@runhalo/engine 0.4.0 → 0.6.0

package/dist/scope-analyzer.js

@@ -0,0 +1,300 @@
+"use strict";
+/**
+ * Halo Scope Analyzer
+ * Determines the context of code being scanned to reduce false positives.
+ *
+ * Analyzes WHERE code lives (test file? admin route? type definition?)
+ * so that rule violations can be weighted or suppressed based on context.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeAnalyzer = void 0;
+// ---------------------------------------------------------------------------
+// File path patterns
+// ---------------------------------------------------------------------------
+const TEST_FILE_PATTERNS = [
+    /_test\.go$/i,
+    /\.spec\.[tj]sx?$/i,
+    /\.test\.[tj]sx?$/i,
+    /(^|[/\\])__tests__[/\\]/i,
+    /(^|[/\\])test[/\\]/i,
+    /(^|[/\\])tests[/\\]/i,
+    /conftest\.py$/i,
+    /(^|[/\\])Test[A-Z][^/\\]*\.java$/,
+];
+const ADMIN_PATH_PATTERNS = [
+    /[/\\]admin[/\\]/i,
+    /[/\\]admin\.[a-z]+$/i,
+    /[/\\]dashboard[/\\]/i,
+];
+const ADMIN_CONTENT_PATTERNS = [
+    /\bAdminPanel\b/,
+    /\bAdminDashboard\b/,
+    /\bAdminLayout\b/,
+    /\bAdminRoute\b/,
+    /\bAdminPage\b/,
+];
+const USER_FACING_PATTERNS = [
+    /[/\\]pages[/\\]/i,
+    /[/\\]components[/\\]/i,
+    /[/\\]views[/\\]/i,
+    /[/\\]screens[/\\]/i,
+    /[/\\]app[/\\]/i,
+    /[/\\]src[/\\]components[/\\]/i,
+];
+const TYPE_DEF_PATH_PATTERNS = [
+    /\.d\.tsx?$/i,
+];
+const CONFIG_FILE_PATTERNS = [
+    /\.config\.[tj]sx?$/i,
+    /\.config\.[cm]?js$/i,
+    /(^|[/\\])config[/\\]/i,
+    /(^|[/\\])settings\.py$/i,
+    /(^|[/\\])\.env(\.|$)/i,
+    /\.config\./i,
+];
+// ---------------------------------------------------------------------------
+// AST node types used for line context analysis
+// ---------------------------------------------------------------------------
+const INTERFACE_NODE_TYPES = new Set([
+    'interface_declaration',
+]);
+const FUNCTION_NODE_TYPES = new Set([
+    'function_declaration',
+    'arrow_function',
+    'function',
+    'method_definition',
+    'function_expression',
+]);
+const CLASS_NODE_TYPES = new Set([
+    'class_declaration',
+    'class',
+]);
+const METHOD_NODE_TYPES = new Set([
+    'method_definition',
+]);
+const JSX_NODE_TYPES = new Set([
+    'jsx_element',
+    'jsx_self_closing_element',
+]);
+// ---------------------------------------------------------------------------
+// ScopeAnalyzer
+// ---------------------------------------------------------------------------
+/**
+ * Analyzes the scope/context of source files and individual lines
+ * to help the engine make smarter decisions about rule applicability.
+ */
+class ScopeAnalyzer {
+    /**
+     * Analyze file-level scope from path heuristics and optionally content/AST.
+     *
+     * @param filePath  - Relative or absolute path to the source file
+     * @param content   - Full text content of the file
+     * @param tree      - Optional tree-sitter AST (used for deeper analysis)
+     * @returns ScopeContext describing the file's role
+     */
+    analyzeFile(filePath, content, tree) {
+        const normalized = filePath.replace(/\\/g, '/');
+        return {
+            isTestFile: this.detectTestFile(normalized),
+            isAdminRoute: this.detectAdminRoute(normalized, content),
+            isUserFacing: this.detectUserFacing(normalized),
+            isTypeDefinition: this.detectTypeDefinition(normalized, content, tree),
+            isConfigFile: this.detectConfigFile(normalized),
+        };
+    }
+    /**
+     * Analyze what AST construct encloses a given line.
+     *
+     * Walks the tree to find the deepest node that contains the target line,
+     * then walks upward through ancestors to determine enclosing constructs.
+     *
+     * @param line - 1-based line number
+     * @param tree - tree-sitter AST
+     * @returns LineContext describing the enclosing constructs
+     */
+    analyzeLineContext(line, tree) {
+        const context = {
+            inInterfaceDecl: false,
+            inFunctionBody: false,
+            inClassMethod: false,
+            inJSXElement: false,
+        };
+        // tree-sitter uses 0-based row indices
+        const targetRow = line - 1;
+        const node = this.findDeepestNodeAtLine(tree.rootNode, targetRow);
+        if (!node) {
+            return context;
+        }
+        // Walk ancestors from the deepest node upward
+        let current = node;
+        let insideClassBody = false;
+        while (current) {
+            const type = current.type;
+            if (INTERFACE_NODE_TYPES.has(type)) {
+                context.inInterfaceDecl = true;
+            }
+            if (FUNCTION_NODE_TYPES.has(type)) {
+                context.inFunctionBody = true;
+                // If we already saw a class ancestor, this function is a class method
+                if (insideClassBody || METHOD_NODE_TYPES.has(type)) {
+                    context.inClassMethod = true;
+                }
+            }
+            if (CLASS_NODE_TYPES.has(type)) {
+                insideClassBody = true;
+            }
+            if (JSX_NODE_TYPES.has(type)) {
+                context.inJSXElement = true;
+            }
+            current = current.parent;
+        }
+        return context;
+    }
+    // -----------------------------------------------------------------------
+    // Private helpers — file scope detection
+    // -----------------------------------------------------------------------
+    detectTestFile(filePath) {
+        return TEST_FILE_PATTERNS.some(p => p.test(filePath));
+    }
+    detectAdminRoute(filePath, content) {
+        // Path-based detection
+        if (ADMIN_PATH_PATTERNS.some(p => p.test(filePath))) {
+            return true;
+        }
+        // Content-based detection (e.g., AdminPanel component)
+        if (ADMIN_CONTENT_PATTERNS.some(p => p.test(content))) {
+            // Only count if the path also suggests dashboard/admin context
+            // OR the component name is strongly admin-specific
+            return true;
+        }
+        return false;
+    }
+    detectUserFacing(filePath) {
+        return USER_FACING_PATTERNS.some(p => p.test(filePath));
+    }
+    detectTypeDefinition(filePath, content, tree) {
+        // .d.ts files are always type definitions
+        if (TYPE_DEF_PATH_PATTERNS.some(p => p.test(filePath))) {
+            return true;
+        }
+        // Heuristic: if the file content is predominantly interfaces/types
+        if (tree) {
+            return this.isAstPrimarilyTypes(tree);
+        }
+        // Fallback: content-based heuristic for non-AST path
+        return this.isContentPrimarilyTypes(content);
+    }
+    detectConfigFile(filePath) {
+        return CONFIG_FILE_PATTERNS.some(p => p.test(filePath));
+    }
+    // -----------------------------------------------------------------------
+    // Private helpers — type definition heuristics
+    // -----------------------------------------------------------------------
+    /**
+     * Check via AST whether the file consists primarily of type declarations.
+     * A file is considered primarily types if >= 80% of its top-level
+     * statements are interface/type declarations.
+     */
+    isAstPrimarilyTypes(tree) {
+        const root = tree.rootNode;
+        let totalStatements = 0;
+        let typeStatements = 0;
+        for (let i = 0; i < root.childCount; i++) {
+            const child = root.child(i);
+            if (!child)
+                continue;
+            const type = child.type;
+            // Skip import/export wrapper nodes — look inside them
+            if (type === 'export_statement') {
+                const inner = child.namedChildren[0];
+                if (inner) {
+                    totalStatements++;
+                    if (this.isTypeNode(inner.type)) {
+                        typeStatements++;
+                    }
+                }
+                continue;
+            }
+            // Skip import statements — they don't count
+            if (type === 'import_statement')
+                continue;
+            totalStatements++;
+            if (this.isTypeNode(type)) {
+                typeStatements++;
+            }
+        }
+        if (totalStatements === 0)
+            return false;
+        return typeStatements / totalStatements >= 0.8;
+    }
+    isTypeNode(nodeType) {
+        return (nodeType === 'interface_declaration' ||
+            nodeType === 'type_alias_declaration');
+    }
+    /**
+     * Content-based fallback: count top-level interface/type declaration blocks
+     * vs total top-level statements (excluding imports and blanks).
+     *
+     * Uses a simple state machine: lines starting with `interface` or `type`
+     * keywords begin a type block. Lines that are clearly function/class/const
+     * declarations begin a non-type block. Lines inside a block (e.g., interface
+     * members) are attributed to whatever block they belong to.
+     */
+    isContentPrimarilyTypes(content) {
+        const lines = content.split('\n');
+        let typeBlocks = 0;
+        let nonTypeBlocks = 0;
+        const typeStart = /^\s*(export\s+)?(interface|type)\s+\w+/;
+        const nonTypeStart = /^\s*(export\s+)?(function|class|const|let|var|enum|async\s+function)\s+\w+/;
+        const importPattern = /^\s*import\s/;
+        const blankOrComment = /^\s*(\/\/|\/\*|\*|$)/;
+        const closingBrace = /^\s*\};\s*$/;
+        for (const line of lines) {
+            if (blankOrComment.test(line))
+                continue;
+            if (importPattern.test(line))
+                continue;
+            if (closingBrace.test(line))
+                continue;
+            if (typeStart.test(line)) {
+                typeBlocks++;
+            }
+            else if (nonTypeStart.test(line)) {
+                nonTypeBlocks++;
+            }
+            // Lines inside a block (members, etc.) are ignored for counting
+        }
+        const totalBlocks = typeBlocks + nonTypeBlocks;
+        if (totalBlocks === 0)
+            return false;
+        return typeBlocks / totalBlocks >= 0.8;
+    }
+    // -----------------------------------------------------------------------
+    // Private helpers — AST traversal
+    // -----------------------------------------------------------------------
+    /**
+     * Find the deepest (most specific) AST node whose range contains the
+     * target row. This gives us a starting point for ancestor walking.
+     */
+    findDeepestNodeAtLine(node, targetRow) {
+        // If this node doesn't span the target row, skip it
+        if (node.startPosition.row > targetRow || node.endPosition.row < targetRow) {
+            return null;
+        }
+        // Try to find a more specific child
+        for (let i = 0; i < node.childCount; i++) {
+            const child = node.child(i);
+            if (!child)
+                continue;
+            const deeper = this.findDeepestNodeAtLine(child, targetRow);
+            if (deeper) {
+                return deeper;
+            }
+        }
+        // No child matched — this node is the deepest
+        return node;
+    }
+}
+exports.ScopeAnalyzer = ScopeAnalyzer;
+exports.default = ScopeAnalyzer;
+//# sourceMappingURL=scope-analyzer.js.map

package/dist/scope-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-analyzer.js","sourceRoot":"","sources":["../src/scope-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAmCH,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,kBAAkB,GAAa;IACnC,aAAa;IACb,mBAAmB;IACnB,mBAAmB;IACnB,0BAA0B;IAC1B,qBAAqB;IACrB,sBAAsB;IACtB,gBAAgB;IAChB,kCAAkC;CACnC,CAAC;AAEF,MAAM,mBAAmB,GAAa;IACpC,kBAAkB;IAClB,sBAAsB;IACtB,sBAAsB;CACvB,CAAC;AAEF,MAAM,sBAAsB,GAAa;IACvC,gBAAgB;IAChB,oBAAoB;IACpB,iBAAiB;IACjB,gBAAgB;IAChB,eAAe;CAChB,CAAC;AAEF,MAAM,oBAAoB,GAAa;IACrC,kBAAkB;IAClB,uBAAuB;IACvB,kBAAkB;IAClB,oBAAoB;IACpB,gBAAgB;IAChB,+BAA+B;CAChC,CAAC;AAEF,MAAM,sBAAsB,GAAa;IACvC,aAAa;CACd,CAAC;AAEF,MAAM,oBAAoB,GAAa;IACrC,qBAAqB;IACrB,qBAAqB;IACrB,uBAAuB;IACvB,yBAAyB;IACzB,uBAAuB;IACvB,aAAa;CACd,CAAC;AAEF,8EAA8E;AAC9E,gDAAgD;AAChD,8EAA8E;AAE9E,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,uBAAuB;CACxB,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,sBAAsB;IACtB,gBAAgB;IAChB,UAAU;IACV,mBAAmB;IACnB,qBAAqB;CACtB,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,mBAAmB;IACnB,OAAO;CACR,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,mBAAmB;CACpB,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,aAAa;IACb,0BAA0B;CAC3B,CAAC,CAAC;AAEH,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;GAGG;AACH,MAAa,aAAa;IAExB;;;;;;;OAOG;IACH,WAAW,CAAC,QAAgB,EAAE,OAAe,EAAE,IAAkB;QAC/D,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAEhD,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;YAC3C,YAAY,EAAE,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC;YACxD,YAAY,EAAE,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC;YAC/C,gBAAgB,EAAE,IAAI,CAAC,oBAAoB,CAAC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;YACtE,YAAY,EAAE,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC;SAChD,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,kBAAkB,CAAC,IAAY,EAAE,IAAiB;QAChD,MAAM,OAAO,GAAgB;YAC3B,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,KAAK;YACpB,YAAY,EAAE,KAAK;SACpB,CAAC;QAEF,uCAAuC;QACvC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC;QAE3B,MAAM,IAAI,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,8CAA8C;QAC9C,IAAI,OAAO,GAA6B,IAAI,CAAC;QAC7C,IAAI,eAAe,GAAG,KAAK,CAAC;QAE5B,OAAO,OAAO,EAAE,CAAC;YACf,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;YAE1B,IAAI,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;YACjC,CAAC;YAED,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;gBAC9B,sEAAsE;gBACtE,IAAI,eAAe,IAAI,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBACnD,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;gBAC/B,CAAC;YACH,CAAC;YAED,IAAI,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/B,eAAe,GAAG,IAAI,CAAC;YACzB,CAAC;YAED,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;YAC9B,CAAC;YAED,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;QAC3B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0EAA0E;IAC1E,yCAAyC;IACzC,0EAA0E;IAElE,cAAc,CAAC,QAAgB;QACrC,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxD,CAAC;IAEO,gBAAgB,CAAC,QAAgB,EAAE,OAAe;QACxD,uBAAuB;QACvB,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACpD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,uDAAuD;QACvD,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACtD,+DAA+D;YAC/D,mDAAmD;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,gBAAgB,CAAC,QAAgB;QACvC,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1D,CAAC;IAEO,oBAAoB,CAC1B,QAAgB,EAChB,OAAe,EACf,IAAkB;QAElB,0CAA0C;QAC1C,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACvD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mEAAmE;QACnE,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;QAED,qDAAqD;QACrD,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEO,gBAAgB,CAAC,QAAgB;QACvC,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,0EAA0E;IAC1E,+CAA+C;IAC/C,0EAA0E;IAE1E;;;;OAIG;IACK,mBAAmB,CAAC,IAAiB;QAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,IAAI,eAAe,GAAG,CAAC,CAAC;QACxB,IAAI,cAAc,GAAG,CAAC,CAAC;QAEvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;YAExB,sDAAsD;YACtD,IAAI,IAAI,KAAK,kBAAkB,EAAE,CAAC;gBAChC,MAAM,KAAK,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;gBACrC,IAAI,KAAK,EAAE,CAAC;oBACV,eAAe,EAAE,CAAC;oBAClB,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;wBAChC,cAAc,EAAE,CAAC;oBACnB,CAAC;gBACH,CAAC;gBACD,SAAS;YACX,CAAC;YAED,4CAA4C;YAC5C,IAAI,IAAI,KAAK,kBAAkB;gBAAE,SAAS;YAE1C,eAAe,EAAE,CAAC;YAClB,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,cAAc,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;QAED,IAAI,eAAe,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACxC,OAAO,cAAc,GAAG,eAAe,IAAI,GAAG,CAAC;IACjD,CAAC;IAEO,UAAU,CAAC,QAAgB;QACjC,OAAO,CACL,QAAQ,KAAK,uBAAuB;YACpC,QAAQ,KAAK,wBAAwB,CACtC,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACK,uBAAuB,CAAC,OAAe;QAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,aAAa,GAAG,CAAC,CAAC;QAEtB,MAAM,SAAS,GAAG,wCAAwC,CAAC;QAC3D,MAAM,YAAY,GAAG,4EAA4E,CAAC;QAClG,MAAM,aAAa,GAAG,cAAc,CAAC;QACrC,MAAM,cAAc,GAAG,sBAAsB,CAAC;QAC9C,MAAM,YAAY,GAAG,aAAa,CAAC;QAEnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YACxC,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YACvC,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEtC,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,UAAU,EAAE,CAAC;YACf,CAAC;iBAAM,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnC,aAAa,EAAE,CAAC;YAClB,CAAC;YACD,gEAAgE;QAClE,CAAC;QAED,MAAM,WAAW,GAAG,UAAU,GAAG,aAAa,CAAC;QAC/C,IAAI,WAAW,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACpC,OAAO,UAAU,GAAG,WAAW,IAAI,GAAG,CAAC;IACzC,CAAC;IAED,0EAA0E;IAC1E,kCAAkC;IAClC,0EAA0E;IAE1E;;;OAGG;IACK,qBAAqB,CAC3B,IAAuB,EACvB,SAAiB;QAEjB,oDAAoD;QACpD,IAAI,IAAI,CAAC,aAAa,CAAC,GAAG,GAAG,SAAS,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,SAAS,EAAE,CAAC;YAC3E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,oCAAoC;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,KAAK;gBAAE,SAAS;YACrB,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;YAC5D,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AA1PD,sCA0PC;AAED,kBAAe,aAAa,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@runhalo/engine",
-  "version": "0.4.0",
-  "description": "Halo rule engine — COPPA 2.0 risk detection via tree-sitter AST analysis",
+  "version": "0.6.0",
+  "description": "Halo rule engine — child online safety compliance detection. 130 rules across 10 packs covering COPPA, UK AADC, EU DSA, EU AI Act, and more.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "files": [
@@ -17,6 +17,10 @@
     "coppa",
     "privacy",
     "child-safety",
+    "compliance",
+    "aadc",
+    "dsa",
+    "online-safety",
     "static-analysis",
     "tree-sitter",
     "ast",
@@ -33,6 +37,9 @@
   },
   "author": "Mindful Media <hello@mindfulmedia.org> (https://mindfulmedia.org)",
   "license": "Apache-2.0",
+  "publishConfig": {
+    "access": "public"
+  },
   "dependencies": {
     "glob": "^10.3.10",
     "js-yaml": "^3.14.2",

package/rules/coppa-tier-1.yaml

@@ -13,7 +13,7 @@ rules:
       name: Unverified Social Login Providers
       coppaSection: "§ 312.5 (Parental Consent) & COPPA 2.0 § 312.11 (Mixed Audience)"
       severity: critical
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -46,7 +46,7 @@ rules:
       name: Sensitive Data in GET Requests
       coppaSection: "§ 312.2 (Definitions - Personal Information)"
       severity: high
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -80,7 +80,7 @@ rules:
       name: Restricted Third-Party Ad Trackers
       coppaSection: "§ 312.2 (Definitions - Support for Internal Operations) - COPPA 2.0 Focus"
       severity: critical
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -123,7 +123,7 @@ rules:
       name: Precise Geolocation Without Parental Consent
       coppaSection: "§ 312.2 (Personal Information)"
       severity: high
-      penaltyRange: "$51,744 per violation"
+      penaltyRange: "$53,088 per violation"
       languages:
         - typescript
         - javascript
@@ -159,18 +159,23 @@ rules:
 
   # ============================================
   # 5. coppa-retention-005: Missing Data Retention Policy
+  # Updated: 2026-03-12 — COPPA 2025 final rule explicitly
+  # prohibits indefinite retention (§ 312.10)
   # ============================================
   - metadata:
       id: coppa-retention-005
       name: Missing Data Retention Policy in Database Schemas
-      coppaSection: "§ 312.10 (Data Retention and Deletion) - COPPA 2.0 Focus"
+      coppaSection: "§ 312.10 (Data Retention and Deletion) - COPPA 2025 Final Rule"
       severity: medium
-      penaltyRange: "Regulatory scrutiny / Audit failure"
+      penaltyRange: "$53,088 per violation (indefinite retention prohibition)"
       languages:
         - typescript
         - javascript
         - python
         - sql
+        - go
+        - java
+        - kotlin
       falsePositiveRisk: high
     patterns:
       - regex:
@@ -186,17 +191,19 @@ rules:
           pattern: "class\\s+\\w+.*extends\\s+Model(?!.*deletedAt)"
           flags: "g"
     autoFix:
-      description: "Add TTL index or expiration field to schema"
+      description: "Add explicit retention period, TTL index, and deletion mechanism per COPPA 2025 § 312.10"
       replacement: |
-        // Mongoose - Add TTL index
+        // Mongoose - Add TTL index with explicit retention period
         new Schema({
           createdAt: { type: Date, expires: '365d' },
+          retentionDays: { type: Number, default: 365 },
           email: String
         });
-        
-        // Sequelize - Add deletedAt
+
+        // Sequelize - Add deletedAt with retention config
         sequelize.define('User', {
           deletedAt: { type: DataTypes.DATE },
+          retentionDays: { type: DataTypes.INTEGER, defaultValue: 365 },
           // ... other fields
         }, {
           paranoid: true