@sfdxy/mule-lint 1.20.0 → 1.22.0

package/dist/src/rules/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rules/index.ts"],"names":[],"mappings":"AACA,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AA4FnC,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAGhC,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,0CAA0C,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAGrE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAG7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,2BAA2B,EAAE,MAAM,uCAAuC,CAAC;AAGpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAGzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAGxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAE1E;;;GAGG;AACH,eAAO,MAAM,SAAS,EAAE,IAAI,EAoG3B,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,CAE3D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAExD;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,EAAE,CAExC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/rules/index.ts"],"names":[],"mappings":"AACA,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AAkHnC,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAGhC,OAAO,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACjF,OAAO,EAAE,uBAAuB,EAAE,MAAM,0CAA0C,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAGrE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAG7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,2BAA2B,EAAE,MAAM,uCAAuC,CAAC;AAGpF,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAC1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAG9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAGzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AAGxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAE1E;;;GAGG;AACH,eAAO,MAAM,SAAS,EAAE,IAAI,EA0H3B,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,CAE3D;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAExD;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,EAAE,CAExC"}

package/dist/src/rules/index.js

@@ -28,6 +28,9 @@ const HttpStatusRule_1 = require("./error-handling/HttpStatusRule");
 const CorrelationIdRule_1 = require("./error-handling/CorrelationIdRule");
 const GenericErrorRule_1 = require("./error-handling/GenericErrorRule");
 const TryScopeRule_1 = require("./error-handling/TryScopeRule");
+const ErrorHandlerTypeCoverageRule_1 = require("./error-handling/ErrorHandlerTypeCoverageRule");
+const ErrorResponseStructureRule_1 = require("./error-handling/ErrorResponseStructureRule");
+const CatchAllLastRule_1 = require("./error-handling/CatchAllLastRule");
 // Import all rules - Naming
 const FlowNamingRule_1 = require("./naming/FlowNamingRule");
 const FlowCasingRule_1 = require("./naming/FlowCasingRule");
@@ -40,6 +43,10 @@ const TlsVersionRule_1 = require("./security/TlsVersionRule");
 const RateLimitingRule_1 = require("./security/RateLimitingRule");
 const InputValidationRule_1 = require("./security/InputValidationRule");
 const EncryptionKeyInLogsRule_1 = require("./security/EncryptionKeyInLogsRule");
+const ConnectorCredentialsSecuredRule_1 = require("./security/ConnectorCredentialsSecuredRule");
+const SecurePropertiesKeyRule_1 = require("./security/SecurePropertiesKeyRule");
+const TlsKeystorePasswordRule_1 = require("./security/TlsKeystorePasswordRule");
+const SecurePropertiesEncryptionRule_1 = require("./security/SecurePropertiesEncryptionRule");
 // Import all rules - Logging
 const LoggerCategoryRule_1 = require("./logging/LoggerCategoryRule");
 const LoggerPayloadRule_1 = require("./logging/LoggerPayloadRule");
@@ -54,10 +61,17 @@ const AutoDiscoveryRule_1 = require("./standards/AutoDiscoveryRule");
 const HttpPortPlaceholderRule_1 = require("./standards/HttpPortPlaceholderRule");
 const CronExternalizedRule_1 = require("./standards/CronExternalizedRule");
 const ApiKitValidationRule_1 = require("./standards/ApiKitValidationRule");
+const ConfigPropertiesOrderingRule_1 = require("./standards/ConfigPropertiesOrderingRule");
+const MissingEnvPropertiesDeclarationRule_1 = require("./standards/MissingEnvPropertiesDeclarationRule");
+const ApikitRouteVariableConsistencyRule_1 = require("./standards/ApikitRouteVariableConsistencyRule");
 // Import all rules - HTTP
 const HttpUserAgentRule_1 = require("./http/HttpUserAgentRule");
 const HttpContentTypeRule_1 = require("./http/HttpContentTypeRule");
 const HttpTimeoutRule_1 = require("./http/HttpTimeoutRule");
+const ConnectionIdleTimeoutRule_1 = require("./http/ConnectionIdleTimeoutRule");
+// Import all rules - Connector
+const ReplayChannelConfigRule_1 = require("./connector/ReplayChannelConfigRule");
+const EventListenerNullGuardRule_1 = require("./connector/EventListenerNullGuardRule");
 // Import all rules - Documentation
 const FlowDescriptionRule_1 = require("./documentation/FlowDescriptionRule");
 const MissingDocNameRule_1 = require("./documentation/MissingDocNameRule");
@@ -68,6 +82,7 @@ const AsyncErrorHandlerRule_1 = require("./performance/AsyncErrorHandlerRule");
 const LargeChoiceBlockRule_1 = require("./performance/LargeChoiceBlockRule");
 const ConnectionPoolingRule_1 = require("./performance/ConnectionPoolingRule");
 const ReconnectionStrategyRule_1 = require("./performance/ReconnectionStrategyRule");
+const ListenerReconnectForeverRule_1 = require("./performance/ListenerReconnectForeverRule");
 // Import all rules - Complexity
 const FlowComplexityRule_1 = require("./complexity/FlowComplexityRule");
 // Import all rules - YAML
@@ -77,14 +92,20 @@ const StructureRules_1 = require("./structure/StructureRules");
 // Import all rules - DataWeave
 const DataWeaveRules_1 = require("./dataweave/DataWeaveRules");
 const Java17DWErrorHandlingRule_1 = require("./dataweave/Java17DWErrorHandlingRule");
+const DuplicateTransformLogicRule_1 = require("./dataweave/DuplicateTransformLogicRule");
 // Import all rules - API-Led
 const ApiLedRules_1 = require("./api-led/ApiLedRules");
 const SingleSystemSapiRule_1 = require("./api-led/SingleSystemSapiRule");
+const ApikitMainFlowStructureRule_1 = require("./api-led/ApikitMainFlowStructureRule");
+const ApikitStatusCodeVariableRule_1 = require("./api-led/ApikitStatusCodeVariableRule");
+const ApikitConsoleProductionRule_1 = require("./api-led/ApikitConsoleProductionRule");
 // Import all rules - Experimental
 const ExperimentalRules_1 = require("./experimental/ExperimentalRules");
 // Import all rules - Operations & Hygiene
 const CommentedCodeRule_1 = require("./operations/CommentedCodeRule");
 const UnusedFlowRule_1 = require("./operations/UnusedFlowRule");
+const FlowRefTargetExistsRule_1 = require("./operations/FlowRefTargetExistsRule");
+const UnusedVariableRule_1 = require("./operations/UnusedVariableRule");
 // Import all rules - Governance
 const GovernanceRules_1 = require("./governance/GovernanceRules");
 // Export individual rules - Error Handling
@@ -147,7 +168,7 @@ var LargeChoiceBlockRule_2 = require("./performance/LargeChoiceBlockRule");
 Object.defineProperty(exports, "LargeChoiceBlockRule", { enumerable: true, get: function () { return LargeChoiceBlockRule_2.LargeChoiceBlockRule; } });
 /**
  * All available rules - instantiated and ready to use
- * Total: 56 rules (including operations, resilience, and hygiene rules)
+ * Total: 82 rules (including operations, resilience, hygiene, API-led, connector, and code quality rules)
  */
 exports.ALL_RULES = [
     // Error Handling Rules (MULE-001, 003, 005, 007, 009)
@@ -157,6 +178,9 @@ exports.ALL_RULES = [
     new CorrelationIdRule_1.CorrelationIdRule(),
     new GenericErrorRule_1.GenericErrorRule(),
     new TryScopeRule_1.TryScopeRule(), // ERR-001: Try Scope Best Practice
+    new ErrorHandlerTypeCoverageRule_1.ErrorHandlerTypeCoverageRule(), // ERR-002: APIKit Error Type Coverage
+    new ErrorResponseStructureRule_1.ErrorResponseStructureRule(), // ERR-003: Error Response Structure
+    new CatchAllLastRule_1.CatchAllLastRule(), // ERR-004: Catch-All Must Be Last
     // Naming Rules (MULE-002, 101, 102)
     new FlowNamingRule_1.FlowNamingRule(),
     new FlowCasingRule_1.FlowCasingRule(),
@@ -178,10 +202,11 @@ exports.ALL_RULES = [
     new ChoiceAntiPatternRule_1.ChoiceAntiPatternRule(),
     new DwlStandardsRule_1.DwlStandardsRule(),
     new DeprecatedComponentRule_1.DeprecatedComponentRule(),
-    // HTTP Rules (MULE-401, 402, 403)
+    // HTTP Rules (MULE-401, 402, 403, HTTP-004)
     new HttpUserAgentRule_1.HttpUserAgentRule(),
     new HttpContentTypeRule_1.HttpContentTypeRule(),
     new HttpTimeoutRule_1.HttpTimeoutRule(),
+    new ConnectionIdleTimeoutRule_1.ConnectionIdleTimeoutRule(), // HTTP-004: Connection Idle Timeout
     // Documentation Rules (MULE-601, 604)
     new FlowDescriptionRule_1.FlowDescriptionRule(),
     new MissingDocNameRule_1.MissingDocNameRule(),
@@ -200,37 +225,54 @@ exports.ALL_RULES = [
     new StructureRules_1.ProjectStructureRule(),
     new StructureRules_1.GlobalConfigRule(),
     new StructureRules_1.MonolithicXmlRule(),
-    // DataWeave Rules (DW-001, 002, 003, 004)
+    // DataWeave Rules (DW-001, 002, 003, 004, 005)
     new DataWeaveRules_1.ExternalDwlRule(),
     new DataWeaveRules_1.DwlNamingRule(),
     new DataWeaveRules_1.DwlModulesRule(),
     new Java17DWErrorHandlingRule_1.Java17DWErrorHandlingRule(),
-    // API-Led Rules (API-001, 002, 003, 004)
+    new DuplicateTransformLogicRule_1.DuplicateTransformLogicRule(), // DW-005: Duplicate Transform Logic
+    // API-Led Rules (API-001, 002, 003, 004, 006, 007, 008)
     new ApiLedRules_1.ExperienceLayerRule(),
     new ApiLedRules_1.ProcessLayerRule(),
     new ApiLedRules_1.SystemLayerRule(),
     new SingleSystemSapiRule_1.SingleSystemSapiRule(),
+    new ApikitMainFlowStructureRule_1.ApikitMainFlowStructureRule(), // API-006: APIKit Main Flow Structure
+    new ApikitStatusCodeVariableRule_1.ApikitStatusCodeVariableRule(), // API-007: APIKit Status Code Variable
+    new ApikitConsoleProductionRule_1.ApikitConsoleProductionRule(), // API-008: APIKit Console in Production
     // Experimental Rules (EXP-001, 002, 003)
     new ExperimentalRules_1.FlowRefDepthRule(),
     new ExperimentalRules_1.ConnectorConfigNamingRule(),
     new ExperimentalRules_1.MUnitCoverageRule(),
-    // Operations & Resilience Rules (RES-001, OPS-001, OPS-002, OPS-003)
+    // Operations & Resilience Rules (RES-001, RES-002, OPS-001, OPS-002, OPS-003)
     new ReconnectionStrategyRule_1.ReconnectionStrategyRule(),
+    new ListenerReconnectForeverRule_1.ListenerReconnectForeverRule(), // RES-002: Listener Reconnect-Forever
     new AutoDiscoveryRule_1.AutoDiscoveryRule(),
     new HttpPortPlaceholderRule_1.HttpPortPlaceholderRule(),
     new CronExternalizedRule_1.CronExternalizedRule(),
-    // Security Enhancement (SEC-006)
+    // Security Enhancement (SEC-006, SEC-007, SEC-008, SEC-009, SEC-010)
     new EncryptionKeyInLogsRule_1.EncryptionKeyInLogsRule(),
-    // Code Hygiene Rules (HYG-001, HYG-002, HYG-003)
+    new ConnectorCredentialsSecuredRule_1.ConnectorCredentialsSecuredRule(),
+    new SecurePropertiesKeyRule_1.SecurePropertiesKeyRule(),
+    new TlsKeystorePasswordRule_1.TlsKeystorePasswordRule(),
+    new SecurePropertiesEncryptionRule_1.SecurePropertiesEncryptionRule(),
+    // Code Hygiene Rules (HYG-001, HYG-002, HYG-003, HYG-004, HYG-005)
     new ExcessiveLoggersRule_1.ExcessiveLoggersRule(),
     new CommentedCodeRule_1.CommentedCodeRule(),
     new UnusedFlowRule_1.UnusedFlowRule(),
-    // Additional Standards (API-005, DOC-001)
+    new FlowRefTargetExistsRule_1.FlowRefTargetExistsRule(),
+    new UnusedVariableRule_1.UnusedVariableRule(), // HYG-005: Unused Variable
+    // Additional Standards (API-005, DOC-001, CFG-001, CFG-002, STD-001)
     new ApiKitValidationRule_1.ApiKitValidationRule(),
     new DisplayNameRule_1.DisplayNameRule(),
+    new ConfigPropertiesOrderingRule_1.ConfigPropertiesOrderingRule(), // CFG-001: Config Properties Ordering
+    new MissingEnvPropertiesDeclarationRule_1.MissingEnvPropertiesDeclarationRule(), // CFG-002: Missing Env Properties
+    new ApikitRouteVariableConsistencyRule_1.ApikitRouteVariableConsistencyRule(), // STD-001: APIKit Route Variable Consistency
     // Governance Rules (PROJ-001, PROJ-002)
     new GovernanceRules_1.PomValidationRule(),
     new GovernanceRules_1.GitHygieneRule(),
+    // Connector Rules (SF-001, SF-002)
+    new ReplayChannelConfigRule_1.ReplayChannelConfigRule(), // SF-001: Salesforce Replay Channel Config
+    new EventListenerNullGuardRule_1.EventListenerNullGuardRule(), // SF-002: Event Listener Null Guard
 ];
 /**
  * Get rules by category

package/dist/src/rules/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rules/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAsPA,gDAEC;AAKD,kCAEC;AAKD,sCAEC;AAtQD,oBAAoB;AACpB,kDAAgC;AAChC,qDAAmC;AAEnC,oCAAoC;AACpC,oFAAiF;AACjF,sFAAmF;AACnF,oEAAiE;AACjE,0EAAuE;AACvE,wEAAqE;AACrE,gEAA6D;AAE7D,4BAA4B;AAC5B,4DAAyD;AACzD,4DAAyD;AACzD,oEAAiE;AAEjE,8BAA8B;AAC9B,oEAAiE;AACjE,kFAA+E;AAC/E,gEAA6D;AAC7D,8DAA2D;AAC3D,kEAA+D;AAC/D,wEAAqE;AACrE,gFAA6E;AAE7E,6BAA6B;AAC7B,qEAAkE;AAClE,mEAAgE;AAChE,uFAAoF;AACpF,+DAA4F;AAC5F,yEAAsE;AAEtE,+BAA+B;AAC/B,6EAA0E;AAC1E,mEAAgE;AAChE,iFAA8E;AAC9E,qEAAkE;AAClE,iFAA8E;AAC9E,2EAAwE;AACxE,2EAAwE;AAExE,0BAA0B;AAC1B,gEAA6D;AAC7D,oEAAiE;AACjE,4DAAyD;AAEzD,mCAAmC;AACnC,6EAA0E;AAC1E,2EAAwE;AACxE,qEAAkE;AAElE,iCAAiC;AACjC,mFAAgF;AAChF,+EAA4E;AAC5E,6EAA0E;AAC1E,+EAA4E;AAC5E,qFAAkF;AAElF,gCAAgC;AAChC,wEAAqE;AAErE,0BAA0B;AAC1B,gDAAkG;AAElG,+BAA+B;AAC/B,+DAIoC;AAEpC,+BAA+B;AAC/B,+DAA4F;AAC5F,qFAAkF;AAElF,6BAA6B;AAC7B,uDAA+F;AAC/F,yEAAsE;AAEtE,kCAAkC;AAClC,wEAI0C;AAE1C,0CAA0C;AAC1C,sEAAmE;AACnE,gEAA6D;AAE7D,gCAAgC;AAChC,kEAAiF;AAIjF,2CAA2C;AAC3C,kFAAiF;AAAxE,gIAAA,sBAAsB,OAAA;AAC/B,oFAAmF;AAA1E,kIAAA,uBAAuB,OAAA;AAChC,kEAAiE;AAAxD,gHAAA,cAAc,OAAA;AACvB,wEAAuE;AAA9D,sHAAA,iBAAiB,OAAA;AAC1B,sEAAqE;AAA5D,oHAAA,gBAAgB,OAAA;AAEzB,mCAAmC;AACnC,0DAAyD;AAAhD,gHAAA,cAAc,OAAA;AACvB,0DAAyD;AAAhD,gHAAA,cAAc,OAAA;AACvB,kEAAiE;AAAxD,wHAAA,kBAAkB,OAAA;AAE3B,qCAAqC;AACrC,kEAAiE;AAAxD,sHAAA,iBAAiB,OAAA;AAC1B,gFAA+E;AAAtE,oIAAA,wBAAwB,OAAA;AACjC,8DAA6D;AAApD,kHAAA,eAAe,OAAA;AAExB,oCAAoC;AACpC,mEAAkE;AAAzD,wHAAA,kBAAkB,OAAA;AAC3B,iEAAgE;AAAvD,sHAAA,iBAAiB,OAAA;AAC1B,qFAAoF;AAA3E,0IAAA,2BAA2B,OAAA;AAEpC,sCAAsC;AACtC,2EAA0E;AAAjE,8HAAA,qBAAqB,OAAA;AAC9B,iEAAgE;AAAvD,oHAAA,gBAAgB,OAAA;AACzB,+EAA8E;AAArE,kIAAA,uBAAuB,OAAA;AAEhC,iCAAiC;AACjC,8DAA6D;AAApD,sHAAA,iBAAiB,OAAA;AAC1B,kEAAiE;AAAxD,0HAAA,mBAAmB,OAAA;AAC5B,0DAAyD;AAAhD,kHAAA,eAAe,OAAA;AAExB,0CAA0C;AAC1C,2EAA0E;AAAjE,0HAAA,mBAAmB,OAAA;AAC5B,yEAAwE;AAA/D,wHAAA,kBAAkB,OAAA;AAE3B,wCAAwC;AACxC,iFAAgF;AAAvE,kIAAA,uBAAuB,OAAA;AAChC,6EAA4E;AAAnE,8HAAA,qBAAqB,OAAA;AAC9B,2EAA0E;AAAjE,4HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACU,QAAA,SAAS,GAAW;IAC/B,sDAAsD;IACtD,IAAI,+CAAsB,EAAE;IAC5B,IAAI,iDAAuB,EAAE;IAC7B,IAAI,+BAAc,EAAE;IACpB,IAAI,qCAAiB,EAAE;IACvB,IAAI,mCAAgB,EAAE;IACtB,IAAI,2BAAY,EAAE,EAAE,mCAAmC;IAEvD,oCAAoC;IACpC,IAAI,+BAAc,EAAE;IACpB,IAAI,+BAAc,EAAE;IACpB,IAAI,uCAAkB,EAAE;IAExB,sCAAsC;IACtC,IAAI,qCAAiB,EAAE;IACvB,IAAI,mDAAwB,EAAE;IAC9B,IAAI,iCAAe,EAAE;IACrB,IAAI,+BAAc,EAAE,EAAE,6BAA6B;IACnD,IAAI,mCAAgB,EAAE,EAAE,yBAAyB;IACjD,IAAI,yCAAmB,EAAE,EAAE,4BAA4B;IAEvD,qCAAqC;IACrC,IAAI,uCAAkB,EAAE;IACxB,IAAI,qCAAiB,EAAE;IACvB,IAAI,yDAA2B,EAAE;IACjC,IAAI,uCAAqB,EAAE,EAAE,8BAA8B;IAC3D,IAAI,0CAAwB,EAAE,EAAE,kCAAkC;IAElE,uCAAuC;IACvC,IAAI,6CAAqB,EAAE;IAC3B,IAAI,mCAAgB,EAAE;IACtB,IAAI,iDAAuB,EAAE;IAE7B,kCAAkC;IAClC,IAAI,qCAAiB,EAAE;IACvB,IAAI,yCAAmB,EAAE;IACzB,IAAI,iCAAe,EAAE;IAErB,sCAAsC;IACtC,IAAI,yCAAmB,EAAE;IACzB,IAAI,uCAAkB,EAAE;IAExB,yCAAyC;IACzC,IAAI,iDAAuB,EAAE;IAC7B,IAAI,6CAAqB,EAAE;IAC3B,IAAI,2CAAoB,EAAE;IAC1B,IAAI,6CAAqB,EAAE,EAAE,+BAA+B;IAE5D,8BAA8B;IAC9B,IAAI,uCAAkB,EAAE;IAExB,kCAAkC;IAClC,IAAI,gCAAoB,EAAE;IAC1B,IAAI,8BAAkB,EAAE;IACxB,IAAI,gCAAoB,EAAE;IAE1B,uCAAuC;IACvC,IAAI,qCAAoB,EAAE;IAC1B,IAAI,iCAAgB,EAAE;IACtB,IAAI,kCAAiB,EAAE;IAEvB,0CAA0C;IAC1C,IAAI,gCAAe,EAAE;IACrB,IAAI,8BAAa,EAAE;IACnB,IAAI,+BAAc,EAAE;IACpB,IAAI,qDAAyB,EAAE;IAE/B,yCAAyC;IACzC,IAAI,iCAAmB,EAAE;IACzB,IAAI,8BAAgB,EAAE;IACtB,IAAI,6BAAe,EAAE;IACrB,IAAI,2CAAoB,EAAE;IAE1B,yCAAyC;IACzC,IAAI,oCAAgB,EAAE;IACtB,IAAI,6CAAyB,EAAE;IAC/B,IAAI,qCAAiB,EAAE;IAEvB,qEAAqE;IACrE,IAAI,mDAAwB,EAAE;IAC9B,IAAI,qCAAiB,EAAE;IACvB,IAAI,iDAAuB,EAAE;IAC7B,IAAI,2CAAoB,EAAE;IAE1B,iCAAiC;IACjC,IAAI,iDAAuB,EAAE;IAE7B,iDAAiD;IACjD,IAAI,2CAAoB,EAAE;IAC1B,IAAI,qCAAiB,EAAE;IACvB,IAAI,+BAAc,EAAE;IAEpB,0CAA0C;IAC1C,IAAI,2CAAoB,EAAE;IAC1B,IAAI,iCAAe,EAAE;IAErB,wCAAwC;IACxC,IAAI,mCAAiB,EAAE;IACvB,IAAI,gCAAc,EAAE;CACrB,CAAC;AAEF;;GAEG;AACH,SAAgB,kBAAkB,CAAC,QAAgB;IACjD,OAAO,iBAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,iBAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa;IAC3B,OAAO,iBAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC1C,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/rules/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAkSA,gDAEC;AAKD,kCAEC;AAKD,sCAEC;AAlTD,oBAAoB;AACpB,kDAAgC;AAChC,qDAAmC;AAEnC,oCAAoC;AACpC,oFAAiF;AACjF,sFAAmF;AACnF,oEAAiE;AACjE,0EAAuE;AACvE,wEAAqE;AACrE,gEAA6D;AAC7D,gGAA6F;AAC7F,4FAAyF;AACzF,wEAAqE;AAErE,4BAA4B;AAC5B,4DAAyD;AACzD,4DAAyD;AACzD,oEAAiE;AAEjE,8BAA8B;AAC9B,oEAAiE;AACjE,kFAA+E;AAC/E,gEAA6D;AAC7D,8DAA2D;AAC3D,kEAA+D;AAC/D,wEAAqE;AACrE,gFAA6E;AAC7E,gGAA6F;AAC7F,gFAA6E;AAC7E,gFAA6E;AAC7E,8FAA2F;AAE3F,6BAA6B;AAC7B,qEAAkE;AAClE,mEAAgE;AAChE,uFAAoF;AACpF,+DAA4F;AAC5F,yEAAsE;AAEtE,+BAA+B;AAC/B,6EAA0E;AAC1E,mEAAgE;AAChE,iFAA8E;AAC9E,qEAAkE;AAClE,iFAA8E;AAC9E,2EAAwE;AACxE,2EAAwE;AACxE,2FAAwF;AACxF,yGAAsG;AACtG,uGAAoG;AAEpG,0BAA0B;AAC1B,gEAA6D;AAC7D,oEAAiE;AACjE,4DAAyD;AACzD,gFAA6E;AAE7E,+BAA+B;AAC/B,iFAA8E;AAC9E,uFAAoF;AAEpF,mCAAmC;AACnC,6EAA0E;AAC1E,2EAAwE;AACxE,qEAAkE;AAElE,iCAAiC;AACjC,mFAAgF;AAChF,+EAA4E;AAC5E,6EAA0E;AAC1E,+EAA4E;AAC5E,qFAAkF;AAClF,6FAA0F;AAE1F,gCAAgC;AAChC,wEAAqE;AAErE,0BAA0B;AAC1B,gDAAkG;AAElG,+BAA+B;AAC/B,+DAIoC;AAEpC,+BAA+B;AAC/B,+DAA4F;AAC5F,qFAAkF;AAClF,yFAAsF;AAEtF,6BAA6B;AAC7B,uDAA+F;AAC/F,yEAAsE;AACtE,uFAAoF;AACpF,yFAAsF;AACtF,uFAAoF;AAEpF,kCAAkC;AAClC,wEAI0C;AAE1C,0CAA0C;AAC1C,sEAAmE;AACnE,gEAA6D;AAC7D,kFAA+E;AAC/E,wEAAqE;AAErE,gCAAgC;AAChC,kEAAiF;AAIjF,2CAA2C;AAC3C,kFAAiF;AAAxE,gIAAA,sBAAsB,OAAA;AAC/B,oFAAmF;AAA1E,kIAAA,uBAAuB,OAAA;AAChC,kEAAiE;AAAxD,gHAAA,cAAc,OAAA;AACvB,wEAAuE;AAA9D,sHAAA,iBAAiB,OAAA;AAC1B,sEAAqE;AAA5D,oHAAA,gBAAgB,OAAA;AAEzB,mCAAmC;AACnC,0DAAyD;AAAhD,gHAAA,cAAc,OAAA;AACvB,0DAAyD;AAAhD,gHAAA,cAAc,OAAA;AACvB,kEAAiE;AAAxD,wHAAA,kBAAkB,OAAA;AAE3B,qCAAqC;AACrC,kEAAiE;AAAxD,sHAAA,iBAAiB,OAAA;AAC1B,gFAA+E;AAAtE,oIAAA,wBAAwB,OAAA;AACjC,8DAA6D;AAApD,kHAAA,eAAe,OAAA;AAExB,oCAAoC;AACpC,mEAAkE;AAAzD,wHAAA,kBAAkB,OAAA;AAC3B,iEAAgE;AAAvD,sHAAA,iBAAiB,OAAA;AAC1B,qFAAoF;AAA3E,0IAAA,2BAA2B,OAAA;AAEpC,sCAAsC;AACtC,2EAA0E;AAAjE,8HAAA,qBAAqB,OAAA;AAC9B,iEAAgE;AAAvD,oHAAA,gBAAgB,OAAA;AACzB,+EAA8E;AAArE,kIAAA,uBAAuB,OAAA;AAEhC,iCAAiC;AACjC,8DAA6D;AAApD,sHAAA,iBAAiB,OAAA;AAC1B,kEAAiE;AAAxD,0HAAA,mBAAmB,OAAA;AAC5B,0DAAyD;AAAhD,kHAAA,eAAe,OAAA;AAExB,0CAA0C;AAC1C,2EAA0E;AAAjE,0HAAA,mBAAmB,OAAA;AAC5B,yEAAwE;AAA/D,wHAAA,kBAAkB,OAAA;AAE3B,wCAAwC;AACxC,iFAAgF;AAAvE,kIAAA,uBAAuB,OAAA;AAChC,6EAA4E;AAAnE,8HAAA,qBAAqB,OAAA;AAC9B,2EAA0E;AAAjE,4HAAA,oBAAoB,OAAA;AAE7B;;;GAGG;AACU,QAAA,SAAS,GAAW;IAC/B,sDAAsD;IACtD,IAAI,+CAAsB,EAAE;IAC5B,IAAI,iDAAuB,EAAE;IAC7B,IAAI,+BAAc,EAAE;IACpB,IAAI,qCAAiB,EAAE;IACvB,IAAI,mCAAgB,EAAE;IACtB,IAAI,2BAAY,EAAE,EAAE,mCAAmC;IACvD,IAAI,2DAA4B,EAAE,EAAE,sCAAsC;IAC1E,IAAI,uDAA0B,EAAE,EAAE,oCAAoC;IACtE,IAAI,mCAAgB,EAAE,EAAE,kCAAkC;IAE1D,oCAAoC;IACpC,IAAI,+BAAc,EAAE;IACpB,IAAI,+BAAc,EAAE;IACpB,IAAI,uCAAkB,EAAE;IAExB,sCAAsC;IACtC,IAAI,qCAAiB,EAAE;IACvB,IAAI,mDAAwB,EAAE;IAC9B,IAAI,iCAAe,EAAE;IACrB,IAAI,+BAAc,EAAE,EAAE,6BAA6B;IACnD,IAAI,mCAAgB,EAAE,EAAE,yBAAyB;IACjD,IAAI,yCAAmB,EAAE,EAAE,4BAA4B;IAEvD,qCAAqC;IACrC,IAAI,uCAAkB,EAAE;IACxB,IAAI,qCAAiB,EAAE;IACvB,IAAI,yDAA2B,EAAE;IACjC,IAAI,uCAAqB,EAAE,EAAE,8BAA8B;IAC3D,IAAI,0CAAwB,EAAE,EAAE,kCAAkC;IAElE,uCAAuC;IACvC,IAAI,6CAAqB,EAAE;IAC3B,IAAI,mCAAgB,EAAE;IACtB,IAAI,iDAAuB,EAAE;IAE7B,4CAA4C;IAC5C,IAAI,qCAAiB,EAAE;IACvB,IAAI,yCAAmB,EAAE;IACzB,IAAI,iCAAe,EAAE;IACrB,IAAI,qDAAyB,EAAE,EAAE,oCAAoC;IAErE,sCAAsC;IACtC,IAAI,yCAAmB,EAAE;IACzB,IAAI,uCAAkB,EAAE;IAExB,yCAAyC;IACzC,IAAI,iDAAuB,EAAE;IAC7B,IAAI,6CAAqB,EAAE;IAC3B,IAAI,2CAAoB,EAAE;IAC1B,IAAI,6CAAqB,EAAE,EAAE,+BAA+B;IAE5D,8BAA8B;IAC9B,IAAI,uCAAkB,EAAE;IAExB,kCAAkC;IAClC,IAAI,gCAAoB,EAAE;IAC1B,IAAI,8BAAkB,EAAE;IACxB,IAAI,gCAAoB,EAAE;IAE1B,uCAAuC;IACvC,IAAI,qCAAoB,EAAE;IAC1B,IAAI,iCAAgB,EAAE;IACtB,IAAI,kCAAiB,EAAE;IAEvB,+CAA+C;IAC/C,IAAI,gCAAe,EAAE;IACrB,IAAI,8BAAa,EAAE;IACnB,IAAI,+BAAc,EAAE;IACpB,IAAI,qDAAyB,EAAE;IAC/B,IAAI,yDAA2B,EAAE,EAAE,oCAAoC;IAEvE,wDAAwD;IACxD,IAAI,iCAAmB,EAAE;IACzB,IAAI,8BAAgB,EAAE;IACtB,IAAI,6BAAe,EAAE;IACrB,IAAI,2CAAoB,EAAE;IAC1B,IAAI,yDAA2B,EAAE,EAAE,sCAAsC;IACzE,IAAI,2DAA4B,EAAE,EAAE,uCAAuC;IAC3E,IAAI,yDAA2B,EAAE,EAAE,wCAAwC;IAE3E,yCAAyC;IACzC,IAAI,oCAAgB,EAAE;IACtB,IAAI,6CAAyB,EAAE;IAC/B,IAAI,qCAAiB,EAAE;IAEvB,8EAA8E;IAC9E,IAAI,mDAAwB,EAAE;IAC9B,IAAI,2DAA4B,EAAE,EAAE,sCAAsC;IAC1E,IAAI,qCAAiB,EAAE;IACvB,IAAI,iDAAuB,EAAE;IAC7B,IAAI,2CAAoB,EAAE;IAE1B,qEAAqE;IACrE,IAAI,iDAAuB,EAAE;IAC7B,IAAI,iEAA+B,EAAE;IACrC,IAAI,iDAAuB,EAAE;IAC7B,IAAI,iDAAuB,EAAE;IAC7B,IAAI,+DAA8B,EAAE;IAEpC,mEAAmE;IACnE,IAAI,2CAAoB,EAAE;IAC1B,IAAI,qCAAiB,EAAE;IACvB,IAAI,+BAAc,EAAE;IACpB,IAAI,iDAAuB,EAAE;IAC7B,IAAI,uCAAkB,EAAE,EAAE,2BAA2B;IAErD,qEAAqE;IACrE,IAAI,2CAAoB,EAAE;IAC1B,IAAI,iCAAe,EAAE;IACrB,IAAI,2DAA4B,EAAE,EAAE,sCAAsC;IAC1E,IAAI,yEAAmC,EAAE,EAAE,kCAAkC;IAC7E,IAAI,uEAAkC,EAAE,EAAE,6CAA6C;IAEvF,wCAAwC;IACxC,IAAI,mCAAiB,EAAE;IACvB,IAAI,gCAAc,EAAE;IAEpB,mCAAmC;IACnC,IAAI,iDAAuB,EAAE,EAAE,2CAA2C;IAC1E,IAAI,uDAA0B,EAAE,EAAE,oCAAoC;CACvE,CAAC;AAEF;;GAEG;AACH,SAAgB,kBAAkB,CAAC,QAAgB;IACjD,OAAO,iBAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,iBAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa;IAC3B,OAAO,iBAAS,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC1C,CAAC"}

package/dist/src/rules/logging/LoggerPayloadRule.d.ts

@@ -4,6 +4,14 @@ import { BaseRule } from '../base/BaseRule';
  * MULE-301: Logger Payload Reference
  *
  * Loggers should not directly reference #[payload] for security/performance.
+ * This includes:
+ *   - Direct payload reference: #[payload]
+ *   - DataWeave write of full payload: write(payload, 'application/json')
+ *   - output application/json --- payload (full payload serialization)
+ *
+ * Logging the entire payload risks exposing PII/sensitive customer data
+ * (names, addresses, SSNs, credit cards) and can degrade performance for
+ * large payloads.
  */
 export declare class LoggerPayloadRule extends BaseRule {
     id: string;
@@ -13,5 +21,12 @@ export declare class LoggerPayloadRule extends BaseRule {
     category: "logging";
     validate(doc: Document, _context: ValidationContext): Issue[];
     private hasDirectPayloadReference;
+    /**
+     * Detect DataWeave patterns that serialize the full payload:
+     *   - write(payload, 'application/json')
+     *   - write(payload, "application/json")
+     *   - output application/json --- payload
+     */
+    private hasPayloadSerialization;
 }
 //# sourceMappingURL=LoggerPayloadRule.d.ts.map

package/dist/src/rules/logging/LoggerPayloadRule.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"LoggerPayloadRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/logging/LoggerPayloadRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;GAIG;AACH,qBAAa,iBAAkB,SAAQ,QAAQ;IAC7C,EAAE,SAAc;IAChB,IAAI,SAA8B;IAClC,WAAW,SAAoD;IAC/D,QAAQ,EAAG,SAAS,CAAU;IAC9B,QAAQ,EAAG,SAAS,CAAU;IAE9B,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;IA0B7D,OAAO,CAAC,yBAAyB;CAQlC"}
+{"version":3,"file":"LoggerPayloadRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/logging/LoggerPayloadRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;;;GAYG;AACH,qBAAa,iBAAkB,SAAQ,QAAQ;IAC7C,EAAE,SAAc;IAChB,IAAI,SAA8B;IAClC,WAAW,SAAoD;IAC/D,QAAQ,EAAG,SAAS,CAAU;IAC9B,QAAQ,EAAG,SAAS,CAAU;IAE9B,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;IAuD7D,OAAO,CAAC,yBAAyB;IAUjC;;;;;OAKG;IACH,OAAO,CAAC,uBAAuB;CAWhC"}

package/dist/src/rules/logging/LoggerPayloadRule.js

@@ -6,6 +6,14 @@ const BaseRule_1 = require("../base/BaseRule");
  * MULE-301: Logger Payload Reference
  *
  * Loggers should not directly reference #[payload] for security/performance.
+ * This includes:
+ *   - Direct payload reference: #[payload]
+ *   - DataWeave write of full payload: write(payload, 'application/json')
+ *   - output application/json --- payload (full payload serialization)
+ *
+ * Logging the entire payload risks exposing PII/sensitive customer data
+ * (names, addresses, SSNs, credit cards) and can degrade performance for
+ * large payloads.
  */
 class LoggerPayloadRule extends BaseRule_1.BaseRule {
     id = 'MULE-301';
@@ -15,24 +23,60 @@ class LoggerPayloadRule extends BaseRule_1.BaseRule {
     category = 'logging';
     validate(doc, _context) {
         const issues = [];
-        const loggers = this.select('//mule:logger[@message]', doc);
+        // Check standard logger elements with message attribute
+        const loggers = this.select('//*[local-name()="logger"]', doc);
         for (const logger of loggers) {
             const message = this.getAttribute(logger, 'message') ?? '';
-            // Check for direct payload logging
             if (this.hasDirectPayloadReference(message)) {
                 const docName = this.getDocName(logger) ?? 'Logger';
                 issues.push(this.createIssue(logger, `Logger "${docName}" logs entire payload - security/performance risk`, {
-                    suggestion: 'Log specific fields instead: #[payload.orderId]',
+                    suggestion: 'Log specific fields instead: #[payload.orderId] or use a masking DataWeave module',
                 }));
             }
         }
+        // Check ee:transform set-payload inside logger contexts
+        // (Some projects put write(payload,...) in transform message elements)
+        const transforms = this.select('//*[local-name()="transform"]', doc);
+        for (const transform of transforms) {
+            // Check all text content in set-payload / set-variable / message elements
+            const payloadSetters = this.select('.//*[local-name()="set-payload" or local-name()="set-variable"]', transform);
+            for (const setter of payloadSetters) {
+                const content = setter.textContent ?? '';
+                if (this.hasPayloadSerialization(content)) {
+                    const docName = this.getDocName(transform) ?? 'Transform';
+                    issues.push(this.createIssue(transform, `Transform "${docName}" serializes entire payload (write(payload,...)) - PII exposure risk`, {
+                        severity: 'warning',
+                        suggestion: 'Serialize only specific fields or use a masking function to redact sensitive data before logging',
+                    }));
+                    break; // One issue per transform
+                }
+            }
+        }
         return issues;
     }
     hasDirectPayloadReference(message) {
         // Match #[payload] but not #[payload.something]
         return (/#\[payload\s*\]/.test(message) ||
             /#\[\s*payload\s*\]/.test(message) ||
-            message === '#[payload]');
+            message === '#[payload]' ||
+            this.hasPayloadSerialization(message));
+    }
+    /**
+     * Detect DataWeave patterns that serialize the full payload:
+     *   - write(payload, 'application/json')
+     *   - write(payload, "application/json")
+     *   - output application/json --- payload
+     */
+    hasPayloadSerialization(content) {
+        // write(payload, ...) — serializes entire payload to string
+        if (/write\s*\(\s*payload\s*,/.test(content)) {
+            return true;
+        }
+        // output ... --- payload (entire payload as output body)
+        if (/---\s*payload\s*$/.test(content.trim())) {
+            return true;
+        }
+        return false;
     }
 }
 exports.LoggerPayloadRule = LoggerPayloadRule;

package/dist/src/rules/logging/LoggerPayloadRule.js.map

@@ -1 +1 @@
-{"version":3,"file":"LoggerPayloadRule.js","sourceRoot":"","sources":["../../../../src/rules/logging/LoggerPayloadRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;GAIG;AACH,MAAa,iBAAkB,SAAQ,mBAAQ;IAC7C,EAAE,GAAG,UAAU,CAAC;IAChB,IAAI,GAAG,0BAA0B,CAAC;IAClC,WAAW,GAAG,gDAAgD,CAAC;IAC/D,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,SAAkB,CAAC;IAE9B,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;QAE5D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;YAE3D,mCAAmC;YACnC,IAAI,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,MAAM,EACN,WAAW,OAAO,mDAAmD,EACrE;oBACE,UAAU,EAAE,iDAAiD;iBAC9D,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,yBAAyB,CAAC,OAAe;QAC/C,gDAAgD;QAChD,OAAO,CACL,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;YAC/B,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;YAClC,OAAO,KAAK,YAAY,CACzB,CAAC;IACJ,CAAC;CACF;AAzCD,8CAyCC"}
+{"version":3,"file":"LoggerPayloadRule.js","sourceRoot":"","sources":["../../../../src/rules/logging/LoggerPayloadRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;;;GAYG;AACH,MAAa,iBAAkB,SAAQ,mBAAQ;IAC7C,EAAE,GAAG,UAAU,CAAC;IAChB,IAAI,GAAG,0BAA0B,CAAC;IAClC,WAAW,GAAG,gDAAgD,CAAC;IAC/D,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,SAAkB,CAAC;IAE9B,QAAQ,CAAC,GAAa,EAAE,QAA2B;QACjD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,wDAAwD;QACxD,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;QAC/D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;YAE3D,IAAI,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,MAAM,EACN,WAAW,OAAO,mDAAmD,EACrE;oBACE,UAAU,EACR,mFAAmF;iBACtF,CACF,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,uEAAuE;QACvE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,+BAA+B,EAAE,GAAG,CAAC,CAAC;QACrE,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,0EAA0E;YAC1E,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAChC,iEAAiE,EACjE,SAAqB,CACtB,CAAC;YACF,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;gBACzC,IAAI,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,WAAW,CAAC;oBAC1D,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CACd,SAAS,EACT,cAAc,OAAO,sEAAsE,EAC3F;wBACE,QAAQ,EAAE,SAAS;wBACnB,UAAU,EACR,kGAAkG;qBACrG,CACF,CACF,CAAC;oBACF,MAAM,CAAC,0BAA0B;gBACnC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,yBAAyB,CAAC,OAAe;QAC/C,gDAAgD;QAChD,OAAO,CACL,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC;YAC/B,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC;YAClC,OAAO,KAAK,YAAY;YACxB,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,CACtC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,uBAAuB,CAAC,OAAe;QAC7C,4DAA4D;QAC5D,IAAI,0BAA0B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,yDAAyD;QACzD,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAzFD,8CAyFC"}

package/dist/src/rules/operations/FlowRefTargetExistsRule.d.ts

@@ -0,0 +1,23 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * HYG-004: Flow-Ref Target Exists
+ *
+ * Every <flow-ref name="X"/> must have a corresponding <flow name="X"/> or
+ * <sub-flow name="X"/> somewhere in the project.  When the engine provides
+ * `context.allFlowRefs` we rely on the pre-scanned flow name map; otherwise
+ * we fall back to intra-file validation only.
+ *
+ * This rule catches broken wiring at lint time, preventing runtime
+ * MULE:ROUTING errors in production.
+ */
+export declare class FlowRefTargetExistsRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "error";
+    category: "operations";
+    issueType: IssueType;
+    validate(doc: Document, context: ValidationContext): Issue[];
+}
+//# sourceMappingURL=FlowRefTargetExistsRule.d.ts.map

package/dist/src/rules/operations/FlowRefTargetExistsRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"FlowRefTargetExistsRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/operations/FlowRefTargetExistsRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;GAUG;AACH,qBAAa,uBAAwB,SAAQ,QAAQ;IACnD,EAAE,SAAa;IACf,IAAI,SAA4B;IAChC,WAAW,SAAgE;IAC3E,QAAQ,EAAG,OAAO,CAAU;IAC5B,QAAQ,EAAG,YAAY,CAAU;IACjC,SAAS,EAAE,SAAS,CAAS;IAE7B,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,GAAG,KAAK,EAAE;CA0C7D"}

package/dist/src/rules/operations/FlowRefTargetExistsRule.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FlowRefTargetExistsRule = void 0;
+const BaseRule_1 = require("../base/BaseRule");
+/**
+ * HYG-004: Flow-Ref Target Exists
+ *
+ * Every <flow-ref name="X"/> must have a corresponding <flow name="X"/> or
+ * <sub-flow name="X"/> somewhere in the project.  When the engine provides
+ * `context.allFlowRefs` we rely on the pre-scanned flow name map; otherwise
+ * we fall back to intra-file validation only.
+ *
+ * This rule catches broken wiring at lint time, preventing runtime
+ * MULE:ROUTING errors in production.
+ */
+class FlowRefTargetExistsRule extends BaseRule_1.BaseRule {
+    id = 'HYG-004';
+    name = 'Flow-Ref Target Exists';
+    description = 'Every flow-ref must reference an existing flow or sub-flow';
+    severity = 'error';
+    category = 'operations';
+    issueType = 'bug';
+    validate(doc, context) {
+        const issues = [];
+        // Collect all flow/sub-flow names defined in this file
+        const localFlowNames = new Set();
+        const flows = this.select('//*[local-name()="flow" or local-name()="sub-flow"]', doc);
+        for (const flow of flows) {
+            const name = this.getNameAttribute(flow);
+            if (name) {
+                localFlowNames.add(name);
+            }
+        }
+        // Collect all flow names across project if available
+        const allFlowNames = context.allFlowNames ?? localFlowNames;
+        // Check every flow-ref
+        const flowRefs = this.select('//*[local-name()="flow-ref"]', doc);
+        for (const ref of flowRefs) {
+            const targetName = this.getNameAttribute(ref);
+            if (!targetName) {
+                continue;
+            }
+            // Skip dynamic flow-refs (DataWeave expressions)
+            if (targetName.includes('#[') || targetName.includes('${')) {
+                continue;
+            }
+            if (!allFlowNames.has(targetName)) {
+                const docName = this.getDocName(ref) ?? targetName;
+                issues.push(this.createIssue(ref, `Flow-ref "${docName}" targets non-existent flow "${targetName}"`, {
+                    suggestion: 'Verify the target flow or sub-flow exists. Check for typos or missing XML files in src/main/mule/',
+                }));
+            }
+        }
+        return issues;
+    }
+}
+exports.FlowRefTargetExistsRule = FlowRefTargetExistsRule;
+//# sourceMappingURL=FlowRefTargetExistsRule.js.map

package/dist/src/rules/operations/FlowRefTargetExistsRule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"FlowRefTargetExistsRule.js","sourceRoot":"","sources":["../../../../src/rules/operations/FlowRefTargetExistsRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;GAUG;AACH,MAAa,uBAAwB,SAAQ,mBAAQ;IACnD,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,wBAAwB,CAAC;IAChC,WAAW,GAAG,4DAA4D,CAAC;IAC3E,QAAQ,GAAG,OAAgB,CAAC;IAC5B,QAAQ,GAAG,YAAqB,CAAC;IACjC,SAAS,GAAc,KAAK,CAAC;IAE7B,QAAQ,CAAC,GAAa,EAAE,OAA0B;QAChD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,uDAAuD;QACvD,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,qDAAqD,EAAE,GAAG,CAAC,CAAC;QACtF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,IAAI,EAAE,CAAC;gBACT,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,cAAc,CAAC;QAE5D,uBAAuB;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;QAClE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,SAAS;YACX,CAAC;YAED,iDAAiD;YACjD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3D,SAAS;YACX,CAAC;YAED,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC;gBACnD,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,aAAa,OAAO,gCAAgC,UAAU,GAAG,EAAE;oBACvF,UAAU,EACR,mGAAmG;iBACtG,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAlDD,0DAkDC"}

package/dist/src/rules/operations/UnusedFlowRule.d.ts

@@ -9,6 +9,14 @@ import { BaseRule } from '../base/BaseRule';
  * (populated during the pre-scan phase), the rule checks across all project
  * files.  When scanning a standalone file (allFlowRefs is undefined), only
  * intra-file references are checked.
+ *
+ * The rule recognises several categories of "externally referenced" flows:
+ *   - APIKit-generated flows: verb:\path:config  (routed by apikit:router)
+ *   - Flows with external triggers: http:listener, scheduler, vm:listener,
+ *     salesforce:* listeners (replay-channel-listener, subscribe-channel-listener,
+ *     replay-topic-listener, subscribe-topic-listener, modified-object-listener,
+ *     new-object-listener)
+ *   - Common naming conventions: *-main, *-api, api-*, *-console, *-error-handler, global*
  */
 export declare class UnusedFlowRule extends BaseRule {
     id: string;
@@ -17,6 +25,18 @@ export declare class UnusedFlowRule extends BaseRule {
     severity: "warning";
     category: "standards";
     validate(doc: Document, context: ValidationContext): Issue[];
+    /**
+     * Check if a flow name matches the APIKit auto-generated naming convention.
+     * Pattern: verb:\path:config-name  (e.g. "get:\orders:api-config")
+     * Also matches with (type) suffix: "get:\orders:api-config(application\json)"
+     */
+    private isApikitFlow;
+    /**
+     * Check if a flow has an external trigger (a source component as the first
+     * processor). This covers HTTP listeners, schedulers, VM listeners,
+     * Salesforce connectors, and any other connector listener.
+     */
+    private hasExternalTrigger;
     private isExternallyReferenced;
 }
 //# sourceMappingURL=UnusedFlowRule.d.ts.map

package/dist/src/rules/operations/UnusedFlowRule.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"UnusedFlowRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/operations/UnusedFlowRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;GASG;AACH,qBAAa,cAAe,SAAQ,QAAQ;IAC1C,EAAE,SAAa;IACf,IAAI,SAA2B;IAC/B,WAAW,SAA6C;IACxD,QAAQ,EAAG,SAAS,CAAU;IAC9B,QAAQ,EAAG,WAAW,CAAU;IAEhC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,GAAG,KAAK,EAAE;IA0E5D,OAAO,CAAC,sBAAsB;CAY/B"}
+{"version":3,"file":"UnusedFlowRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/operations/UnusedFlowRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,cAAe,SAAQ,QAAQ;IAC1C,EAAE,SAAa;IACf,IAAI,SAA2B;IAC/B,WAAW,SAA6C;IACxD,QAAQ,EAAG,SAAS,CAAU;IAC9B,QAAQ,EAAG,WAAW,CAAU;IAEhC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,GAAG,KAAK,EAAE;IAwE5D;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAKpB;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;IAgD1B,OAAO,CAAC,sBAAsB;CAY/B"}

package/dist/src/rules/operations/UnusedFlowRule.js

@@ -11,6 +11,14 @@ const BaseRule_1 = require("../base/BaseRule");
  * (populated during the pre-scan phase), the rule checks across all project
  * files.  When scanning a standalone file (allFlowRefs is undefined), only
  * intra-file references are checked.
+ *
+ * The rule recognises several categories of "externally referenced" flows:
+ *   - APIKit-generated flows: verb:\path:config  (routed by apikit:router)
+ *   - Flows with external triggers: http:listener, scheduler, vm:listener,
+ *     salesforce:* listeners (replay-channel-listener, subscribe-channel-listener,
+ *     replay-topic-listener, subscribe-topic-listener, modified-object-listener,
+ *     new-object-listener)
+ *   - Common naming conventions: *-main, *-api, api-*, *-console, *-error-handler, global*
  */
 class UnusedFlowRule extends BaseRule_1.BaseRule {
     id = 'HYG-003';
@@ -54,18 +62,19 @@ class UnusedFlowRule extends BaseRule_1.BaseRule {
                 }
             }
         }
-        // Check private flows (not triggered by HTTP/scheduler)
+        // Check private flows (not triggered by HTTP/scheduler/connector listeners)
         for (const flow of flows) {
             const name = this.getNameAttribute(flow);
             if (!name) {
                 continue;
             }
-            // Skip if it has an external trigger
-            const hasHttpListener = this.exists('.//*[local-name()="listener"]', flow);
-            const hasScheduler = this.exists('.//*[local-name()="scheduler"]', flow);
-            const hasVmListener = this.exists('.//*[local-name()="listener" and contains(@config-ref, "vm")]', flow);
-            if (hasHttpListener || hasScheduler || hasVmListener) {
-                continue; // Entry point flow
+            // Skip APIKit-generated flows (verb:\path:config pattern)
+            if (this.isApikitFlow(name)) {
+                continue;
+            }
+            // Skip if it has an external trigger (listener / scheduler)
+            if (this.hasExternalTrigger(flow)) {
+                continue;
             }
             // Check if referenced
             if (!referencedFlows.has(name) && !this.isExternallyReferenced(name)) {
@@ -77,6 +86,63 @@ class UnusedFlowRule extends BaseRule_1.BaseRule {
         }
         return issues;
     }
+    /**
+     * Check if a flow name matches the APIKit auto-generated naming convention.
+     * Pattern: verb:\path:config-name  (e.g. "get:\orders:api-config")
+     * Also matches with (type) suffix: "get:\orders:api-config(application\json)"
+     */
+    isApikitFlow(name) {
+        // APIKit flow names contain backslash-separated segments starting with an HTTP verb
+        return /^(get|post|put|patch|delete|head|options|trace):\\.+:.+$/i.test(name);
+    }
+    /**
+     * Check if a flow has an external trigger (a source component as the first
+     * processor). This covers HTTP listeners, schedulers, VM listeners,
+     * Salesforce connectors, and any other connector listener.
+     */
+    hasExternalTrigger(flow) {
+        // http:listener or any namespace listener
+        const hasHttpListener = this.exists('.//*[local-name()="listener"]', flow);
+        if (hasHttpListener) {
+            return true;
+        }
+        // scheduler
+        const hasScheduler = this.exists('.//*[local-name()="scheduler"]', flow);
+        if (hasScheduler) {
+            return true;
+        }
+        // Salesforce-specific listeners (platform events, CDC, polling)
+        const sfListenerPatterns = [
+            'replay-channel-listener',
+            'subscribe-channel-listener',
+            'replay-topic-listener',
+            'subscribe-topic-listener',
+            'modified-object-listener',
+            'new-object-listener',
+        ];
+        for (const pattern of sfListenerPatterns) {
+            if (this.exists(`.//*[local-name()="${pattern}"]`, flow)) {
+                return true;
+            }
+        }
+        // JMS, AMQP, Anypoint MQ, File, FTP, SFTP, Email, DB polling listeners
+        const otherListenerPatterns = [
+            'subscriber', // jms:subscriber, amqp:subscriber
+            'consume', // anypoint-mq:subscriber is actually "subscriber" but some use "consume"
+            'on-new-file', // file:listener
+            'on-new-or-updated-file', // sftp/ftp
+            'listener-imap', // email
+            'listener-pop3', // email
+            'on-new-message', // anypoint-mq
+            'on-table-row', // db polling
+        ];
+        for (const pattern of otherListenerPatterns) {
+            if (this.exists(`.//*[local-name()="${pattern}"]`, flow)) {
+                return true;
+            }
+        }
+        return false;
+    }
     isExternallyReferenced(name) {
         // Common patterns that are typically referenced externally
         const externalPatterns = [

package/dist/src/rules/operations/UnusedFlowRule.js.map

@@ -1 +1 @@
-{"version":3,"file":"UnusedFlowRule.js","sourceRoot":"","sources":["../../../../src/rules/operations/UnusedFlowRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;GASG;AACH,MAAa,cAAe,SAAQ,mBAAQ;IAC1C,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,uBAAuB,CAAC;IAC/B,WAAW,GAAG,yCAAyC,CAAC;IACxD,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,WAAoB,CAAC;IAEhC,QAAQ,CAAC,GAAa,EAAE,OAA0B;QAChD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,sCAAsC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;QAElE,0CAA0C;QAC1C,yEAAyE;QACzE,0DAA0D;QAC1D,IAAI,eAA4B,CAAC;QACjC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,eAAe,GAAG,OAAO,CAAC,WAAW,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;YAClE,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;YACpC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBACxC,IAAI,IAAI,EAAE,CAAC;oBACT,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,yDAAyD;gBACzD,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,IAAI,uBAAuB,EAAE;wBAClE,QAAQ,EAAE,MAAM;wBAChB,UAAU,EAAE,oEAAoE;qBACjF,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,qCAAqC;YACrC,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAC;YAC3E,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,gCAAgC,EAAE,IAAI,CAAC,CAAC;YACzE,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAC/B,+DAA+D,EAC/D,IAAI,CACL,CAAC;YAEF,IAAI,eAAe,IAAI,YAAY,IAAI,aAAa,EAAE,CAAC;gBACrD,SAAS,CAAC,mBAAmB;YAC/B,CAAC;YAED,sBAAsB;YACtB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrE,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,SAAS,IAAI,0CAA0C,EAAE;oBAC9E,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,qEAAqE;iBAClF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,sBAAsB,CAAC,IAAY;QACzC,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG;YACvB,QAAQ;YACR,OAAO;YACP,OAAO;YACP,WAAW;YACX,iBAAiB;YACjB,SAAS;SACV,CAAC;QACF,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,CAAC;CACF;AA7FD,wCA6FC"}
+{"version":3,"file":"UnusedFlowRule.js","sourceRoot":"","sources":["../../../../src/rules/operations/UnusedFlowRule.ts"],"names":[],"mappings":";;;AACA,+CAA4C;AAE5C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,cAAe,SAAQ,mBAAQ;IAC1C,EAAE,GAAG,SAAS,CAAC;IACf,IAAI,GAAG,uBAAuB,CAAC;IAC/B,WAAW,GAAG,yCAAyC,CAAC;IACxD,QAAQ,GAAG,SAAkB,CAAC;IAC9B,QAAQ,GAAG,WAAoB,CAAC;IAEhC,QAAQ,CAAC,GAAa,EAAE,OAA0B;QAChD,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,sCAAsC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;QAElE,0CAA0C;QAC1C,yEAAyE;QACzE,0DAA0D;QAC1D,IAAI,eAA4B,CAAC;QACjC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,eAAe,GAAG,OAAO,CAAC,WAAW,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;YAClE,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;YACpC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;gBAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;gBACxC,IAAI,IAAI,EAAE,CAAC;oBACT,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAED,qDAAqD;QACrD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,yDAAyD;gBACzD,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,aAAa,IAAI,uBAAuB,EAAE;wBAClE,QAAQ,EAAE,MAAM;wBAChB,UAAU,EAAE,oEAAoE;qBACjF,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,4EAA4E;QAC5E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,0DAA0D;YAC1D,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,SAAS;YACX,CAAC;YAED,4DAA4D;YAC5D,IAAI,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,SAAS;YACX,CAAC;YAED,sBAAsB;YACtB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrE,MAAM,CAAC,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,SAAS,IAAI,0CAA0C,EAAE;oBAC9E,QAAQ,EAAE,MAAM;oBAChB,UAAU,EAAE,qEAAqE;iBAClF,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;OAIG;IACK,YAAY,CAAC,IAAY;QAC/B,oFAAoF;QACpF,OAAO,2DAA2D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChF,CAAC;IAED;;;;OAIG;IACK,kBAAkB,CAAC,IAAU;QACnC,0CAA0C;QAC1C,MAAM,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,+BAA+B,EAAE,IAAI,CAAC,CAAC;QAC3E,IAAI,eAAe,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,YAAY;QACZ,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,gCAAgC,EAAE,IAAI,CAAC,CAAC;QACzE,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,gEAAgE;QAChE,MAAM,kBAAkB,GAAG;YACzB,yBAAyB;YACzB,4BAA4B;YAC5B,uBAAuB;YACvB,0BAA0B;YAC1B,0BAA0B;YAC1B,qBAAqB;SACtB,CAAC;QACF,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,OAAO,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;gBACzD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,MAAM,qBAAqB,GAAG;YAC5B,YAAY,EAAE,kCAAkC;YAChD,SAAS,EAAE,yEAAyE;YACpF,aAAa,EAAE,gBAAgB;YAC/B,wBAAwB,EAAE,WAAW;YACrC,eAAe,EAAE,QAAQ;YACzB,eAAe,EAAE,QAAQ;YACzB,gBAAgB,EAAE,cAAc;YAChC,cAAc,EAAE,aAAa;SAC9B,CAAC;QACF,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;YAC5C,IAAI,IAAI,CAAC,MAAM,CAAC,sBAAsB,OAAO,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;gBACzD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,sBAAsB,CAAC,IAAY;QACzC,2DAA2D;QAC3D,MAAM,gBAAgB,GAAG;YACvB,QAAQ;YACR,OAAO;YACP,OAAO;YACP,WAAW;YACX,iBAAiB;YACjB,SAAS;SACV,CAAC;QACF,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,CAAC;CACF;AA1JD,wCA0JC"}

package/dist/src/rules/operations/UnusedVariableRule.d.ts

@@ -0,0 +1,31 @@
+import { ValidationContext, Issue, IssueType } from '../../types';
+import { BaseRule } from '../base/BaseRule';
+/**
+ * HYG-005: Unused Variable
+ *
+ * Detects variables that are set in a flow but never referenced later
+ * in the same flow. This is a common code smell that indicates dead code
+ * or incomplete refactoring.
+ *
+ * Checks for set-variable elements whose variableName is not referenced
+ * by any subsequent expression in the same flow via `vars.variableName`
+ * or `#[vars.variableName]` patterns.
+ *
+ * Note: This is a best-effort heuristic — variables consumed outside the
+ * flow (via flow-ref caller, for example) cannot be detected.
+ */
+export declare class UnusedVariableRule extends BaseRule {
+    id: string;
+    name: string;
+    description: string;
+    severity: "info";
+    category: "operations";
+    issueType: IssueType;
+    /** Well-known variables that are always considered "used" (consumed by connectors/listeners) */
+    private readonly WELL_KNOWN_VARS;
+    validate(doc: Document, _context: ValidationContext): Issue[];
+    private serializeNode;
+    private collectTextContent;
+    private escapeRegex;
+}
+//# sourceMappingURL=UnusedVariableRule.d.ts.map

package/dist/src/rules/operations/UnusedVariableRule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UnusedVariableRule.d.ts","sourceRoot":"","sources":["../../../../src/rules/operations/UnusedVariableRule.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C;;;;;;;;;;;;;GAaG;AACH,qBAAa,kBAAmB,SAAQ,QAAQ;IAC9C,EAAE,SAAa;IACf,IAAI,SAAqB;IACzB,WAAW,SAAuE;IAClF,QAAQ,EAAG,MAAM,CAAU;IAC3B,QAAQ,EAAG,YAAY,CAAU;IACjC,SAAS,EAAE,SAAS,CAAgB;IAEpC,gGAAgG;IAChG,OAAO,CAAC,QAAQ,CAAC,eAAe,CAK7B;IAEH,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,iBAAiB,GAAG,KAAK,EAAE;IAuD7D,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,kBAAkB;IAqB1B,OAAO,CAAC,WAAW;CAGpB"}