],
+    go: [/\.Wait\s*\(/, /cmd\.Process\.Kill\s*\(/],
+    java: [/\.waitFor\s*\(/, /\.destroy\s*\(/, /\.destroyForcibly\s*\(/],
+    rs: [/\.wait\s*\(/, /\.kill\s*\(/],
+    cs: [/\.WaitForExit\s*\(/, /\.Kill\s*\(/, /\.Close\s*\(/],
+    rb: [/Process\.wait\b/, /Process\.kill\b/],
+};
+// ── Unbounded loop patterns ──
+export const UNBOUNDED_LOOP_PATTERNS = {
+    js: [/\bwhile\s*\(\s*true\s*\)/, /\bwhile\s*\(\s*1\s*\)/, /\bfor\s*\(\s*;\s*;\s*\)/],
+    ts: [/\bwhile\s*\(\s*true\s*\)/, /\bwhile\s*\(\s*1\s*\)/, /\bfor\s*\(\s*;\s*;\s*\)/],
+    py: [/\bwhile\s+True\s*:/, /\bwhile\s+1\s*:/],
+    go: [/\bfor\s*\{/, /\bfor\s+\{/], // bare `for {` in Go = infinite loop
+    java: [/\bwhile\s*\(\s*true\s*\)/, /\bfor\s*\(\s*;\s*;\s*\)/],
+    rs: [/\bloop\s*\{/],
+    cs: [/\bwhile\s*\(\s*true\s*\)/, /\bfor\s*\(\s*;\s*;\s*\)/],
+    rb: [/\bloop\s+do\b/, /\bwhile\s+true\b/],
+};
+// I/O operations inside loops that indicate resource impact
+export const IO_PATTERNS = {
+    js: [
+        /\bfs\.\w+/, /\bfetch\s*\(/, /\baxios\.\w+/, /\bhttp\.\w+/,
+        /\.write\s*\(/, /\.send\s*\(/, /\bchild_process\./,
+        /\bconsole\.\w+/, /\bprocess\.stdout/,
+    ],
+    ts: [
+        /\bfs\.\w+/, /\bfetch\s*\(/, /\baxios\.\w+/, /\bhttp\.\w+/,
+        /\.write\s*\(/, /\.send\s*\(/, /\bchild_process\./,
+    ],
+    py: [
+        /\bopen\s*\(/, /\brequests\.\w+/, /\burllib\.\w+/,
+        /\bsubprocess\./, /\bos\.\w+/, /\bsocket\.\w+/,
+        /\.write\s*\(/, /\bprint\s*\(/,
+    ],
+    go: [
+        /\bos\.\w+/, /\bnet\.\w+/, /\bhttp\.\w+/,
+        /\bio\.\w+/, /\bfmt\.Fprint/, /\bioutil\.\w+/,
+        /\bexec\.Command/,
+    ],
+    java: [
+        /\bnew\s+File\w*\(/, /\bHttpClient\b/, /\bSocket\b/,
+        /\.write\s*\(/, /\bRuntime\.getRuntime\(\)/,
+    ],
+    rs: [
+        /\bstd::fs::/, /\bstd::net::/, /\bstd::process::/,
+        /\.write\s*\(/, /\btokio::\w+/,
+    ],
+    cs: [
+        /\bFile\.\w+/, /\bHttpClient\b/, /\bProcess\.Start/,
+        /\.Write\s*\(/, /\bSocket\b/,
+    ],
+    rb: [
+        /\bFile\.\w+/, /\bNet::HTTP\b/, /\bIO\.\w+/,
+        /\.write\s*\(/, /\bsystem\s*\(/,
+    ],
+};
+// ── Retry without limit patterns ──
+export const RETRY_PATTERNS = {
+    js: [/\bcatch\s*\([^)]*\)\s*\{/, /\.catch\s*\(/],
+    ts: [/\bcatch\s*\([^)]*\)\s*\{/, /\.catch\s*\(/],
+    py: [/\bexcept\s+\w+/, /\bexcept\s*:/],
+    go: [/\bif\s+err\s*!=\s*nil\b/],
+    java: [/\bcatch\s*\(\w+\s+\w+\)/, /\bcatch\s*\(\s*Exception\b/],
+    rs: [/\.unwrap_or_else\s*\(/, /\bif\s+let\s+Err\b/],
+    cs: [/\bcatch\s*\(\w+\b/, /\bcatch\s*\{/],
+    rb: [/\brescue\b/],
+};
+export const MAX_RETRY_INDICATORS = [
+    /max.?retries?/i,
+    /retry.?count/i,
+    /retry.?limit/i,
+    /attempt/i,
+    /retries?\s*[<>=!]+\s*\d+/,
+    /count\s*[<>=!]+\s*\d+/,
+    /MAX_/,
+    /backoff/i,
+    /circuit.?breaker/i,
+];
+// ── File watcher patterns (circular trigger detection) ──
+export const WATCHER_PATTERNS = {
+    js: [
+        /\bfs\.watch\s*\(/, /\bfs\.watchFile\s*\(/,
+        /\bchokidar\.watch\s*\(/, /\bnodemon\b/,
+        /\bnew\s+FSWatcher\b/,
+    ],
+    ts: [
+        /\bfs\.watch\s*\(/, /\bfs\.watchFile\s*\(/,
+        /\bchokidar\.watch\s*\(/,
+        /\bnew\s+FSWatcher\b/,
+    ],
+    py: [
+        /\bwatchdog\b/, /\bObserver\s*\(/,
+        /\binotify\b/, /\bwatchfiles\b/,
+    ],
+    go: [
+        /\bfsnotify\.\w+/, /\bNewWatcher\s*\(/,
+    ],
+    java: [
+        /\bWatchService\b/, /\bWatchKey\b/,
+    ],
+    rs: [
+        /\bnotify::/, /\bRecommendedWatcher\b/,
+    ],
+    cs: [
+        /\bFileSystemWatcher\b/, /\bnew\s+FileSystemWatcher\b/,
+    ],
+    rb: [
+        /\bListen\.\w+/, /\brb-inotify\b/,
+    ],
+};
+export const WRITE_PATTERNS = {
+    js: [/\bfs\.writeFile/, /\bfs\.appendFile/, /\bfs\.createWriteStream/, /\.write\s*\(/],
+    ts: [/\bfs\.writeFile/, /\bfs\.appendFile/, /\bfs\.createWriteStream/, /\.write\s*\(/],
+    py: [/\bopen\s*\([^)]*['"][wa]['"]/, /\.write\s*\(/, /\bshutil\.\w+/],
+    go: [/\bos\.WriteFile/, /\bos\.Create/, /\bio\.WriteString/, /\.Write\s*\(/],
+    java: [/\bFileWriter\b/, /\bBufferedWriter\b/, /\.write\s*\(/],
+    rs: [/\bfs::write/, /\bFile::create/, /\.write_all\s*\(/],
+    cs: [/\bFile\.Write/, /\bStreamWriter\b/, /\.Write\s*\(/],
+    rb: [/\bFile\.write/, /\bFile\.open\s*\([^)]*['"]w['"]/, /\.write\s*\(/],
+};
+// ── Resource lifecycle patterns (open without close) ──
+export const RESOURCE_OPEN_PATTERNS = {
+    js: [/\bfs\.open\s*\(/, /\bfs\.createReadStream\s*\(/, /\bfs\.createWriteStream\s*\(/],
+    ts: [/\bfs\.open\s*\(/, /\bfs\.createReadStream\s*\(/, /\bfs\.createWriteStream\s*\(/],
+    py: [/\bopen\s*\(/],
+    go: [/\bos\.Open\s*\(/, /\bos\.Create\s*\(/, /\bos\.OpenFile\s*\(/],
+    java: [/\bnew\s+FileInputStream\b/, /\bnew\s+FileOutputStream\b/, /\bnew\s+BufferedReader\b/],
+    rs: [/\bFile::open\s*\(/, /\bFile::create\s*\(/],
+    cs: [/\bFile\.Open\s*\(/, /\bnew\s+FileStream\b/, /\bnew\s+StreamReader\b/],
+    rb: [/\bFile\.open\s*\(/],
+};
+export const RESOURCE_CLOSE_PATTERNS = {
+    js: [/\.close\s*\(/, /\.destroy\s*\(/, /\.end\s*\(/],
+    ts: [/\.close\s*\(/, /\.destroy\s*\(/, /\.end\s*\(/],
+    py: [/\.close\s*\(/, /\bwith\s+open\b/], // `with` auto-closes
+    go: [/\.Close\s*\(/, /\bdefer\b/], // defer auto-closes
+    java: [/\.close\s*\(/, /\btry\s*\(/], // try-with-resources
+    rs: [/\bdrop\s*\(/, /\}$/], // Rust auto-drops
+    cs: [/\.Close\s*\(/, /\.Dispose\s*\(/, /\busing\s*\(/], // using auto-disposes
+    rb: [/\.close\b/, /\bFile\.open\s*\([^)]*\)\s*do\b/], // block form auto-closes
+};
+// ── Auto-restart / self-respawn patterns ──
+export const AUTO_RESTART_PATTERNS = {
+    js: [
+        /process\.on\s*\(\s*['"](?:exit|uncaughtException|SIGTERM)['"]\s*,\s*(?:function|\(|=>).*(?:spawn|exec|fork)/,
+        /process\.on\s*\(\s*['"]exit['"]/,
+    ],
+    ts: [
+        /process\.on\s*\(\s*['"](?:exit|uncaughtException|SIGTERM)['"]\s*,\s*(?:function|\(|=>).*(?:spawn|exec|fork)/,
+        /process\.on\s*\(\s*['"]exit['"]/,
+    ],
+    py: [
+        /\batexit\.register\s*\(/,
+        /\bsignal\.signal\s*\(\s*signal\.SIG\w+\s*,/,
+    ],
+    go: [
+        /\bsignal\.Notify\s*\(/,
+        /\bos\.Exit\s*\(/,
+    ],
+    java: [
+        /\bRuntime\.getRuntime\(\)\.addShutdownHook\b/,
+    ],
+    rs: [
+        /\bctrlc::set_handler\b/,
+        /\bsignal::ctrl_c\b/,
+    ],
+    cs: [
+        /\bAppDomain\.CurrentDomain\.ProcessExit\b/,
+    ],
+    rb: [
+        /\bat_exit\b/,
+        /\btrap\s*\(/,
+    ],
+};

package/dist/index.d.ts

@@ -6,6 +6,7 @@ export * from './templates/index.js';
 export * from './types/fix-packet.js';
 export { Gate, GateContext } from './gates/base.js';
 export { RetryLoopBreakerGate } from './gates/retry-loop-breaker.js';
+export { SideEffectAnalysisGate } from './gates/side-effect-analysis.js';
 export * from './utils/logger.js';
 export * from './services/score-history.js';
 export * from './hooks/index.js';

package/dist/index.js

@@ -6,6 +6,7 @@ export * from './templates/index.js';
 export * from './types/fix-packet.js';
 export { Gate } from './gates/base.js';
 export { RetryLoopBreakerGate } from './gates/retry-loop-breaker.js';
+export { SideEffectAnalysisGate } from './gates/side-effect-analysis.js';
 export * from './utils/logger.js';
 export * from './services/score-history.js';
 export * from './hooks/index.js';

package/dist/templates/universal-config.js

@@ -187,6 +187,18 @@ export const UNIVERSAL_CONFIG = {
             ignore_patterns: [],
             audit_log: true,
         },
+        side_effect_analysis: {
+            enabled: true,
+            check_unbounded_timers: true,
+            check_unbounded_loops: true,
+            check_process_lifecycle: true,
+            check_recursive_depth: true,
+            check_resource_lifecycle: true,
+            check_retry_without_limit: true,
+            check_circular_triggers: true,
+            check_auto_restart: true,
+            ignore_patterns: [],
+        },
         deep: {
             enabled: false,
             pro: false,

package/dist/types/index.d.ts

@@ -452,6 +452,40 @@ export declare const GatesSchema: z.ZodObject<{
         custom_patterns?: string[] | undefined;
         audit_log?: boolean | undefined;
     }>>>;
+    side_effect_analysis: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_unbounded_timers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_unbounded_loops: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_process_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_recursive_depth: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_resource_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_retry_without_limit: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_circular_triggers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        check_auto_restart: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+        ignore_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+    }, "strip", z.ZodTypeAny, {
+        enabled: boolean;
+        ignore_patterns: string[];
+        check_unbounded_timers: boolean;
+        check_unbounded_loops: boolean;
+        check_process_lifecycle: boolean;
+        check_recursive_depth: boolean;
+        check_resource_lifecycle: boolean;
+        check_retry_without_limit: boolean;
+        check_circular_triggers: boolean;
+        check_auto_restart: boolean;
+    }, {
+        enabled?: boolean | undefined;
+        ignore_patterns?: string[] | undefined;
+        check_unbounded_timers?: boolean | undefined;
+        check_unbounded_loops?: boolean | undefined;
+        check_process_lifecycle?: boolean | undefined;
+        check_recursive_depth?: boolean | undefined;
+        check_resource_lifecycle?: boolean | undefined;
+        check_retry_without_limit?: boolean | undefined;
+        check_circular_triggers?: boolean | undefined;
+        check_auto_restart?: boolean | undefined;
+    }>>>;
     deep: z.ZodDefault<z.ZodOptional<z.ZodObject<{
         enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
         pro: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
@@ -725,6 +759,18 @@ export declare const GatesSchema: z.ZodObject<{
         custom_patterns: string[];
         audit_log: boolean;
     };
+    side_effect_analysis: {
+        enabled: boolean;
+        ignore_patterns: string[];
+        check_unbounded_timers: boolean;
+        check_unbounded_loops: boolean;
+        check_process_lifecycle: boolean;
+        check_recursive_depth: boolean;
+        check_resource_lifecycle: boolean;
+        check_retry_without_limit: boolean;
+        check_circular_triggers: boolean;
+        check_auto_restart: boolean;
+    };
 }, {
     deep?: {
         enabled?: boolean | undefined;
@@ -913,6 +959,18 @@ export declare const GatesSchema: z.ZodObject<{
         custom_patterns?: string[] | undefined;
         audit_log?: boolean | undefined;
     } | undefined;
+    side_effect_analysis?: {
+        enabled?: boolean | undefined;
+        ignore_patterns?: string[] | undefined;
+        check_unbounded_timers?: boolean | undefined;
+        check_unbounded_loops?: boolean | undefined;
+        check_process_lifecycle?: boolean | undefined;
+        check_recursive_depth?: boolean | undefined;
+        check_resource_lifecycle?: boolean | undefined;
+        check_retry_without_limit?: boolean | undefined;
+        check_circular_triggers?: boolean | undefined;
+        check_auto_restart?: boolean | undefined;
+    } | undefined;
 }>;
 export declare const CommandsSchema: z.ZodObject<{
     format: z.ZodOptional<z.ZodString>;
@@ -1426,6 +1484,40 @@ export declare const ConfigSchema: z.ZodObject<{
             custom_patterns?: string[] | undefined;
             audit_log?: boolean | undefined;
         }>>>;
+        side_effect_analysis: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+            enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_unbounded_timers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_unbounded_loops: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_process_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_recursive_depth: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_resource_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_retry_without_limit: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_circular_triggers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            check_auto_restart: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+            ignore_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
+        }, "strip", z.ZodTypeAny, {
+            enabled: boolean;
+            ignore_patterns: string[];
+            check_unbounded_timers: boolean;
+            check_unbounded_loops: boolean;
+            check_process_lifecycle: boolean;
+            check_recursive_depth: boolean;
+            check_resource_lifecycle: boolean;
+            check_retry_without_limit: boolean;
+            check_circular_triggers: boolean;
+            check_auto_restart: boolean;
+        }, {
+            enabled?: boolean | undefined;
+            ignore_patterns?: string[] | undefined;
+            check_unbounded_timers?: boolean | undefined;
+            check_unbounded_loops?: boolean | undefined;
+            check_process_lifecycle?: boolean | undefined;
+            check_recursive_depth?: boolean | undefined;
+            check_resource_lifecycle?: boolean | undefined;
+            check_retry_without_limit?: boolean | undefined;
+            check_circular_triggers?: boolean | undefined;
+            check_auto_restart?: boolean | undefined;
+        }>>>;
         deep: z.ZodDefault<z.ZodOptional<z.ZodObject<{
             enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
             pro: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
@@ -1699,6 +1791,18 @@ export declare const ConfigSchema: z.ZodObject<{
             custom_patterns: string[];
             audit_log: boolean;
         };
+        side_effect_analysis: {
+            enabled: boolean;
+            ignore_patterns: string[];
+            check_unbounded_timers: boolean;
+            check_unbounded_loops: boolean;
+            check_process_lifecycle: boolean;
+            check_recursive_depth: boolean;
+            check_resource_lifecycle: boolean;
+            check_retry_without_limit: boolean;
+            check_circular_triggers: boolean;
+            check_auto_restart: boolean;
+        };
     }, {
         deep?: {
             enabled?: boolean | undefined;
@@ -1887,6 +1991,18 @@ export declare const ConfigSchema: z.ZodObject<{
             custom_patterns?: string[] | undefined;
             audit_log?: boolean | undefined;
         } | undefined;
+        side_effect_analysis?: {
+            enabled?: boolean | undefined;
+            ignore_patterns?: string[] | undefined;
+            check_unbounded_timers?: boolean | undefined;
+            check_unbounded_loops?: boolean | undefined;
+            check_process_lifecycle?: boolean | undefined;
+            check_recursive_depth?: boolean | undefined;
+            check_resource_lifecycle?: boolean | undefined;
+            check_retry_without_limit?: boolean | undefined;
+            check_circular_triggers?: boolean | undefined;
+            check_auto_restart?: boolean | undefined;
+        } | undefined;
     }>>>;
     hooks: z.ZodDefault<z.ZodOptional<z.ZodObject<{
         enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
@@ -2117,6 +2233,18 @@ export declare const ConfigSchema: z.ZodObject<{
             custom_patterns: string[];
             audit_log: boolean;
         };
+        side_effect_analysis: {
+            enabled: boolean;
+            ignore_patterns: string[];
+            check_unbounded_timers: boolean;
+            check_unbounded_loops: boolean;
+            check_process_lifecycle: boolean;
+            check_recursive_depth: boolean;
+            check_resource_lifecycle: boolean;
+            check_retry_without_limit: boolean;
+            check_circular_triggers: boolean;
+            check_auto_restart: boolean;
+        };
     };
     hooks: {
         enabled: boolean;
@@ -2331,6 +2459,18 @@ export declare const ConfigSchema: z.ZodObject<{
             custom_patterns?: string[] | undefined;
             audit_log?: boolean | undefined;
         } | undefined;
+        side_effect_analysis?: {
+            enabled?: boolean | undefined;
+            ignore_patterns?: string[] | undefined;
+            check_unbounded_timers?: boolean | undefined;
+            check_unbounded_loops?: boolean | undefined;
+            check_process_lifecycle?: boolean | undefined;
+            check_recursive_depth?: boolean | undefined;
+            check_resource_lifecycle?: boolean | undefined;
+            check_retry_without_limit?: boolean | undefined;
+            check_circular_triggers?: boolean | undefined;
+            check_auto_restart?: boolean | undefined;
+        } | undefined;
     } | undefined;
     hooks?: {
         enabled?: boolean | undefined;

package/dist/types/index.js

@@ -225,6 +225,19 @@ export const GatesSchema = z.object({
         ignore_patterns: z.array(z.string()).optional().default([]),
         audit_log: z.boolean().optional().default(true),
     }).optional().default({}),
+    // v4.3+ Side-Effect Safety Analysis
+    side_effect_analysis: z.object({
+        enabled: z.boolean().optional().default(true),
+        check_unbounded_timers: z.boolean().optional().default(true),
+        check_unbounded_loops: z.boolean().optional().default(true),
+        check_process_lifecycle: z.boolean().optional().default(true),
+        check_recursive_depth: z.boolean().optional().default(true),
+        check_resource_lifecycle: z.boolean().optional().default(true),
+        check_retry_without_limit: z.boolean().optional().default(true),
+        check_circular_triggers: z.boolean().optional().default(true),
+        check_auto_restart: z.boolean().optional().default(true),
+        ignore_patterns: z.array(z.string()).optional().default([]),
+    }).optional().default({}),
     // v4.0+ Deep Analysis (LLM-powered)
     deep: z.object({
         enabled: z.boolean().optional().default(false),
@@ -265,6 +278,7 @@ export const HooksSchema = z.object({
         'deprecated-apis',
         'promise-safety',
         'security-patterns',
+        'side-effect-analysis',
         'file-size',
     ]),
     timeout_ms: z.number().optional().default(5000),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/core",
-  "version": "4.3.0",
+  "version": "4.3.1",
   "description": "Deterministic quality gate engine for AI-generated code. AST analysis, drift detection, and Fix Packet generation across TypeScript, JavaScript, Python, Go, Ruby, and C#.",
   "license": "MIT",
   "homepage": "https://rigour.run",
@@ -59,11 +59,11 @@
     "@xenova/transformers": "^2.17.2",
     "better-sqlite3": "^11.0.0",
     "openai": "^4.104.0",
-    "@rigour-labs/brain-linux-arm64": "4.3.0",
-    "@rigour-labs/brain-linux-x64": "4.3.0",
-    "@rigour-labs/brain-darwin-x64": "4.3.0",
-    "@rigour-labs/brain-win-x64": "4.3.0",
-    "@rigour-labs/brain-darwin-arm64": "4.3.0"
+    "@rigour-labs/brain-darwin-arm64": "4.3.1",
+    "@rigour-labs/brain-darwin-x64": "4.3.1",
+    "@rigour-labs/brain-linux-arm64": "4.3.1",
+    "@rigour-labs/brain-win-x64": "4.3.1",
+    "@rigour-labs/brain-linux-x64": "4.3.1"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.12",